Automated Malware Analysis Management Report for Tb3mfWybe6.exe

Overview

General Information

Sample name:	Tb3mfWybe6.exe renamed because original name is a hash value
Original sample name:	ab85a4b94d4e18366dc43e2e8f2f4ac6a2452887804ffa67f4ac05987ebf1dfbN.exe
Analysis ID:	1540703
MD5:	8f371ea29de946aa1b73efb064e9a890
SHA1:	29bbc530e48752351443dff5f22c980ce3220c77
SHA256:	ab85a4b94d4e18366dc43e2e8f2f4ac6a2452887804ffa67f4ac05987ebf1dfb
Tags:	exeuser-KnownStormChaser
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Creates files in the recycle bin to hide itself

Drops PE files to the user root directory

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Drops PE files

Drops PE files to the user directory

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Tb3mfWybe6.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\.curlrc.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_3.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_2.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\.curlrc.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.tmp	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Multi AV Scanner detection for submitted file

Source: Tb3mfWybe6.exe

ReversingLabs: Detection: 78%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\.curlrc.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_3.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_2.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\.curlrc.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.tmp	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Tb3mfWybe6.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: Tb3mfWybe6.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Uses 32bit PE files

Source: Tb3mfWybe6.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: classification engine

Classification label: mal88.spyw.evad.winEXE@1/1337@0/0

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\.ses.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Tb3mfWybe6.exe

ReversingLabs: Detection: 78%

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File read: C:\Users\user\Desktop\Tb3mfWybe6.exe

Jump to behavior

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Section loaded: mfc42.dll			Jump to behavior

PE file contains sections with non-standard names

Source: Tb3mfWybe6.exe	Static PE information: section name: .imports
Source: rule324014v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324013v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324012v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324011v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324010v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324009v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324008v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule325002v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule325001v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324015v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370012v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370007v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370006v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370005v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370001v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370000v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule360001v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule360000v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370011v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule370009v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240009v3.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490005v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule490004v5.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule490002v13.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule460009v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule460008v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule440005v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule440004v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule440000v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule390005v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule390004v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule490003v7.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240026v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490023v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240025v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490020v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule490018v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240020v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490015v5.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240018v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490015v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240016v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490015v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240015v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490015v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240014v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490014v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240013v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490011v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240012v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490010v7.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240010v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490009v5.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240021v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule241002v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500003v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule241001v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500002v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule241000v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500001v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule500000v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240039v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule240038v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490031v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240034v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490030v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240033v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490029v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240032v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490028v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240031v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490027v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240030v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490025v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule240029v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule490024v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270011v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510005v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270010v3.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510000v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270009v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500024v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270007v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500023v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule500022v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270006v3.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule270005v4.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500009v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270004v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500008v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270003v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500007v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270002v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500006v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270001v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500005v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270000v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule500004v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320002v5.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510047v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320001v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510046v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule310000v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510018v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270019v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510017v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270018v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510016v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule510015v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270017v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule270016v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510012v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270015v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510010v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270014v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510009v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270013v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510008v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule270012v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510006v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320032v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63049v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320029v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63048v6.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320022v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63046v10.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320021v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63042v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320016v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63041v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320009v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63040v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule63038v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320007v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule320006v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63030v2.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320005v4.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63028v4.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320004v6.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510063v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320003v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule510062v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324003v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63067v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324002v2.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63066v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324002v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63063v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324002v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63059v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324001v1.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63058v0.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule322006v5.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63057v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule322004v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63056v9.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule63054v5.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule322001v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule320035v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63053v1.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320034v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63052v3.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule320033v0.xml.tmp.0.dr	Static PE information: section name: .imports
Source: rule63051v5.xml.exe.tmp.0.dr	Static PE information: section name: .imports
Source: rule324012v3.xml.tmp.0.dr	Static PE information: section name: .imports

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Drops PE files

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11890v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9659692161.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11369v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270019v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325000v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\4941266003.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5281104033.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320022v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\_curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700250v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70006v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11931v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\dbghelp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11793v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324004v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8492240360.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11710v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11794v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\3643399760.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11834v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\AdobeARM.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270012v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70025v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\3024948866.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11659v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270007v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322004v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11950v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6422942404.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68025v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320035v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11930v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11882v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11264v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11989v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270018v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324001v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\2585558601.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11933v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11932v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8975065801.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11464v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule310000v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\chrome.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\LOG.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6092905029.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\.curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320004v6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\symsrv.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70027v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\wctB04C.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7245361316.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5809130301.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\cv_debug.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11370v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68031v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9422479677.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11500v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\user.bmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70003v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\3322604653.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700301v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320003v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7216804956.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9217021447.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320034v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\LOCK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\jusched.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7457734050.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700151v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8351801105.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\wct4B1.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11289v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9925478147.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70028v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700150v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\wct42C5.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11504v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\3D Objects\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68040v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320033v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70029v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9655434068.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\4965367024.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9275373402.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11502v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68038v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320016v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270006v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11498v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\2843307863.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8552718761.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320006v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240012v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270015v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320021v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\First Run.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320032v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8200946536.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70002v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700051v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68039v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700351v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240034v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11705v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8182259827.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322001v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\4478492829.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240009v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11210v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700050v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700350v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322006v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\3476888679.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\8886835349.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320005v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11300v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7676687441.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270009v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11499v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320029v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\wct1834.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5064077962.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700100v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6329227256.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5491630718.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11770v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\9329238007.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7155756679.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270013v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5713452101.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270005v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11265v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11939v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700201v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\tmpDD17.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68026v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\jones.bmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270002v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6183211589.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240010v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700200v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11769v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\7011884383.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68030v6.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324007v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11302v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70031v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241002v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\.curlrc.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11768v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\wmsetup.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320002v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270017v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6213653276.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\offline.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70030v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11981v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324005v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11767v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241000v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324006v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6750529025.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\6109303877.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\4736274156.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241001v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270010v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68027v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270016v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270001v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320007v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240013v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11701v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11381v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\5622580005.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Temp\2669049752.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\First Run.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68028v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320009v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml.exe.tmp	Jump to dropped file

Drops PE files to the user directory

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File created: C:\Users\user\.curlrc.tmp

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File created: C:\Users\user\.curlrc.tmp

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Creates files in the recycle bin to hide itself

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe

File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Window / User API: threadDelayed 3983	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Window / User API: threadDelayed 1077	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Window / User API: threadDelayed 1397	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Window / User API: threadDelayed 743	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11890v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701100v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701200v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6213653276.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9659692161.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3643399760.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701700v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701900v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701800v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270019v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8351801105.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5281104033.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700600v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700900v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700250v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70003v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700500v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9329238007.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700550v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dbghelp.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701400v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701500v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700200v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701300v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701200v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1239919175.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8492240360.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11710v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11834v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700100v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224901v11.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702000v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8492240360.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7457734050.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.dat.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68027v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9217021447.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8200946536.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11659v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\user-PC-20231004-1547.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\WindowsApps\python3.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1547.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\4736274156.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8552718761.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9217021447.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6422942404.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1550.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cv_debug.log.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700251v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8492240360.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700551v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701150v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5281104033.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL-journal.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702350v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702650v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702050v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databases\Databases.db.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6750529025.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2168651637.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOCK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701750v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3476888679.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703300v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270018v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5064077962.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700850v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2585558601.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9329238007.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700600v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702950v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.user.cdp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70036v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701151v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222042v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700851v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\user-PC-20231004-1445a.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8975065801.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOG.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701751v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6109303877.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11464v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule310000v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230168v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\chrome.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\wasm\index.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOG.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703001v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703301v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702701v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5809130301.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\LOCK.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\symsrv.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wctB04C.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70037v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7245361316.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4478492829.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703900v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0196354653.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703600v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701801v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68031v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701501v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702101v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701201v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11500v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703651v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702401v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6213653276.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3024948866.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703601v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703901v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\V01.chk.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7216804956.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1141274626.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.jcp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702400v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702700v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700901v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOCK.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation Database.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3322604653.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703051v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\msedge_installer.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700301v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700601v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320003v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsSiteData.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2669049752.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703000v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOCK.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0518291756.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702100v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7457734050.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701800v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701500v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7011884383.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222015v6.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8351801105.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700900v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\.curlrc.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11289v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\symsrv.dll.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wct42C5.tmp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\3D Objects\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320033v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9655434068.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702750v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703100v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703400v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700651v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOCK.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68038v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320016v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700201v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6183211589.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7676687441.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7011884383.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270006v3.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701951v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\V01tmp.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701851v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701651v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2843307863.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\First Run.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701250v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\index.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8552718761.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6092905029.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320006v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2669049752.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8200946536.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70002v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies-journal.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9925478147.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702451v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703050v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700051v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68039v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701551v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5491630718.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700950v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\settings.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701850v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700701v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702150v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703350v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700901v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11210v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700350v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322006v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8351801105.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8886835349.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320005v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700751v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68026v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7676687441.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700551v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224902v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703251v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701051v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2103954313.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7245361316.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270009v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0409654664.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11499v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702200v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702501v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701501v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jones.bmp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4941266003.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5064077962.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701301v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\pingme.txt.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701900v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8552718761.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702800v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701300v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702951v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5491630718.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11770v0.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9329238007.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7155756679.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700701v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0164771190.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11265v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702351v1.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.exe.tmp	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 3983 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 1077 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 1397 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 743 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe TID: 5856	Thread sleep count: 45 > 30	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	Last function: Thread delayed

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\js\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top Sites-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Secure Preferences.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\WebStorage\QuotaManager.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\shared_proto_db\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\SharedStorage.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_0.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_3.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\InterestGroups-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_3.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PreferredApps.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_1.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_0.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\InterestGroups.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Google Profile.ico.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\trusted_vault.pb.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_1.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsState.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\wasm\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databases\Databases.db.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Preferences.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_0.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsSiteData.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Shortcuts.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_1.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\History-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top Sites.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_3.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\shared_proto_db\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_3.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\shared_proto_db\CURRENT.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation Database.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_1.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOCK.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_0.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\index.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Trust Tokens.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PrivateAggregation.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\History.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.dat.tmp	Jump to behavior
Source: C:\Users\user\Desktop\Tb3mfWybe6.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_2.tmp	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85285473E50CAFFB53100B703FCC173C	50688CED87B4FF511953310287D50433DA9FF91B	5E3A9932A8D8711F5EDA67BD765A1CC81FBC017F3EB96FC30CD449B98107BBCF
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85285473E50CAFFB53100B703FCC173C	50688CED87B4FF511953310287D50433DA9FF91B	5E3A9932A8D8711F5EDA67BD765A1CC81FBC017F3EB96FC30CD449B98107BBCF
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06241D35E8EC3850792642B4E81CEC91	768088A5CDFEEEFA39ECFDD800C0CEF1F453C8B0	4C40F33172DBF5A3E583A5926103635E0F88F0D989045754464BFB5124C00338
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06241D35E8EC3850792642B4E81CEC91	768088A5CDFEEEFA39ECFDD800C0CEF1F453C8B0	4C40F33172DBF5A3E583A5926103635E0F88F0D989045754464BFB5124C00338
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	933A968B241EEDC8BCA5E32F84EF275B	1125C3777E7461C4FD31C0CA70C1AE6BA9C2F37D	D640C4651007506DA4D8354D31D35B578FAA6ED1660F761C5E7B76F483DE205F
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	933A968B241EEDC8BCA5E32F84EF275B	1125C3777E7461C4FD31C0CA70C1AE6BA9C2F37D	D640C4651007506DA4D8354D31D35B578FAA6ED1660F761C5E7B76F483DE205F
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0EB9976BD5540C9B0BFB3F38CFD146C5	056E285D4E8277686F5749BEA30C7E8AF20D57B9	7CB4495525B4CB25914154362C409DA874C6229FE63D1EDAE8A8B43B26977800
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0EB9976BD5540C9B0BFB3F38CFD146C5	056E285D4E8277686F5749BEA30C7E8AF20D57B9	7CB4495525B4CB25914154362C409DA874C6229FE63D1EDAE8A8B43B26977800
C:\Documents and Settings\user\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9501FEEF4DA229A2899D96550AA60822	B472F4E3C2B7C6C17CD4F39F2E83AFFA83541667	2C7F45AF05DAEACE8EC88DEDFBA0062F8409CB0832A787BFDE67657FE450E12F
C:\Documents and Settings\user\3D Objects\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4F943F42E4AAE2ACD03A36E6323AF142	0519C136E80DA557048548FB0131D0E36463B365	D61DC7FBA78885A8396608DF8A7D5CF31B4B8FFA517EE177D3E69DA3CFE33458
C:\Documents and Settings\user\AppData\Local\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A1F9AADF3E277A5E70E98BD8457CA654	F248BCAAA3BEEFD4C6DA2BBBDEBBFC167E23EFB4	84C8C2AF10C3B9A8B323321780B41BDECB3BC1C9C7352702031D71CBD5E0BC25
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9486CC6AECB4483DDF36691231F0FE0E	213EF37EA11808E09FFF3FD11C1DE7D645686C5B	EF7BE852462CCCA35DC45C9930F87EDD2149CC9CD67FDFEC783865060EFB50FE
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	46BDA8772C65F13EB60B8B9AFBAB8864	E9ECE1CE1E9B217C858C1213DCD4DE5ABF6FCC77	0E651E1BAFDCBE9223015AAD989E098546E4B910E5FD1DBA143BADFC3F7E6573
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3295A68F772497B95147EE63C0755E2F	DC89CDC0D7FF66C870A65B231842F245C04CEEAD	56C62C788EEE6CEF132AAAD6FAC1263162F916B8B345B0CA76BBF7904002AEE7
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1BBCD155EB462ED702AF19A7BF601D9D	F1893F377B910482E82C84AC04902FEF36617B0F	8D4B91BA4C2B5407C9430F1925471FD83C1FC84E4E53F2270047E1D5BE8E3D91
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_2.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9D3C6357FD1AFC9FB9D6F64DDA7E863A	6FC451F9253C7DEADD5DF0B6D76F443E5A812076	9D76DBCFCF2A14B15D2E8554A7117CD8E1003CAD06759F0C708A399A3771F4A3
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_3.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2768B19FCAAB80E952DFD185274E2831	B3D12CA292C51389C5986E551170AF1315683755	35923C61EBED3A8881CB3AAC6F438354E112DD40BA93BEAAA29D22BE040F58BC
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F02FAD49F6264140784DAAD0B05B7491	2795309374A33F7C90A3435F1F287EBF595BAB21	188BC9C7F4BE0DF0FA5F3C7AC9C61F5A80DC44E802CD06DFB60602C8BF5CA741
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	72D8303650FEF44B5D22352EBECBBF85	A64AB8CACE2E3510F21F73FFAFC128126A43F18B	13F3D2ED4CEF2AD3B668F3C57B03CC81797C6E4FC861A7BB0029C4E9BA6B79AE
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7CC75AD132B7DF9D838487224CD9653F	60A3C6C63CF9F13E3ABB9AE7880E3FE87619FABA	C9004AB2B2325E0CA147AB96DAFB379C1D2235674818FE7804A447649EA51AEE
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	71FC465729CADAE882BD37EB8EF756C7	98882C245793BE450B8617583AD815B3CB1E6DC1	84A27679C44E76BCB3C105E4723D2703C8A429668B5F5B4F5C6C3F845BBCC6ED
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	20D0B3991187B82D1DDA155461632286	2A594BC4C4FA94B3290EF9F2CB6AFDBC4E72D4A8	079D0476063A88D5FCE8808A7265CBB2138C9406BFBB6432F869469CBA99F10C
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6952BA2C6E2AA5BA0F00DF93C79D05EF	30482BE9D191F8C414BB0B1B139151B5AD7B59AF	5739476EB400E1C4F06255C31A8ECDAC97558BD132EF40499D4B32AA2CC387AE
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	413F9F59B14DCE449DEE10797987C794	3B478BFF9A1D626F50DB8F6A4F56AC479217CA8E	3E614E412528D4B9331F76EC9A776BFEBDD0333145D70496D13F5B42924A67AF
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ADDC7A6317066F83A685F22CAB13E521	F2916573AAB7C4979F2FA4749F0B5C08E2D05703	396B7A49FA75B1E1205C1FD84B0B7F569F18A2130BDA5BEC9C3F0ACF6007841D
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0668C928109FF48C620CEFE75BC7BAB4	C33E7744810E607C987496C532C3E6FA39DF6376	9EABEF41197B3925EE118638D7E608622AA09199FB0FF1FA67AD6D5DEC1C3319
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9A6D051CB214C8A332A7B726DAA07125	35B02AC383CB67FE8EC861968CA54FA5DA786F9C	90FD11A6298B5C1F3A4C8BEFEF86D41444E9C614EAAFDFDA574615A8FF32EAB1
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	237C558295FF810E0DB0013A7CA9AD05	0405A2FADFA96134EDE69696B000A764333A6EBE	5163A34232E546688CE0088CEFB2527150619D00C1B86011B1257AD7666A3D3D
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D692D1D0F647D4EB8998981455CC715F	11A7D9AA9C43CEB27C462A6D85D45F2F315226EE	5EB6C0115AF878E6A7F3DA11893601B54C9D913197E62AA3155FE135A63C317D
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B2B293BC6ADB2A342B1574D5C104A98	CB5756312F16BCA127BBFA98F318D3C295D695D2	5A99EA550893EFF7B4BCE59DC966C3F37B7B5AA5BD50B0AF971FA1239ECF9B37
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	53ED750AB045E199D2F20DAF9E72A0FB	F924C9C5504B6967E5BF6B520B557F65041CD071	8420D4678AF0757E2CB966E468B683A5E5F89B5EF40F8825C21C127F08C501DA
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	00F12F7DE66B7FCBFE6D1FD9EC0528B0	6FBBD4A1E67333CF721C83DE94301C0B32874761	4D9FBA9A4F2A2BD1B04F2B1C1142828C87C8C6089F2E39691314A900C0FBF2F9
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD25D289EEBE698FDEB630499C61192E	5D4E4FF0BBF358DA21140A1678CBC340B96E630C	6D294E8577242CD40F28FAFFC8846BE9ECD2588C98D40E3C239CB3FDD208D172
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7972A73F8002B22CE26CBE14089263F4	2CBC2B1C06A1959394B8EA8CF2571A81F3E49419	694E58EEF7F3EFFD649DCA1CBD97098963720A06FA145E1B20ADC507882CA334
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AB4E86638B26017A74A4E579679DC948	B69028CCD981D38C159BFBDC4ADC059A08DAE46A	BB23220C2265EA42BEFFEB032F57B323ED5B15089A6DAF586F067B021F775880
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F795BF0483A5BF61E57E7C918B80A8E3	176CF719A08724C7A17BDF1F9CBF93274AC43549	8D0FA00B6094AA7B1D7184068B0D61FFF29A7197B59C2BC3563DBD438500B8B4
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F5BF493228340914AE7A1337F98F87D7	FF5232812D7BE10A5F2B1DCCC14B2C8A1D87F304	57606004D59002D98BAB5CFB512A5A72502F60A51CAF2774283F3E3DE791A4DE
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8342EBDB32394298F7476F65C9A7311F	E860B5E2B485A6AD687F6DA1D09EFC4A0234E32A	2ED4CF29A83E6AEB868D82824441288913FCF45E0FA58E382988FFD0CB8BABCA
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A89540CD4C82474E16413C534AD61419	0292852643F16B5B7211B3B717FD74ABF7F4926A	68C2B29C9BB230E2DAEFCD28BCAC3956CC904A0B33694EB03DCCBAA577A352E8
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18CD3EE42586754EA49442C80438F760	B47B0171858466AC99FA8D5DA08DDB2821435238	8D5A4F56078023A8160CECED9785DCE705133B43F9135C10EBE2495EA700C6A3
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55913D7C7538FA6401D57706248A4128	B13B3A512B998B9D677D494B3B168AE5AA7145B8	D2E4E677C233309247FAC3ADAAC8165EF98921E94657D00E2DC801638FB77ABC
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D10E111EA2FFC3EED287D68967E87C9	6F4F92E4EDF17B02FD4743790F5370AE74AFD722	66C8D04D30FBA49927D94E11CFBAEDFD2389D88EF187A25AA118A4A391B6C34B
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6BC461B14BFA05018862BAD96B9553FD	6402C0D48CD38739D13C96AC19AEAE134F128C5E	689385F54BD17FB2F2B33ACB85A486D80CAE8919D6B5320244B8EE0C7D3B3803
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7AAB539677A89E7EDB4F4772713C3EB5	A4DD85165084801657C59520A2950A0A7501E668	FE8D6F2609132AB25EE150A3A019AF519BF1DDF05F84790A1C957C84E72C3BE3
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	73745812A2EAB7A1F9D5B7D9C9FADE1E	D92EA95D63C4CD54FA318209BBCB692A814575A4	4DCAD000303A27793C7E23A5F4960F9FC446024CDE55F2716A52C06649CDF02B
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1133C67D3D31F5506D45FA8F8AFF6CDC	815CB8B67AC910663AB0BCA55EEA4E20410BAD3E	5B88C6AEBF3B0490F1A3E2E1208C3B641D4DB947E81E7342B708B09C839B3E09
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0EBF4D7A36B5D012FEB0B643F6C96FA5	8D935105F3EF936DB7B2D7C9064CB8FE52A12551	941C3D0C58A306C711B7DDFCC1BDF0D85F80131A9BC55DA2A16550D35E0F77F7
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C340911D3138CD860C1D6ACDE4D968A7	9F0D950A02EAEBE13CE02E927DD3DF857FE6662F	66EA7AC757D123A93117E231958625D1BE7C87CC9359409B0E4A502343374C66
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0CEB8694E6DDF8CFC8EB31FCF2F8866	5CA918C9FA2E97A10D2E3790A043A263E5404889	C3557AB742145470AA059EEFD3B218864FAE4646CDFB865B04A07F44CA1D1FF6
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	364164F568D61BA93D4BAEF506FBF7CC	7A3C7F58290C88C59A665443C258F12E86371C75	31C112675F88624038644D01A67FD7C25620221524BA60644100BFF59A17DFDB
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	535A1DD72F1214C210389FB39DADE376	7281C225CB23069707D4F885E9F81F3671B60A78	803320F2C22F441B509F0B89BD33FC8DBE74DD6506FE0E811DE7891E4570AC92
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A8B66010E63D2767017F5B14C61F6C19	9028F480908432638143254D88F233874B148036	872AF4BFC20EE7858AE7C655E6308715ECDD7C275A90E3C6B8FC8A47C8DB3BA5
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6CA0030660951C7E68EB62F00C2E4A72	5C465C5CE972577CF1EE72F4C3502FE5C3926D84	5CB71400E83FC32B48102BCD279187AB1EB86DA7B11F9BB64C4BC52461D6287A
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1337CFF990F9962DEB6712AA33A81319	C1D8E79C22EC15286D0371C181D61382E925CB18	FAAC43CE178CBAAAC18A6645A60FF2B1D2C2E6240369E30FA6D3D7A2BC97819E
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9FA50640E087C0B6D06B9B5F1E7E844	FFB6249B037491FC866B8FB3FFED29DED8FA3C3A	D107480041BBF6863A10006426E99334CFA897C567E7254D5A6A638A24543D30
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F2707800EBAE8200F0E7F7390B8E0B79	DF1DE431C9F9DB74CF432B92682371FD57AAA82A	77BEBE2F2F1A22931CF3340862364915033A5B760A7052361D3ADC13B72AE956
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\the-real-index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED4603731B987D03B0B8ADA206CE2C1B	F420315141A7A6B3C53C2FC7E6C38E1118D1AFC2	37C2FCC1824F2F2C9ECB8B6515426FFA4938F9D9A1EC59A27C7E53736007AAD3
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D2C3692C7FC39F2EB0AA80F17C331AEC	60FB2F763A001E5410330CEB7588249C62FBA86E	24006951CA8FC1FDD1744D2FD49899C8032B0EF8B629C2E112A108D1763D579E
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	10BF517A2DDBD52402E145F3AFE40AEE	949D388813F7A8E3E58A2C6EF3E3543C865BF1A3	6E32B9F2D825F8F6E11915D4CCD0A17DB1EBAF4AE8E5B914E8909FF2D096B08D
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9D74ABB3A088CD1EACC16E76C9F7D33B	A44409031C3E1AD56C92477A179E5727D61763BF	E0679B909DC62B65D9A05F43DBCDD3D6F1B876C2FF02DC98649CE3B477A47669
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE416B5B61D663B9117021FEB7215539	6B5EE4C38B0539C68F5DA9009844E446EA4E6D98	FF7AC2CE8CEB13238EE66247DB4E01E63DB529C40235DB7F9B09E8954359E0DB
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\000003.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0176FE61C2E0434182429089AE43CBC	C7E01C1CDE288C4684327FF4F2E8B1D7C42519A0	A44D372DE918FE19A7C8DAD66112524FAA66BFA60172A8775615AD082E7BE68A
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	080EE543C378C533E9337ECAC491B203	DC575523741D88847390A16C4F9FEF89357D61A3	ABAB53AC863F2600DA2C330B6A6FD59297A3B519773B4E9290CCE4413CCFC225
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0D0AECE1689909F755A86C79625D8875	7D319D8D920C21933948A9127C5825FF2A4E0DB7	2A535E6CDCC0CFD50522B597C75F2FCB108660FCD260B50BBBBCE8C7A2D8732F
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	39FDA2B970C93A332DE602530679203F	A9CBDBAD71E432D268AF733D4A046BFB6DEB8312	9AF67D62FF91FD25BA625817046FD295EAAA8941377AAEC220BFDC9D1D13757E
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5CC19123C564C52516239BEFC98D50A	4569DB36F56C46ECD8A3BC1125455726607E6554	4FF34DDCA21866F60E4D07A1AB421CB4ECEE26BE5018269329510FE1FD332D70
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE3A0E537EEECF75D5646E56796E60D0	9AFC975EAD25E6C55888B559223F59142EB7E1FA	E6F68F32BBCAF685DCBCED4BC63665F3BD1965B25837BDDA4D5E8C64584C1DD5
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64EFF9BFAB3E04AF122310BA34C932ED	5351EB8E0BF511A7C7770ACC746B199588B55D83	5F8C8E8D74E70172F8D05DCC9C453501C0AF60B3DA8A6663E8D8622DB292C66A
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	478A00CE2E8D6229B2EDC1BACE45DC92	87213173CDCA5ADCE86A2A2E7253F08C08B721C3	DA52B9BC50591E03D4134B0ABAC96DD8809C430C0A4B5BAE2066BCDF3ADF453E
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies-journal.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	981141DFDCCBA035B2ACA1A5D1317EB2	05D2DCE56143291981E7CA61139BABB12F31F161	9DEB48E6CB5DBD430BCA18E1DFB239D1EB996F6DF25CE00CBD1930687CA41EA8
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A80D40750AB0A719456DACE0E96AF4F2	4F9E89C1371CB01ED86599B578F72F6AD72131FE	246B16E8D7292C47A26DFEBAE62B54C11B4BA2171698225526B4A26824994540
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2ED556D08AE728DD4CA3D57E0B2AE826	1C3D735F06A1245C8CB6723D823B27606F02FC4E	3B54F40B9060ECA8AC32D73DA1B797AF3E3D9EC7A0D293E4E0709458A80A69D3
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\NetworkDataMigrated.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A382D77505FF45409582389120D3BC4	EA8F582ADA1FF593BB90DD860FE25E141BBD60A3	83017B2677924BE453768587D7CD491A8519A36C5D7BC4574EF294BDF0571B15
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL-journal.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	73D90D4DB96135103650AB3FB501D694	263A3F5548ADA300A25B17979E004A30EF5A9CF9	DAE2C475570057CB6EE1C25CC3CCD41A101BB507C7A3C1CF3C77A374F18A383A
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F811436FF5E08F8F60082DD7C200AF01	E05A4B5B214D07F62242EA5A3F78EBC66C92D337	4556E816BFA53146BF147C9846BBD69CEE056BF18B4E1B04FA89E37006B3144E
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	952D027B3F4F1155AC8ADFA90D363819	92F78454B013A4678FCB96839355190C093387FC	604BD5297E1CBDD1A09979CD6A7D565E8C87FD96C6D720CF0C89C70A54281EAF
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	047585A8838DFD1234594E5F0F91E3DC	429B31147F57502230D9B8721DA86C9A87C54D20	A11591EE64AE29125525FD8B03DED9140BEFCC6C42EF87CBDA29624E1EA898DA
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A6AE0AFBE127FE53C0C21D4D374F2404	B42BC052AF0D38222C4E168C7DC8722C2A1B8856	EDFD740AA5FA9B51E16F76A90DD65701C46DA9C71F27AFC5607DF825B2423E23
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D8A4B271544B128E08B8FC9FBACCCC35	429C8BAA2DB055C402FFAE71B7018862397A5ECB	3B99D138C0693005A32A6816F753DCCD283FF189C387CF0C867F81F49BDA1C74
C:\Documents and Settings\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4668CF4275A95120E953769A17ACBBA3	B94DA3D526CC7732B6876AF70D222221EAC43D17	3F8F21C0FC90265EE556D96D76F748288AE87E62F36C129CE3D7656D20428F28
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F3D11105F54798D158E107C8CA23DB82	4B625A3784ED9C034315867B6FE030F65C2B04B2	0C8174A74454D59F008A87A53DF2DCF124501C3288F67EC696C8FE0E075B2D87
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FB94617F1F005A9C0552ABA310180876	73B4F095FD8CBDCAB97D54D7F39FA39A5177382A	A2A759933CAACFD3D35739B8DBA463E1A6CDA016F44532AFB659F9014F28FFDF
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	502F26FDF4FC3A8092A3BA82DBBDA894	51ACD352F503F42B865BBD0D777A96C9DACC7FDA	E6D313F4C93F98F6BBAE73AD2EE81E66396769F30F12F4343066D494FCE3CAB2
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6B89586FFEEE39D4705554CC1CA491CA	8AF5556F5ED9968A4FB6F35F5E2DE88E04DAB06B	E0B783A091A33D11C8D7DA77004113091665DF06DBE59A02B23EC024FD3AEDC4
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	161933CA4CAD70785ED872C88B9F55E9	D299220304431E0B0DDF401B500EFCC0BF8EB957	4D46CF9826217D83E90C7D4E0EFA032C1D08552B81CAFCDB90952478FE329B43
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	57652765A2156238F89B77904AE4A9AD	295AE811EEF0D46B5A3F8729BECC2F29D849B476	521F347DAAFC5264C09E84A2AFAC613501A7488816A3B6A893F0A433FC19391B
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2A222FA110E1AB4FC4854E25EC093B91	9305DF6265C73C3A442801E9AF49E7D5C132566A	12DEEC36D20E3D00FA6AB682949CE81542A0B66561B88C872973B5CCCEEBDF3D
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2AAF6C2C33EFCA8213A2529E552FEEEC	B9E8D9AE0660FE80E03C091FB5BB8DDE79045B5B	E1B599F1A3316480F8BB09AC5B4DABFE5D2876CBB098F926827E409BD753801E
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F338B0EDDCC26F89C4CF6CB9EF578A67	B08D456F02DB6303570CF58670DD943066C600B5	2D6517F80458A5E4D87094B3ABAB4231963AA694D64D22DD9C57AAF350FF6D3E
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A18BD4EC36B0AA4290639699A1959AC0	FCDA3F41A83C56FBC3E3515A636D9FAA73390451	1255FBE583407AD9D38C20E8CD8F3A9883DA593117E999D4A1F7E2A708EB83D2
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E6995760C4E403DBCBC8115119E3DD9A	5B60639C02D1E1665E7820427944B6FABCD277B2	1F2DA81B2F628A2231078C486EBF5907E29C96B7F04706BDC438698CEC8FA342
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	162EA6E8917E8D9B0409AE2DC30E41C9	005EF53CEC1323B9E6A3BD37D2043B0064634A9E	2BC65F2ABAEFB1540890F962083D9488EAE66E53DB66BBC1AC1505A966F7CB87
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A16B31BA115A41384751D14B4BB54038	D5E7627C184E5F1CE2EBE218A05419C81ED26C1F	4A526539AC0354E953F4886294EB3D79B43E946BCAAC464A810838483EA187D3
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2A8D7D231457895A3A5BA0500E1C5188	06B8714061B9A48424A08C3D9A20C017D2227AFE	19096CAEFE389B0810C175C988A607803E4D0DA151163445B5025661FFA6771B
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0C1AEC7F0E236298728194867677830	3837B9E9CEC8BC7AA89E7DC0F4D9B94EFE595976	EA7AFC3B5C471717E79BFED3B01898B055E02AA6706B7A6C2948C9FAB308888C
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4F3C6D9CD573C58ECC9819CD323909C7	0F46366CE777065F7C3D8134FD8016C03E5A0704	9B4952AFD5524906748150865776F7DB873388F2EF48392A0E0A1453C50B90AD
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	63418A1A44F146E3ED94A6B272974D1E	B0AED3441A9A51C9AC30204493EF2294E2ABEE99	E841D512661E447EB216C8E93B33DA5E1192DF656FFE902E67E8812E756FC64D
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68576BE6E4033B61FCDB827827339D69	705BB1BA87B6A4B4C2AD88E298DA9F0C789ECCAD	10B0533D6DD06F7C591DDA3A9AA9F5D5642437B99B1F4AFF699D562FBED3C500
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	40A710995C920EE33571A33001E7EB93	8030604D542E360E01CEEF93F456BF8DACCBB75D	6154625BEC39D02F9A88296E91ADF9AE780F8D6BC079A0EA557A16949407573A
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED39960792DD30C54265CECA9369FCD2	01FA3D1B27089F4396960E470C8173ABF7075CB9	4F5E6DA3F9B21F0A74436A9D56E8969865177070D67FED00CD89C9D3C8B465FB
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4CC8F4C077F23AAA4A8F3FEE80CF3BF9	F0EE693EE6B3BFF59B946658424F3C071A82FEA3	F4C5C08E52C66B94103FFD1986C241841E5FA348D3EE204FB1E916463A606D98
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F9721E3A8216F52B732C71A7857060A2	F9AED199E32C3A974E05F6C73A421EA134E72462	1F8F4F867DC966E6AF78F56DDDB2DD65AA77957138DA7503B40C1FBFAF0CCD9A
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	348625A60A7CA9D377C634CC3D6FC63A	FFEDD20816543FB1054507AED9A9A5879FCAB01D	39950DCA38F826CD5C1FC12B50000960C72746875F6BA104EBB46CDA5EF63F3A
C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	839CB641F758B809DB636E9865275781	1DCD76773AE0B2B230BE3FB68DE8E24EA36BA3B9	FE9086963969273C3F1BCE191484295E65C3E8407A333BDBA32357D39E20FE3F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2585558601.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	13C3545C250F025318C4CD100BF7801A	B4728D132966F87546D6A73B4E52840F50EACE26	4D0EC803BB2A4AA67EE16BCF44979ABDB3F2B095C0C644388E5EAE3F9F8F9088
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2669049752.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	11D2E56869066D47352C7EAF20E5DB90	4FFC8BCB0AC9FB29B1BBFD77680BC46348A1E106	9527316D4A46735E7A8049A560C40A245B648F6498C72B0410909D33354B3892
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2843307863.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	23BA27C969B8B942B59729D651293F89	0047DD26CE6CB993703F2E0902F0BD216CA14180	14284DF8082B7048D4C2C8715AAB44D9688B465E56FEA147957BCED22C2ED7E8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3024948866.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0B828E2BF5222540219E4B0C7B77C60	ADB0AFCD560FE222FD3D7AD082C04A4E64F13B2B	757A9999A9BCCE40E88C511CE2504B0309D224783E878C09B79C125C9DED54D0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3322604653.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DA491E43A8CD99D72680DDFECD1147A1	11A546749F81BD9B52D7967277FDA7CB24224FB6	CDB813C324FB64FA002726A5EB0C8DC9468097BBB5CE0FD721B6BD9527ACB77D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3476888679.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBFC841D018B54A749301195166382F6	FA39A64CD33D323370AECD120150D9DDB4DD55C1	3F5BCC6713CFAF0A8D2C56A066012CF32603E39ACEB447E723AE404B6D8BF3F5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3643399760.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	191DBC59D80615D5C33CAACA9A28D003	821C977E64C5493178608EADA229C8ADA6DD0CF6	2008F84B25E74DDB64F1949B5DC4ECAC90CB6C234CB2092D82E03C8CF1E03CA7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4478492829.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64508EC547B00963F71E994546B15607	92D044DC95D976C8317E6C07DC7182C262D41716	75C9311E6AD8314E051227D04B90F5BD514BE0DF11F4E3BD9EE0720D64D4D827
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4736274156.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C7F0EDF7B5AA8171402AC0B805DC52A3	FFB313E42B5A1832D7A24272E6AC9F1818325C8E	AEA198E28D10CC3DC79C3966B11EBF9C473F2EB8C77EB89BC04EE208CDBF5A31
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4941266003.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05EE235A69238A3C182CB7BF2A9CD3E1	EAA548743C7D0929534CCAE5C07C1555BC2A99E9	C170DED4534A175118FE48CE931D330B52E6F9990EBFA5713146ACDE688301A1
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4965367024.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B6C95D2DBE9E3B771AF8471816720E8	5A4C30C9448EC2C128D6F61CB04C6C794AA59D20	45FFC875AD4C98EE4EED523643B3782F5BCEFF320C779D7462D149A775ECA281
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5064077962.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	69BC95AB6A1D2D8A1FACE31116E34DC4	27A4493560353A74211CFB96AE7B4B1342E65E48	3A2B438D77AE9A58555EA41D12741059F569F277DE5FB5C5560A08AA976CA04F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5281104033.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05AEA4752D42E8EFFFD8396FFF6F193B	8E63E0562F4CE4206580BB1CE9E073160653DAF1	E99558D08C0F4F46947419AE77CDEB2545C49BB6F41EAE838639DD0798729017
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5491630718.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2C323BAB342066C44B76FB4FC7692D97	F9376623BD8CFDABAA6A7B0DED2DA1D0A03A1A3D	141DF018F4AEEE75465A813C519E6FE510FFD7CA854F2BFBC14C662264507E91
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5622580005.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BEFB839C6829F47E66BE0CA458433133	AAEE14D37F152B9250AA5647B29DF35750724BB9	46F00C436C838653205E0EAC12F36EA9B7F81A8EFA2D1C3378D609AD2CE33C61
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5713452101.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE3E94143630C2A3C16F6A0F25B3E476	78D114D536FC20FDA35B2EC43B8A8FC487884DFB	046029E048ACA8AE64B61FC5E7C432A2FB956A81C4450CC476A08015E893F4B7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5809130301.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	37DD8B67821E74478090607E1D54321A	C581FF69994E04E7F118BE608CC072522E08E34E	CFBDC6D09E0E53C5236AACFB8A59728EC2F04B8F406727F66C6440FB3A6511C3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6092905029.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09CB47E3A18B0B4D2CBA6E8CBEB1F358	49066833C73B9660F9D6C04592435A0CC7236A6E	853C7E8B0E35A41B240B725CECA31DA33A642916D73B0D30B6256403E9BD8E01
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6109303877.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3381C4DE30259B645675523C48F92A8A	971D6954111DCDBCE5C36B5FE9DAF75F907B9CC7	672F6E9151E56B5CABFC5E7AD5C20578704BAAC18D4EFACA0468B3E4FF7114E3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6183211589.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0681F52FE344B1D3B212A7B78634463	97F8B075515536A12BB0B3C8E2973C3896A0966F	3D22AED1BA796E36E9F7D7224D3AE612D5E1EADF414DC4098CC8232C1ACAC833
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6213653276.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F462C74E8219FB70883FC71406740C69	A7CBED73F38519338E19FA0B72B32B8068306EE0	F4111666C576C02AE4DFBC53C2D4A4DB336925FC2890B1FBD95263198B104737
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6329227256.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	87BA4A62BACC79E376D9754BCEC1688D	1E7A98C8158885B3F10E7B3DC63801482A48E532	D14EA865F463907A86A3C35C8721769038FEDFC094C43EEBFC84D08EC3729DCA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6422942404.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64CCF6836F4E2CE34E55D27348661FD6	FCC8258105FF92A3FFC49B03BCFCA5BF8A60A94E	CF19CFEA38B6CA425A1376DC33E1E543816F055C1E00B23012925520506513AA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6750529025.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	02076B06F7D449E224AA1124C9D39594	94BD062085CC094B91414EBFBACB510C6CE80C56	06977531299153C146A2BC480814CC835D3FDFC611F78A09DEF3C63C25637505
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7011884383.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A205F249390CDD8B70CC9B976604583	E217F76F8C16EF85609CE0B988D4C2F07C965F55	ADB461F32791F1E7112B2C8DFB5777804E6A1E7998DBA864A6D94FA868640134
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7155756679.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A62AD3DA73259829C068CC026E23E32C	8596DC381A7F978BCF8F7F140418F999140C93E7	DE1417D9AA94F03FD1065BCFC90A4F826D252AF3BA33B982E01988E9F4C38D6B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7216804956.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68C23EFE712D7BD75AB2599658908EB9	C36F1E9486CD5694B49F7A6826A2C898C63970E9	D9BC56CCDA84DBDE587450248677F4D2601EE1FFC41131BDE764DE7D1E7230AF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7245361316.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B2BF487984C305CB2804D60BDC9BF24F	21B378DF3CCF09FFD09C6145B36761509BD1D163	857441F8D4AD10E82515F528F02CBF9578EC20278C214D263815A1B519932CA2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7457734050.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BAD572CE24097FA5C62A1C766600F555	7742E73B5DA137D9E2AC8D90BBC55637F394451C	CACB59580FAABC964DAE2A0C27FD2D93AF4D84E8AC19B8AE5D7076E8E60AFB6C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7676687441.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	19930D5ADE64B51C0E340445CFF2A38A	44A7191B8B8208D5FEDA7D8BE08BCAEEA88B4B6E	6FB9532634EA03C39E46BB859F5547E72F4D16EA8AEB7398D16A26EA0695DF49
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8182259827.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5099178613AD998B9C89FC12C3D3175	CB944F9A8ABE83DD7518626F8A43D8F88790301A	29C852D6F8E1820A22CC0F464A1460F312750E5FD790D64C1FA85599DED027FD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8200946536.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44DF60730B53D11654B4563D50E91E61	9B90F1E06DC0B0D552DFAC479A91F56D3F1E274E	DA7AAFF1A26420FF818093A0FC466E01AC7B461BB20639E3349F971C055A356B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8351801105.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BFC09F24552402A9C278AEECED8A20D3	637842BCA262A1972067FEE61077A4C40015DD10	2335480AFCA8DFE2CD8798C17E4DD5ED4C24C95E6CF4B3438D7F1EE8AC534988
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8492240360.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5333E46E71EA30086288A8897FA4322	AE4CFA746B7520DBE753BDF8B97A544330E49E8D	A7153336F3D16618525F6C466DE9B9AB8F46947F0773CFAC2120505AEC6E73FA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8552718761.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	24CF1149CD7DCCFEAA66429F218DE620	1C207DF9E247BC5E3B49826AEA1CE2BCF9E63806	9015F706BF65483E4C207DB08DDB094EAA8D33F2F82C0D339149DAFB3244877F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8886835349.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EB9AC6236280EA55644C0BA98C001AAB	4EF8CA8BB1547CBA9A00C97F9D649B6F82FEFCCA	EF53740CEB81A331401926F1010F6134790346F72523F9533B8D8168C863DAF8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8975065801.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A0622DEA1836843A15C1E79E66CC055	04AE5BEA5351676C129F1748F1304E92EF367C13	3488980CB561D98D177069890BA1F0DC424FC0860BCC9FD4551FF1C276579869
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9217021447.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CF49F5DC00FE68D4377099E91E9129E1	1C34886BF17A86886E78F41D87FD033505066FFD	D463E1B3567BB6FA36255820B0EBAD9EA9AA765685B328E3B45329B5699050AF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9275373402.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	74129F43AB363827CBDB4608C3389E46	6E4BBAD53FCCFDDA9AD66D60BE9AF5F4042C408E	45DB3344BA976A7E985A29DB7A7ED77814CF107CB44201F2AD831EF196E35BD6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9329238007.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4FE9D2CB7585DD8EFA2F4DDE159EC31B	71D81DDBE763CFA87F7719446AEF24F3C0273391	970A6812A7C28D7FE5278104D41CA511F5A28091EE09620F1ECCB9163958DAE4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9422479677.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5C5A5E902365BB57834E1BBBE4D7A674	B25B46CC21D7713E30AA73D5C213A4A477FEF12A	B2078DD53F84755B3D9BFC12623786077452E331A10EE5B9631F04B687E7C2FC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9655434068.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9CF6A6778804D68093A9E515F6A37C20	D82CF479B57CBBBEF28E09D5926C6A28E6A7FD49	03EF3686A88EFC564C550D122A9C6E03295B42E832DD0E22150AC5D7C2BCF22C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9659692161.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1DEB2846E32CEEE9DD0A6EF69462BF80	CDF0F8FB674E483BF8C3C139F2757033F7CB7348	67FF6499271D500704D4A7EEF3E3CF2DE45252A37D013A0F886792F71C43D3E2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9925478147.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E112AF40AACB47E1919A9F8D21A58236	188628D05F1C435934988B0E6D29C1A6BE98331F	3CD48B7129AB529B3A15D2A8914E6FD33FE40BB615FD33062D8FB02218E3FA7D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FEBEFFA77D1DFBA6A53A20392A79667F	0339C91B93400DD13BFCB3EE2D9245EC378425A8	23352B3EE5070F7BDE3FE8ABD05B1A454784351D9AB75214EBE309CF98EBF493
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user.bmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D5BA90D8DD40130C8DD6061531FD83BF	3EF3737CB45112EB8440452B3BEC7A43E56EE533	9CC066CCD61D4BF1CF7FABF0C55B7D4865376D23C6EFB8BA351EB1DC8128FD31
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF53DFBAE2AF3C4E323AD9C40D9C6E12	913F91E3481CDCF932179F22BA3FFA5A408B0C97	B978CBC9875B1C55C6BF98A22A4E513E4CF99750215D1E2D951CE8A40D9A4575
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\cv_debug.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA5033A87759BAE89D7BEDBE538235F1	19CDF4FA934B41B67BF6F20D0556821C4036092D	8F316E27EC13C219ABAC0C192EDA996270AC0A7F4377D82AE44D22C2CB024679
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dbghelp.dll.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8BD108491FAC924FBD2FC0BE0D09BA0C	9FE1DB76F80F01A444F642DFDB2024EAAF742003	ACF2482F9D00CE80800440A81D19A09319BDFCD3B9E85BFCD218A6382934B722
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jones.bmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F3C5A4035227D1B479AF6007AD008AA	D6F211D2E06791F7CA6EFAD10B427C84BE628C53	AF15D654C522506C2485E8DC53D76F78FF03DACB4714C4D694B80B0BEC8E634B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AC78A442BE37A039C6AEEA1E7DCAE1B7	479E6BEC427FAA30FBD9E4B31D2869A34DBBC947	3871A6EC34ACFBFDDCFB3BF8E2E91C4004A21DCA018E5DCA537C535EE8E67537
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\offline.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E7E29C23F85CCC8A73D20E04E651A36	C35217639CFBD08E32E986EE24057540DE012300	D8C17C5DC1A320B592B0A3427176854B613169E0AFE44EEA7BE96285B329AF06
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\symsrv.dll.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	72A28AB9737AFBB929B984A542D0B968	ED0003D98960F430C8F4AB4B65EBC8239E4F9911	B199E27A81791132F9B144B1B3637F9D62F2046C1D177073F861E3206BF98551
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpDD17.tmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBEA96BE48EA9A54D486E8AF18683ADB	9A5D62E7FDB77077EA77CEEDAA52FA24F14075B8	ADD35CBCD7A8F8FEA357CA832927B6F84B6AAA50DB873DBBC3D05205A8D0EC67
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wct1834.tmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9472826CBA99BC720EEE848E49B4641	80441EB632D91878877E8AC93AD21B60D12268D9	EA99491EE3DC0844C55D66CA6749A42743E700EF07ABED23F5353402B7DA42E9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wct42C5.tmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	22913CED2F6D1DF421F1EEF4707BEB1B	D15BC4D8BE3408880AD375C29AAB564B461FA76C	494E48F2947F6E642B4C63A7509D0C892C69428D2C696143203ABDD46B88A1A6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wct4B1.tmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	83EEBD57BFDCE2524930E7ED2CDF3E27	6DDF2822C39FCBFDD37791326458D4EF8A7BD116	5613D6680E62BAAF4352747BBF2CEEC0C6F646B48E6E04B7169FD81DD6BE50A8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wctB04C.tmp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AEC11006B130D0C42534496B32C59F0B	79BDFF17147FBA035997FD839F447738CB0A190F	871F9874088D10F8253DBD798F6F3CD8F17BEE0D856AB2C63CAF49C966856739
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6603F7DF76CDCCD762DA16B120D78E3E	A3D62ABF50A0AAD591C2E9EF0C49B5E2B580AE24	DC812E09C3B7786BE6FBE012BC7A2DA82C1B7461F3B6DF9B91CB8726C36773A7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\_curlrc.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1546D0C79ECF746551AD9CEA741D887	4476E6CE9FFAA8C55BA6BBFD9D00ADF02530880D	64CD98E6DEC9B694BDFCE518538C37F5B7F77AE9B5647BFB24962731A984D801
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.jcp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	51D8CEDD0E3378C51F408AC0CC43F019	034DA8C64674BD48BCCF2D701F35816068BF53C9	9BE75F9ADB298C188993A6396EC0D72C4F70C7F5649004788398A81BE9926ACE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.jtx.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D6B0D8594E873BB9EEE234E534BEC5B2	1115A040517F5DB60142652B8E838937435EF8E2	5DE306F8E0342E3D49A5B2A4DB102DBC4AE61B1C90BAE631BE256283BEA5ECDD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A766223AFE284CFB7502EA722143AC76	794149DDFC510F221E9B0BA079CC6A7BE06BF823	E58828CBB66A2ED33991BABAB9566FAA67ED9CD556B37075E3ECCC9E706B32C8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBC173FC2AAC1B54C1CC5FC0711735BC	4256144524E2040A52055CACF748FB098E78F12B	B8722591F87717C5C87319DFD3C27E405BFE1E9173CBF531264F750A7F2D0092
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.jtx.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7058B5A6F747CE98F7939ED2781D206F	D55E8D4EAE27975F6FB6C8FBE8464CA9DC2631D7	C777E08CB953E817796AFF59EAA47B56FCE1443EC3A12C249110F793FE7AF528
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.jfm.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C241F1E724678EC8CC45A12B68B57FCC	95035ABFDC5BBD10CB496FD7E81F106BEBA956A6	4F4E5E7ED5E45251742FDA739BDC79CD3D188124C2A81FAC0CA7140A1F03C26E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B488F06DE9D3EBEF0AD3793A6A676C9B	914CB538C1B2992C3D35689C99BA7C83CC7458CE	C756E21810D6A4445C45B0DE3167B670EC9FC7B46840BA486B637586E76CC93B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\AggregateCache.uca.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	54A30E577F25CBFF60FC494AC1564627	780E4509E11CDD1140314E161AD5C9F3719E3B8E	5BD3CC6BD2ACA7A37A7D4AF8840EE59E711841F11E298CA66627B7453E2B0ACB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.user.cdp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E85F6A035D6ADB11180D0EA9B10A763F	B366DE76EB7A54629E4FEE110924BC6948FFD527	1E9A2FD5968BD4098BE7139F3532E855078B70873ECBF0B17D068FC4623C2C6A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85AC24D5931DC9DF2D58E75DF9C80364	77729FF766B46F720195C7343F7D386C0A43EA8D	8D2D7014F628B30A1042E324D3666018CE4B942C1499FE62E4227F05B32ED132
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	26015943E2EE527073A03F92A4D82A46	D2733420970ECEB59B628A897628ADDF3B223B8F	AA8E07D8F5DD35DE34303F7888879C95EEB3904B373B3370D4873C402498A66A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	52F6FE2FC24DAEC630E6DFB1B88E1F27	CFE6D27AA2779B772F6B2E5D441A6D47D58E433B	AFC777AD2F64BCE09BCE1B8144D2F8A59D7D4453E889F7F0660C611F4C0B5BB2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EC626B78E517610E0D5A00DF910B04B2	2A85A58D21463FE873ADBF51499369B1293ECA42	40F500AE51B0878A692CFE1FF66D752E9974F66D4B782801241E0558D7562E11
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5E69A825C41DA539FD0A91B8CDF2D212	2B69152409B5E2D8E36F32D797A711023BCAF0AB	AC34410414C7DF3A0A89496481FF83F030534BEE6289B3B5441746FA75079763
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EAE3F48183BFD53B81E373BA3329F8E9	DE36D38296223D7F31342543FDF01D7CD1652E6E	96A30384FA9C6B5F513EB8520E0F9606C505488AA5B5ED5B52B5D655C119C382
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E069159D05FFE10714AE56AE4BF06AB	ECD834B8DDECA1DD5B46E74ADC0C30B6F0EE764D	E831F531B752B9F9539D7E6692DFF7A39F5F2F174C27973F0FB492C3B9F96134
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FD3AF67FEFE65E0822CB4742A2C016A	44D082464DD783EB415D170972E07191B269135A	75B767E35D65F67CD701156283EFCE06EE83408E7CC7C9C1D38C44748FF65FB3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1EDF22D8E037A982C69BE7E45E028D5	978E43A8EB057A02BEF03B37FB0A8644F0FE39FA	7F9B837B88C1A5AACB3EB12560B656FC383287DB5F38CF76556F29C9DE207B43
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE4B2C9B3B58588AA51559B2B80C526E	A812778D325717FDA9E4F3902CDAA994DFC1C3AE	ACE3D3A38D33FDB82A309101331775F7CECEA48F6EA9F381A8AAC76A2B3F92ED
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F9A1BECA145649CC1864B6BDA7AF2DF	F389D26276B0CFEA4AD38051B195E936ADD201D7	4B1E875ACCDEDB6D3920A310D88381A1D8DB2D623A62CEB2E61EC6FBC3AE6CD7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F5F9F3568E9E7B985539FCEC0C5A907F	2825616632D572BF29EBADBD6EDBF92B241FDD4F	65A7F6388C4E9DCEE0C6F5C5981BE75C3270EDBED2496E097283EB08E86C2954
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C2219F32B655EB9E5BA995CFE6AEB848	61DAFC16C38E2C9629D73BE15876AF5901826A08	D12E58E6C7B737E560FE110CC52CBF49247A36EFD94D988AEF7677894C9998BD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2525C965CBE4C520CC2446C73ACAD19F	F933134862FCF3BCA63012CA325805502755345D	7C351970FCA0D4B09DBDF24859B3C592F0E3B878C5811881DDAA2A1BC79FD000
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\First Run.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D55D47999C708C5665A2B02FC50B451D	83889F060AABAA8E369B4F673276155270077DC3	96A6F25FFEAB2C1F1DDDC94CF8EC77BAB6791A321DFB47C5D8266FE310DC33E0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Last Browser.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD2D7C4C19A29F0AF27E79581472CD6B	1219EAB8C4F6866899ABF4D166CF0CDB79926925	AAA94595D04606AB74E85E3704061909DD91E5F4FAEA26CC4BB37285EB6F2EF9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Last Version.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9E5EA7BFF17BD907496B9B3A20F3E17	1BC515BBDC73ABEBE890648623F8987B181AA1CA	6638928486A3CAE909498142F276C48278A25576A883A7E83D57558BF2650D4A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Local State.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0CE4C4A0476759E492E339E2DA8ECD0D	39ABE4ECB62BE3E63DCDE1274A6BEBA20542316B	C75A67D16245461A171F265C564264838926527D1B02AD960030FD2440D8A18C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Variations.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BE97BEBAE8E82583B09508E4F1C05908	BB7FCCF190C918B2881BB507DD5AEB4EB558CED5	22D04EEFA1AB627FAEBA09196B3D13EB42AF3170B5E9D31E187889B825466B4F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\OTele\excel.exe.db.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AD30348E851ABB4B8ADFE3FC9E073DA7	2E5F9A2FCC83A9B8F258CE990B867AFBED75F8E2	ABA7FEF1C92265C32E3E291F5066024C94C9D944E7DF46F2312FAD4006E2F2C4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA85FB3469A51FFBD61750624CAB60EE	FADC92AD3F2FDB5B8B6D190441E5C5EF488A3BE7	14782EDDDC46CAEE4D1A3FADAA3CBAE36322378FDF4E7CCF98133E5529452CE0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\V01.chk.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18ECE160017045E9EE083C549E07B367	0AAA63BAE18FC7890FF972BFE8409E5873B32B3A	A00C322AC9860378AD478DCE4B794ABCAB995A9305200F2BF0732848EEF98789
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\V01tmp.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5DC098FF6E3EFA189B02557AD5189C1B	BEB166777C523EA15CF9BB44722517B5585C6446	144C7865D8D012B48B5269D3DF45DC0B58B5E4F83EB788D7D977A900A3E78FAB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\.ses.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9CA467325A4B7FC04E904428F944FE0	FB23B90B263AEC537902378F5FA8E776937AD29C	3CE7D617E86A0E5727639C780A926D2FF6CB65F51B0EB747FF69A19F31F3FBDB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0164771190.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BB5DC14993912091AF9C9241EF88605B	FF2DAEBF4894A7DDE06EA23FA7444E6D2B8EB3A3	0906D3BC4E39C6D53DB6949306B35E48F983B03A8102FA0CAB6A1EA8624988E9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0196354653.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	707FE198673CF454B0CCF961A8FE132B	F785BD2D476124F32987C89B660D1C81499FA8A9	7CCF90619B2861855C0BBCF57810A48D502FF683E4B5442B78BDD7EFA70448B1
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0409654664.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9C2A65FDB2342D5D22F6A3C8B11B98B3	85C0F9BA64B354B64EE75E14D68F234CB53735BA	09563450F59698EA59679B731385EE69D8D44B6407C6D199922E21A27E8A93D2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0450125302.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	67304925BF45A1B310108F1D5DA782C5	7FCCEA96CC989D979F7F220C8BB1FDF7175AC21C	BBBF1B4C66C5C159EF1BAD05491C88E1045F55E51E8B3341987A7108A67CF3E6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0518291756.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	051282946F6C2FE438D0915CD8D93938	00EFE6B33E10B59E4493B092E11BFDFAF5018F5A	991B4E1451BC4E76C768BD39F99D33516A28CBA75101137BE644D91F503A6AFA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0653671941.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C2C02306AFDF36C687279AB6C908D02F	7C88FF2903DBC0D10EB2B6CABC7BE58844B5F152	54C320CA2F033B2D8A39BE1C3593F6B0412EA8D33D8E1794D2184FB8479F5505
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0982390758.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	30F0DBBB3A0526A417D3AC10F63DB160	5A6A238781F3E7BDA5D31AB51B54D89D92E659CD	6D002A890FC77D2DB9F28D9C8DB8C10D7434C4193F911FEC690FD4ACE4F76F2D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1033868256.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B014C4F64943D44739D2A21F1330C39	3E61E914EBE451F3E4360B5166C88BA4E9E34F32	9AC3CBCEA7D17E58028F785C6631D41B70B9D7F3F94A899700A387ED83078AAA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1141274626.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9190138595AAD8CACDBBD33ADD8DC0F5	A3AADD1AC8426D0F5F95821F33B735070A03CC5C	4B66AEC6BAB5062021D8B5F1357DFF087DAAB59287E9261792799C31A0A9627E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1206337459.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1A72AC0DE5FEB33B5EA650531BC08F67	578DF5D1B9FC274FE957B994875921B42929941D	77DC02DADF6B22C39998CA371C839F23741CCC08FBA755DEF40B75AF67C22BB3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1237160943.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C46BAD24F3CE9023D0B2A18154AE565B	CAC933B49AF87C5A5D11B39EAAEA6C893C39F3B6	4BBA1D46CCD8D6A9F9927C69E9EE6FEFB397311BA6CE7E50602238226FF3E956
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1239919175.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9809EC0C72B195D6F52141C45EEE1704	FCB0F8A045200755B80D331F2AF9451B1D8E5F97	2A4D980B7F2D6F7A7B885680FC3CEA770D05A42146DD2C30B2ADA71B5178DD5D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1287572840.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A176B3947EAC28E3EEAA531C7761EB8	0BF70423F950C9EC20F31EB4D8A03DB3F6F100AA	6F398A54D9D9CCC57FD7776632DA76330638B87238EE28760B9F95F56BDCEBDF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1422339599.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C31CD895C5F2B1EAC9A744BA90BA4C8F	AB4DF0788AF7AB02EB6489186841035AF9CF7F40	4D937810955BFE0E91356B2BE18C7DD9E592F59745F7D7CF584CCE7330E2711E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1927994670.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	90AC5EC682C4397138D00EEA17189D67	FB060CDE4AD38E0FA42B614A4D2F42839DBCA839	2582AB50E0988CD5637F4447C259D98B4F32C3F96CE4A265E16855619F5D27D5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2103954313.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D6C05A214778AE37B7C35006401740D7	57B421E1A469F8730A6A0129CE31D64B7172ACBA	CBD8EBDEC08AECC1CDEE585D2F9759719C9618A7C7F39C0EC9910BAD4E582D3D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2168651637.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B31886B0563B46DEC128E0732BD11489	3CF5085BDB41ED925BE59FBF69C424C022E55437	254C0A04D22C046B9F7E04F9E4BEEB50C1511FE6F8A4759D012711512A7AB7D2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2265332024.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ACA34A893FC6E78CA2B68E5CA9727D0E	7D8642C181E576B0BC1A49EDF66A31205399E69C	EA9B92279AFBA354D8109BAEBF03116B536E4E037684C193B1DE0E28FABD5BD3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2385760553.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16364FCE11E7124622456DD7DEB4F392	957DB2AFD95943991F6AE8B110D4D8BE92CD8A41	7ED3FA75E8CCFE81FBA21E48A54DEF7A970EFA30244049661DC0033108BE3FBE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2585558601.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4156B044C3C6019FFFD3F2CDADEA464A	0D0DFB996A00C2EA5F8ED93AF650A9FCA905830E	A9535029F155024A0162BD4FCF2F4EAC1C330B9759652D1F454ED00817B8ACEB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2669049752.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B42B6424118BB6754775BF8889DD93DE	5066DCA8A2074566B8B8ED153EC18B107EC4CB4E	217D8A24E3B13A3A8E245811643EFF4F8BF4ACCBD205B1DAC6FB83087618C900
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2843307863.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C6D959775D32E3A70DFAE96938744DF2	FFEDDA036C8105AF9B5A3E07783343B152EF9B91	01EF999926D8E9E0C0179BFE0633A7D26371BCD8B56C405E484147BBE4DEFAD3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3024948866.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D91E857BCE37888A5EBE76D6AC437927	1A79F02B58AAFC0D6A0C6FDF0066835AAD947222	4DBFAA752BF29C01D49A2E00A820F05B09F30539943AA8741A52E4A1DAED509C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3322604653.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D8E429254A3E6A6BEE61B952A47B5C8	C23D265093EB18BC21C91E4ECAAF533FEEBEB5EF	DDAA2A9517F850A3D0285B63BA4B8315009FF0EC64264B0430BB589CFA413AF9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3476888679.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2ADF9A1C22F5880DCD99A48E833CD1E5	6EC132B8745FA60FA4B5E05897147CA4CD83FA9C	B937EB1AE47CA52B06F6E92FAF665BC38D4E137D8FFDD843852CE078F587570D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3643399760.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1427A0FA87256B4C8BCD17F76A45BF3E	6E739338BAB4ED3ADB453D1FA36AC7C7DE66CC75	9FF7FB9794AA98278276FD71B8B3A75FD77C0FF689812D2986066BE5A7159280
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4478492829.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	82695285AE49DF33FE8C48E96CBA3728	4629A4244B0A2FFA4F7BC24155994B8B3A0AE676	E2563504D1F7A7F1A124EEB50A879D6E500C4D6E2D6B4AFFA84A8B2F831403D6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4736274156.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AA3154AA3912D1E7B453072123593882	2A47FD107BE705A5DBE8E76CA1B3C1494FE67193	95492AEC47FB5715FCC87789D039175923C1380ADDE9301AA113C41A7B59E5DE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4941266003.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD687820AF011024068A1014787D9BCE	F76FB862177DC94819B9C1A70744E6E3D5A82AA6	B3470ABCA0476BBDE8CFBE4B708CACBF9420F2809A285D309B6E398E4D4597F9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4965367024.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7AAC363AF968BD2CF28474211157539B	E8BFA1BF09386F78ABD30E77F7DCE7CDA38A9950	CB44C8B9EAF11232CB63DABA2BA20A92CA0856CF12C74E5F83B3FD6FD5314B20
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5064077962.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09FA091540C2E565243041F573692D07	47ECC509AFDF730A4D5EA03938BB6823DC72E6B0	496F654EE200A971A516162EF7D1C434BA73D35865D6D0BBA0205C7B8FB93C58
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5281104033.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB1FBDEA6A82DA586E21F50C545EC5AA	1B1A0F949BB18086C745AA2E8AE4359DE91C9309	E705883A23DF79BF1C158464E6E8476847956DA06030B38B2692E0696840C0EB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5491630718.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CD9D3DCBCCDA2C3E4FD25C0F11F4259C	72770C524700D35609B868A7C2D428E47A1F404D	DCEC0A6CDF39F2115B6C04FDD8BC66FEB8A4EFC916C06E90628ABC6715112BDE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5622580005.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	822ED58F73BBC762ACA7AA728371FC64	F8AA4042724031434A3AF1BF9B4299882EB2909F	64282CA76525216F2494262EF905C15DFCD8EF7390C926D74B9E20A0E4369262
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5713452101.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	52CAD39E05F3B28B7AF6AA0006FE20A5	252F6C709D207746118A7E4628C83F5C216ADB97	074257FD241E12A12D5F1037B39D8A2FBE6122844EBF3830A1F04B7814033D07
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\5809130301.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A7E87C882B03F7FA65F07BB28CCB6081	F184CE54DE7954733FA697EFE4A3C69373326BF6	682437A2101CF4D1B9C9D6A0B2C859D5973F962A6AA56958E320054234F263AA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6092905029.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43699DDD0C539088C315B8FA84E0E121	D23259E8C3894DE0CD639EF75BF8B7301D8DB3EB	F25E5AEAD8026FC121E35231B1B0BB976F54FEFFFC67F9EDA271B87774837F32
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6109303877.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C34CC4DC3663D21D9F8E89796675DAF	36EB0AF1409158E42D3B3CE54FF686D3BC3C3873	BC3A5033E3AC0692E69A1698BF45650F8652058EE6806A410A253D6FD7DA23C7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6183211589.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E70D4C2B52AE417C24EC8F4A582AE02A	1B79113744C6AB7CF52917CC0F5A0816A15D076B	5946C85FA98BE162FD3E60C59D0DBE73695D64DB8EEAA5A4FF6B52171E92AE07
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6213653276.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1833B2C5E37ABC9A91ED6F2B71484C0C	3C009C353A0AE522227EF7CF726DAC9EDF1C8A42	87B070C71A7E4E80C64FFA025E1F056879FE193C4040627D4489B9FC52A27D72
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6329227256.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4215FAC7A0EF74D7C9A0618620545318	9E1AD0C36B7BD996B9BD30A0D4432DBC0342C2BE	9842CF6497FC786C09F0D5FBDDBCAEEE1A50A40C24E0B29C41E9568F5BFC61B0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6422942404.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EA3ADF10D81DA4E5BC48CB93E93F120D	C4F1755CC227A2ED3FA386EC806510C59434F5F4	C2A5291C0B90E9E929C3A6AA67165FF50FC7EF7FE8956CD378F3816FA9C60D76
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6750529025.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98803B4FA85922715F6D7A59A0696C32	6B430AE3A9056BA5EFE379BE212C137824E2092C	C75C99977B36B996E8EC502B16DD5504A7E5C0FD89CCF3363DAF6FB12EA33852
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7011884383.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9760EC7CA42E81AD7C5EAD18FE2150B0	4C9D52005E3819FAA7E7C4EEB6F60A8F21FED804	7CCB0DB5A66712180BE4CB81A17CDCDE73E22A3B0E8903E94774898045CD2A67
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7155756679.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8DB93CA54BB689DCA7433A7A5FABA1C2	252579DD7108A1AED7BA3A4B94312A16BF42F3E9	A9CC9A4563BA652F620C95818B0F2854818F7F5D274218CA08D98A76360D8CB4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7216804956.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	78504334BF1098BC1FBCFD9FB545AEFD	5C4175BF62233D3B22909789F598C854B62B837B	ECDD2313A5D0FCA1B452FFC3FD1725AE34D0DC782A170A7AF6C4836AC1107DDD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7245361316.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	99EB2B83CF67649DB758E88F0B08C729	C2EF9D8D4E217307B1135D4CCB9C15E45B3FB345	41C9A6CE7BA6A09BA47CCFE78D2291641DDC7E11002A43411E076F4192902A4D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7457734050.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B86D1FA471CDBC2D88B70BB18CB7584E	F92788384007A62CD86EE13DDABC19F3375F5889	62B60FD57147ACA7D1FE25859B6E5A09B8CAF8B839CE0F493FC999A36E3AB0FC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7676687441.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C7A969E846916B6E3D438C0C237A503C	7D10417CDC584F1D62065901A63A95CEABDF1012	0987290B11FB1E2824A6F25B3BE50D80499E4FDBFDBF72C013CD937D5838F7B2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8182259827.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FC65D0F11132AD708E15379A45D618A4	61A1EBF7E3DCC19C86796EA986BC0BF19C373FD0	5841E6451A3188CE79BD4F100BD0B64D8CAD4F0B54B51191C9BAF44C7C4061C5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8200946536.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	032F308CD517F1912C1482C908ECDE7B	5F60CF00E1C6545FDA9D7AA32A40936BA9F56110	7E8447BD1FA263E6813BBBDE6455EE58F52A40524BC2C05499A1A32FE95E513A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8351801105.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4867478A902183BB4F1CB9A9A9CBA96A	A86D0071C6CF711F6AE16883015C0B7D4E1BD64A	8C82D9BB80F97384BCC05370703DD9DCAEBCF21F29E98C6BB2B00A6865B5CA9F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8492240360.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4E39B97257A1835BFC5AB6F26BE6725D	B7311C41C9DFC530F4D6FA7F3F09B55CA740D25A	497FE567A1DD0EDD693B56EBC63280D703D987B4FDCC6D03DBF4304DD65A34AD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8552718761.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A2D49CCD77C9EB93467DEE19F482AC29	A68EEC47DEFAED049D291D668D16D7447BDB1C02	8C43C770C3D91033A253053F3CFFB41E8319C88A8C2F2897ED5BD332793942BB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8886835349.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E2FD9471CEECB7C72FF773F2DE185CBC	E5F5743804B696D410D7F81F84708BA003F690EB	2CA2AA742E15565599D79AF1979E0EF1C407C25FBA4760E5DDA5D007817098F3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8975065801.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	965D0F378FC80F383D8C1DFC4ABCA964	3560049A043398730C86F94E0A9F6E3FD7871F0C	6850D57BD4FD96D751864B0F19A76AD274B767078CF10099E3B19ACA98D2E53E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9217021447.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AA5FECFE6B222B7316FE9385F341216	807AC9365A9457313EBFF93CB68A8253FD08CB21	C6D0BBB266916F997CA3AC72C8C971A797E4E92FA3C06D97B51EAE43874AFE45
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9275373402.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0947DEA63AC09EC54C405AA713811139	201D6690A0A332F7908553D9EA3040DA205A51E5	5269224CA35D30939C19CF7E82F79DC32EE7AE73D3E99824EA7735FB49BB6AC2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9329238007.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	30CB96F9698A535CD3C1C2BE0F7097DE	CED77A2B400B477C809214E1EE0F47A422C2FFFB	E9D1C7C790EF0C21DC08767C7FEE8DB44C7758F4D3C509DA8976985C320C15C3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9422479677.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9A6FE09D8A87051C131D292E01A8DBF5	21C57EC1FB051284E6798FBE8CECFDBBBF028E49	A946C66870184CCD85585AFDBD0CBAC61B5F93D0EE3EBD9C04A8B854896FFA7E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9655434068.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C502CF946AA85DFEF9B7DBE3A5DF8E08	D1148DADD1C16759B3A8870127E1891CB8B642A4	6CD3246B5471756259702923F389CDD9011CEB80F28D6E58ADC961F1757219AC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9659692161.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8333F77296A419425FDD515BDEBCF2E1	BF25593C39D8208A2EF6D9AF6F91346482930100	BFDFCAA58058BA0E72DF967302907B7C4FB918B42AE58A94559F9504AFE360C4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9925478147.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0B80426267F499B4BBC722A373DC233C	F4F9BF97CDCDB896356FD5CDA56B43F39D984329	B3BBECB4B40D7A3A6A61A232726A79CC47653521ABC4E6809CE137F6B569351F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1445.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FF71C251200AFE3BE7D88EE6E2738199	FE6AF0BEF706CFEB0996F4120D3232EC0FDECB58	3A00324AC093AE1465C6F9810D626D05AC763CC5FD6FB0B626A545B2B8BC556D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1445a.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3F65602DD7797B9838621D846353E2A1	D952AA88EDD9A362EFB4CF0A1C6C91696683B0D4	7FC1590C77C5AD4C857D43DDB18DF037BBEB829894A292B7CEF1B3D59E9761D7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1546.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8EAC84D824F8853FE4D807AD9B085167	A63169F2A41C83E88692259DDF19387729055CCE	A0A5409F8A930F382D1F7CEFA8749E03FDABC413D0CF7DA28E33F46EA493DC58
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1547.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55B6D83C0ADD9E9B311E40F672D5C570	3AD3785BDF95A0C51739FDECDBFE22552A3314B9	02A81E35A6C8FAEF9169076BC016942158536F32981CF1F80C09EB57192AE5E4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\user-PC-20231004-1550.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	431B087353003B2B715449C9E81FF36C	946DD454A471DE7BB70DD85D511794FF6B16729A	8E0C2D2B3A106E156EA4B1249554F7E27E063D581B8FB8421478E05E18736BA1
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB7EE3746B0EC52E7EA0582B525C7615	F9D318B694D81893BCC948F7909C3ABE4AA83395	CA58D8DA666EC9B5EF1F07E04687D718023A9BDE9E4B394F2331AD49DEB6D174
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JSAMSIProvider64.dll.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16E9E840C3238E3FC849534B845918C0	EE7631A0EA26FF21F074FEA9703D70DDCB0B07B2	A55DF6974256A9B32363101907F21142D7BC822A522A231C014B9B10D947D400
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\pingme.txt.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A75288F49481EAC616805EE9E98D9585	80ED094F1F8659DDCC6C7D13C6DE33EF68A967F7	0DE32EEF0A2AF035EDBB8A9CD49AC0B65F99DDCBBDBEE750995C24A172A0F07A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\acrobat_sbx\acroNGLLog.txt.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43BC2512399370FEF481110046D5E597	E6F60156759A2A7B516D89A25CA331AFAEDE6247	C88CD5471AB5EE2FE8001ECEAFEFD06C9F57350EE9E4E70A165684CF6EFF4C9A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A153DBC171706EABD128A5FD18E535F7	E0C6259D93B6A89867860BB7B073E460485095A7	1C5AE1C7E7D910C239A16A4209012D3E6D413ED8171D3152F429A579FFC5DEB8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\cv_debug.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	059B5C3D1DB3108A8B5FBE441D5EF3C3	D72A1F4E78BFD4375621EEAAA95E908826CB9F6A	BAB1AA38123718F1590DD5448C0ADC4876C2A898A32209D28FD940CAE5F17E0A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	882211F1CBB5AB36DE2197DC3E9F0D36	29B9EC869B2F65F01BBFA7860FA219FD537FACDC	C2FE78D61EA48751E8AFD6975EEE7772D9B2BC010ED5170A3CECB7D13DF99D52
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\msedge_installer.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ABE05FDA1F2A29A38A8F6C1E97C6C71E	49B91AD9A1C5532339F0847CCB32F60DFAD23E7E	581EC04A547F2ADFA926405260C3B357F847B386FF59C7322B04C540187B0958
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\offline.session64.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43F209F87550EC8A37B35FAC93F7D132	E7088C2EAB4DF46671EEC3BF61B0B8E74066B371	E06B20E047B279792B2B34958710D41BFE73ABEA4CD183408377C40327C7C826
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3F42BCBA10C6E1677B4177159E8E266B	3C384353D9F5EA41B30F1DD73DDE6645ABEF1ACD	ED3E517CEE0E35C2C4A246898ADA1CE07ABF6CF62937F6E34233C72E3FF1B845
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\AggregateCache.uca.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44B0F4DA0A4C5B255FEDC90AFBB0DF18	2A2010C280F8EE91641D0F12DC2479153CB179A0	15E78CB77B8065F214D178F1E93CC4D8EFD608FB581A179A4F370E2C46AAFFA2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	471164F8C0AD8354F6F82A6F6A0E710E	187B711BB7047C92D8F695D0C3A0961B0B263490	FD4AE83DE82CE91263FBCDB3DAF2EB37438C75651DF44CE251C285344B55062A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.user.cdp.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	17848AD2782D5719BF11B0473BED6F7E	F2BE71E5F3BF8F9F81E40AC63881E9404EA4E367	DC918B1025BDECD73A1DC612BF20745609DDB3C033103117DE650116966AD8D1
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.user.cdpresource.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7ED826DD879E9FCB5B37B2E758B30874	FF62189A4C41CE119177EBF29319B50A84861D18	ABD1584B3D8926D75D5D40B14B9C0897C4634E56A49B78FE7AB89C276A4A38AD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E33CFCBEBA22AD556F5CFA37413DAF45	BD4F9B10BF301DFA7605A570981FC39F896F1836	9C090DDF660E7EAA17464C81AECDB557546B3EA6D0A69A102224843E1D3CDBD6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.dat.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB889F9AEE8CB7EDE2BBB5298CB2E7D3	1BD25340694DE5B6C80BB311A84F0A7FF3C83006	561104161743A23052B864941AAAD9701A1464DBB9D35FF8928DE2A6C61A3F95
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation Database.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A003E456BA8DEB70C5B7AC69C382D2A	32C425BE47D62821A5C88EA04E60F2CCC057E2BB	51113D96543D26860A514F025027FD33A5A363CD4E468A2E9321388363B342BE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsSiteData.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF5448602840D1330A7079B9BA5E7280	F9BCC735D7A6BA835E04C03374CDEF69338A4EB3	85E6502F0FDE4B85C3EE2BF7BE3EDC483D4E86B53099D2D5B5E138BAD8ED9CD5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsState.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	164F2F1BBB7058EABE3921F89624A47C	A48BE6FF87D164D1EC2A339B4E7C845FACE855FF	7E697C91250C6E90F4FB4204B6B6345EAED02D5806DF3A92C4B29787EC64220A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1AC0E9E2C185762D0E77A4CDDC56E6F6	631C073FF44A6E0308ABACD9CCB3AE181B300A47	C4E24C2D95565423B6EE69D82CB0A425B55774CA9528137BF6D36C56F8979BCA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2300812F70FEE2C66F465A3DC221C175	576B826C8A21E5FF02A82EB67248A6BE00C55609	3F71A861CCC5F61D23BE53C3BDC6BD61BF3D6859FE48A0B2FE470CC4EE7282CC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\js\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B3A1F7AC23807B4AB249A9CFFDF83688	4501898F05A06A5AE3E6153CBFA7B94056F56B09	47B614621EB870495A5151881609493A567960E91A910A507C71910D95FB4BBC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\wasm\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	34EE3EC114691D40CD468128B1CE70BE	3765FDCF34339C2BF85E1F56298B37CEBC61F6D9	B2D368F7BA406056A364DE0C36B1FE4529E21EC3F93A937B2F479E1DD9F947EF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS-journal.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3C2A4FE9885596A6A382A6F6D57ED427	4DD898B3B701A6A5C8C3309F0F88BFA65C8121A8	3085E49170210D7D1EB1A37FC9528054343FB2E3FA13D7B0204098621316D15B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_0.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	23D872FF1B11A187A7AADB18D3F684FA	E61669F64727D55E4DB26AAC0CA7593EABC2755E	63AF4CF172327DC351EE161C8AEAFB378BDB43B5F3B9162725CB447299F19921
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_1.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	702B60BA196474710145CE5D266E2525	A6E8519DE814B790A01213761A8C4AD588BE084D	A8364AE7E0EA4E79FC29306F0CD961534AAB45424D1C5B977C66757500580D68
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_2.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4E87A4DBC06DFD78F5FE6A63E5610F04	F62EA5D34FD4BD289AC25F7233A96FDB3AFB0BD8	9299DBF2022FA06DB5223E418035E2663B86CA0663F920B4CCA9E6FD174D4BF2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_3.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	763C762F9B664739D152ECF5C915A038	B0C23D06AB506D43B21CDAFDCDBBDEF80B919AF6	77A80828DC4D1EF6F88E22A9A9F66FD510C68B8247EBA052A232EB596AAD9408
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\index.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9B2654D680D4FBC8E9C681844DBEEFF	90BDF3CA1387F48189A98BAB30A8121E8A5E9D36	17BE4489EB1C4E5FB75179B4A4AFFEC8533887EBC6B0E50C7AE52FB85DB1984F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD66786B29ED519819CCC3FBD15CE288	65B3F4C82B34974F2F7A3616E3B658C98B79735E	718B9B90E183E59E01995FA2A6D9F46463E6C261D48C3783AF5A16432CED09A4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B1A05E355CE4F930F9CE650A3E5BB56D	E32E814A5348B37B44C4255553AC69F544D68198	56829C9F52EEA2B909B8DF39536E76A3DBFA65F4BD14F569790DD58881C700E0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOCK.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8C1B0299C03DF957966409BD9507A9C7	F4F97A51A73AC07BF15BAF61304F0ADE93F45CBF	794EEE482740CDA6DA2B6AE869129132439C7B52ACAA673A690FE59D2CE05C36
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOG.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4AA8314186155C4DF7509B7D94F803E4	336FF9E0D612B8E161BA011B2BE9DECD8E15D7B7	C29C9DF5FEC2D32503BD2D0807D2B236CB72DD3FC9F9A058A36E7A23478D4347
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databases\Databases.db.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3DE8EFA88064066A69C9155F04CDACD6	9C0C679549DDF66443476555EFC8A5EA610A609D	81D6DB9A1C0F57A20D92233B622F50ABD4080514DC863DC8A6006E0ABE2D11C3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240009v3.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E7452E43F9FC7F1157CC0C212E0ED0FA	8635170EFEF303E9C2388B1E364ECC57E03A38D2	812576DB05ABD0B8E3C099675CBACACE7ECC0721271F0F1F98EB02086EE24C0C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240010v2.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	339C46E04C0BC3BB69135E7EC84E7CFF	132FEB3AD785976DADCAE025D153B82658CD01F6	6BACBA3DBC6E49A481735D2BB2EA4810983791C3C2789CE24490F555A56E2CF0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240012v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	57254E9440877F1CC5136C4F487D1477	EB6DE8052D51312F9150EC1468986138AEF32D4B	7E54D8C37D616E92ED134EC5C8A82B94D5A7317387C83E5DB42B727E47F1393B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240013v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	17AED9F52B889B27039B66CD1CC13AD3	26B642230103DBCCA80BA92F9B873D9C1C1A7A00	10D995188DC370689309FAA89FA2FB27863AFFCC0500CABF4B4BB2CFDE472669
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FF228C4ACCE0F0D54D9913CFE9069D1D	A650D8D83B6BB115607D111409AA5F4B68A752BD	32AD62C37DCE15AA8A2AE81F3B984B27082EB95725ED4249F17B48A92BADDABF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C39B6369CD98F642BCD787C1EF9A998	0A9E0BAFBB4928CA4A6019F9BD7E8DDB9EF84731	C3B3605687FAB63514E1A422EBDBB38351EACDAFBB3D9F010030578E73610F15
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C3140942954C45998A3F3B589B055EF1	C2680A7FCB604B30B1DE964B674AA7F4219DA100	BEC4629C419C21BDE776013377F9E14FD140C229A7C76211C6C4D65F39D74CB2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0F54E7A126402E918143541E5C0D6143	46497BC806DD245F0F3C268DBF00F19ED40FD95B	DE56CECF0AF7FF9638879633AB331B4E3A5260FECF7B78B5E017A7E4AF782877
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AB40408646CE762C5B50AB3F6203024	811AC53A3AE8391A429D6935303DCD6D84C48621	B5548269BFC8C5DC4F39EC6DED99A36027B1CE76DA873B6C65BE9ABCBCF7A620
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	87458DB7EBA66340973419466C2E52DD	754F26DEC352CC2D2B094BC4991E27A7E116588B	17C726A9012F40F19486FBB5EF9F3679A1D7128F58A3777331A8420B199658EE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9C68E53E9512D45EC46DDED7B4FD3DD3	E927498F80B528306E02F1E3DB15A119CA55E2AA	87DA4EE7E2DF352EFAC6BC0AE9B5ACE972ADD865AC3C42ABDF9E2238C87E682E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2F50FA1C10EB9253A72D3147214C352B	F36BA220323E14784EECC657EE3BD30D5F3FE166	11819AD20CDEEE6F172611A02659175AFB0389822D22305D5554EF6E3F199A1C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	878BD489857A41DC9F5ADC0C951EDD20	DF4EEE4621682407C486753C109CC644E99C893E	F453B3FDAF4158979E5CC10BED5CAA0332CFB502A802BC37E942AA2D29BBD616
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A916A5F2C389426E5C89299B8324C45B	A5205243629A9AEEE38AA4FC2BD36B4C66D919E1	783AC62148D73DD7136D4DE2094B445CAEE5C698EF1727E9F4500DFDD35BBBA0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	82FB1D82F6365556603FDD844C44A3AB	2424AA871E9FC43A9BA69ED8CCFFED714C7BEBAA	FF871738730F5EF9F15EB28C6E196D0006034885686FA8227A54687E2BB0F637
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C85798DE3F9A1F81EE3C08A21D01900B	EC830ED039896A817585C31B8BE1DB6D7E4E3688	9061055E8B4BA3AB865B8E616647216FA6D9911B0A1B8A53589DC5EEAF1BBEF2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml.exe (copy)	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06F9D5E61F0CFDC8C3753C375E7E6C41	9D5EFC455E1ED1E43DE9647C04F38BA449F7345F	B4A27F4E5A4068A23B8704A3C6EEC21E3884F77C53942FDB10DC03CFA178D8ED
C:\Users\user\.curlrc.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9501FEEF4DA229A2899D96550AA60822	B472F4E3C2B7C6C17CD4F39F2E83AFFA83541667	2C7F45AF05DAEACE8EC88DEDFBA0062F8409CB0832A787BFDE67657FE450E12F
C:\Users\user\3D Objects\desktop.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4F943F42E4AAE2ACD03A36E6323AF142	0519C136E80DA557048548FB0131D0E36463B365	D61DC7FBA78885A8396608DF8A7D5CF31B4B8FFA517EE177D3E69DA3CFE33458
C:\Users\user\AppData\Local\.curlrc.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A1F9AADF3E277A5E70E98BD8457CA654	F248BCAAA3BEEFD4C6DA2BBBDEBBFC167E23EFB4	84C8C2AF10C3B9A8B323321780B41BDECB3BC1C9C7352702031D71CBD5E0BC25
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9486CC6AECB4483DDF36691231F0FE0E	213EF37EA11808E09FFF3FD11C1DE7D645686C5B	EF7BE852462CCCA35DC45C9930F87EDD2149CC9CD67FDFEC783865060EFB50FE
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	46BDA8772C65F13EB60B8B9AFBAB8864	E9ECE1CE1E9B217C858C1213DCD4DE5ABF6FCC77	0E651E1BAFDCBE9223015AAD989E098546E4B910E5FD1DBA143BADFC3F7E6573
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3295A68F772497B95147EE63C0755E2F	DC89CDC0D7FF66C870A65B231842F245C04CEEAD	56C62C788EEE6CEF132AAAD6FAC1263162F916B8B345B0CA76BBF7904002AEE7
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1BBCD155EB462ED702AF19A7BF601D9D	F1893F377B910482E82C84AC04902FEF36617B0F	8D4B91BA4C2B5407C9430F1925471FD83C1FC84E4E53F2270047E1D5BE8E3D91
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_2.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9D3C6357FD1AFC9FB9D6F64DDA7E863A	6FC451F9253C7DEADD5DF0B6D76F443E5A812076	9D76DBCFCF2A14B15D2E8554A7117CD8E1003CAD06759F0C708A399A3771F4A3
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_3.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2768B19FCAAB80E952DFD185274E2831	B3D12CA292C51389C5986E551170AF1315683755	35923C61EBED3A8881CB3AAC6F438354E112DD40BA93BEAAA29D22BE040F58BC
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F02FAD49F6264140784DAAD0B05B7491	2795309374A33F7C90A3435F1F287EBF595BAB21	188BC9C7F4BE0DF0FA5F3C7AC9C61F5A80DC44E802CD06DFB60602C8BF5CA741
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	72D8303650FEF44B5D22352EBECBBF85	A64AB8CACE2E3510F21F73FFAFC128126A43F18B	13F3D2ED4CEF2AD3B668F3C57B03CC81797C6E4FC861A7BB0029C4E9BA6B79AE
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7CC75AD132B7DF9D838487224CD9653F	60A3C6C63CF9F13E3ABB9AE7880E3FE87619FABA	C9004AB2B2325E0CA147AB96DAFB379C1D2235674818FE7804A447649EA51AEE
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	71FC465729CADAE882BD37EB8EF756C7	98882C245793BE450B8617583AD815B3CB1E6DC1	84A27679C44E76BCB3C105E4723D2703C8A429668B5F5B4F5C6C3F845BBCC6ED
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	20D0B3991187B82D1DDA155461632286	2A594BC4C4FA94B3290EF9F2CB6AFDBC4E72D4A8	079D0476063A88D5FCE8808A7265CBB2138C9406BFBB6432F869469CBA99F10C
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6952BA2C6E2AA5BA0F00DF93C79D05EF	30482BE9D191F8C414BB0B1B139151B5AD7B59AF	5739476EB400E1C4F06255C31A8ECDAC97558BD132EF40499D4B32AA2CC387AE
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	413F9F59B14DCE449DEE10797987C794	3B478BFF9A1D626F50DB8F6A4F56AC479217CA8E	3E614E412528D4B9331F76EC9A776BFEBDD0333145D70496D13F5B42924A67AF
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ADDC7A6317066F83A685F22CAB13E521	F2916573AAB7C4979F2FA4749F0B5C08E2D05703	396B7A49FA75B1E1205C1FD84B0B7F569F18A2130BDA5BEC9C3F0ACF6007841D
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0668C928109FF48C620CEFE75BC7BAB4	C33E7744810E607C987496C532C3E6FA39DF6376	9EABEF41197B3925EE118638D7E608622AA09199FB0FF1FA67AD6D5DEC1C3319
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9A6D051CB214C8A332A7B726DAA07125	35B02AC383CB67FE8EC861968CA54FA5DA786F9C	90FD11A6298B5C1F3A4C8BEFEF86D41444E9C614EAAFDFDA574615A8FF32EAB1
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	237C558295FF810E0DB0013A7CA9AD05	0405A2FADFA96134EDE69696B000A764333A6EBE	5163A34232E546688CE0088CEFB2527150619D00C1B86011B1257AD7666A3D3D
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D692D1D0F647D4EB8998981455CC715F	11A7D9AA9C43CEB27C462A6D85D45F2F315226EE	5EB6C0115AF878E6A7F3DA11893601B54C9D913197E62AA3155FE135A63C317D
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B2B293BC6ADB2A342B1574D5C104A98	CB5756312F16BCA127BBFA98F318D3C295D695D2	5A99EA550893EFF7B4BCE59DC966C3F37B7B5AA5BD50B0AF971FA1239ECF9B37
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	53ED750AB045E199D2F20DAF9E72A0FB	F924C9C5504B6967E5BF6B520B557F65041CD071	8420D4678AF0757E2CB966E468B683A5E5F89B5EF40F8825C21C127F08C501DA
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	00F12F7DE66B7FCBFE6D1FD9EC0528B0	6FBBD4A1E67333CF721C83DE94301C0B32874761	4D9FBA9A4F2A2BD1B04F2B1C1142828C87C8C6089F2E39691314A900C0FBF2F9
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD25D289EEBE698FDEB630499C61192E	5D4E4FF0BBF358DA21140A1678CBC340B96E630C	6D294E8577242CD40F28FAFFC8846BE9ECD2588C98D40E3C239CB3FDD208D172
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7972A73F8002B22CE26CBE14089263F4	2CBC2B1C06A1959394B8EA8CF2571A81F3E49419	694E58EEF7F3EFFD649DCA1CBD97098963720A06FA145E1B20ADC507882CA334
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AB4E86638B26017A74A4E579679DC948	B69028CCD981D38C159BFBDC4ADC059A08DAE46A	BB23220C2265EA42BEFFEB032F57B323ED5B15089A6DAF586F067B021F775880
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F795BF0483A5BF61E57E7C918B80A8E3	176CF719A08724C7A17BDF1F9CBF93274AC43549	8D0FA00B6094AA7B1D7184068B0D61FFF29A7197B59C2BC3563DBD438500B8B4
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F5BF493228340914AE7A1337F98F87D7	FF5232812D7BE10A5F2B1DCCC14B2C8A1D87F304	57606004D59002D98BAB5CFB512A5A72502F60A51CAF2774283F3E3DE791A4DE
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8342EBDB32394298F7476F65C9A7311F	E860B5E2B485A6AD687F6DA1D09EFC4A0234E32A	2ED4CF29A83E6AEB868D82824441288913FCF45E0FA58E382988FFD0CB8BABCA
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A89540CD4C82474E16413C534AD61419	0292852643F16B5B7211B3B717FD74ABF7F4926A	68C2B29C9BB230E2DAEFCD28BCAC3956CC904A0B33694EB03DCCBAA577A352E8
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18CD3EE42586754EA49442C80438F760	B47B0171858466AC99FA8D5DA08DDB2821435238	8D5A4F56078023A8160CECED9785DCE705133B43F9135C10EBE2495EA700C6A3
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55913D7C7538FA6401D57706248A4128	B13B3A512B998B9D677D494B3B168AE5AA7145B8	D2E4E677C233309247FAC3ADAAC8165EF98921E94657D00E2DC801638FB77ABC
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D10E111EA2FFC3EED287D68967E87C9	6F4F92E4EDF17B02FD4743790F5370AE74AFD722	66C8D04D30FBA49927D94E11CFBAEDFD2389D88EF187A25AA118A4A391B6C34B
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6BC461B14BFA05018862BAD96B9553FD	6402C0D48CD38739D13C96AC19AEAE134F128C5E	689385F54BD17FB2F2B33ACB85A486D80CAE8919D6B5320244B8EE0C7D3B3803
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7AAB539677A89E7EDB4F4772713C3EB5	A4DD85165084801657C59520A2950A0A7501E668	FE8D6F2609132AB25EE150A3A019AF519BF1DDF05F84790A1C957C84E72C3BE3
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	73745812A2EAB7A1F9D5B7D9C9FADE1E	D92EA95D63C4CD54FA318209BBCB692A814575A4	4DCAD000303A27793C7E23A5F4960F9FC446024CDE55F2716A52C06649CDF02B
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1133C67D3D31F5506D45FA8F8AFF6CDC	815CB8B67AC910663AB0BCA55EEA4E20410BAD3E	5B88C6AEBF3B0490F1A3E2E1208C3B641D4DB947E81E7342B708B09C839B3E09
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0EBF4D7A36B5D012FEB0B643F6C96FA5	8D935105F3EF936DB7B2D7C9064CB8FE52A12551	941C3D0C58A306C711B7DDFCC1BDF0D85F80131A9BC55DA2A16550D35E0F77F7
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C340911D3138CD860C1D6ACDE4D968A7	9F0D950A02EAEBE13CE02E927DD3DF857FE6662F	66EA7AC757D123A93117E231958625D1BE7C87CC9359409B0E4A502343374C66
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0CEB8694E6DDF8CFC8EB31FCF2F8866	5CA918C9FA2E97A10D2E3790A043A263E5404889	C3557AB742145470AA059EEFD3B218864FAE4646CDFB865B04A07F44CA1D1FF6
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	364164F568D61BA93D4BAEF506FBF7CC	7A3C7F58290C88C59A665443C258F12E86371C75	31C112675F88624038644D01A67FD7C25620221524BA60644100BFF59A17DFDB
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	535A1DD72F1214C210389FB39DADE376	7281C225CB23069707D4F885E9F81F3671B60A78	803320F2C22F441B509F0B89BD33FC8DBE74DD6506FE0E811DE7891E4570AC92
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A8B66010E63D2767017F5B14C61F6C19	9028F480908432638143254D88F233874B148036	872AF4BFC20EE7858AE7C655E6308715ECDD7C275A90E3C6B8FC8A47C8DB3BA5
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6CA0030660951C7E68EB62F00C2E4A72	5C465C5CE972577CF1EE72F4C3502FE5C3926D84	5CB71400E83FC32B48102BCD279187AB1EB86DA7B11F9BB64C4BC52461D6287A
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1337CFF990F9962DEB6712AA33A81319	C1D8E79C22EC15286D0371C181D61382E925CB18	FAAC43CE178CBAAAC18A6645A60FF2B1D2C2E6240369E30FA6D3D7A2BC97819E
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9FA50640E087C0B6D06B9B5F1E7E844	FFB6249B037491FC866B8FB3FFED29DED8FA3C3A	D107480041BBF6863A10006426E99334CFA897C567E7254D5A6A638A24543D30
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F2707800EBAE8200F0E7F7390B8E0B79	DF1DE431C9F9DB74CF432B92682371FD57AAA82A	77BEBE2F2F1A22931CF3340862364915033A5B760A7052361D3ADC13B72AE956
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\the-real-index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED4603731B987D03B0B8ADA206CE2C1B	F420315141A7A6B3C53C2FC7E6C38E1118D1AFC2	37C2FCC1824F2F2C9ECB8B6515426FFA4938F9D9A1EC59A27C7E53736007AAD3
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D2C3692C7FC39F2EB0AA80F17C331AEC	60FB2F763A001E5410330CEB7588249C62FBA86E	24006951CA8FC1FDD1744D2FD49899C8032B0EF8B629C2E112A108D1763D579E
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	10BF517A2DDBD52402E145F3AFE40AEE	949D388813F7A8E3E58A2C6EF3E3543C865BF1A3	6E32B9F2D825F8F6E11915D4CCD0A17DB1EBAF4AE8E5B914E8909FF2D096B08D
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE416B5B61D663B9117021FEB7215539	6B5EE4C38B0539C68F5DA9009844E446EA4E6D98	FF7AC2CE8CEB13238EE66247DB4E01E63DB529C40235DB7F9B09E8954359E0DB
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9D74ABB3A088CD1EACC16E76C9F7D33B	A44409031C3E1AD56C92477A179E5727D61763BF	E0679B909DC62B65D9A05F43DBCDD3D6F1B876C2FF02DC98649CE3B477A47669
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\000003.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0176FE61C2E0434182429089AE43CBC	C7E01C1CDE288C4684327FF4F2E8B1D7C42519A0	A44D372DE918FE19A7C8DAD66112524FAA66BFA60172A8775615AD082E7BE68A
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	080EE543C378C533E9337ECAC491B203	DC575523741D88847390A16C4F9FEF89357D61A3	ABAB53AC863F2600DA2C330B6A6FD59297A3B519773B4E9290CCE4413CCFC225
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0D0AECE1689909F755A86C79625D8875	7D319D8D920C21933948A9127C5825FF2A4E0DB7	2A535E6CDCC0CFD50522B597C75F2FCB108660FCD260B50BBBBCE8C7A2D8732F
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5CC19123C564C52516239BEFC98D50A	4569DB36F56C46ECD8A3BC1125455726607E6554	4FF34DDCA21866F60E4D07A1AB421CB4ECEE26BE5018269329510FE1FD332D70
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	39FDA2B970C93A332DE602530679203F	A9CBDBAD71E432D268AF733D4A046BFB6DEB8312	9AF67D62FF91FD25BA625817046FD295EAAA8941377AAEC220BFDC9D1D13757E
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE3A0E537EEECF75D5646E56796E60D0	9AFC975EAD25E6C55888B559223F59142EB7E1FA	E6F68F32BBCAF685DCBCED4BC63665F3BD1965B25837BDDA4D5E8C64584C1DD5
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64EFF9BFAB3E04AF122310BA34C932ED	5351EB8E0BF511A7C7770ACC746B199588B55D83	5F8C8E8D74E70172F8D05DCC9C453501C0AF60B3DA8A6663E8D8622DB292C66A
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	478A00CE2E8D6229B2EDC1BACE45DC92	87213173CDCA5ADCE86A2A2E7253F08C08B721C3	DA52B9BC50591E03D4134B0ABAC96DD8809C430C0A4B5BAE2066BCDF3ADF453E
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies-journal.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	981141DFDCCBA035B2ACA1A5D1317EB2	05D2DCE56143291981E7CA61139BABB12F31F161	9DEB48E6CB5DBD430BCA18E1DFB239D1EB996F6DF25CE00CBD1930687CA41EA8
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A80D40750AB0A719456DACE0E96AF4F2	4F9E89C1371CB01ED86599B578F72F6AD72131FE	246B16E8D7292C47A26DFEBAE62B54C11B4BA2171698225526B4A26824994540
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2ED556D08AE728DD4CA3D57E0B2AE826	1C3D735F06A1245C8CB6723D823B27606F02FC4E	3B54F40B9060ECA8AC32D73DA1B797AF3E3D9EC7A0D293E4E0709458A80A69D3
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\NetworkDataMigrated.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A382D77505FF45409582389120D3BC4	EA8F582ADA1FF593BB90DD860FE25E141BBD60A3	83017B2677924BE453768587D7CD491A8519A36C5D7BC4574EF294BDF0571B15
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL-journal.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	73D90D4DB96135103650AB3FB501D694	263A3F5548ADA300A25B17979E004A30EF5A9CF9	DAE2C475570057CB6EE1C25CC3CCD41A101BB507C7A3C1CF3C77A374F18A383A
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F811436FF5E08F8F60082DD7C200AF01	E05A4B5B214D07F62242EA5A3F78EBC66C92D337	4556E816BFA53146BF147C9846BBD69CEE056BF18B4E1B04FA89E37006B3144E
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	952D027B3F4F1155AC8ADFA90D363819	92F78454B013A4678FCB96839355190C093387FC	604BD5297E1CBDD1A09979CD6A7D565E8C87FD96C6D720CF0C89C70A54281EAF
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	047585A8838DFD1234594E5F0F91E3DC	429B31147F57502230D9B8721DA86C9A87C54D20	A11591EE64AE29125525FD8B03DED9140BEFCC6C42EF87CBDA29624E1EA898DA
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A6AE0AFBE127FE53C0C21D4D374F2404	B42BC052AF0D38222C4E168C7DC8722C2A1B8856	EDFD740AA5FA9B51E16F76A90DD65701C46DA9C71F27AFC5607DF825B2423E23
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4668CF4275A95120E953769A17ACBBA3	B94DA3D526CC7732B6876AF70D222221EAC43D17	3F8F21C0FC90265EE556D96D76F748288AE87E62F36C129CE3D7656D20428F28
C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D8A4B271544B128E08B8FC9FBACCCC35	429C8BAA2DB055C402FFAE71B7018862397A5ECB	3B99D138C0693005A32A6816F753DCCD283FF189C387CF0C867F81F49BDA1C74
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F3D11105F54798D158E107C8CA23DB82	4B625A3784ED9C034315867B6FE030F65C2B04B2	0C8174A74454D59F008A87A53DF2DCF124501C3288F67EC696C8FE0E075B2D87
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FB94617F1F005A9C0552ABA310180876	73B4F095FD8CBDCAB97D54D7F39FA39A5177382A	A2A759933CAACFD3D35739B8DBA463E1A6CDA016F44532AFB659F9014F28FFDF
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	502F26FDF4FC3A8092A3BA82DBBDA894	51ACD352F503F42B865BBD0D777A96C9DACC7FDA	E6D313F4C93F98F6BBAE73AD2EE81E66396769F30F12F4343066D494FCE3CAB2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6B89586FFEEE39D4705554CC1CA491CA	8AF5556F5ED9968A4FB6F35F5E2DE88E04DAB06B	E0B783A091A33D11C8D7DA77004113091665DF06DBE59A02B23EC024FD3AEDC4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	161933CA4CAD70785ED872C88B9F55E9	D299220304431E0B0DDF401B500EFCC0BF8EB957	4D46CF9826217D83E90C7D4E0EFA032C1D08552B81CAFCDB90952478FE329B43
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	57652765A2156238F89B77904AE4A9AD	295AE811EEF0D46B5A3F8729BECC2F29D849B476	521F347DAAFC5264C09E84A2AFAC613501A7488816A3B6A893F0A433FC19391B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2A222FA110E1AB4FC4854E25EC093B91	9305DF6265C73C3A442801E9AF49E7D5C132566A	12DEEC36D20E3D00FA6AB682949CE81542A0B66561B88C872973B5CCCEEBDF3D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2AAF6C2C33EFCA8213A2529E552FEEEC	B9E8D9AE0660FE80E03C091FB5BB8DDE79045B5B	E1B599F1A3316480F8BB09AC5B4DABFE5D2876CBB098F926827E409BD753801E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F338B0EDDCC26F89C4CF6CB9EF578A67	B08D456F02DB6303570CF58670DD943066C600B5	2D6517F80458A5E4D87094B3ABAB4231963AA694D64D22DD9C57AAF350FF6D3E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A18BD4EC36B0AA4290639699A1959AC0	FCDA3F41A83C56FBC3E3515A636D9FAA73390451	1255FBE583407AD9D38C20E8CD8F3A9883DA593117E999D4A1F7E2A708EB83D2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E6995760C4E403DBCBC8115119E3DD9A	5B60639C02D1E1665E7820427944B6FABCD277B2	1F2DA81B2F628A2231078C486EBF5907E29C96B7F04706BDC438698CEC8FA342
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	162EA6E8917E8D9B0409AE2DC30E41C9	005EF53CEC1323B9E6A3BD37D2043B0064634A9E	2BC65F2ABAEFB1540890F962083D9488EAE66E53DB66BBC1AC1505A966F7CB87
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A16B31BA115A41384751D14B4BB54038	D5E7627C184E5F1CE2EBE218A05419C81ED26C1F	4A526539AC0354E953F4886294EB3D79B43E946BCAAC464A810838483EA187D3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2A8D7D231457895A3A5BA0500E1C5188	06B8714061B9A48424A08C3D9A20C017D2227AFE	19096CAEFE389B0810C175C988A607803E4D0DA151163445B5025661FFA6771B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F0C1AEC7F0E236298728194867677830	3837B9E9CEC8BC7AA89E7DC0F4D9B94EFE595976	EA7AFC3B5C471717E79BFED3B01898B055E02AA6706B7A6C2948C9FAB308888C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4F3C6D9CD573C58ECC9819CD323909C7	0F46366CE777065F7C3D8134FD8016C03E5A0704	9B4952AFD5524906748150865776F7DB873388F2EF48392A0E0A1453C50B90AD
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	63418A1A44F146E3ED94A6B272974D1E	B0AED3441A9A51C9AC30204493EF2294E2ABEE99	E841D512661E447EB216C8E93B33DA5E1192DF656FFE902E67E8812E756FC64D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68576BE6E4033B61FCDB827827339D69	705BB1BA87B6A4B4C2AD88E298DA9F0C789ECCAD	10B0533D6DD06F7C591DDA3A9AA9F5D5642437B99B1F4AFF699D562FBED3C500
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	40A710995C920EE33571A33001E7EB93	8030604D542E360E01CEEF93F456BF8DACCBB75D	6154625BEC39D02F9A88296E91ADF9AE780F8D6BC079A0EA557A16949407573A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED39960792DD30C54265CECA9369FCD2	01FA3D1B27089F4396960E470C8173ABF7075CB9	4F5E6DA3F9B21F0A74436A9D56E8969865177070D67FED00CD89C9D3C8B465FB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4CC8F4C077F23AAA4A8F3FEE80CF3BF9	F0EE693EE6B3BFF59B946658424F3C071A82FEA3	F4C5C08E52C66B94103FFD1986C241841E5FA348D3EE204FB1E916463A606D98
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F9721E3A8216F52B732C71A7857060A2	F9AED199E32C3A974E05F6C73A421EA134E72462	1F8F4F867DC966E6AF78F56DDDB2DD65AA77957138DA7503B40C1FBFAF0CCD9A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	348625A60A7CA9D377C634CC3D6FC63A	FFEDD20816543FB1054507AED9A9A5879FCAB01D	39950DCA38F826CD5C1FC12B50000960C72746875F6BA104EBB46CDA5EF63F3A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	839CB641F758B809DB636E9865275781	1DCD76773AE0B2B230BE3FB68DE8E24EA36BA3B9	FE9086963969273C3F1BCE191484295E65C3E8407A333BDBA32357D39E20FE3F
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	51D8CEDD0E3378C51F408AC0CC43F019	034DA8C64674BD48BCCF2D701F35816068BF53C9	9BE75F9ADB298C188993A6396EC0D72C4F70C7F5649004788398A81BE9926ACE
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D6B0D8594E873BB9EEE234E534BEC5B2	1115A040517F5DB60142652B8E838937435EF8E2	5DE306F8E0342E3D49A5B2A4DB102DBC4AE61B1C90BAE631BE256283BEA5ECDD
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A766223AFE284CFB7502EA722143AC76	794149DDFC510F221E9B0BA079CC6A7BE06BF823	E58828CBB66A2ED33991BABAB9566FAA67ED9CD556B37075E3ECCC9E706B32C8
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBC173FC2AAC1B54C1CC5FC0711735BC	4256144524E2040A52055CACF748FB098E78F12B	B8722591F87717C5C87319DFD3C27E405BFE1E9173CBF531264F750A7F2D0092
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7058B5A6F747CE98F7939ED2781D206F	D55E8D4EAE27975F6FB6C8FBE8464CA9DC2631D7	C777E08CB953E817796AFF59EAA47B56FCE1443EC3A12C249110F793FE7AF528
C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C241F1E724678EC8CC45A12B68B57FCC	95035ABFDC5BBD10CB496FD7E81F106BEBA956A6	4F4E5E7ED5E45251742FDA739BDC79CD3D188124C2A81FAC0CA7140A1F03C26E
C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B488F06DE9D3EBEF0AD3793A6A676C9B	914CB538C1B2992C3D35689C99BA7C83CC7458CE	C756E21810D6A4445C45B0DE3167B670EC9FC7B46840BA486B637586E76CC93B
C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44B0F4DA0A4C5B255FEDC90AFBB0DF18	2A2010C280F8EE91641D0F12DC2479153CB179A0	15E78CB77B8065F214D178F1E93CC4D8EFD608FB581A179A4F370E2C46AAFFA2
C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	54A30E577F25CBFF60FC494AC1564627	780E4509E11CDD1140314E161AD5C9F3719E3B8E	5BD3CC6BD2ACA7A37A7D4AF8840EE59E711841F11E298CA66627B7453E2B0ACB
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	471164F8C0AD8354F6F82A6F6A0E710E	187B711BB7047C92D8F695D0C3A0961B0B263490	FD4AE83DE82CE91263FBCDB3DAF2EB37438C75651DF44CE251C285344B55062A
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	17848AD2782D5719BF11B0473BED6F7E	F2BE71E5F3BF8F9F81E40AC63881E9404EA4E367	DC918B1025BDECD73A1DC612BF20745609DDB3C033103117DE650116966AD8D1
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E85F6A035D6ADB11180D0EA9B10A763F	B366DE76EB7A54629E4FEE110924BC6948FFD527	1E9A2FD5968BD4098BE7139F3532E855078B70873ECBF0B17D068FC4623C2C6A
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7ED826DD879E9FCB5B37B2E758B30874	FF62189A4C41CE119177EBF29319B50A84861D18	ABD1584B3D8926D75D5D40B14B9C0897C4634E56A49B78FE7AB89C276A4A38AD
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8171E10D81F0CA8E42245ECFE20F1B4A	478514F3753E4C406747C9FC5FC19DBEEF6E9F79	B7307A09FA00181F2C2F6A0C27C20F6D0AEDD1708A32885747EAD3E04B2FBCC7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E33CFCBEBA22AD556F5CFA37413DAF45	BD4F9B10BF301DFA7605A570981FC39F896F1836	9C090DDF660E7EAA17464C81AECDB557546B3EA6D0A69A102224843E1D3CDBD6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB889F9AEE8CB7EDE2BBB5298CB2E7D3	1BD25340694DE5B6C80BB311A84F0A7FF3C83006	561104161743A23052B864941AAAD9701A1464DBB9D35FF8928DE2A6C61A3F95
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A003E456BA8DEB70C5B7AC69C382D2A	32C425BE47D62821A5C88EA04E60F2CCC057E2BB	51113D96543D26860A514F025027FD33A5A363CD4E468A2E9321388363B342BE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF5448602840D1330A7079B9BA5E7280	F9BCC735D7A6BA835E04C03374CDEF69338A4EB3	85E6502F0FDE4B85C3EE2BF7BE3EDC483D4E86B53099D2D5B5E138BAD8ED9CD5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	164F2F1BBB7058EABE3921F89624A47C	A48BE6FF87D164D1EC2A339B4E7C845FACE855FF	7E697C91250C6E90F4FB4204B6B6345EAED02D5806DF3A92C4B29787EC64220A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1AC0E9E2C185762D0E77A4CDDC56E6F6	631C073FF44A6E0308ABACD9CCB3AE181B300A47	C4E24C2D95565423B6EE69D82CB0A425B55774CA9528137BF6D36C56F8979BCA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2300812F70FEE2C66F465A3DC221C175	576B826C8A21E5FF02A82EB67248A6BE00C55609	3F71A861CCC5F61D23BE53C3BDC6BD61BF3D6859FE48A0B2FE470CC4EE7282CC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B3A1F7AC23807B4AB249A9CFFDF83688	4501898F05A06A5AE3E6153CBFA7B94056F56B09	47B614621EB870495A5151881609493A567960E91A910A507C71910D95FB4BBC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	34EE3EC114691D40CD468128B1CE70BE	3765FDCF34339C2BF85E1F56298B37CEBC61F6D9	B2D368F7BA406056A364DE0C36B1FE4529E21EC3F93A937B2F479E1DD9F947EF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journal.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3C2A4FE9885596A6A382A6F6D57ED427	4DD898B3B701A6A5C8C3309F0F88BFA65C8121A8	3085E49170210D7D1EB1A37FC9528054343FB2E3FA13D7B0204098621316D15B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85AC24D5931DC9DF2D58E75DF9C80364	77729FF766B46F720195C7343F7D386C0A43EA8D	8D2D7014F628B30A1042E324D3666018CE4B942C1499FE62E4227F05B32ED132
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	23D872FF1B11A187A7AADB18D3F684FA	E61669F64727D55E4DB26AAC0CA7593EABC2755E	63AF4CF172327DC351EE161C8AEAFB378BDB43B5F3B9162725CB447299F19921
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	702B60BA196474710145CE5D266E2525	A6E8519DE814B790A01213761A8C4AD588BE084D	A8364AE7E0EA4E79FC29306F0CD961534AAB45424D1C5B977C66757500580D68
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4E87A4DBC06DFD78F5FE6A63E5610F04	F62EA5D34FD4BD289AC25F7233A96FDB3AFB0BD8	9299DBF2022FA06DB5223E418035E2663B86CA0663F920B4CCA9E6FD174D4BF2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_3.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	763C762F9B664739D152ECF5C915A038	B0C23D06AB506D43B21CDAFDCDBBDEF80B919AF6	77A80828DC4D1EF6F88E22A9A9F66FD510C68B8247EBA052A232EB596AAD9408
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\index.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9B2654D680D4FBC8E9C681844DBEEFF	90BDF3CA1387F48189A98BAB30A8121E8A5E9D36	17BE4489EB1C4E5FB75179B4A4AFFEC8533887EBC6B0E50C7AE52FB85DB1984F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD66786B29ED519819CCC3FBD15CE288	65B3F4C82B34974F2F7A3616E3B658C98B79735E	718B9B90E183E59E01995FA2A6D9F46463E6C261D48C3783AF5A16432CED09A4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B1A05E355CE4F930F9CE650A3E5BB56D	E32E814A5348B37B44C4255553AC69F544D68198	56829C9F52EEA2B909B8DF39536E76A3DBFA65F4BD14F569790DD58881C700E0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	26015943E2EE527073A03F92A4D82A46	D2733420970ECEB59B628A897628ADDF3B223B8F	AA8E07D8F5DD35DE34303F7888879C95EEB3904B373B3370D4873C402498A66A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	52F6FE2FC24DAEC630E6DFB1B88E1F27	CFE6D27AA2779B772F6B2E5D441A6D47D58E433B	AFC777AD2F64BCE09BCE1B8144D2F8A59D7D4453E889F7F0660C611F4C0B5BB2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8C1B0299C03DF957966409BD9507A9C7	F4F97A51A73AC07BF15BAF61304F0ADE93F45CBF	794EEE482740CDA6DA2B6AE869129132439C7B52ACAA673A690FE59D2CE05C36
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4AA8314186155C4DF7509B7D94F803E4	336FF9E0D612B8E161BA011B2BE9DECD8E15D7B7	C29C9DF5FEC2D32503BD2D0807D2B236CB72DD3FC9F9A058A36E7A23478D4347
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3DE8EFA88064066A69C9155F04CDACD6	9C0C679549DDF66443476555EFC8A5EA610A609D	81D6DB9A1C0F57A20D92233B622F50ABD4080514DC863DC8A6006E0ABE2D11C3
C:\Users\user\AppData\Local\Google\Chrome\User Data\First Run.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EC626B78E517610E0D5A00DF910B04B2	2A85A58D21463FE873ADBF51499369B1293ECA42	40F500AE51B0878A692CFE1FF66D752E9974F66D4B782801241E0558D7562E11
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5E69A825C41DA539FD0A91B8CDF2D212	2B69152409B5E2D8E36F32D797A711023BCAF0AB	AC34410414C7DF3A0A89496481FF83F030534BEE6289B3B5441746FA75079763
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EAE3F48183BFD53B81E373BA3329F8E9	DE36D38296223D7F31342543FDF01D7CD1652E6E	96A30384FA9C6B5F513EB8520E0F9606C505488AA5B5ED5B52B5D655C119C382
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E069159D05FFE10714AE56AE4BF06AB	ECD834B8DDECA1DD5B46E74ADC0C30B6F0EE764D	E831F531B752B9F9539D7E6692DFF7A39F5F2F174C27973F0FB492C3B9F96134
C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FD3AF67FEFE65E0822CB4742A2C016A	44D082464DD783EB415D170972E07191B269135A	75B767E35D65F67CD701156283EFCE06EE83408E7CC7C9C1D38C44748FF65FB3
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F9A1BECA145649CC1864B6BDA7AF2DF	F389D26276B0CFEA4AD38051B195E936ADD201D7	4B1E875ACCDEDB6D3920A310D88381A1D8DB2D623A62CEB2E61EC6FBC3AE6CD7
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F5F9F3568E9E7B985539FCEC0C5A907F	2825616632D572BF29EBADBD6EDBF92B241FDD4F	65A7F6388C4E9DCEE0C6F5C5981BE75C3270EDBED2496E097283EB08E86C2954
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\LOCK.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C2219F32B655EB9E5BA995CFE6AEB848	61DAFC16C38E2C9629D73BE15876AF5901826A08	D12E58E6C7B737E560FE110CC52CBF49247A36EFD94D988AEF7677894C9998BD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\LOG.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2525C965CBE4C520CC2446C73ACAD19F	F933134862FCF3BCA63012CA325805502755345D	7C351970FCA0D4B09DBDF24859B3C592F0E3B878C5811881DDAA2A1BC79FD000
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\First Run.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D55D47999C708C5665A2B02FC50B451D	83889F060AABAA8E369B4F673276155270077DC3	96A6F25FFEAB2C1F1DDDC94CF8EC77BAB6791A321DFB47C5D8266FE310DC33E0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD2D7C4C19A29F0AF27E79581472CD6B	1219EAB8C4F6866899ABF4D166CF0CDB79926925	AAA94595D04606AB74E85E3704061909DD91E5F4FAEA26CC4BB37285EB6F2EF9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9E5EA7BFF17BD907496B9B3A20F3E17	1BC515BBDC73ABEBE890648623F8987B181AA1CA	6638928486A3CAE909498142F276C48278A25576A883A7E83D57558BF2650D4A
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0CE4C4A0476759E492E339E2DA8ECD0D	39ABE4ECB62BE3E63DCDE1274A6BEBA20542316B	C75A67D16245461A171F265C564264838926527D1B02AD960030FD2440D8A18C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BE97BEBAE8E82583B09508E4F1C05908	BB7FCCF190C918B2881BB507DD5AEB4EB558CED5	22D04EEFA1AB627FAEBA09196B3D13EB42AF3170B5E9D31E187889B825466B4F
C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	949E7CAF55AC0D63D9EDC23D30E87FF1	76B316086B8314FD2D29C1D3851B90FD35D1CC5A	65E3D8A4AE0094C305E5DF76C9944FFD534D401FA1E59686FB11166EEE2B8ACB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11210v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1DD2C25B32BEEA55B7D1618CFB36F11C	4F963D0FBA482018E7CBF2E48C7D25C0E733F3FF	73D7C82343242B41CFA191F85579DD8DD53FC65F6E3B5EA28FF6DAB85B33A705
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11264v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	49714064EAB270BCC4385B58DD7282F4	543CB5EC4C040D4954DB6A44B02657E2FEE2487D	3ABC8AFBCA0F6F425704F0F48DE361EE986095C13299B0F01A3E8C7D4182D083
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11265v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2A3EC936116D436F486CAA608A0AD2BA	51E4B3FEA8F5AE8EF740EF1E361BB776541B4C35	68A884E05F8D2C8501CA31F5FB6F384F6AF95C4FD64E50706DA82376CA651444
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11289v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1CA5FBEA7607EB689C0229EE9BE9D4C3	CB79406AA4220E867517BA530CADCD61AB60BD3B	9894667F2D0243517F37F57DC0157E7C8105654FEB962E4A2F957A522CDA3B8E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11300v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9A6B84CC1D9E272540FF62896D3F9E92	6B18FDA9131C06304684FFD6525E57784A6F2B2C	8070AA8C3B5259438845492A1FFB6C9C9BB77A64B09D804E3025B3EF835755D6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11302v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	83FA96EC11CA262BAE345A471951E802	6DF9D5C0A371DD19516AFE1090169B35C6E992EB	098D52AF82D0D1574285F3B81DCD7D127BEC1A539576BEA2A751B9B28B4EBE39
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11369v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CAFBF1B6702BBE56D8D05A176A1EEE80	9561939BE2A18F4CF45DA57B3DE33608BE1A4D25	EC22E026481503D64B32D48BB882AD4308838EA3D89B1C75530658FD55E3D23D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11370v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3026A0AE80733CE548B74181D21F3D15	CD1255026571220ACCE32D5A764309C69EEAC461	217B9154431BABA1DB26F9E784439DFB8EF4437F33DC14DE57B01D674989A599
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11381v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	37930C59795CEDF3BBC53B58A313E00A	70042E546FF005106EFEB2B99C4F76AE932B135E	4D3FEE8A5452231BBC53A2E0CA048C080432271F47A6FB6596E93B26B843DB6F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11464v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D51F5F395B2C42144EFB134D63EBF11E	DD6FCCD500511AA88AAE840FA56EB8CB52997111	8FE7CC87F63B7470169975CC33DF20C8C1784B7B904600D909ADC354DBE85AF8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11498v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	845E3F739DD6B7BA5E2C19D887D1A580	4E7EF45474BE1E7D384EED9C90EE7CB4DCEECCD9	824C36214444E78ED7CD3B9ADB6F44EE726427DF82946216887CBC4045D16EA5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11499v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18199199AFCBF3A3377AD90B3B51187E	A3B683501349B32600354F152FB3702B8DB88E85	9EDF8CFB55444CE6C29D049844F715FDEF675CE46025FF70A98547F1C80BAAEC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11500v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	77474B9A3E2AD03092C1E9CFC7E6BD6E	7E5CB699F73A73D0EACB3981DE5CF390CDBEAE6A	0C75F7ABC59B4879F6CE768EB301E558FD127C2F6FA31B2CB2F110F2D6087135
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11502v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9D0A17092F2C1CD744FA46A2CE49E62E	2F56B2458B083ABD0399917D70C68C8D6B60AAA0	F7D8F9A098AE09F2C4B9D3293B023D6087900A258EA90C5A0D4CC6440778ACC5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11504v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6C773E464AFD407B1EB20715F289BFA7	652C035F46DC8AEA673EEEBAB5DCB0E1F8684917	7CCE75FBFA2E784E9D68AC551A7BAD760B7BD0B00E3711C683D72BDEE9292E80
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11659v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0EEB9E8FD9E53E408560279A025B4B1	44D5DA751529C8CA89B38A01F88331A03FB1CB49	7879E59D666F2492AA87081D8D87828FD2353818C2CA456D1F9F5F24CD89A916
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11701v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F155569D67A04621408C042093668431	ABD521D8755D63EBE8428066DCB7504D727EB0D0	F9B1142CAF5B874796D5B570D01BE570D84A7F299C44E5CB06ADA3224A8CB6AE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11705v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7C55C7E9C858CD0C2D57AA07688C412B	007F7DCC1DA100D830A463A04118B50A164443F1	9F023C1B77080F60DAEF658973E20B9C7A9A99737A31941B132E45AAEFFE1CA6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11710v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7CBABD132024FEDE2C0FA911F0EE2CF3	848061010F402881DA6326604373353FDE770582	462DB841D9CF8330715BDB0FE85A2BBB82EE32E506CCEA3AE3F698459B2E970A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11767v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1C496B3EDB5A2AA8A7678BBB69A19EF1	73B9F5D858E6F9A48B7E3AAF0C5ED6F0DBC30CBE	4EE0E61E9541E4697BF0D8937F54B8D601C259164010DEE4C8AD1EED06291891
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11768v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BEEE3CD19F50F56D2CA3CDB080782876	1114AEB559235B5A0F177D8520578D252F480F0D	B80BB2A50CBC7006E5CA2932AEEE7A0330E8205EADE7D797517360873874A83B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11769v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D727B679C5ACFB6E504458154435ABED	2F2FE076165FCB7CE10B7622656527589FAA948F	82EAB0909172422A84720D0B602C7A4F7BEB9F885AE943B481D5788D838EB9E3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11770v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	403E0BA15E006240C1EB605DEBA456AB	2DAD24BA4900EBE95ACBCA4D5F5FEAAA327CA7C3	4FACFC050EA8A727FAA42424D69B4FE28B753D5CBE3E739101CF4476EB53A74C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11793v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D8B2684DD25EF6505A38F7FAD7665467	2ECE13E518E0D13F79C656BCFE4CEC98334B9395	806DDA0F63B0EFC9424CF12B24127A2F9A4AB77B93BEBD42E90E89FAF74F6520
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11794v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE052332B787A85645D54D151F15A353	6F5C4C2D8A507722878D4C7624E5A9EE9552376C	D0DF747F6A973423D3DED48C66397EE65632C5C4B052D3CC3B08FB8474CAC16C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11834v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D2D4B6FAC0D5150D0AD5CDEE23FCD7EB	D69126350295412F4979FC6019B1642B5E00C99A	D06D12E1CA7E70763101E09093D6AFF16B7D76CAD4DA888650E49F5AAF404367
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11882v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	541732C31ED19C3B76429631F6339422	6170845AF01B209F963BAA5523895B02F282CEBC	E54EBD3F1F13968B91AD6B32CEFD585C1A5F39E607E1D9A0AF5628A233B618CE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11890v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4A6D126A7C347E07C502E89A86996A52	9E3AAE76B053B787BBA25311A0FA48CA70F33951	45B9943827F9C8182090396D38D97ACBDE0029C0A29A8E5448B7BE94B2C8B379
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11930v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D74E363B8BB5C8D6CCB41F96910567C1	445C4CFAAA71578336708966185C76A45C83D9C1	45342204D90FF96F964A14913257A0012A7FBF06B2AAAB55408BA9EA787639E6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11931v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2E001D046F553E7D0DF63BADE4041044	C6FEBE135E1ED75EB898B0ADB7226F206B595CA1	67804FD3E2DD7E932BA878B4DCE6B99FF0AAECDA38E2A6FB8B5640965D93B7CE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11932v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	58A1F402DAB18A27979AD970392C6BA2	5D1CB552495FC74D25230C544BDBA0C2DA818C82	451D72CBCF0310486D0EC6321560EC21A9CC31892B3D236245A3B202D83F6253
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11933v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	29E9E94FDB0D20E1BF537A15B935FA7C	B938063CB3A4803C23BA8733DCF51F765F848824	150B9E8939E5663DE06CC3EFC1336D76594D08532267CCC1FFE5418F8235B57F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11939v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	90BCBEF3466EAD79F1ECFDF03E00DC98	3B9A59AD3F4F52355ACA420D42899C56E4FA4158	E6C94EDB3879C1F0ACBE7D236D30BC63F6F5B38C8FD557A5A58AA413ECB7590D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11950v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5DFB7A4396DC73738542E86084B86F7C	7A8562B258DEE241BE1C218266D7D4DC13A694B6	AF73CB12F99C8C6B4E7C95B01A21F88C22E3216779561B3A65361B176D543775
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11981v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	593591658D70B7C45F6DEABFED1630B0	2A692DC730B7C8DF55D80F8E8EC76E35FCC282EB	A3688A8379176B342B0E8F183D0F43E6FD647DB824F292E169728587AB1709CF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11989v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DA5A7F541732A6CE2B58591D3B8AE82A	981E7DFDA81234D725D8F4CDACB8BDE48792D98A	188D232217C460413771EEDD857435F0AC4885A8ABEFF9DEDCD9DC0F67EC36B4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0C49B94BF28DA619E7A39B7020358D2C	7438A3279AA267FCCAB8CF14B9B83C13D2F8536E	6521E95A59B2C254209925042F45730C6EE5C6A0D24AE990E2FE018E9B543F65
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	86FF6EC5F65F1EC21FD46673957FE781	7D6C8277490E01C2E84BB4E6398812B23D1ECCE8	FD9AE9FDBE75F504D6FDC34FCF70EAE20937E1FF1D88709F6AD8AAD887139FF5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B8B52D5150C2C4BC8B65F5447AC3E500	8E93AE4540F15D5F2A3DF54A82AC3CCC1D5B0818	0ACABFD419910F172C02946C1BA31A3140419D040406F5F88C1FFFD8BB3F473D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	496C4EA57F14A8A6680E37C352ACFFDE	7BF8CD771ADF38F8BD79047B2B6D9E575CDDACE2	A26104B2D079FFAB385034D527765348985FC7A6EBB3AB0799814B02023BE428
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	179F050B8882513D6639DCDD8725E36F	E60CCF152BE4DA6A1413F73456EAACEFE1AF71AB	3D18105E459C26BE86E58EAE3E69AF1931D2AB3BFEFBA183D9A61C9C8304F816
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	27964E1FAAA940E2C42F84AC18C591BB	7A21AB9577E1003BCAE827C4C251EDA6B0908966	D3D8B101F170EEF216646ADFEFAC0BD674B629A935DC93A91F3F767B58F5AE5F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FFBFDD9C04B4A6BFB9E54916A9A48BE0	E5DE4B8BEC81458E2D5A2DB9771A660409DCFDEE	9AB02D5B9B6E6E1996509B05AD352C43EB0B8ED14EA6E253A30C4E5B3A6D6D70
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6632E2299CA3B7F10F87A546A61EE4F8	2791518356F8F6F63EA4D2A3AD2F61C830B908D3	5923BA7792880EB530DBB3B7E2FEBA7467618DAB4E4435F7CD897D25F624A323
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	47987C1C620E3ED0A7D78FB09E73EF40	99D459D100DB774A8483C8C0BAEED3BE9440DCA5	6056BE08BC396342BDCA372BA1EB2108367AC2D293BE635AA18E5E08DED40DFA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	38906A1A93E71D7812CCF0A8C9FC505A	5ADE7B980CE3B5DB332E9178D93CE59FAF52035F	EA358446E9175CFFE47282601C48E452C2819E7DA44151453C149CC300CC1ED4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8203D5E09A52767758C10314EAC31803	E7E7A8CE3B3E47B198148C3B6437B848B828492D	90041E713DFB9EFF8626FEFAF0307F93170A8D81B27F3DCBAC818559E48FD44A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09794FFACF91C918A26C5C7378160DB2	9C2DA8BCBBC0D87FB965F15F3AB7F7FFB76623CD	A2745DC947708A4032171CDA5CB05BD107677457182B459C6583C09520DE5F2D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3AE5170BA49B18C2C3DE31E8094BD083	859DB52F12389F471B07422E703F461D1548C90D	238C055C959AD7158A079528DF2C71E462A31B8309B9A55FB4EF0087F6856EB8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4E49FFF2E834D7FA7852BBCAFA21B9D2	33535954B0C99F8921A99413EEAB13D6DB2DA9E5	DC1553EC7087801FB26A2724BB38831994C7F74BB6D1ACA5C0693D613787FD6F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	30E6E8FB1B6A06FFBA43E1908B692515	C516260312E9FAA615A86FE2869631D249A12595	BB10D497671AC436AED9D80DDB591504A33D75CBA20CB5DF913E7D69829C70DB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E8C6692460CB67D389B77CD7D088B10D	54D398EDB23AD175B83731AEFDCB1392EB21B573	EF4BDCCC4C15E7CCD5EE3E8E7977287596A1FF049F3C45D084C834C6664FA896
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CEBC89389CEECCC7EFD768F6BB66D8C7	ACD39B29D5BF223B4E334D31F7874F87069AD968	A6592BBA5619010E6802103007151AE407F85AF80C84DBF03D85FB51E6BF5783
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7EDAC53A3348CD0C0D5FE5D9A29A077F	50244B315DE356BADDCACDA7CC668B01FBD7AEB1	DB59EFB3DF0C558C04268D45C0AC6BBFF110EEC483E16C1D71830F96388F58BD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5CFC2D63323D3DB5816C17B2D1CCE62B	6E98DB7C2F94012E7D70968A38270EC6F59DC259	F7D987143D9ACBC700B743E8274752A4E1F9363050D9BA26E3115937BA00F3F5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FD74F0BBE796868F4D15953BD0F9A9C5	20AAAE9DC5C2BEED6B8A83FFEC0CDFFD09C43DEF	D8729943C81DBF2F9A3ED587A5E97555B5EDF8232F1557EB3137EA531DD3EA20
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A34969008E0A3A02FCF998536CFDB296	B4C64874414EA10B031100B91B9EF50F7F9B3DC2	A69193266CD92187032CD476D28E5BB85AF4359FA2FC5BD1565A522DAC747481
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7330EFAF80EA716CAE98801F1B9CC6F4	9C3F18E2666A1288139E72B1A79E59398A6218A5	145E151B19D953EC84CB2AEE750F9DE2D192B8D440F9C42201FB48DDED8B9430
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	11BD16B7FAA960586CCC6058B05AFFD2	F1C05E442792123D4B5439C650B0651AD74CAC68	4FE148FC939AB9F2F09399391DEF0D51F980C3F69F60C48DBDE4E29A4B359355
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6042F97FA906DA2EF39D85F063BC2D1C	6367AF9D96467BBEB45332AE4F853ADFA9C16BD9	7ADB04B25A6213E4DADDD68186643CB69B5BC6053CA12169439D44BAF8C69BE7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	564BD4715C6623CF691AAAFDBF338670	1A366508AB4694C012A878B3A98A84FA78774D27	7A2BE1F2CB045572CCCE2DFDD0FE6B336F1ED3C352DC514ABAC0AFFA037E185C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8743353FC7684A31B5D6140894BDA28F	F31CC6B359DBFE9E86B4A38483B0D4DC3398C016	A54E82E155BA4C7D5CFC60B21EC648E99C15FCCF97B94C29207747B9A23193FE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5221FF789C2D3217D22667073DB830B7	DA221A64C55ED5535B41AA27FF4CE20B9E0D172F	ACDF4A5B74ABC50B8BB94B1A55A2E6B8BF2905C0F6057AAE2F98FD6ABF6ADF94
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	89DEC15838EAE75BB6DB775F5439D556	D04349E0115E22C5EBE1CD0ADF62B33ABB65AFC7	C84BDF0D129CB5130B79FF4FC64DE52E254D1826A7AF45706C8464F8979884AC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	043D16FF69FFC78D5E183D0DFC34D993	9DE7ABD61DE59C1CF65BD883C2F2BD13E3D14E94	8F97CD17594CBC2FA0B004D831EBE985EC4EF4A202B991070251EDAA61026BC9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68E407C22780D5C1338D0E28F3035484	FCF1F25B0F40AE13BD25F937BEB5A40CDB0C8D0F	4F91EC17F326CDEC876E8C40942022A34FBD1ED56485996723B02143B42C3676
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BF78AC8F0CF2FF4870D962DB763D3FC1	46B2945807AB7BD317938797374176D474D95858	70509D5700137356A76FB3587F29C4E8C00ACBB1428FE96824D68C76324BD00A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CA73840A797CF885DF311CF38394DFCA	A2F18DAF84E8E27E5D60E9032D416AA399678368	B363713DD256F158837A9E8D31EAAD36F4D8ACBC12B0A136AB5FAAE62AD4D72C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E728468D49C09D08881006675721D44	E4446F57171B59A267FCA36FE2CD4091E15468EC	7280FA028E4F838B0112FD3AE93D6BB8372430C1DF724A5FDAEAF44C7267A84B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8BF5D20596EF94DE40058B25E62E3C74	877C98F55ED3279BF19717CD9D2D8BA75293201A	DCAE04F49B1BB3C6BAFDCB9B3FD4796354C58DCA3BFF8B7B84849E399728BB81
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9B1A967D6566F753B80F0F4EB388D832	71E63E1553B8D971E0A8BD7ECBC4F62D55026334	505EEA4893C52FBD9F7474E51A9749551ED04A7AC97037000D3798672E66B1F1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	47A5123724123FB9ABE3B1473CCAC135	668930DDE90AA224BCF38808F5BA05A1E8FD3E95	0313FFF1A8C3B32C08B2A78F26D8E206E309F3DEDDBFDAF2A07C860F8F3548F9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9F14B706A3BA685757307BD37D2D2EB8	06DC482BE1CB444B4FE3BB8E48DA531D42F860EA	9F7D97FA4BAC930729C4F9E3F4EF17BFB3A0B1E0339969964F07583ED09CCECB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	184617EB19529E8FF4539EE6B1A9AF96	1A155FC64357D38B3A27147D5FEBE05809E7AA8B	C379204B9A6634FCEDF4512E60E761FCE4FC363795E96DA74FC908E8E6BB0945
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9A43A5FAC86030282C99992A179F840	E0BC35C3620DAA8720C0678F008B4B686BCC0880	F12F71D12B91857F3F81F8EA6E8202BAB74AA02BDCFD5DE51BEC275B7CFAE8D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5DF892D9226456DC85E2A4A73C0A94A8	F13AF65B2DC66B0AFB3730573F0E50DF7F189F0D	937E24FD54107FDF1C1A9CDAC46C8A617F4945650EFAE427287E1449FEC9D968
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FB2AC081D6D04702BFB2F4CED275A053	590F65A7C7AA23693DCA9CA5DDAA608FE91934EB	835974BB26AD6B9DC869A2A219C425E10E6B77A5363F6B2EB1D54706B67A9FEB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3E3DAA4435866524EF26EA6AD9131286	0039918D0C0CEC92942EF8202DC1FBA682C19FD8	405C0617399E22BEFC9DB457E5FB6EFEA7A718A64051EC72220283CFA61817CD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4EE2C1990145EEB56E4770512C08A17A	41E92CB4700F3DF55DAE1CA1A46002BA87F5AD1F	982FC7654EF4C09325A35A0672BE144BD59699DEE9DC838FD8F940B63A50A5E0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0B26D630B0ED9379ACFFBA9A38065F1	8F122E37E9259C6874FED76E14BE3FF6C099C08C	BBD6957736FB4F3F670A397773B249CACE399ACE10026414461ED153756345A3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A86C0C696A15ED44868BCE4A7C1FC2EE	104235F8B6816BFBF3FAF4F3B1D7C0373F3450DC	2AC455DABE2C6BA789B36CEE369D24C17686138A6D1C6E40C219638C9D44F154
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FF4840BBE0224293C1CBD2619D9969B3	995BBE9979D1F61DE520398CE906CFE49E6CE175	9C19C9662B48EAA2E2C83154ED61769E00715C3ABDBC5FC17FA9B0EDB2955A3B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C33704EF73FD7326ECB676BB4F0DF5D	084F9600E68807FD1496E38EDBA03210739360D8	97F76D98A780CD8DBBF1FE6D47E359CD664A233F2DACC58DE9DB6EBDB22F483D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E0664EA470183BBCEBA67683C99153E7	D5FE35CA1C0E4CE03D7A12B9C7363E0FA0EDE2FE	F66E085D57DD8FF33FAFEBF537BB9B87CA206D47BD99BB06F227918EA33E756C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FEE03D59005C046A29503D35FD5ACDF	00E3A7D023534C700DE159777E0AA1F4B8553E23	658CFBC29A72C71B6507FBEF717B786FDC7E76F6BEF2FF03D9FA482566AA3C2A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2FE9B0C9C91B7407B30B5844D85B7DB1	E04F9C3C902F834806B4FCF1B77F597616FFB616	DB233859B410C3109C5F725EC9F8646071C2E41C958E42F8B46360FD09461225
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8A086CF663B673207C2B5D86EF1E8930	66EFBB662857B3B1252BA6AEA798F86FF07AB25A	296109CAB5AE223DFB89379195874D34D61CA335B718F0815A5F55A6B3300E77
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9B2FB238593A84AA77D873E2E24A5AF	748645FE752F27FE8A1304682A9E12AD4F64B904	F2359168C90BE2ACC636EFB3B0F5552D8660E9CA60B2999F5B26CE8A628DC2B9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D462886F0CF132518BABAE6C63FDBD67	CBBEDF8B2E8291A5EEEE9122F6369D5E74435821	C4451662A104AF945E633A1AB34EFED3A682177F8A51E6F2D2FFA0BD9B727571
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9B2B454474515DEF525C85C72051542C	063F2DA72A860BA829D12EC7EFB2678ACB8F86DF	8F05062979A77C2C0EEBCA99CF5BAF58F4D2C285B91981157E841A7EFEE77452
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FB0AB9D8B10C54067DA3F3C8EF20BEFE	3C9901C0630A181BFC6E1EB4B5E87CEFEC8952A9	1FB262EAD7DF89C67C4037A217C24E92A3DE6E4818B45191D9D4354D19B0E54C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3847262DB2586420A585C20CBF0ED5FD	01DA6DFAEB17B836C19D43E29D0C49667ED437AF	B152529F93EB36EE2BE294FAC56A99184B6525F63DB40A06A7D8D87B0E5FF8C1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DDA5C020CBB1C7CCE518B5C9264BBCAC	C4BE4C2B36132D3FCD3E1CB1AF85BC92E6DB3FE9	BB10FE07A9BDBE2F01EB3DC897C37542AF05B6F64A09C51B91C4C44C3C17E212
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3847F27E14251BB9F4D38FB671A65295	AC53FB3FE58EE6E8AB16E2A8E8EA1EBFBEE9AFD4	98CE43E9F448D1BD402C3DC2223A6DF3DBA1E4F1FAF8E131181323BD46EFCB81
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	737404EF5FAF231077D96C4899A9B174	971D09B14AAE666C1BDCB353E4A33D6F52518199	E8F8A96B1602318A470858617DA1817C3F73C7936B6E7752E39F752D7243416D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0946ADF740C6D557853C096433C15F9D	C8CBF25F21E69392141D3661A4AE21B88214972B	243B142E87A358FB319244A0CB765D6E0AA6A54869FC025A82BA2476A88E82CD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0FD2B96E744263FC1FF68AEB2CE89E93	1A904C715D1EA162480218AB6611C3855F6A1CCE	6AE38E5E343D55F49A6C23FEB2A08A15BE0F61FBC5807C46B991232B993871D6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	154BDE8FB47288A21F7E91590269727D	08F67093A959A5FACAC89B05DEDE3533F1CE9C8A	70C9B3FC4C835BE9C7BE8C9E2BAB42EA84D19985376FDE1B798FA10C0244CC1C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98A295651DDE6B8B460F02C41EE2703E	220C3D154B82476D637D1C62B48F0C554322B88C	30AE8479A353C872A96677841F395CD07C9618FF76FA6B30A0612D6D94D82491
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A958DBF68E10A4672C2700A4B34B91C2	3DF00999F5AAD3D58210F25A9842961719CF474B	80D507BD2DD11AE61792B2FC4D2E0724446924C18F0E2F191BA33B454AD9B219
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240009v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E7452E43F9FC7F1157CC0C212E0ED0FA	8635170EFEF303E9C2388B1E364ECC57E03A38D2	812576DB05ABD0B8E3C099675CBACACE7ECC0721271F0F1F98EB02086EE24C0C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240010v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	339C46E04C0BC3BB69135E7EC84E7CFF	132FEB3AD785976DADCAE025D153B82658CD01F6	6BACBA3DBC6E49A481735D2BB2EA4810983791C3C2789CE24490F555A56E2CF0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240012v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	57254E9440877F1CC5136C4F487D1477	EB6DE8052D51312F9150EC1468986138AEF32D4B	7E54D8C37D616E92ED134EC5C8A82B94D5A7317387C83E5DB42B727E47F1393B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240013v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	17AED9F52B889B27039B66CD1CC13AD3	26B642230103DBCCA80BA92F9B873D9C1C1A7A00	10D995188DC370689309FAA89FA2FB27863AFFCC0500CABF4B4BB2CFDE472669
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FF228C4ACCE0F0D54D9913CFE9069D1D	A650D8D83B6BB115607D111409AA5F4B68A752BD	32AD62C37DCE15AA8A2AE81F3B984B27082EB95725ED4249F17B48A92BADDABF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C39B6369CD98F642BCD787C1EF9A998	0A9E0BAFBB4928CA4A6019F9BD7E8DDB9EF84731	C3B3605687FAB63514E1A422EBDBB38351EACDAFBB3D9F010030578E73610F15
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C3140942954C45998A3F3B589B055EF1	C2680A7FCB604B30B1DE964B674AA7F4219DA100	BEC4629C419C21BDE776013377F9E14FD140C229A7C76211C6C4D65F39D74CB2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0F54E7A126402E918143541E5C0D6143	46497BC806DD245F0F3C268DBF00F19ED40FD95B	DE56CECF0AF7FF9638879633AB331B4E3A5260FECF7B78B5E017A7E4AF782877
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AB40408646CE762C5B50AB3F6203024	811AC53A3AE8391A429D6935303DCD6D84C48621	B5548269BFC8C5DC4F39EC6DED99A36027B1CE76DA873B6C65BE9ABCBCF7A620
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	87458DB7EBA66340973419466C2E52DD	754F26DEC352CC2D2B094BC4991E27A7E116588B	17C726A9012F40F19486FBB5EF9F3679A1D7128F58A3777331A8420B199658EE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9C68E53E9512D45EC46DDED7B4FD3DD3	E927498F80B528306E02F1E3DB15A119CA55E2AA	87DA4EE7E2DF352EFAC6BC0AE9B5ACE972ADD865AC3C42ABDF9E2238C87E682E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2F50FA1C10EB9253A72D3147214C352B	F36BA220323E14784EECC657EE3BD30D5F3FE166	11819AD20CDEEE6F172611A02659175AFB0389822D22305D5554EF6E3F199A1C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	878BD489857A41DC9F5ADC0C951EDD20	DF4EEE4621682407C486753C109CC644E99C893E	F453B3FDAF4158979E5CC10BED5CAA0332CFB502A802BC37E942AA2D29BBD616
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A916A5F2C389426E5C89299B8324C45B	A5205243629A9AEEE38AA4FC2BD36B4C66D919E1	783AC62148D73DD7136D4DE2094B445CAEE5C698EF1727E9F4500DFDD35BBBA0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	82FB1D82F6365556603FDD844C44A3AB	2424AA871E9FC43A9BA69ED8CCFFED714C7BEBAA	FF871738730F5EF9F15EB28C6E196D0006034885686FA8227A54687E2BB0F637
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C85798DE3F9A1F81EE3C08A21D01900B	EC830ED039896A817585C31B8BE1DB6D7E4E3688	9061055E8B4BA3AB865B8E616647216FA6D9911B0A1B8A53589DC5EEAF1BBEF2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06F9D5E61F0CFDC8C3753C375E7E6C41	9D5EFC455E1ED1E43DE9647C04F38BA449F7345F	B4A27F4E5A4068A23B8704A3C6EEC21E3884F77C53942FDB10DC03CFA178D8ED
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240034v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1F01F54D149B46C3D4FC5EC8F5285302	8C55329B62C524DD87ED6C26AE19C76373A8347F	0841142FCC4AEE5CCEECA0006071BBAFC9B371F8F247FA30B6209965250B508E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C22E60CDB0EFFE26CC1CFA34E7772559	3BCF322EF83362041F353EDD4400433CA857E2A7	57C1DE65076FE37519B66FCEE95B2C29645672760B91B3169D5616AFF6047DD8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	63548F25501C516967DFDF5782B4E3C8	8BB272A92E0DECCCAC170DADA3A24D070C34FE11	A4C6CC63E3B76AAC2114734D7492C2A7EEB36FF281843210C81A7717C3EB3EFC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241000v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E026AFB750C22C0F2443071A25E30B4F	AE0C29521D496FE53311905868ED02FA78176683	A205C485FE0A6AD6C9827D57E6B8562C68BE00A760A237D76A5B5065FEA03E11
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241001v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	60FD4DBAAC6431C8389922753C4C2461	8500EB0187D403E1316F0B46EDEEF6436DBBC232	3018991F75C19165DB55BFC930552169BEAC14D151CC9B12770C937219BA1A0A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241002v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB34F88622F21631250075C905036AA2	6FFC855396C035C55E062F473B0B26163F7F0B41	DDBCDC4955FB1CA590F956ABCEEA088EAB7BE1092A9B2CEC73C2A28F21A40CC7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EF7ECE0573B62564DDCEF644168B85BF	00EF2597E8B2570329239C6FE6082318359B1A7C	A0B15A791D3E24EE0F9CE9B914CE2B15531B2400988CF93AC3D3E68D37C81B49
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270001v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3070F102A1A9989CC1B337EA3656D069	F5DFB9F4F5EA83E79D675351464FF147B6277816	63C17DD2C29198F9C21C2F2F62CE70F8EE03A0D1C4159C5B410CE9C5D4584881
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270002v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18D26861D7788508CFB4277F83C4BA55	2773DCFA4FDDFE47B0DC3B7E341476B58753A974	D9200B1E27D98CD956FA0CE32E5A2F0BA77277E750B40E950038A151FA02C9B3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DB6594BB6E590D488DE1BBF1DDA0DB7A	AB266C88D8488F93C7C8BF694B5B83FC59DF4F3E	22EA13D27A5B71742D59630484163296B92355BEE1685E6D761ADC5C1CD621DD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D8E8BE1809F76E4103F9CC2B75C1D2D5	3317CEEE4EAFCCA147C1ED081A23D33CF81AEF5F	5E573325479940A04B9E8C28E0B1EB3FEAC702A2986560B827BF2D6913685095
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270005v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5838EE2C9BBE61BACDD2693C486C1B6D	F75942E1E7404760F3CD64FCA0F874D9DAB2CD48	F69A1F64A767766566BE2C84D1216F46E3031392F2697BAE572742289660F724
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270006v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0350725CDC29A368745AD1C5F7967B41	C934EE87D371821EF0D47AC50E75CD8C1CE54881	2C096951175DCDD0A4E55515E895AEF8265C0FCE74DFA1CDBCA94694604BD908
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270007v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4735B8652736896B9834FA0DBA60D616	8A4C08E0779AEC548F3F28B5A1F6328406C579E0	58A71A540BCF47B239643B6E7FA70BFBD4C6476B22DEB971113BDB1C87F73C89
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270009v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB606D06489DBBF01D7A3498A8E6EBDD	9FAB16E42698A1E840D5C440B117011FD99F02B4	F5E7E6544B10CBB830125C105DFF93C45E47364ED9FBE7C2F732221841D5B7F8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270010v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6726ACF623D19B019D97754CA3D1B20B	CF7F6BBF22E9B7403123F5644AB4A70CE4185290	6EBBF5B7A658A54E07B6FDB87548F6011770F52DBDC8FF59E3889367B681CEB5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F2FAD20684EB69269488B4956CA1F8D2	EA0D562D32CFD455DDAA4FDFFC249B61AB2A0141	3DECFECA54A1F14F0DD8F5097F72628CA9618360894142E623B0046E0B885BA4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270012v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	08BCBB883FF36485B0F5CFB6825A3398	395CB80A8CD903C560A636FD3E8FD3CAD947AB52	3499209108E025E586FF56186BD64909DA50F7676AC306703D2CD1149EF0D402
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270013v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7546E9BACCD975B84AA2FC1B20339BF8	66FF150BFDBA95B58A85C341664758ADD31BE24C	9C0EC6CE1AD4BD19DC84B8BF831BC74957B15B05F223DAA736765269019954BA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE186D42263684E3360E0CC6E2658E2E	5286CEE4301CD97C936587A69C42D99ADF18B038	FA69C4087B4E91ECC67A1A4B998DAB69A2CF13623C413AC4401CB99B60E6142D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270015v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E34E9DE4E4B193494835D60A93D05D2E	5882C0A04AB4B55C47BF4CFD94D6EC79FAFFC5C8	44B6A1F47F35884C5C473AFD50B25D49BDC752DE7519FE63166FF2AE2D6DF333
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270016v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3321557EE6B8D0AAEA97DC4904D63A62	4EC2D49E85FF886ED32D7A428E5C3C03A60E65E3	8FA01532189C95995F9779D1C828EAE35B2EB9D6CD4B34D53D2BCE9ECBBBE03A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270017v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D81A6563F91C3D15324EAC4FBD287A49	335E0C16D2E5D626060580AD3D0CF61F2E55C278	86297E4BFB7C8A54BD040BF30F3C58B45A14EA501C8DD83BD387A92D1EF4BD5D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270018v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	417A183FD8CFCC9A73B9CC8262A537E3	0149D5E9E74D9086050938CBF6BF37D9A77B2777	2CE93882D81EF710643634B78ED1F4733535949488556FC00B318D28846F852A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270019v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DFADB6325CB382AC858D2944BB2BBCB8	CD128983896F3D26C38B58F80896A71FCE869BA0	8397229B66D7518E5CA7701544EC85832CC9184E3FAF5248EA2E01FE50A9D61C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule310000v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4A56E5546EEBB97FCB987608007CE58B	0BCFD6F97BECD5809D6E4FBF063FB0CDF50414DD	90E710CD73E3E2C40883698B507E50B21DAED94AD650F5E4A06C29CBA60C02F8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A08AC69510E17DFC523A3595D588DFD	14CB9B4734AB7456AFFDC4CAC4B0B673CCC0B8CA	BA4BA476CC8B7A2CD82A793337A42C8B081F35C259D7D2ADBF8B2B735A81F0BB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320002v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA4F6A1235EACD9C762420178EB07CC7	1D31E0469C2FEB40EA8C8CAA243D0FA910DA80FC	3A499D4438DBF6441B053B64D85B326780C43595B80CD0BEB365696D6C548930
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320003v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	479F51CBFAE13BCE6C3E63AA68E6289E	25A81C009CB0673EC557393E64CBB7CC49291047	7D2BC62C17C16A2963886A3C610530A739C31BD26B162C22145A6BA4A029A7B1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320004v6.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	22CE6A819677EED7EDAC680EDBCDCBB9	9AA16EE47C6EE134D1ACE07C0DF86D34CBE36247	F2BF01CA68BF48739066A5B055E38B9A42F459938F45B5487A035483D5DC22FF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320005v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7D16216A9CA40CE6F3D47AE5E94AB77E	ACD739DDE4DA91B5A6C5BC3240F3DA514A3A398D	6868A3A5227F5518DA929B53FC1890059BBB8F67942654B92FB3512F1BA2C47C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320006v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A02D14D7B303B12F00368FE81326B48E	68585D28B1775B0C6CF21CFA8A8A51098434C693	D6B35EFCA74624A1BD5252B35D2078DE4B23600D42F52821817ABDD526580C76
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320007v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2C27D0484781418FF3E27B3863D8739F	2368CCD82016F71AADB393AA32A862708E301533	071E45EAD04316BD78130A73758FFFBD2C4E869058E8509616AF2831628D86CC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320009v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	12489954C36D322FB3D9790D1B047CEA	D45C8CE5B9F97F1E8BAA28192AF18E879AAAD2E7	24BF7BA10BA69F1E187528BB70AB31212D9DEE8C722B776491DAEBD10CF0BBD1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320016v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	573730AA50C39BC176FD8DF9A4C2AC77	87887A861D18E25FFD176510701A8E1B7EF86A92	EE1D8C53FA86FDC3C11CC44CC5EFCF9CCC190BC8831785C61626B426BA5E99A2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320021v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F3D1B7960190EDFAD84AA6185C496A4A	B47E4FEE967D39C4C35EA02FD73AC2949DFFF9C3	C66834385459EF0722C42B0E61841A6CCDC9A1CA9AF60DDBEC1FF55A8CB1A047
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320022v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D7BE5B01DA5D95678DAA8482B581E22B	5235A64A3AE13992CB0F788C5F006AEF992B17BE	49DE9926AF804967F82BFD1BBE18BD786075F38FF76089A585A49B2054082135
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320029v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	45F78C8EBDE152315061AC4950A5A170	8BAB87A9531B575D85F97DBAF54EFBAE711B85B9	45A5A8FFCCE3CDE98783301CDFEDF1C75A3BA4353576E9B791596A9F7C92BB40
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320032v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	92E327C31C9BE51B09D2548E1FC5511D	03CEF98079BAE9D403AB9F6B4940BF5D2CC8B686	86BB54F908A411096E9E4C04418CF07C8FD6F8EEE90DE8809A8347787D419CC4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320033v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1432000D6830ABBBC941DDB9F82A345A	25925B12868969469F3D3129F8C1E56E7D63E6CD	6F88161C3C30F0DBB135448FECBD62EF852726AF27A2FCCAFF3131E5D59D6E69
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320034v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E1FBADA6E80A80893463F3FEE553C57D	961EED214EBCD034F1325FD3FE9E89AA7120226D	B53CFCD313C95930DE8BACC3296817B69C5F72B43298534B5EE9CB95A7501C80
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320035v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EB445FE64DFCA2BC96D4711CECB10A28	AA618EF834E46110CDCB504A20DA40D40A3FFB64	EF5DDB8876454A74D2700A68326A19DE5105EBFAE67A20A10CA8FAEDAF55E7B0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322001v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44C53506620AAC580A1A4D3D888CE4D1	B1B38585F1B9C57379D8EBAC61E830B65050180C	61F01FF79F600A83F3DFE3E5A748A83C9026010C9C4D01A85654F8E318E38FDE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322004v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	93F73869F2291D26A8361549747BF788	AA29A7B3A04D61ABB52083A981AD270A416345BC	6F03D8E6DCC36E86A08EB57C35F50AD3DFB700C7A7AE831147E1E0DE53EEE6F0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322006v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE97A9AEB85334D1FDFDD5891D607A58	7C5F7ED77BF361D97F644B99ECDE2D79829F0507	F26D08E6C22E2F468B1B12CB4B8964EDB5A48E7858369B540D2D25DFB3FE7096
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324001v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B6D7002D810992BF1E385459E97D13C3	3F6302DE7593004D468D4098874C31B24682B7F8	A0F34CD859740DB917DE2FF89476DC23F75BB666A98720CFB66BC2AD8B873084
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B07DEDE3D9777B83884107858097AD89	DC004C89C234B8D010A1D08A5C0EA399E01CAAED	D50AB6E225FDB7D33B70DA1D129AC69549A42164CDCAF0A25F7B0AB13C8FA77A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3C4E1C3210B975CDC526C17F22C6715A	CBDE9B168D75AC1BD9FFB9E2EB4E027180568107	06B594A6ECBCCEBC803407DA6030802D51B6D085233971D2403D8DB55275A5CB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DB0A0D37B2DF38A72F5BFE63AD9AAE57	70DC3780A8887FC5F641BEFBE021B7DB2AE3C91A	AF4482453718F7E1138EA73A8BFE0F1D68F2E6A90B12A70965A6925522D70C16
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D461BBA250BF4ECD5245BB117805860C	B45D514D232FDB0FA0F1635CE9CAD61697805DA1	329F3CA23D924DEBC0B530ACAA0459B8B93B1BF0A9B56C5DFD2E9721949D3CB5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3978C481353624DA7DE7B8EE9694A38D	103B44DB5AF80C6208B88BB3FB97037AFB89EA77	D8CAC7D033369FBB5CE6D46057312B8CD37424254A6A79D64CB1DEE838355E89
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	292F79D4EF52DBE47F16E6E7B8222E18	86DED77F9C75FD9E27810E994AD6C5B00CB0C110	EE90191F5C508E2FCFF777A16580C55670F554152C456C4635D10EE9D0990060
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324004v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A52F06C9D1CD15C5FB43C11D066DAA45	F8F2EEE6D2FB3FCAD23EFDA07F0FC473B0DB0D78	EED9B5F112035BA56871861A4C769AB0271DEF619AA79E1512AB27CF50FC5C97
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324005v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D44E3743002403997CC9BDDD5D50C7F7	E016D9B262E9E334663D756FDE3B79D1BE3B7CC0	36EA28F05705B20C1498E5BDFDFC6DECBFFB13DDB7E534738A4536AEBED2DD26
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324006v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	76F6ACF06CC7E1B182B407AA6FCB2F4C	9D3FFECD1BD15EBDEED596CD5A935B7AD9200850	B4E0D84D9C8E2C76D269599A4545D2BCF8AD1CE2A0903F488C48FD2C29881C60
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324007v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E475644943CC247710AF4C8064045F6	58F909F1ED86975228E7CE9195FFF049C5AB67F1	6704F5A2705F2C085EFA0739A14D7938F94CA97974F810FA251B3B1FBED7E326
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C1A3F3BF6D03E8DE316A4A661B6A44E9	3AA3B76343850E9D4E4A77E164E7A606E057629F	F455D7090438F8604B4C6D2BA5DB5F8DA9C6740D3F637C320D27BA3568B727CE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	02860A22A3738A7D49566807F0B3DFBB	183913622FBDA55B51F27C3C1A0E8C70B0DAEF55	4A76684A71695C3C5037F67596AAA7E3C9D6ABD7DB43A19829D8E2CCAA62F73E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	72BA97E1F3B0FAF1A6484476C5226A2A	658B9264060B4D299179F8A36BD3B9B24909698E	C14BDA3E9F2CFD06808A222574BB9E0C742514793DDC24BD3EB50A433E741E63
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3011C531B8189F802750A231CBE135F2	77260006A62EBFF2BAF67E8AC75C35604F084D5A	4BB833A04FB85C76FF17083E11E251B211C6213E412E61BCD6742DE35C462FBA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D9E846BFA57170D79989BCFE0C83D964	992C6764312C949D84E186A16114171008CA6968	A267AD80B7879459A7A4C8601825413A8E72AC8B6F20CDA07BA01BF5DB0186CE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F8CC44D9FE6F3C3CA251A7FA94BE9337	59C760865F7430EC6926848890D35493CD5828F7	FDEC54A95AF7E64CCD7D97D49919BF9FD662C49900D8AEAB3529FDE065927C53
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1BD257FF07265DB3D294058A109B8899	195CEEBA01A3864922D4C513B92A83BFC63C3172	AE7BD76F1D02823BD07FEC18F5F351955D86747DE5836A3DA72892218C55A2DD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E0CC14660DB3634A2BB22AEAEBA2C402	3DCCC4B87DECD45ECFE595FDE9A34AC98CB839A1	FCEE6529F1C29B8F84318BF3C242AEDEC58F259205487C0DE06C2ACD91B3CF21
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE74FC350E80D94D4193C8A75C40CB74	20034EA1373EA24BC0ED0A33C7C55EF2C471BBC3	8BF98A35A2067F7F2C244E6EECC95456A0944B7990D5771EE68D159547264CD0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5D863E39FCCFA4A26C2D1B82AE349B93	BC75FB8D0DD7310AEF98122A3F4087ED187C7740	60702476BC49FED99066D251BAF7820D0E2CAAA8B0A962A1F211D2E2F5ADC6CE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E7CF566FB859EA97306744648A1228B4	57A266539551C6D0D75E0F27B0D81D2C471BF347	3D0C61BA6C23936EB28E092D8CEFBAF046AC21BCA7CABA8AB75C33FDF176962A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7B44277B6BB57F881BE0D28B7886DB49	F79379CE2B0250C29E8AE96435114ECCAA905BCC	FA6366B44471E8B78019305DF95FA5E7F08EEA61FDBA8842C4679FAFBFE9A7AD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	54CD988B00D501E4681F2406E72BFBB4	C840C0855072C635673BA36C9705D78C2F373D53	18FCB05826459D07A39F3015DDF0D0286447750B1E7CE934ACA69650DCD42A8A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E2E9BB36A423E41BC6423111C35E75E	B2B27C6F142F4BC30129E624289891464629A627	D0ED504A113DD5CC7C2DBD64FFE9249B39CEFA8D7EF0B26495D68F125FC162DA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7F7E21C5D30DAE10D2943FD95898471B	C6EE5BFE81D3CF84A0C79734E3849B68459A30AA	874F70CDD992719FDECB32909F3D2F90645E60065EEE7FB64DE2722D25885800
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	92A146D87B63787EED78FF7F876C745B	F43FB9CAA289A647260A04D26D8844C557FA7537	8AAB460821037B054A29D4B4A2BE903556EBD5261C864EA2B22B1D306A1570FB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325000v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	681F75466196E94D39DB9652FE0EFB00	C7745563464F16E557E814E050AA01AF49D9E402	64C3C23A714C531F5A8BA6D74FCF9F98FC7EBB199ED24B860047F866202C6C85
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9577BFB4E15E9D7FA03AEC841624634A	A2D7B86A3F1897FEB5FCB13C71463FC5F38817AE	667A9A580A46FC134061BB9138193A6E816393568707B8B26A4F753AC46F98B6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C4033EBC57B4CE45E53FA8F00096BD0A	2B9848AB2F0BF1E21C36DD3E10EE8177200EC343	9048FAAF9C97C420DB499C38958EB5B0449460A9D9C9D59C13AF6EB40232BEB4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68174DA3BEFDCC7164BB765C35388ECF	7EAFBBAB407B2E278FC0A26A74FA594369DCE11A	CE89581E7549E112B1DA0251C080F29F9ED4FFBA138BD050A06766984A3D724E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CF5254EEF09A1FE24DFB6D23D4FD843C	636FCE3A01B285B1FD9B9CB860322FC7239A5593	A1E0B6D3A44BDF231BF1D59A9B8B9853D8EB79BBA665CF65F0DDBAC808DB844B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	48DF99D9C1E647CF5276216EC6E4530D	427658AA0BA6A0E37FD673E62C9C3F533AF9C22C	9C8FD58DBA804B68BB2F1B5FC3CACE6D8C23E64A94E5FF50F2C5773459EFE70D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1843FBB76059AAF760EBDA38908FB552	527EA6EA37147CF452377E3FC417B9F3FBDBCEBB	ED297A4ECA92135B878F85703548802F55BD48E8B3233F11ADC1DCC7B1D1EB24
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EDE5A4CC4FF5462462414466938AA3E0	84FBFEEB8AB09D5F4E81F1212E66C665E833C47F	88FBF4A8B279F2B3CF0EC5CAA5CA018009891C44A995FA4AC275EE00588EA5B3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B157A5269C95CC2D9B72CD76CF412816	18309153606249F042243309D88AA5AB5C4E494C	8662B3AACB1C5780B4930F750E38B5AC97D8A28806532BFC5A32D0D6175DE8C8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2AEB745A82A454E27CAA90F64663DD54	BD766BD5D87AF3846AD84262A29AB0E73D061D33	401D4C36E5EF5A8676A4375A384D35E724ED24571BE67C508E0698116C4546FA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1AA2DA1F97C0EC1BB29761CEB6BFA519	6F19DD1A2BBB569A168F85B3A8E72CDB51E4DAF1	388F07A2B37352D76E58B29248F55B517FC8726760E6CA37CE871CDCC2273823
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C24B722496A015E642247D31D012AB96	D5A0F976C9BD1B5AB978CF1AEBC8ADC9D14B787C	9F3396FFACD6D3B509D9490E6954A1B8C82CED881441FA83E60BE420C8304A91
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4666EE92C29A39DA91EB99C70A8CF1BA	842CA653A88DE21B1F0B33EA448E02D5EC8C2D3E	276973601A7789C02C894347B71EDCCDCCA1C8E679C14C1B8D3858EC28BB23AB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0D99CE24910515CB95EEE966E1E97DA9	3950B3A73ACA96717C34D9E16E51FFAE54DB4EDD	D03E56AEB35BAC53EFF7B3284B7E6159FB18CCAEE81E9D9FC97F5AE5A48C6FEE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	710425AFD3BFB9FC72E49FDCB88AFFD7	396C3BA758012C85EA2FF088B9615A36F986B308	2E0E14D836A9EFBD6E960ABDD7A23D04EC27F3C5F5514AD91F1949AC7A736833
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	75055439293B422AA8133E0C673F4515	91168130A9426773914821C19FD25546B6CF478A	F1103FB1B23CF410ED6CB414E4D128F0DD6BFDB436A10E9D105FBF34ACD87E8C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7495635F7EE975311265D14DDDF8919F	B9CC30DB4D7C21AB6563897F08308857EDBD544D	C5899BCCEB300FCA974CAC50AB62F3345909737938B71EDD9C5A35A108625D62
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F222593955EDAECA58BC992F588AE690	704BA1E8ADF1ABD7733FE94C91E97874E8CA47D8	7DFEC2079A246B98187F726C56C654CA9E1096DF0A25739EF465F9AC0AA6632A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	63EAC3760CF4B71DF0DF498CDC78FC88	B84CA5A42C24CE89A43571AAF7D01BD7F9B8A1A6	520910207F3D9B15B5F0008DBCAD9D64AA9FAAD9DFD90A81EC4BCA0A41FF59ED
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3E828685FE0470C43C108C21D68C70E5	1D4BFAE38C83DEF3C7B561E71DD2EA3362918147	C2976D7491FF38105EE0E2346C9405470FA91538FC8770289B2150A356A5BFD3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	902582E9F502821382BB5F1CEB3C54BA	019C9664514769511DF91197ABFC86E1A14FC0B5	E784B10FB75B34E4F3AD039F7536749E683E0F6E19551E00156038B002E07908
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8657B3B1FE0AA6F01E0F782143676F66	EE451EE4513D07D411E5140B08C2D31B2F7F7A5E	592B77D57D2AD505942D8750509649504A3A01B6FCBCBAD21B4BA4A6127DCF12
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4839387A042AB34496E4CF105E4E8B53	45323DE9EF9C0532CC3BD41C1F5BD7C9C3278C55	CD60E708C34FB80365802BB505FA17014B9A88ED4AE466C573E8BADF89550CED
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AAF47D3FB0F8A1BA03100C4AD6F5C7A4	1721066174B73F5346D1111EEB1CFF9172E9D9DD	64F81A06EEF7B8E7480A310062B9919004494BD7A84B51650D06FCE474E9E3D3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B8F582DDCC5D9C5B1EEB83734FEC3C58	D7D0E49E60FB5F41F97E37863C9D5E1CCEED3E17	11C2D69631D137A7026B8D0A1642E5C902D8DE790DA5FE36AFCC8F5EECFE69D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1B4CE1361ACE0D7D4E68E243D0C0308E	53FEAEA23E95932FEC708CF230475E305A333CE3	A3B66A6B4285D2AF98F86C8458F9DE5130054AC3ABEF34ABDAFEDEFDA31159DD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	96A9544421125EEEDC365629B1B4AB08	C7473851507C66358181464CBD46DECA51A89D6B	C84910268224DEE85DA3B645260EEB66853FD8E6D02FD1F5711CDE8FEA0A1B3F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CFFA94CB79C48FC5625F45C7466B98FF	A307AF27D40306FAABD01F17E8EE485D295AA363	1BBF5505A8CC60DD36F4B748B0E226690F8632178972C8CB6D3B6DB7AB21A591
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B97F21110D0713C918C439423856A4A3	0E881D4C32498C83AD7158BE4FA3CBCE9E69ACA1	BCF9639342603441F79AA8CE8629613F2701ECFBDE83F1B8A2EA3C93C7DFDC9A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AE63CFEF69F7F782C5548E86B5DD792	C79A00DA5A65AEA63D2CAA534C9911AB40A32B78	D431D4520DD596960F541BD1F2795E83BFF1E4CBD3C5174315B2B267545BDB98
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3765EF729576F4873261E820848C967A	6F72288B81A523901963EF4A5283B3D2E89E8892	AC310103AB6C36881CFECF27AD3B848409ADF56A9EF8DBC7830DA9D37A6C86F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	591192D3D2FBD4B91ACF3A9130B27062	9AC139690733D02F316B833316CC3298B739C47F	24904470D62C8D9C0AA9DE8D8A257226DE08697365C0FF7D2BF4F5FD12E5D768
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8B34108A3C0C20AA440DE72D2E6D1442	E9B0783234F7DFC232F88FF6090957786E9F051D	D0B442E792317E5D8B2738CB66FCE8DF82A67225106540239D21F3185F236920
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	56305562A99154CBD7BC9D6F2D46A36A	9C4D77845BA80657FB6A3E9DBF37F5EF5AEF2E00	1FD3949506B5543DCD2E2ABEEDAE013490275DC0E49C4FDDCDBAF6DA5B7DB46F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F95D4DAABF89284310D2515DE615D30E	0131E2719C24C462D5F3B5DB7DF822754A53F754	EE1D546788A429F10F5B1E8475B5603336FC1507DA960CE912564A1004522175
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA611C28244D332EC0AA663FCDA3D745	5BD84EF75541A30ECDB59BA863B6BB579AB9CD77	B67722C7DC36F47C10ECC9823F735CE893244A7C00E082FFF3BE0CF023910400
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D4B5CD5C29570D695FD4E346AB11D4E5	12567B211D5730C7C31510641D604D6943CB1D81	FC96A75DC962DDBD3B73822F253FAE7416300B9FCFE72CB256911E39F4EC5979
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0DC0329E3A84A34A518AEEF9B3CEAC5	37CC0C0BD812FA4E0437550B09042351929CED7A	EC0BADE500925D3D655923134BD21603FA24B05814BB3E14849002F0234A17A7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A21A4739BE8C59E7FE2F0ABEE87E8966	2754A5451A4CD799218B3A625D5924DF7DD95EEF	5587FD8ECBC863F00083C6FEE4F8E3E79CD31E8827CC7FDF61CE806488D4CC9D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	96D04C2BB46F1C8F4282BFEE841F9786	C68986142A492C911BE662AA9B8FA4470EC26B24	70D3800384869C1BF8E3325044E8EADC0596C663369D02C62D3BF85555BFC45A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E7FC46A2998156A32C52ED15F266672D	607ECE4527D941D10FD77AC960841E464D1D7918	EA8E7C5A2C4C987802BBCB838E65A0D40FACAE29000ABEDC1BE1042D934A3E0C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98926EB40F8A0C315F1584B3926EEE06	0BD270C381549384DE9793B1F24DA39121051699	994CB3AF792E9474E98D37BF048FB69DC8BD70EE4099759A84EFEE7303D8F7BF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BF624E1C0AD57CE8C81C370A9B9D2877	6A9EEA8DFCB640FDDD6E3FE4AE021C427956FF16	BBDB19EE50F80EC90F6EC0E83A71DE90E6B3C6D3652AD6338BD8F409A367620B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD36483DAFDB191F09951474BDD9FC0D	21A3E32716D1E94CAC905A5F18366E57F64955B1	FF9ECCCDD092B708CE6481DC5DD801DA90102EED6DA67DA00A85746B10E9222F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7F25B5386E6822885E0C8EF277C9B27E	08462B4D002470B18BB62FAD6B67AE7A57EAC66D	0E9287F6FC2A2C70FC5DEFCB36DD37559AEB71FEF7F1EA2467D59C3018222C7F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B3F99577660F7EB4FB9B8A82847DF47F	263A099124DE1F1FFC8DC9887EDA9E4BD54DB9A4	234488D3B62E65CE9D530EC648394B7DFA14EE042C314AB6C1AE56149CCF4312
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CEAF5E502CB41E261C16F559D3471E02	4BBFD3122258C231B2CCA8118FD11AC051786FAE	BB8C634E2CD9A43BD5BC2C04D162F03EE48B57C341140129892A889201B56C83
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C768896F71C5AA41D6EE0D2CBF8B6950	BCBDF8A6D7B716EC8C2A509D76A3912EA992E87D	41C11DFAA5CCBC7838D37515021377661623F330E6D0C1BC698C63491214A3F8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A6F23D671A9FEC0B16AE238D514421F	71F0991926F2246EB8FC7C00EFD5C071C3330680	722387EDE5963E6AE7E5C594F20F8C6068BCE2F86941FD60E3DC586689ADDAF6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1E5DB00A667422C91CB671663A488864	8F14CA3C7C314AD2268167FDAEB948DABC7D05EF	105CD1C4B10DB8CCBC5EBABE357A5CA9DF7CD06A2C05A5139ED95D45AD04ED5A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	38664F5120546A8540A3FAB82090610F	4EDEF62C0AFD2BA2313D144519EA3B1EC6342EF6	9387FE29D0EFB6AE43D25D58FBFC5FD6BA1F4672279CEE2D16B649B8845E8539
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1115BEC964635A6DAFD87CCCAA243E9E	9DDCB4BC93128E772A4BF8076D7EC9F0DABCDF38	3F42F79887BCE6D7718098608C263F9C9E27884099E4729AC2E9EC0D96F65E51
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	93DAA0986E9B4676B7FFE48D89742655	B4CA1D749572AD549C919E3EC9C74DECD3290147	21C1542B2F616002D15CBBF85FE45F144A6DE210421E9164228A4ED2C1C51EC9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A465C255F96ABC1A91FB322B8CA8AA4F	14E813C51370BF0E2B1FE4C96648342F4E00A73F	1098EBE9A263CCFCC3B2F10F79FC99C82702E46677D1031D5C45BA766310A52B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	34A4D0E099B1B2A20F91860F04D82235	121A883C57802AECD5EF450A63292487F8B06E0C	F1126F33BF402A96842ECBD60937B2DE67BE65ED15922F060A1915F22A4397D1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED734276A7AC116B382C950962DA6C9D	D0821FA92AD1B7B95A76CB1C76E1CA691ABE09E1	508735C32A3D5C220EEDDAAC2D7B58E4B1EA47B7F7D1C2A0BE0C9F3749CAF036
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C44B500F04E5520E13E8104FDD57E997	7E6F62555CBDD4AFC2ECDF65CD91B6B6E82A06B6	B9F9745E6E4D9D5DC41DBC665C155C52B4BAF2265E87DE6BC8074C5C34A07630
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B8F4544AD611ED8F59160A1D2020B84	BAAFC16F403A6F40A29E8072375E4E3E853A1504	8F8E65A331520A0BFF91A246A6547F28A85657DAB4998F401EFB53F10FB3B670
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0CB04CDEBEC54DE08E9EE3F571A550F	9C7D51968712550B9B1AE0D74FDA49D9F8C02CBA	941662685F00C6CA1F4E405A55D0DE1F9897DFA222304841D7119C0DF05B36D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	84C1F1FBB8907AFD980B1F196E4A4614	60531B8DC38BB922B9FEC73EC1A3EE0FB83F0077	142A3C27AA0DCCE8DD444FD262FAF7A2B121FE207CFF313F3700944D3CF04FC1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5B1F88449C92D704C560ED65C225B81B	5139A199A3250519E35F180D230DE9AA40FD57AC	6111AD71838F7594D901FB22BFDC74F0B4594AD036503DEC22AACC8CE6816DB1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AEC4F8DF245C20102A8BA77CBCCBD41C	3A7A3627256C4F57B7BC64EA04AA35A74A06574E	BD79AF979D6F07851C73E6DC9FE3AC18D698131822856D0EFF6BDBDED9E1E6D3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	02C71683949ACA39E508D1D3CD81B21F	8BCE18D75F11F6A9BCDA11AAF523E8C2DD54DF11	1A97277F8F91D739B2DD3B83139F6CEC30AB1B063090D125CC7E1DA453871243
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	771F6D70CC78B010D1022CD8D43E123B	D771CA50FC6A21D298C585981CBFB22EAC912DE0	EEAF7EBDEA8E2C770DD1409D935DAD14DA26C3703300CEE278FA096D1AACAFD8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8182046ED516599501659FF90B7D9F1B	F594D9101588BD10EB2685BDDB35401495D5657F	5AB57E1624930A83E523040DEE7C90C86554B91462EF2BB9A950C25D9464F8C6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4042DB412706D40989410093EE94EA91	E191E87D61A608EF9BD2B44963D9E24CACB2DD1D	675BF3C35570A11C649D368B92604EBCE4EB3195C958C8412FCA7D2B84E5B0D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	924C0E82CFED6F74F067419DFFA8A36A	1F4D69A7116D87A3CBA3D1B4DE03C57ED6C52C67	DCA21AD513807E03BF509424228C072C6DE77AD66C61BD3183465CD60B90E02D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E876A985994FC1570F55A70EC200754D	0F0FC27F0C6C3FA3E8BAFB7A6A8393B97ECBBD03	DCAF0E34C96634346E4176AB2152CA7BC76DCBCA2E990691E10BA08CA34F946B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	147E9D545490BC47DD61A941F1D9B0F4	D9882D8E9433537F45F29D36374244E7965E8ED3	B8112AAE4F20E67243D1F642766B61481C61445354EE28D91A0676E24ADA2571
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	108E79A3F5102C954D24D59D727480B4	546ED5671D5DE3543744980BFE9A9D58D7638578	5751156169E11797F4E8FF71793F7D1E46598A0450CE76AF8B8213B2AD35945E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A569D931BD9F20B6CFF39C9B5751FBA9	B69EE8F13041F05EB1510C586DC32272A59381B8	600E422141C0279FD60A7A34C6610A1AE192B0BECCAD57BECA6BF34F2DC67B94
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1F5217608509A7E715C2C2B1A66E10C8	6C9EE1B849202CF841237D336E6A1F629A2FB1B8	178DCAFE0A4E9D374BA36D14EC7EE68879F77EAF201FBB0ABE8B2A2AF4F022FA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DE89009E2D070E59F634F6177B25EC83	6FF0BB79DE1882E5B4571E97BF99EB0C0ACC2496	274CBE5E3434A3E2481A247D114C9CB899B7984D76041780F92D7E82741C5C75
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A9F53569FFCDBAE0927D00324C29109E	0C24E258B807D71477FC9845B24DEADFC37DD7F2	BE14FD583706E33C75C7BB5BFA7B3C7995F5DBE2A190CED1C010B895C0F52085
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E5BC629D0772298C563C54F53C0E6D2D	EFFE5261147648916B037D81710812A1067C0C84	458C806BED4B2ED562EB199C0CB6B02EDA2040764819F20208276F1ECD7ED9DF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	131079ACD6D1263A675F986947790040	295CB1A16DA2013E0187B9974FB907A875C953BB	9F4AE61A2C003A5F258F8EF371231EF9C6409C0581AC4153D3E4C0ACA2C14B9A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E3C720F8D412F367D6879B969106B74E	27FE9497759433E93142C07AFB688FA83A96EAE0	F1645A7F807F0CE617B288281B9489C264D57FE221C3DFB0432233446C856018
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D8FABA9F3A90FDC29B52C218202E1F69	397FFF70B0D9602ACDAEF25DCDC40E2EDBC2E970	11F3EB51272309F30F89CC19D9192D9BD79E0B839C6BAB60174624112C9CE808
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44AFD558BB4BD3B70CDEF02386E6EBCE	7CC00977237A32A5CE8AC0071D12815B39B4D766	BCA674EE7B461EFE42665DCAAEBC8645DDF4D9C5D7EC875EBE83357070EC55C9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4B63ED0945C4C4BD59036451515153F6	14B9127C6C8EB10DC744F7C7D95CC0DE7D53FE26	BF3BD93C3DDDF28FEC28D75B99ABC83E1353E96570BA3BF3B46439FC60CA2D60
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8B1BA9D5AAD1EB999B53ADB56F955BD2	1B4A1FB2455854D3689F1FFB39B6F9D65E2160B2	866BEA6B83DF92D5D3E23C0089987245CDA3239D0ABEABBF8611A91784C5225E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A04DC540AF7D163F6934A82BE20FD6C5	AB1AD24673479AF6FB6A30DEB46C8D5AFA99BF2E	473F8DD1472575418ADABC130F77B18E4EF7C69027CBB157171E7AC48EAC3A91
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	52C7CFBA32FB68F3C9A30C68D4F91D63	BE3902B354D5C9D978B209C875721D3E04B69266	520C46AB81F064FB603BAC974E5D9C8B227C277B6F18EBE9D3E0430125CF1847
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2CE5157B913458F10244E5714E289D5F	F4EAFD7EEACA2CE9A360D49D9FA6D2544608FAED	1E44EF5D4A1DD5A70E0B407E2A6FC0F1E5C2091BAC6B62D4F5AA471BFE6E57B3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF2FA879B0B73B18F2E8BCB35883E545	E74D4D5DD69568E008567486D4B2270C6620F8C5	AA438680A24C1C7FCA799FFE33CD8910FEE4FF869E794486B84D58B48FDE25D6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BF045318DC1B208CF1CF2CBE5DB36C0D	7480B66E5AE4C176D256992564A7D6475F41AEFD	F972D83F14576411F17E0614607F390154070B6E4B00B60F63AC233247A047F9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1CA18D3F28E0C611AF5B67D5F6689B8	BC30D41EADE99524900317321B76B7B204FB8105	826EC34F71C2EC7B5584EE9267B4F4D55DAD756773B154D4F479C4CD760565AE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	04670989140F74136C6B4E42B57F5549	425B7B8AFD471D538A68D07C297D54CABA0236F7	CD17E66459A850E13C4E6F0F21FB9F242B0594F46E8D022AED66064B223FD909
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D15BEC82995E2704A24FAB103225B7FC	C274C7E2BC413EE604CB425E444C1A7F41F8B56E	176FA382305407F969221DA271C95B1FCCA835B1D3930160A40C64E1E6DEEF28
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D5C5B25DAB4D5AD9A4B4E15B5D29D18D	5F73B37DDBE0A2DAC93E342561017A0BF24AFE08	D52CF16D2147C11EF681736F098E838C708173B7FEB2208EBCBFC409C634556B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B95F947F0B76B50D2BF5341313742EB1	541351777BD5D97F113C22B5AB9E86CB5C1C8E40	B22734F6DD18477E1FAEFB0346108588F5733749135862D98B30DD077A8C6F41
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B96528B1B0D683EF0F40A9AD470A83AB	0B31E03851593DAC37B32321CD51CDE147531B7A	9AB013D4490210DF029B9A39C44626A6CC6E514952A1B83F92B4A85990726E19
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B887C364ECD19EC8BF63A2C9F8BC3E0	B3A1FC7B09AADFD32002A539BBDAB97F5175F3D3	1232B02ADCD570810DA26A9E0723F5C3083E3AF059825E01F76917056E387AAB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3A99F8DE85D360D6769CC6F40D9D50F2	3AC01F973A7F422326190C3E10A831DB34FA1E37	0B7087DB6189E1701B8363037F7CA930A48D2D6FCA2F739283A5F570818F6F22
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C52B875C0652441D83F3A02BEE131BC9	9259033A64E5D1CAE2019CA7C6861FF1979C042A	9B5F434B58F0BFFEB6021A0F3EF795A5EDCE906C85FCF28D74CC9D49E8AC9488
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9D63A07361724F4624ACC02E317BC92	75356559BD25A5E1EEE9499B296609B45F018C61	D967D024F2D8E0A731F0AD321EE39D88D6C1B3B4591DCD79EB52A0E8EB77069C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	21C548E69B9C19FF48CE97986B0FC30B	04FF9B4E9BE5F55A7206FBB1FCAC2083DB937F5C	82062F7D564CEE4F8F132EAF6385AC967EF220F2739A82DE90DA61EE0BA82A48
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CC488B72FCC7E43AB77B223F9627D04C	3858121012150A04C882911A3031494A6EC9E043	2DC6F58F356C1BEC4B08EC0CDF68158A38B6903E11BE450EB5D40CBAC8C48D1A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	24AB7DEDA9799D510CEC46B2EF6A1948	20F6899C5AC7F5C474811676802C92AD3D864E21	AF23BCED866BA4322C7D27B8D07EB1085257A0000812CD754098BB9B6851297A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	641B3E2DC4BD86E85104236A6FCE202F	3D272ED7D2D2EDA1165F0A6290E0F195EE85DC93	33D2CD2925FD149E7CE663C990EADF45EC8398119DA545322C900853D0517BCE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9B36DA5A739D65BB9F16CAF83775134	8C65A40C43BC9603A7BF5FDC8BE9F699E7AA736A	0987B7D278D1D75ABEBFF2EDF6A419906EAA293DA990F4C0841A13C3B42888A7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	29799C321CEBE0D24C5F99EFD27738D1	D3A46C86D351ED1BC101943A6FBECA0401E7C1FA	D89489469931FE815965E067EDAC4364BCAF89E371F159058F4A097237ED9E57
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8AEE2D7F8047492D442CF5A0A5FA2A7D	C5251CDEBFA44EC036AF9144DF74FFE26DAFCCDE	68FDC73FFC3999CB2D67EE204CD889A724B06F14F81D57DEC76AB32C153787F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FDA3F0814FD83358F846F1569A21D52	0DD571C5E842EB1021D52F9B1D70DE58FDE5E376	36E5EB8C03DE3E3BE1C62F059EF0CAEB489803560E47B42CC347B84C72407796
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CC79945F0E9377F8408C3CBCC701F382	904677B88FE8472DE11DBBD8608030F49A729D8B	F0BF7FB9EDEB11BDB34188F1267C93084B93A644F93F6D2DFDBB89A7EE9FA392
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E6255F3D5AFF2A50C2A130A91745A40	99132E7915B53426E905DBB422FD60AE3E54BB8E	7771817CF7F989A096C63EBB96533A2C51A78759506E22F0787BCDBBDFC1AED5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	78A0E1ED2B534418CD010D47B48FAEA6	69E3D5E2248DAD9C9F2DE369DF2B77C757AD3722	2E709935255F322CED96ED8096C9F950692E59FF4BC53E5EA7F4FC992287DAA6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0F7AA171EA659DFAFF6720FA8AD6A3BD	AE9E49FA937F2955073C12E152BB5E83BFCD9BF9	F261D265A5393FCA62AF6E9C61B7E21941AFE55518B0F03783D42DE5007E579C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	785ADBB6408535661A7E7F24E92C75B4	704807FE603B8BC8AACAA9C2816DAFEAA2D0F122	BC36C74D612C332E581D4B2B1B555015AC10C4198856744954E532BFD2D51147
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43E0AD051D46435825CAC1C3400B233E	89CD6A901FB63E2D65DC34D56089BCDD92ECB6C0	E349838F7CDE61DF28D12E9678271987232CD7664E7EA57CE4893599799C1290
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AF81AA9E50B6B9DB8C5D00382F0CC781	7D6ECBFCAF97887403E55C3A16808089B0D7CDD6	3F2845645F6D7A8223D6574438AAEA66CF1EEA41270F454588ECA3B4B29EABEC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B940CC7B835325313703A90F9E0C6FE4	76E9320A9920BCF6A4C63965708512F12B416A1C	1D319411EB9A53F6EC4963B03449C0088B982674C1A5655B8E2FCBF28081AF33
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	24251D847FE924A0A87350731109EA19	3500EA2FD237FD98B4B45B94D57E8E6D6E12B321	563AE922FC7A3E36C1AB6354D08A4FA8C56A504DC0365A8269B182A41A3B7804
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	248B38C8FD153357AE3CBB088E01D11D	C6E63BD9E32AD855B3E62CC230FE41F132E89454	ACE04F2A622BF886F898094D1DE89108D095308242764CC5407B22BDF2A6905B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1F91218AAE424C295AE8A889CF738520	8C00E4B191137DFD836951E4FCD4BCEC33D06C76	E4C2B369F21479662B6A898F9D4CE3EF4D883A8F2800D5CC446942DD8508DB96
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	959813E6D759111DBF94555E3C896BD0	B4A76559EB20D48B352A121BA2485D61F87A5DDB	63E19E43D7DD069F5374E1DB0ADCB0F6DFF2C324BBDB6359DBBAB26C2F1907F2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	46FF989AA12CB5B115DAF746C1648D8F	D1BDAE4E144C708AF8E96B39A282519C2506A554	12B4DF016B6A5B4DAF4D8002AE7781817E1D524838E148838FC4B684365E0B42
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	991C97BE768EBFBEABC457DBDEB569C1	45432ABE9867026F1A6D2D984FB3D6027A6101F8	FA8C7F4C4E3D56D677EBC873D78F65F86799CB9B3C94A9574161E8F6EDEC2297
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C75A90A48AF5241D5E886BA3DAEAD4A	11CA2602A93044263D6797FE9617EC3091E27F78	2F679CD05A1BE0C3EC5E5F2FA280658149AA1419DD82EECDA098A49E5E88CB64
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	724328B1A7E5B4540876C36B5AFFBFE7	BEA8619A788E204F5BFB74605F8AA5DF5091453F	1842510226696508FAC6BED344A6D34AD29A1C7A90A4ABCA89202938B06E1F0F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7D875D0022CD9DE5A1B1B72375FDB09B	CD3FB4ACFECF04F81EC37173985E15C69120FF29	518ECD289DC5FC6786B44614A8AA4C338915C6D3AAC82B9D20E13CA5DF49EFDE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BCDE5AE08AD24F270B859E93407DAEBB	D101A13AFCEAFD52858C1E203317D70521CF80DF	8F331EEE341B648B1FE33F0E693075841B0B0B9B879E8153C1778FCF7933291D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E8081F2BB3FF457FCF4BD9C2FE7ED1A3	EB33E7B057FF9637DCC3398F07B934CEE80EF8BC	1949CC600493BF2ED2B99AC9EBAEAEBA1C4CB75A820F07128194E4260A4236B7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AB11DC3E57E1CC7514DC507345C37531	A5BA5906A9236BE53286E62260789A5DA774D26F	8E27F25D84A39D9535DE84F40C64C7590ED0073A231FBA516CDAD20C324DC16F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B1A6C0F74DDAC379768587B64F31EB29	8B76ED8752F4FE5D1EFD5F4AF3A0C14745A54902	2A475448D43E8D6435576E64FC182B53382E21842EBA1A01D3C97F91750EBFE5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0A782F6D3CD5654E3C49783076569510	8616140513E26FE101F77FD1A23AA491DA709EB6	28B4F1044E2E70738752E87EFC576C64705D1AE43119AFE83C37E491F946E4C8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A151963B5F9DD1BF680A8DCC39C7E962	FFC1A121D3386B40F560AB5D5349F7C3BEBE2F58	BA5BAB1A7FB7597DCD049171F65BE2D1FE38C9586F93EE0D1CB518FC0362D897
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A3697FB0DEF7908DB942E62276BCDEDC	BDE6243A0A2A812601C47B9D2F2B30B7CAC5CEB3	BFD4B9830B00968D201BA58CD7499A9EF948F3AD335D47600FE4683747088646
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AFAB7CC03A8F8D77A3A1F4DC16AD93EA	CA53EF1649899170BAC6A437C357187381415BB5	E1750EBC115E50DC94ED010A00001F3502AA11B34D97057D5AEFE5B0A3076474
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3BB69DBF97A7919123C0EA862C8E71B3	24886E62EABEC4600900B204A223A7A54E24E2B7	71BD2DEA7FEBC11830C939578C8BFA957E3E3AD482BB77F94D1250CE15C5F246
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06B2684E48A30CA98407D3404AC51511	C460EC76080B6B263872D1149105134F548C0601	03EF5705EA5CF2BDAC20921397D71CA5BB673E2535FD8D9455379DF002AC66B6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4B599714282783C53F70A0CBDB9EEFF9	112BFBB717BF2DF04399EE393A80BA364E6D1D9A	CCED482FC5ED1B3612530FC3BC600CB87ED2DE9EBB1A0F664A6B1904B08B3C8E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06F76E3A475BE32EE6A0229A6FBB5C2F	F0C45CC5FA8BDF59A4F6C4F47DDC38CB5E6B0C52	97530A943DCD01B82E8BF21AB39D569A07A4EB4F27C83AE7EEFFED7466CE76A2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BE006050F8C47E56362482728843D6C6	6EF6F6EEA942D3C9D6F58AA19D0315F15DBA26DC	5B2E6E252D8F676A77F695B70FD015E6C813EA9BD71887A006C7A63BA4ADB903
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F52A762A93CDA4C93AFB2AA89D5BCDDB	AE4C1BAA31ACA34EC7FB8BA09B50B762C94FB0F0	8B2C8D68066412CE4122CC2BFA9D22308461E693A009EB41CC12CA473AE4906E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1EE7AF6B04A932D574898CD051D162D7	3E51B197045A4C224A6A51C0609F524A8223ABD7	16D96CBE325596F3FB9BA709018AB5A76D9A75ED99CB90E5E554E652F713E645
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	56C43610FD58D3002551373645DE6FFF	B2B418C41058C46070FAFF8B8D1ED7FD031EC485	60B7A83243B3B09B967970A5B5605EE9B6C2475083F494C10BF437E145BC7EA0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9C0188E8BAC8989680E7F66CB4A2763C	CBB6354A5AAD2890F47E663DABEA686308F195D7	9FCAAF3FFAE719D6D50659A1B53CBCE302E36AFED3020F53C5A3A570ED1A19DD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3154613BD848517C8B8627898B3556C1	BEFC1CE23326EB62E7EE7D37009F950B6F6A5FCF	E837874E3385FEC22B38DCAA93EC8C1791F9F252085BAA06176C1CAB63E66F6F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BF0E52FE4B0819C857400CA2CCC16477	2D966DB95F0299C759607E5BA1CC47847F9E1A3B	87C510E1D82809BCE674D7B11107EB916B69B94674CBBA05991CB9E702363FD8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3DD4405BC38369C140375B1E9A0499F6	BFA67C36F423AAE42CAF1ADEC6ADAB4AF526E202	FBF7FD7E68B2EE2BA888003A5B3BC5559E9C3B54DDFFD27655E8264373413952
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	00983365AC97D80882EE300A83D11BFA	72DA6B0D4C4532D57B6622A2199779696CD8C53F	03E2A0B317B20AF56CFC9C89EB3D68243A2DC370EFE988A2D4A55CB57A9EA2C4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	581CF5FDBA0D2FBB38915669D75CA214	22AB2FD864DE64EC05B3ECC9B39B8CB09B5A2B7F	CC40BFB7E2028A03DE825E36219CA8FEC4E519C46C9AC0DBD1FA6696D595DBA8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	742DD89B302141E7524D5E3D5C2D4CFF	E5D18C5A062A493FC01BCAD36240A67F66025E68	249F2ED6027CA6EF129435C38F4826FF0AC1B6F34935A9C783DD913AAB167847
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0D6252D2ED1C99B2961E5CB64817E084	61BB568A6897A4F59C2109141395F07E0B490D40	9AE78DEB6F7B0201DC59ECFBF823BED2ADF96FC0B88198FAC43AEFFA0A548DCF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A84A1468628534897C53205A5FCCCCFD	EB5880A7018E2C7E1781CB0E2F5F78D5BD5629EB	738A4DC9477067AFCBA046214E846358E5857D0CE16057F737235ADAA802B1A5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F142E380EE6C03DE5D0F86934106C8EC	B437CA33598FD265780A44C5B095ECAE5C5430C1	F5D05E41F73DCCA6FC9E7B13998C18ABAA848C0CB1BDCAA406240835D18EC1CA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FBCD95AFA6AD5F2CBC8F6A72D2E3224D	023BEA7D9A80E2447D062E7EFD5759F673332B7F	A8B76494FA8BDDF2E5581B187A5EAB5D609C1F58F795FCD234400D61C67A345A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	708748F82678067B21A474D433F3FE08	09CE72EAD576B4EF3195CEC96724AFBC91030DEA	4DB2FAB90DF67EA644A51B383A010AB960ED6D25B2D726D51E6198431F2D97A6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EEB087CFE11FC7F96280DE7588A1BAAB	C6F06DD45B8365C7A27C95E5FE0E95AB20D107EA	8EF7D3F6E950B0DD627CE7388DA748921504EE670DDE78E5813182051075E7B3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AA75B0C389ECE6FE7CE459ADB8EF692	BB6FD1ACD7EC8043E976F75B8E06C03F5CF9C579	2DBF598E6211B87DF227B2BEDC3D90554C16A9EC63B440DB750CE2BF34625DBE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	37FC2314C331FBDEF733634FB502864C	85B4CB7ADFE6B86B0F533257CB2C027687D8CCD1	E44577636438026A2291E9BBFAE1E3442218DAC433E9A754DA1D845C2B651320
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	86A426D913B3AE46C8202A3E449D2927	1C0032FBF273ED63B6D3358F577712AE4E13BC5E	A6CD16DA118EA770E9329EB016F20995F101B254BB28BA4C49FC017784F34A7B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B3ED56301CFB1F6E74228A4950DF5AC2	E9E2756011E47441BA3B8E75CC8969CCA75AAB19	67B63F9AA854415215DAA6002D24678B38CA27175F2E6595CD4F4A6B3D3BED67
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5B7BAF15BB1B2BE33A1F36E6DF0078B5	D6E564A575930E815A6EA678393BFAE301C4E6F6	74FF0EBEC9FF0351568A6D5073FE58687EB5AE608E638D9B6579A757D49557FC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	47DF423CBF9443DCF4F686250C497711	A6EB71CD7C3DE070614038F662823CE0A16AB0A7	AEF426E7205AF4810F359C85D2E31415D13CB19851566F8C88B292CB3EA5E7A2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	94036B53BF5C725A30A8E79B69326BA4	BF9BD5483E26C968B219D2396AC67F1F15B823E5	18CE38882C1C115788A1C7E00BAAF7F97036E2F8772A7FC4C76087FC634BFD3A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FE98307B88E1D1A7F738B5E712171D7	8C8F82DDB62F2F94218736B8A2B03E588F7AA693	E38CD63D2E882848A1238005DF678C870DEBBCAED853E6EC286E86246BEF164B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF1653F3FB38895F2113EBCFBD8BCD02	BB4C4842D008735FC4E51C1D3150EC36FE829F68	854A43760A22C8610F357815A9F4847D3D4FB67504C3F265E291948D93C27E59
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C063DBE4C2FDDE493A535AA9528F0272	99BF1603D6669A6902703B33468334EFE6FCAF75	CDD66BFAB5830950732EFFD6DBDAAE4304FA7FBA00727CC44BCAF7919E2201E1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7651C0982FBD6B37F1B36773D037F8B4	D9855C1B03A2D05D158EA7E06BCFB14A5066B817	3E960BBA67F89C4267A7AB393F31AC8612AC9FEF10944A91C08D2A65EAD52D66
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	567BD894F14C05BB6B9BDC826652CDA6	E04AD27225996B4F8B8B23B7593026FB4711CF69	D67C2459F2E66BB0E7E7FC2562979D16CDC5FE36FDE5541717ACFA8E9F897DF8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FEB4CDB1C521A704B5A8AD2CE926FEF0	456169ECA5C901D3683C234D2866D5950C710915	C5F58A066977C40BF176DE774F02162B8BAFA346A5E16F987A4A6602FFAFD05B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	597000B7A6AD256A7F387138651C899F	10715F9DFD2B3CFF37974688DDFAB9E0CB9F8020	6E9962418ACEB2CCECAD04062AF5C3F6ED565F0B42B735B1F572D68A448BC290
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CE3805D1582C57EFA62B633E3637A5A2	661830BB648022918D949879F554A9D9B8B8A0B9	36BCD7579A41D9EF3256A72D6E016087F01D7AD3C8A97076EAD1CA78CA38347E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0C433ACFBAF73639F4E112627E22E3ED	BDC9CBFAA44BCFFFDA14C1AE3981CAF0C02AEC9F	AE19433F54A4097D9543725DFB605E1CDBCB12F81F2208EC1F00A6928768B7D5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5EB48EA7D7E8295DFE97106E6D649FF8	27184FCF5277EDFECBE6910B2CB8A179453C2588	79E64D7CA2C939D8FEE3982C934AE7E7320F2056FE972F40DCEECEA7938EF439
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7C2D2E94411C3BC2ACA0324240915470	FD75F65958158121AA55A7A7D04AB919320F05C5	B63809A2269DDE36AE09BC5BAFC094D739BC59F6537B6630D69EB085715F38DC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	69275EFD5C01C39C211EA3AE3A67B016	56A655A3AC173ADD05698B6D5F4E7CC8C44D8D9C	0F5AFDF853AB78263B944F675DE72CBFA53C78E9B6563D9857F58E4A37DE39D9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E62C0D363B4C44246796F5DE1A407745	02BBD6B9BD3A2EAED8D9A332E0305BD1FFED4106	4B931A0CD7D28E64B77F98B5109F342D78157E0F6DBE63ADE49480D1D3D3E09D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DDA35C6B0EE31623941E0EFD72B470BB	9BBF988926EB431FED983EF757C9B19E97BCADCB	5DFE150A58C902561F1E71C88C79B8ED08811C92EF4B7E38EE15230516005ADE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	84DB3F9F148BFE84BA0EE1DD8DC5AC9F	61A83D0BFF7FCE2C31FE43B5CE9040F9860A7342	43A7CF5A00588AE84E2BB0DE8239A91D0A22527A0E7343567678F9E64DCC4E9F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44B4B819397FC1900FDC4781856798CC	58C470103E61E987D95998560B09FC9F6DA12AFC	C6A91D2D4126C7D1EE759B47665355F8D0D7FAFD83D6E4A5EB0F8712CDE355D9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BB6BAA3FCED8EB6A4E6FC0087907ABE8	8C3033E891B4DBC6367C65CB630A4CF2DC4C9836	68216F202164BF29D0143E27B3A74ECA2FAF03CB7698817B1574E41A79DCC98F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8AFAB17032097E5E7D9ED15B87F6BC4D	0C507A1E62D5EAFC7288822D3412DB0C1E712F0D	683821F12253B07C17C9108BD6568E8AFDBE0FF66FDD2E095AEF4FBE39746638
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D11BFED84D58758875E4D15F8E668DB7	ED15EA774279500D20E23336FFD592EE76F28DAB	4E2F125A18A716533DE0C62F8365D8FCB5A6732ADC0089CD04DB4B2E80A57168
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3BDDCED4B336F11D55C82AA3D70A418B	57DF4C587B19EBF3A97836EB0BF5CA43C9496248	990947CA67D50E343E047DFAEE0FE323E009E1442A4C4165384139DA397F295A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4727D63F354199B560DA8D56E3283650	675B65A782314A16DA8515726EC7CEC4B313BE89	833FB461C5DB2CA4CA3823E0111477734E02BFA8BF15148365E28A9295AA4714
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	22E145CADD50B9E60C0DF9277B85FBE7	1C3024C80884AE510B9802C64F659AEDD5741E52	23C2983BB9D0CA6343249C32C4A00222A471B1A78E2A6331ADE35F02CB916FEE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B08DB6537F49A035D708F81E56AE7706	27EFD3444EF5F22EC168FA843FCE1E6103B43CE1	29F1A48DADB2D309279AC384022D00173AA0554A1205920317F3B4D3E883C89C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98D585486271FEFDB18A4F0EEE41D978	D8B39BFAC6D0EB3A29D168DA9BDDCAE8234967B7	BAA579AE145A6A70D35FFF192EF4DA42786B6BCB033E3E818858850823947A74
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD731BB2EF128FF26E50C0B07615BEA7	23EB0310D7E382D5F2A01A88A3F652ABE36C6E6D	2590DF98A82B73444DEACD764C0414758AD8530EBE7C5817527BB30B51623448
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D63516C54DBB0E9C0470E0E02792A7F5	E5CA30DC5DC2DBD5904A4B06DBD8BCC79A99B47D	1258911FC8CD9E956C6B97F232559C56C20B223B9EC8612E718901C1B35ABBA3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8DD1244BD268AEFDC880E3713215E8C8	F714C8DC55866DA26152217502AC03DEACF04136	1E9D1DF073890DF39C6A1770F84E1C197FEDD9D0358A0B4837A376817395E35E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	638104E96A94B0585FC08C9C76530624	5990E0AACEED8246C53FB611F5C1BCFA64CA75E0	9C3C9401F3034485D768D64A40F1EECABEBF39CC1C00DB8667216624D106E3CD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	126FF1F80DD24F9E1605F20D8ED92B08	71E8DC670175A9B9AC1E19FD2335B93E4CC4CA64	2B740673871E10539EFFDD139D0A1353525CE21F42828C4CDEF478B473E538D7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AA0B933E0644C12D1BE10013B5A05A44	CF92ED6F482E17A815D9BA584FA81953BFB3E230	EA5E23813905240B6D473DAC135A70B8C28868B43C8D342C0E78C7F9552EA1B5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6232D430A5E44718BED30875D562E97B	D1B6C37EFF73374B1B040673B078006818B28B8C	99C42DC21A8DCF3E680E7A83B899F1E9CA107C98808F6F617877C6D9B823A3D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4B7DD6F7ED4D2A9BE32E4BED35CFE84F	6CC0997FA1AD6D0956EA9929F04D51F970C46F14	E148D879F79D154C231E5F4B351527468461D103DD19452CEFFD6AF30F151B35
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6BC90E7176D37B814C726F40EF8735E3	BA9EB42AF98C56F7F19A3001B46B15D456FAD19D	A89EE7BC429DB7C67C0FCAAD5C2908FEA04771CD917E6D980DFDC1DB7BD717ED
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	310D8847315E73A9CF9628AEB41D1872	A5869A7FCBD20489D78D62D85F49B6488279F45C	AD5D952E729527DBD0AB0EB2351F3DB3ADCCEA59B535169C1D1EA574A1B1A528
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F32CD242E372EB64C49B1040439B9D29	D7186161E8C9C1A01BEE89A1B20D26514ECE6523	193DEABC3ADC04D1F97FBDBE37230C3B989142A63FA2FDEA97A399439A9B74E9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	902C83D997B754B7FCF15FD0671280E8	12982B375A1A28C73BBF3C800C166946D670089A	E3C9A1CA6F193F957AD288600E03E53FA2FE32E599A7412CAB13CE1B30C66FC8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0FC8F6115266046091A76D5901D127DC	D6D88D7D586576A23D4121F41F125990AB018BA2	BD44F5DD214D1D4362F9FAFFC3EEF5B53C0D9B1F16C249F4BFE81E33EB3E8A17
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8A4757F661723205985132BC442F28DC	8EEE5C861A4E72837FABADBF4C2B95F5DA2AC3F9	C2517892F68266992EFA394A6D6B2A1A72A4888D54EBE62B88B2DADB2F8BB418
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CCAB48B9FA87DF68FFFA836D79F1F387	1FA156425BCAA9D35F18A9453D88AA06360DEE5E	2AB2DC5566A4A6B984BFE0375BEBA253967202BD9A6D7F7B72634E0EA7459EBD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BE23FFD60A9DBEE0E33FD1799C65D671	09BA8FC8FCBA458685D55C4A8E5B2BDEB34F9960	63621D51C9A061DC2102A32FCECA326C59E214C12D13314099A0960B54D422F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1AF57113246C547A9FE8CD98D50D787C	96C129E28B2DFB03A5B2B5CCD9C8662AB0DD31A1	40861BADEB1E51698646E01B238605F89594E3D6D828F73F14ACB6CB0E000250
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1A20DF48E235EF999C88D81B5C0DFE4D	8605B32478FBE9F913082FCBCE9C31BD771E604E	CB42B7C27C52BB2B11251B5BAB2D0A2A3F8530FE9C8550EDB8E35D93F61B736C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5B503A068851CCA5808DC98444D6D9AA	526F3FD834C68B3A21749DCD65A79484F4848C85	7C11E5CA6A5C554B87E86942648D3C728E6EDBF75BBB06C27D786CA888C87BBD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA19138845AB1ACE9159889EEB3BF717	A06A2BEEC046912B265C109DB4D3DCE3744B6AAC	692A19EA23AB5FD7D302D38C212006D78157807E2C8EEEBB4BBD1FC9F88BD1BC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E96239A8B1E6B1A76D5AEC8B530CFD94	253F76AB88CF64FE9820B644ED47D34E910D69C6	315E6ED6E0A6BA757E0BB3BAA8F21CF21CE42B7DA0EBB8E2ADF5CE100CB28CDF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8D235C47773139F6015390C29010776F	F521C4B3B51C90ACF4DBB9E7EB56E88BE79E6D6C	C719E1D2185CBD333681BDC974DCFBCE4B65524607DAEAEF5DEE4C298B1CA926
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09435D7BF744135AB3559B3AFA019F0D	9AA9D05F367146889E8E8B3849DA163F66EE4AE6	ED6C0206A0402C6CAEAD1735211EDE69B1A4258C42E048BA3E7AF1E608086CBB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	94F18008EEF32CAD07FBF62F883C0AD4	3821DC782EE1DD146607936B615049EF846CCCCE	6FDD626C8C3ACDA1A79504C39A02E88F4CF8C9FBC8144A40586944C2B4B16A9E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	53DF4B6E9CF7EBA5D578D13EA7AAE5D2	87A5E324CBC5A03A8CDC3BECD7E4D7BEE79DEE79	329E5F24365B187672EE28D1BD3206880A756A7BDE09C782C6A85039CBB0D98D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E15DDFC69361022DB69F495CE72CC08B	6090FAD080684F77DCDAC2D33A92E20216EB826A	C1C80BFE2D8E1DF6B9BC814905A1B26402543DB6E23D4BDE28B7991BB5AEF16E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E91A9CFD203E5409BB16F9EFD862DC25	37020F08EB239F89A7EF37E96D2B94FD00B79E46	61E8B28468F9DEF11B867B9CD3FCB84A79C7E2D3550900168A38FED49E0FEAFF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9D249E6F2E3F04140E0263C952FDA3F	0310D1EDE2B1E8980DE924EB9B806D085A7027E5	0F9CC4F7ED0945ACB5A2ACCB8B9325245A804D150790DEA485185B8CFDEFB077
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1DB98AFC9DAF2EDA39D9751C4C8C8DA9	9BA931163001A1ABD7ADE3F60615F6E086C2EE1D	0DC9CFE08BFBB4B5F96003A896071E9F8F72B2FD2A2764BD88755CEC82551D64
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0ABD0CD1BFA6DF94A40D86CDFEED417D	20A2BA8617D614BE4D5B255C5435660D1EF20F00	471D781E7AC3D5B2248142FAE55D105D5A8F921F2FBE7A8FEC0E649E558E6E8B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	752DBD48C7E20F4A2067684A250AA86A	48C98AEC8C7B824BDB62B1099BC4DEA3079CEA5E	ADCBD73C0E67606560BFB2C7248141DEC319AE7584474180868FEBD5876A46C5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA412F0597FA4B2A44AC18D684377A01	6CED2649AD4A3B91B30C4295500141A26440E9A6	8A8D8B228564E760AF3661C7C6DB15461CEB667376C9AC25D30A54EB167BCC7C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E0D3D233CE4EDF5528EEBD3F0954EA9D	6B22F705F17DE6966011FB3881BD974DA9D6C673	ABF7AC8CB46A170222C99548D7FDCC7246493232A76F4940F54E92BCC0889343
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D5FCA1BE94D20EFDAB4F35C0F79571A0	C96FCDFD3842CA585C1E5E1B57E3EE611125A423	1FC17EEBE396173770915F597CC32436E071D235EE8B6F24258F0783EA471E46
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	01B3DB0D1A956B7FBFEE3587832944DA	29089DF7EB136B32E767F5A77C416FCE10911F9F	A23F1478D4AC3E896EC474A261F91B5FBEE28DEADA7B808165660D49E7DC1E6B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE0DE6B7C5BB6BEE6D93C36413647A34	A655AC294983CB137C3E13FE0C313F780CDB7684	1D02F0E7308533E7B80F10A3253A3663EE8297C058C4C3F1A526A6635DB793C3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D7B90CCFD9D35D53070076F3A196A844	6BA453E05DF2457170F6DFA70AFF682C606BF9AE	111FDD4036F90ECC58851B4D09B91897095F5985A95E7150071D1D20BC78F0E7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1ADBEB86EEA9A5CDD60D6E084CB4CD0	D906AA962E23828AA0AF7950986B1F791DCC94B2	57FB58C79A963FD1608BB658A2F940E357C803E0179D8A11FF2815C732957270
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2DFD74E067E0F385B4DA7A0DB63F3A3A	D94E29544EC25A44BE300A584577A28906BE8259	F5C3D81C9D9B03415BE1141EFD9CA18849FA30965F1BD9F4D52EDC15B31B4CBA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7A94ED296C995A585C3F4EED84CC8D31	0D1D91C5CDED97B0119C3C891C3E616BD7AA4211	B31B6146265B6773B4ECEF90408825F688DB803687D2A50D63F9164DD750B588
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	93AF1574E476BD983DD6EA61C6B0FD06	59155752E3E5372C83E426629A52C276FEF7D36A	1AFCCCAC4C6F5A50715E1032576E2277D1B9B078C655AEF35BDB26A5AB8912ED
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F8F53F2DD14F5845B772A07026B0DD10	8DAB7E2C0A6F2BA914A908CDDF0F91CF90E97144	BBC2D2FDBD33EF152BC0E70A33D730E0038234403F406E03E38D80D67DA95CF4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BEA05102EC34B23C334452508973D50E	512471A5680910FBC59E45297A6AACDEFF8BAD59	19DA0595A92CCCA758A162684D18330BDFFBACE8D76971F3587276906597397E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1B07498A79C5F810E582320872D9B117	90927A07A28DB2A371E4FCEB812F541DF9758446	F2308FD61AB12080AD84AF36516E6AC2BEB1FD1D0594F5258F6CDA69073FD436
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	94F1C1326C7F718001CBF03CA82B5B73	18B48422CEEBACC89EC984CA36AB7250125A501C	1E4980BB591C4ADDEA275787EFDA5019019DA2DA42DC9ED132FFCDDC35A721D6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CDA50921CE1FB324AA266E3F99B90644	A21BA111FD40906BF64FBA873F88DA31A52D9D75	B66483B07EED1EC7F3D75D303DBD2B36710F2112EF9E5CD8EA8E323A7A7A4094
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0C3ABDD3F68A640F3E69E52BA02AAA1D	112FDC9666524780D6BF8E483904A868BE7643BA	B670ED7D144E91A1EDB97DCEE296D585440F4BBF859112CFF3F9E1595120A257
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7EBC32A4B4D419D0151A479AB039F82A	32164667DC787D6CE7C0FDFD0006899913949EAC	9C36197FA50403D49CA1FD47ED925CF47AA376D2D5A924C25158BA8929D5BC6A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4A8B15C29378FE187C6234DFEAA27151	A87B0934CDC5A6DF251D7FD542E2BB3290187F96	8239C2132915EA0108CBDEF7944BAE6CFBEDB5BB5EBFA520EF5197868DC63540
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	40EB70285AB5ABC95CB9BBD128D1D7F4	C7D58BB5F0198E42060FCF10E950D51DB0693D9F	5963E1E0AAB21C6D0D5BA8F5F87865B9557ED3254BDDAFF0408F8F0542CD4D67
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A7C97CFFA0D403C4C07BA18EB71431DE	ECA9BF3C27FB3FC426988C120527E273FE771619	8B85BC834C1139975EDB8BCA62D220709937FB8E25E20C7FB2B801FE66EBFBEE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1CCDCDB4DE95BF467C8348F9B0300E00	340800E99A1ACDA9FC0D78F2BC365529FC504B0C	8011474BCB1518266F7E9488EDC988F3425EB5511B041E589644F706EFF664C6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	424F9C6DEC4D1B44672EA82971CEE3B7	EAD3F6AD9334CA315934AA25CF5F80C19E06CED3	1BA375D8A1CF499C61739ED4988ECD267E9D99D95708C83A4415CE07322A3102
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	28517BD505A14FAE346B858582239E1D	88B16A220AD9F973C04CD9885658BDB78A8D8591	984BC488CCA5E8EC44F51BAC30FAB44A1C04B24A93D781B5E59373661507D7D7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	23614FBB9B56D6A879550DD5F430D00A	0AFD4C950E2F8EAF30BC3195CE5CA2231403D07E	3331E5A98A7C78103295993B53B03E6CA9CD0B56FF2F7F7A4F0FD8F574A2AFDD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AF04F8E5EC99120D469EABD4B0FB5E92	B7D4FD2E41E0F051F95011AAB45ACF881C945DE1	916505DDEE05452D825D77B15D4D4A99A35E673936149E8980CA6C564B65FF00
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EFDF79B0F0EB32132EE314067BD035C5	B5E93A168D61AF07427120CAC7D94A1BC4B9B5C9	7F92403C7C56F4F0C160DAE50EE38B3EBFA9C399CB220E08806EDA0FA18CB315
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2DD720FB2B7A06A38593B5D57B0DC098	AC3CAB6189B4FD2841935B517D04F6098E986665	B53F0FB62A6ED6D39D48C15C7C3438BF8CCD225E4AC33CE9D458A65D660F80E5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F5BD4D33838B2D9562E19957AEBE0E04	D4AD877B3ECD881B423F321D84ECECB6237CB0CD	66AF56B252CBE9B446CFD2C4574E766A7305AEBF1CAA8A1E622B7BF8F4888FF2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AB9146634F59652DA0E270BC1525AE66	84C9BBE6B1BFDD4F17C9CC84BABE412C5DB12846	728270AFA86054A057DC3B4A45FFD35FB3D3F9DF963F84F7625BC306E4C8F01D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A651637CAF0FE91DB588FC1E299368C9	116B654D6A7C149B956A79569EA1A845D0D1E4B1	14B92581F343EDF195616295E7134FC3DAE80AE31B466C8DF279BD847B9F4147
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	89ADC158D8E85A1A7F4579CDE71E67AC	D1E90D3768ACED4E36E3BACA379D28F0896D2647	0CBFCF0F2DBD0B47E817FBE21B80270BFCECCEAC263135F13688426655FFF8CB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68025v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	056FB2D5B0280D9B842CFB991846D2EE	93580C3FC57BA98B20BAAB424F128DCD6D550EAC	D27E614E76ED41F4A042006FD9C677179367AB8BD72CB3CC561ECAC440202233
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68025v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D708B95F4227289ECA7D6716BF0914F9	BD9D6785C577CFD6BBABF8B841BD964EF133356B	1E610304AAD616F85E2ADCA673252BB1520FD87FE5E6AA1AEC3B84B754CCA6AE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68026v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E36C3BBD1F8FF3E862343C6DEC0C1AC1	C82A68D36741C5F79C027E43D40E38A20B5F1FFA	11FA5B774A990ECE86AEADEF627185E6E2868093977DDBF359E3AE6FCBAAE9A4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68026v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	97D8B1C7E9E82D071999F063AFE4B5FD	413AEEC2E8882792EEF428D74112F81143569390	C45EDA7E67CC175E50BE433CF5526EDAF8784C4950B78880CB9AFCD3C26D0A17
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68027v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	663E7A0DB14F88B171BC573CC26A10F9	10FA256B587DE7200D3C981E716AB3310DF0AAEB	A74E0B5C9C682FA434AF973FCA3B0D0D20811B2277D37658914BCD537294BF95
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68027v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	28EC461C58DF6D365BF33F1CCEF2155E	DE0760AED89052824767253DA11121AD30FB051E	E8C31212131C9AD584315C6C5F46DAD77BDD10C119FD1DE0E9DD2736E1C2EE9F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68028v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C7962DDF5CA89D1CCF48DA413B38E97D	05EE8E27306C596237A4551786DE3FB7CB9B3B96	8E78B0B33198F3727AD76FDE0D8754F5CEB4691D989A1050ABC2078DD9FDC639
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68028v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A079906BB6EB1F14A37A0018B35BEB43	48B63F2E281A702AD1E4ECBE6CB4CCF4559D1F68	EEF1835BC4A8769632C8EC4382394EBA32598A4822DB17B3FB28BD822851548E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05951C1492BC11363026562BB52C3721	EA37B61FBA0B5D8D474A7A1483287FD047250361	E11228849C8BA392BDCE87909FD8034C0D0AC7740B252FDC2E00DFD728F8D610
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BAB3D223228ADE26E266B1A317D859E7	C167CEE6C2463800E944095D94540B2D408FCE7B	193D78B914098B8601F6426E5699879515B0F856EFCCBD2DCCD7CC7545E87B7B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68030v6.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	914D3103B49A8E5F48FB899067D352E8	715344FB7CC268DFE41AAFD13064E4172A97D2FA	013B87FB67DF5A94B0E5CA529692F07A9D986E5559782CD9291746BBD661D149
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68030v6.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C82487525C07A65E4121409AB2E14334	BA23533FB745459DE520F4083C89DB0CB5DE35EF	FC5748E2FF9A32E57328A51D3C5DD3BC513DB5EE5E8BCED76C51B499425CCCB9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68031v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	949CF687EBD5A08BCB0B692CA0F14A88	4A92955D9295432E44D898FEEA7860E84B78DBBA	4E8133BAE759729064A7922F01BAC6489C371607291008EC3FF1AEE3363AF48E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68031v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16E14B399F321A45AD8672A44090B85F	AFD3525756BAEAFE328F9FCFDC934DECAF086225	2B15988890059AD8E1AC19020EF6906AADF43366959FBB09349D1CD7BF79E2BF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68038v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8800164ED78CDC27D1FA8F3E4C5547DC	ECA28F02E0D116D59696997CE1EEAC10F985B885	FC12468263A198D3094BA9B739E318FA92515CDFDB6F435B368528CD42450BA0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68038v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E2FDBDE7574B753E81CE2F0579A5F26F	B401DCDFDCC3061968BD6FC49B658DCC19D10D1F	366D63480FC9C316DE292914F1A85781237D7E8435D2AF27CCEB5C8A2588BE59
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68039v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	62F2BBD8F89E538CCABCB94B8E5C66ED	287A66D23DE38E82F0760CDABEB82ACBE3109176	6CECE1CF3CAB914FEBAD18E2C22568A2601EAA71222106446AF6167D5203D773
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68039v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	25EC9A92F5A3877D22A08793038C3641	9C9F8DA9EC9E31156DD116FE276F589B529D0AC3	7A2CDED2F83FA3B85A8E75C2496DA4A70343A193737444FC9453ACCB8458F6EC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68040v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D4D77DA3B88575036A19EBE3B2036648	746DDB6CAB2A8998D33F49B0F2E7558112648E15	A366B1360DBEC8381E2B43691DB1F0CE00D4703028362A65A1B024E402749F25
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68040v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6B87414DAB5D62B2F9F8A184668EA95A	A0AAD47081F8F0E9EAEB4BDB52D45CC00C0593EA	7A3D84784D80F538FADCF3C2959E58EBBDA5A0EDE9A3CDE3976B4147A44F5885
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	93EFDD5C7405666AFAEA0FA2353445EF	0948D12441B2A14AF0B6471D82BDA7E3BF8AB8E4	FF5B15287F9253A12062CCC82007C82D6C18419D096D194AEA9A1B397A8CC0F7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	209C5F26725C9F2A7A8D5D479428A687	3CB514DA33ADE944049CFCD9466BDC03B592C8AB	376620EAA6A1A927AD0FC8898E985350521BD638E367938E32A14821068F7B57
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85D58212F0191A42666143744E2F58AC	40B94D6A1F1DEC9F87919E63295857ECB4A25F77	3251E0B5894CDC3EC325D72887DD63ED3DDF51BB8B6D69872587E14914F9A8D3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F6D9A2F253DD8A9B7E56B80EBC6F4AF8	0A76179C9876E307EB9B5AF98D6EB0BAA0868ADD	6E009B26A65AF1FB488B7EEBD396C5CE8A87AAF11A9CFD3F2D4F66A0A108D806
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700001v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6B2D492A73E0B5E45EA635824F1A34F4	8F11065E12A658DDD95B003E40F331CEFB78EB97	21B75361D7DF86AC14B4D1E898F6A490ADA8C9501B482814250F559532B05E9D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700001v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F4037BB0147A7FF33575C9AA9D271C4D	937472BE2FCD22FBAF4E4380E7F696574BCB6588	AC5520D8E824B42C2D1574B833DF56B8772568502264B358334D117AF4C5E877
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70002v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D04655B71F96379237D41508531D4FFB	932697E1C9D2E6FD5CF9AF7B315A11A41F695921	B4029FFA8EEBF62534051365E27EBFF7E6BF0FEFECE7F0FB20EF73000BD400F1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70002v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F9CEC298FD0AC46FBAAB82A58A65089	5588CDE3622BF74B966EC8B4F29784A73754F26A	31C5230909D1F338F3A01C7302C086424CEC6947560A22F4832B1A3278116D69
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70003v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBACE4043047F37F2088FEB962D39C74	CCD996336537B5EB7AFBA9772B20978701F3CC12	39296A1AAD196305BDE34C45FDE1E117886F0130BA08C499F5A1CFC1A1BB226F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70003v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A7DD367FC9C9189714B9B881A542AB0F	2A44661DAE6512CF96CED2F63C0D20D0DD015A11	EEDB5809093D599D3AE517F7AE0567A2B4C7ED876E8386427CF1F969C20B7DE6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700050v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F7FE95D1BF0CDC6BFA6B4B23B3651FB3	445CCEA72314C40385C568324F4FC9533C598AE3	C20ABB528E38AA2654B41D9562A424CCE0814D2416E5BE1C21E3E1C0D5B09745
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700050v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CDABEAA6F252674D9DC542FCD90639ED	4FEC799A7C3B689FFC32A26AFE12D880AAC7B265	D1FA5025E9E88E0C31BDE8E13ACDFAB7D1658C3783E47099994CE9BDB5FA23FD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700051v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	15884DC779073F04D3FDD6FC8EBF3FC3	D76D1999AE8479036B0C6968FBD4666B47CEF84C	E544B7E965AFECA2AAD03D9D1930F88CE596FF75524E1EB84013689A527F57FC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700051v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1106927F334018B154D9092125C11B45	3BC6D8786FE49EFB54027F391E4F68E34CDBF333	E6BCE55E53C61A48FE8C6E6176E6E156947F872B15A13CCC604B15971C73C32E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70006v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F097411091CE1C84E4CE8A8112B0399	D803701325D5CEB9F6A8355080EA873F90CEFFBE	BDA1B26221FCD8A18577D8CAFD1260C15F79A30845D666F577D4F2CB269C5D6A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70006v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16DC485F27AE498AF06A0A168CD6AC29	2CECC76C360055B67173319E410369B3C1F84046	99467B96CAAB3B17A994A438F7DBD8C2330A4E4AC6B1F3E46E0A6812A554B0BD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700100v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E0D71162BE1E7742BEF1F6EDCB302414	30E7F4D6B592CF583E14F565150A450590B5DC55	41B9D86E58CC5AAF815EDE1E9B61EF1CD54C039EC6311EB8155AD3B82DDC0351
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700100v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7801872C77F3F5C9F1E127F1E7C1BE68	65B7D386697FAECCD0F5FC2C1864D76FDEB3ADBE	52508BAF1C7E87DC8D67DFD4281448D99C026B24829174B1FF7EF80A6FEA689A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D3A0CDA8EBD7EB3145227B0BC24A62B	908B75F661D67DB71A757341890128248469C7AA	21AB4E749B7709D73912595A4147676FD133F1732DB63BC89AB2C5FA9B493C62
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	15ADE68F1BA95E65D1950AD6D0FCC271	4FC530E4C95E8E17C5675CEEB2B250DC0DF666A7	2833A439C6E2DB4CF822E39DB4097DEF7862AFC96F38F3D3A87FE141F12FB276
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700150v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FFD9AD5E10DBE528C4E7FB55CBBBDD58	C6FEEAEDA4A02A893516FD9401564322A64EF376	05BDA40FB1B001670CA3E05CA89907A0564FDF350086EF2BD4308A96B89FFB1B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700150v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F41AE18B7FAFF4A5EC12AA826803E9C	ECF8EC0FAF0B1BB51424521C9A7AEF8316E6B6BF	415EFD1BB277CF3287D01DF4107FF27BB5AA8FE98E89BC70F7F8C789ED6E1F44
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700151v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AC97F38721E530D722737CFE01D8F769	4841A834B7EF37AD535D2498505A061D7540460D	9A040DBC690DD70009E64FDD2BB2C0EF0A6AF6CD476983358B1DFF406EFCE443
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700151v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	685F2CF881E1280855E40ED2DE38997F	BF7C61FDA3167C905A5D0BDD198A3D5759648FA0	7F965446A26A0FBFB9D0510AE1A9A1988918AECFFE03ABF95CF25DF4FB09C4D0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700200v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD49500C9DF6953E738018F66812282D	9E839746E6F01EF13AB4D2D3E19A6A4164DA61C8	A284494ECB4274680C3254217853B4D97FDB541B08B3F2C05369647939258C33
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700200v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C24C8C4A3FEF8F9A4273DF9051F40E90	94C02365E746AB4B2F54C01B9607E8B7C32B6844	DA8DD3F7380C874725077056D0BF066D99407ABD0CC8A2C65CBABC667CD8515D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700201v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4FEE41334D9632083227ECD580E03CD7	163274A6FE826BC999F28CA562463A69F2B80D40	75F0B2C8665022A7C567B2C4468BCA7FF30429D5D94B77182C24B75541FA0162
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700201v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	28C2D80F5B8075D72BCFC7985ACC7776	C1F4F2B2F2A9D7DE2B6962EC665A8FCA6F4ACBE2	32772FD94335C8308C1FD0E3C7B739E10DB92CBE29F4E41C36993F9B9D1E4613
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700250v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D25B6293ACE91BF706609570F17A1EAB	1C6B3D8649EAD7D2CBCB9F6A86D05AA873E8BA0B	A42FE54DFB8D4299D1075A796A6204C59ACBAABD0C78AE77EDD5B042205EFE0E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700250v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CBBB2813C6BB99CBF51D49C5AD345CB6	1B76B252C4B82DE8B978374D127E3869765FABC8	DF22AB3AB7D770D54C70B27A13798AD4CA2DCED943A758A865A4B10614A6D31B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700251v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CC580FD817CA6E643671ECBE135F0907	EBDD5B80EA6EB1A685B7C076781951E1485CC8D1	97E1D0488D712BCDEEFFFFE8266B29D674BB2CFC52FCC8710D62FB0D0F7795AE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700251v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	24F4308958CAE496A4D7C51275D4E887	0D27C78C0083BED2ADC88977D872E9C204FED1B3	605C580D2B5F2DC79DB02683D3407912E19B92D13814549AD2F5F1DA8BB68692
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70025v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F2388CB8020E92C989A535E05BA73C2	F3F8918CF5824637A746C28B5E92223710CC772F	CC803522E1B70028127DEBA0EE16865AE5D8FFA14B60E4100EBCF30680D3947E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70025v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CA72763FB3264AEA16C86A71600C252E	1EF15761E1A0EA4490C67C1B9C2122B414401ACD	EA235D3EE48F379E6CEA40ED8897CF002E5D85E0285254EAA021A9775A087B4F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70027v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BFD49A830FE15652FFDFE4BC814DC44C	7C7C28D4AB5E4E727AA4BE0D14AAFB242567C4CD	CEDAB952DECFEDC588344B1973B330DC92593D86365E999642B95FB3ACED554A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70027v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D149BD59474DE101BA00C66D714EA546	A8B8EF500752FCB963DA7EE3E93D4EA03355DB07	DCBC9FF408E000B0E0C72DA7A141B163608C3FC3E94B1B055969115CFC8B6F3D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70028v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AD16E3DE6770114072E61C8CDBAA8572	B9A499FC1F939C8C4C9D6E4CB30B500E7374A3F8	5F7740F4029B82D84705A6FB40066668E94CFE6C3FF348F403182EA48BAB2E28
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70028v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	99948A57ED55FB93BF6E538C6536CC94	BA7362D1AF6770D57C1F3C9693F96E6DC9088405	C0676A020BF56586E7FEAA3750715613502DDF8275F2BAC3D5B0762F21567372
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70029v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B8C1166E184300CCB9FB9BB735D06690	CB6360E2607A85674BE71A5251A4F8D7D9ABDFEF	3292868397EDC217ED642D5C141FE6F85008232F135C2980688548B55F05CCB6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70029v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98F9A07F93722EC026A5AE8D95092467	4F1A6BF97223DCD2C2043E21B9F646142125C5A8	0B6D65E6830EC01C0BBA66B08AB901B4CBBADF489CABB88EF32313D8144A12D2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2FD4DBE054F9EE86F5014B321A4BE737	D21F0DDFCB50CE87862651CCE12285DE41522BBD	00661A178415746DFCA899A869E5EF1873FD8923306A80EE3E18BAB6593D25CA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6E0D638BE6564F89A30C7C637912998B	2ABEDFBC83B7A450EBBAAA6BC90AC8F157517A02	625B6C0D6F836570339722B470787E2B24CAAEF1CD98C949099BE1CCF072C083
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700301v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6D4F40B42723FFF67440BFDB14BC685A	B883F010BFFB2971699F2435C437C991F7D020C2	C687DB32FFD80E8029D7540B126D8FB33DB42204971AF236FCCDEEE5EEF60979
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700301v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B6BE56AA98BA2B155AE33262074EB74B	0526124AE53E294D9BC2A04614EBDDB0E7A16F9A	EEE2C9E7F1B15173B9402AF952E6BF76122F5A64B1474D4C314CFCB5DB7A0E92
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70030v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	77F84B5AB31C273192E06C440CB106A9	547C3A1D663F15EE8EC9CFE21B014CCDDDAA8330	CC87351492254F42A75EA88690A30696075DC1DFB099618EDD5D6C730D5D91E5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70030v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FD077849677D3431E01FB1AA9E57352B	AD68FB0C90D7F76F9EB47265736367E4596A511C	B82FAB2716FA2F42A6647A1B74FCB41E6D9A253F020AF1A0090AF32D36F4EB69
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70031v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE5FF795D1243C19D48C38625C84CF27	FE16A9D9D52D49FF52DB18714E8BE7A46D75F7F3	E7446AA94DD91F35D573668A7F8DF731241B5055E6EBCF0E2EE8B64AF3BE232E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70031v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	461EE906645BE96DFAFF31F3094F9C27	0A0FF9D9923797D71A0C76483A45834A57C56B81	4D85AE29B49D19890524CEF4748F1B75D0866137EBB7867AF270083AD1C975A2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700350v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F9997433AA5746AFB53BE2C20458A19F	F716A64F712ACDF7D4E6299A325B86DE8589E27F	7CEC881638AACB705DCEE8A06DFD9B58F1EFD72D03EB325F7A8451ADFD8742F5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700350v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B1FFBDAF8440D1977DA45A8628BAC540	49429D24FC04992F3516313D5B6AB8ADFBA682FD	82267B93C2C5AD12131F3DFC5F11858B12E5232B1DC6156E01CA40A340F9BEC2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700351v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1F204DF7EB488AE79782AEA48366818D	F4D5F135C3BC7B345847BCA757B197CACC1203DF	B0B1F9C3B244E3C98D4BA2513650AA7852A1325534C14DCD6E559ADFF03D57D5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700351v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AE08E2C450866D1D90F0FFE85DEC096	8BA64FB513E9DB8254D64B83E29BD360F2A5A0FA	6D25E2F3C75B54AD82924E21AA4519657A426A85EB9AFD0656312330496B74A1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70036v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	01A8389FE6AE35623078A5C0159E2B18	103DB6AA1A48D5A1A5A464A870BE3604D239D554	5DC4DF3347BDE2BC6ED60099AFDB2D1B0894721C5A0E5AA19D10D383B1E8809D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70036v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7DA027AC4218D06CDD9FE8AF4E7B3896	2AA9C85A053BDEC919C91207079FC1A81FDE42BD	AC5B6C32DAF7C67D50116ACF1F8DEA2B5DEE561519B81A404EC35A95EBE15844
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70037v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A32C9DD84846B4C1DEC4D323165E853C	28FD8A34924B9BC4BD5E075A1768D96455390A35	9CE49244944219411C0195A05074F293EA0711C1A0D5FB26E4AE21B60445C702
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70037v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AA124F3C0879F9C9033E64921F5A0B1D	1EC7C329576CDA6CB66BC31A97E817A280B06283	0704D5AB88E3DE9462211CAA537F9A369C63A7D6C5ACC21C2C84B8474A83CD46
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700400v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	512922E43DE37FC96C8C014697B86045	D45A0C8D57FB52799C4FAA257EF794C888589FBD	88BC9D7F23018431F91908CE04AB2E75285523DCFCAD071EBF22248281B7C13F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700400v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F00F433C90790FA47F7F7BBED224205F	B2923DB0AF1E9F27029E22DB9D25D8AAD28A347F	ABC2B2B39A6C249D397FA80EB506C6076C7AE7178B5267E9F02E17D6659DD6B5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700401v2.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6943F72BAD99C82FCDE53F4F05C0BB12	F82D96188DBA055FD9F360414BD7AAE98DBBF15D	5B93B14B6F93BFFB522A47F6A31767B7790EBEBEB79138F35665AE86E4DF5860
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700401v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B14A45CB9B199499DC7234574D31790F	DDABA6E89EB78DB8B962E105216B6725B33332CB	25960414E3968434427FF7F752946FA3E74FF00A6E3F9A71418AF576800F985F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700450v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F7486A9698496E33FD00BC572028743	65137F453D646DAB839C79843B8AAACC9B9D1EFE	008901AAE27B77F6F05D7556B10878DF090222CF0CF2930E5FE45D8F34B876BC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700450v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0AC0EE1461732CBCDD1BFBCDE9D8E53	DB3418218DC4F591F3341D379A6830E417479B5C	84C25A064B2872422E4F3C4D6D82FD154798D9B3140CAB50E689B9C8183B5474
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700451v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA5DD10C52D2B540B7B7E0BE19E642AA	8F7EAF3300F95DD71020B9E64884A8F33BF05D77	8B6B18047DAD5CFAF0813D6E47EF6DC0C63F20BD9BEBE2AFA1CEA488F25C9D5A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700451v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	86F7426EB245151DA88B5E95FF314E05	01589BFA9356DC52D8EC2BA83FE45C1E83C97F8F	0A83F6EC947C73177B4ED923C32D627E3B0C1160759F36F00FABF16A6EDA4C31
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700500v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FEBBD983EF8EC57A55D3E8FFB3E1BCBD	CF6D2B8107563F8E3BC9BEDE4E6FF08F35614D70	F299285B65B73B42A8DE163CE63FEB28246CFCD552F1EFF62D17E4C56B3F6A10
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700500v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	048C3BB1433321558081CA0BAA8D411E	FC6D79B479E9D25CEA866EE933723E936E7C57C9	68EC65B0244A031C3E4D707D8B534DC2444A89BE3A786AC0650872256DDB9A50
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700501v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B4ED9EF7B85E02337162E5A241CBC0F7	CB7E526134DA9AA4A3F8EFE05C90FED58C0E0F45	8AF3968B63E8A4C4D154EBAC1591C70C85BD542F68327491281A8AD58AF805EB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700501v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	435F2DEA34FFC876074EDC066AF955DE	BD13C04695A303DF4D01FF63418DB7A21F42827E	113A45464C3CFBB112F6278391798FB5EFB0D58AA0D9D6AC1645E6CD57280528
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700550v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	328EBB6107EA7CF0D37E374A3D8A2475	6654DDBFEA271734934D4B6C69A60C819E4B8B12	060B37BE7EE471E4893F99CCDCBB665F0E204FE4B548B9E8C113A3BCA005E00B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700550v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A9B8247E92C090FFF01C1745D0CE4B7B	0B9785CDBDC63D9FD772FDEDB90375E91CF42F7F	ED2A5153C767DA121F78EE6B4C824FDE01E6B8A9CB55E2D3A2775CBE8A4EC201
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700551v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FEFC3561FFA311738570D9AE48A5B5E4	7DE83D598281B649F2B5D2E23BCB28BF8E7D384A	F5662262CEEE270659E91AF03E4D23EFC7A710A63D51D5F84A2A1A3931E1825F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700551v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0D6564EA596227BCE0D590654090F281	B690F9D3A509DAFA784496605D7389BDA503619F	5440374A6F6C33571059C85D90FE0027FCFF1F4BA89F810EDD12D6624F4FF776
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700600v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85B9CC6FF019F3095D6536D164B81313	638B6E8D31DBED61C6FFD5FE9E424DB9B526AB7E	FE4A82EA73893CBEEC0B46166FE04E70CA27760AD197771B95945161F4843303
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700600v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C4880E08093C5BF1D9E4688129CA9F5F	0C7E26FC92D7DF3BAFCAF88192AE3D7F5746152C	67F1F0726EE2214ED73F4CFC75A6D3AC5C680A6689A66A22C966EDD801934143
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700601v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9FA230EF397A3F6BEF8B29CF8A5FD5E6	22654B61FD5324C57B3AF1F788A38B664085CE8A	4B6F3FBE1D1F9793A31B20BB59329963FDFDD7525EB5900FB6A09BC6AD0B2EE2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700601v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5A28CF6249A8BFF1AB246C9513EAFF98	C7EF21A2AFEAD5F8DFC56945F7339A85C6EEAC5A	82D3C7AB6197EC6C14C04366E9CD5C90CF441616571CC1A94E026DCEAB7935D3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700650v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5FD4A7ED326CB6C626A94DED0A5BF108	BE92F2179D3C28ADB3F018450A1143A76F60AD23	6F62FF6C067D4266D0744E5F16ECE661732AACD94188CBC956B9EDA549E3DA21
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700650v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B5D8998383140EDBA93896DE6B656522	38E54FDFFA05AC5C6A845FD9C04759705DFBE67B	D29508B13731236E965E42670A2BC8A162AC1889253CE5CCB9DEFA62F17C55F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700651v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FD796F095E56BF98FB37B760F2708AA9	08263480C1149E13F8A5485B91EA3D2059C1982A	6F29DD69A2FDB33AFABD8534A5B4942ADECD7EDF56A93D08251C092BA4EA7C36
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700651v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	352771603AE7F3B3C9E17104AF0B7F9A	13F3AC90620DA988CF48FA3E0D1611EA7648EAD1	052BAA9E1EEC734B33A8CFEC1E46695D8E2E46AD48F60D94927838FA80AEB320
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700700v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9B3E4986CEF534255C99F8E70499CC86	12134C4C036D8E86C117AB2541B26A20A2BB8746	381ECE7604461E4E11854D925A0E6A9E59179E6833AFDD372D96CF8943B9F6DB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700700v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3FE64B1EB0539FC9D2E1BF2DA9A5BD7B	36ADD4C9DE1A6362A608DDDAF6E0BF611AB012C4	6BE93F039EB394E8229633731FD18FE97E274B8781EF6BB00943F474784312BB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700701v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2485DF1EFE8DF517095439B9164C307D	FBB51AD463C5C9FF6A8A53AE40C55A500372B659	09235677AA9F12B3EFCD7AF33FE2926879963B5C8383BA9A1158B2E078D32C43
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700701v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8EB8245B63E1F40AA65B00CF6962CC62	5070074BB6B463199BB8DA8B523E3AE76FAE9874	50789C5D48CA09C7B250093556FD3355F0AE23BE17F50F8BD116C6DB918B0E44
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700750v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	25F77009929DF21DD7D437B48F86637C	00408333B4BD7C933915629FDAF0D592DEBB9C9B	D0E6E980F15BF1937997E7EA7FCE190B11D05E52A7F1A4601434FDB510F49A7F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700750v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64B8F1CA4627EF0AC4F138B31A287B2E	3EF45F63524D8771BB0C7DFEAB34859C5716A968	5B3B016D3322B8F846ECC77C60F550841EE5D4CB0D60DB5102792E4F1A637D20
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700751v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BAB871C7906F286C800C0951655AEC79	216A90CC42D3D82B37FC4FFBEAA81AEEB729416E	19799B145BB5094725F37E6EEC8F6B542FAAD37839DD827C4181108FDF8C6D99
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700751v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	70DE1399523B93708B9097FCECBAC14B	BCA4E417C1943D8D5D57DFC8BED248CE29B7DFA1	D21503604CB017483024BC808FB624670613C950B39C3250CDA56263EEFAE905
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700850v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B7004C66BB857DFDD376BC3AD2C8B1F6	55B17F78ABB035F8E31E25D45577665C3125C1AF	341843FE2D6261C0925F7A110EEFE41E22CED5F3935AB9E197598E5AE09921B1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700850v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	953ADFF3076B03DC7E9E55DB152891D4	1F30B208081EB07B88AC89D9DC9000D54D60E597	873CF18CF948E3C47A569FC5E3A73CD30059CBB40C5CBC887E16A39B5B13A9CD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700851v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	850A98F65921D0B3C1EA66AC43F749A6	836B7765066C3844540793BA8FBF1B7122793BB8	1F2FDACC34CA6E54FDF4FB2FEB8519560F14018D8B42202B770CA277CBCC12F2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700851v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2E3E452FC4989E47591E7AF32054DB00	9F985BCBEA8C4606DA5DBA757222EF5D3A9820EF	8BA38451315E6CFDC272E5AC790C2100A0BC1B4DB3F0FBF109129A5070768293
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700900v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5FF77FA4CF8E85FEC31F8C5F25A518F1	17AC98441331116C4E1C7784F819CD7B2D243533	B6C70BFC5214B00BA670A5F9A1E823F001BEBE035BD2055BC0143CDED7CBE04F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700900v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6D145A3F73A0A91164FBCCA7F186349F	66D0F5B1AB7618B0D70EDC520EE264E7642BD937	459BF6BFE25C57995B03CD30E5C657664C31EB771A33FC14A36527BB9CD59FF6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700901v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1049BF7FEF1096B040A0EE3F2A245F61	7E9130B97AD3AB29E4EDA7FD8E6532B7D704700E	390681329DD17B8D3C70C136120A8C940796CFEB928E599C35C4999A2A58D8EE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700901v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	506EBA211D68249CC6E68392C1FB12F7	36490EA195DBBC2518482385F6428FF546469DDE	EA23621CCCD55EA36199C9BDBC2594B98144F2F6E67392F077E15B51C90B5806
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700950v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F61FC4A3C8918AA2F75816C3013712A4	6C22E387C2E626AC94B249704EC679EF44DB063C	8194ACA960A7F9A4C61A9D41EC763D444038ED62CFB5921E6BD0268E62431091
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700950v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	573DFD73AFA646D87B2525E47168B9C9	E9338B0011ADC02D6B841B1DF6179B714AD46A25	20B3ADA1D941AF0CE68FE6AA17B8F33FC9A948A4E49C9217A5E0E50BF13434D1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700951v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5224CB8B2317AEEC390DB25F5E2410BD	50EB69F2193E88F3DB885F5EE9C179805C6C5A65	0FE4950D8E1977A8E414C62E5A0309655F710E873E88C8A41A957AF11D3FD4F7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700951v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1A479F0CD4AD3DB2A15FE1398249847F	09A83CB2FCCC048ADA6A2DB10EC188932DA11D4D	F108437C943622CA854C6DCD31538F31EC504DF071C0A31CE7636B0C51ACF9DE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701050v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	040FBED92FCF9A8ABA6F98C9BAB38D09	85D9DCF04460C632052F1C67507623C97CF2D5FE	3A36E376EAF4BA12F2FB2AB39C85728F745BC0D22DF9C3F4965984E65E86A5D3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701050v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9899647D0FC9C33BAA7DE6E374310F1	8CF796D64F878F4904E45C9E54BB518719B8EC3C	CED79792B56B580A05BCEE8F04F8ADFCD3D3948FEF23C6DC5A2C0E3B2A4FDEA7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701051v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F644D619813EB1E5872B42891EFADE45	880E64817394B192DF936B08DAE6A0FE04476B1C	266F68939F7635748A5CEE676617BED4A86096B3C720BBC987A820D96DF8E2DE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701051v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F849EB284814FB86208C89334B945EEA	48E018759D3BDC98B198B31CD2703449261B071C	FAEA5B1010A1F298BD6FE2C137595F19D114FA7E88B9849D13DE388C45300A2D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701100v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C1990A2CF3D63087781090C20E03046F	F462BA4053A4A7E211E63F4940591C9513749952	7C625D8488ADA9172D7AEF76AF43EE9A30D96AFBE900BD6DC274F71A7CBF5562
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701100v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A960E02BC1F591D783A95D84692FA4B9	6559124FCECF6FCE55FB5A06B50B55C7EE7A17F8	4C1F92C6E584D0CD6E103B630C2D1711B826E82023AD28958368794B195F7D95
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701101v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	556518E75665C6DE0125215E782716F5	C308374D84440957D788633A9D540A7F59D223A0	354D4A5DAFB0C8171B630C630B9378DA27C40F9365A5CF02E6917CE1FE5F54AF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701101v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3212B51292FF4C45AB7391B555A765A9	ECFEB959FFC946E15869BF04D4802CA8E904A325	C0D832D52EC53D5DF56504DEB73D14B3011820C07C43D1C87FD003FB5B5BC8A9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701150v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	01CFDE80BE57091F74AAE037B93CCA78	FDFC7645D18E34F05D272A50784C7898CAA39AF4	E0365740E05A117ED718A13B5D51D8FBC4E0A0D52ABAE6BA8AD9D44E2416CAEF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701150v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DA70935FF9D23A1F510BE6CB76833232	BC138F936C65C70D936AD330C7479D02DC6FEF13	8DD645211533705443955E333E53FE0F1CCA7327499DDC68964D144B9FEF0468
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701151v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D914D8002DBC950A5155C64E000D4649	7526F500F8DEB978DE6FCD628CD3AE550672BE9C	4B1881E7E2F2F021DC696845E35E9AA3D8095276F0C6AAE2A162D4EA77225784
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701151v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	20A1904ED4B9B6D5BF6D83B601546850	1B33B3814F584E346CF57486B61F86113A6876F4	DDE689F70591342B9B64DD0F253FFC8730D1EB5FB17B478C5F8E874314EDE2C9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701200v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A2414ADB86B7C3332523B31CC08E93B5	9146027977464A22E027987092C183DE77D9E901	5771D01896F32DA17AB4A542414687D0DE352CC4800DA1F138C893E365B2204E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701200v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	79D1356A55E18C2B3882442CA2C8702D	BE30505124103611530939F9F8B3056642D03621	C5740976BFCCF904CCD4971A85F37296B98983687F25019EE7C11B1346293CB4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701201v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6F8031EEE0155E8E1FB65D57C0470A32	C68BF0F0FE1166CFAD1703EC82AAD38250B5912B	3F76FEC72B47CFA148520347F09C0408A334E92AB50B06159545386C18862F08
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701201v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85329672F74DFC5731FEB270DACCCAB0	50214A8A18C0607B7529C850897BBAC78AAC12ED	9E4E03A5795BFACD2D82EF2D7F7958A66CF03ACC579EA3CE2774A02ECD183924
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701250v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1D943076ECB46F7209E791C81F491591	A533C943559F3668A502CB09FBDA110A6A888474	DBDE3DE3C8F3066242DD24E2947EBB7F0B461DEFADF479C61B12BBA1F5397EF9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701250v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0ACE92EE925B8E8F8C7671E2B0F63FA5	72632EC5BA4EEE06037F4B34A8A3432D677B1CB0	7BF14ACF1CFDDDA21AD45CA141F5F8A18FF298CF65F34DD25525C6FF63D606D8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701251v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	07BB9D79DBA4D320C6E260EF624DD470	CD825AA4752775588F3420C4A5AD5497CCD86C6A	F497B323CDD2208B3F09C8107952F29D7F4E5F740B8C3073E548E786A963E5A3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701251v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD9F20889DA9844DDBE6C47BA32338A4	677C867CB7B4B4A61FE888AC3D8CEA51F03A8EC8	02DD1DE4190DB46E1058DEC0C59D513FDA94A3958B46A5FB012BF4CD64D18B4E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701300v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7A055B01E6FBEF11F9761E11018CBE27	7E0CFFF3A2CCB28785DCC6D41975F07B32B0EBFF	F50901818555734E4F1D2D796B388AA594EB053AA28D45379444064FCA63E77A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701300v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CBA9C4C467AA59923D8A7E202C119B2F	D4927506C8C73DD906BE54F92E18B9024E8EAE7C	3370D3BEE181ECFF98BD8D0459551AD6966F6282FDDCE75E894F7854DFE5ECDD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701301v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2FC53C03F4ABDD283A01B7AC1A89DD9D	A818D22D11074F4D53928EA78CD047F5D4F9868D	72BBB75AEEF5B519DAD180961FB2AF5F5B6FD5DCC0EC1DB25876E9D6E25483C4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701301v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9FA49F662292378283589501DECF4335	CD65A84F794D1DC8890C5DE12235160BC08BFC11	AB04C78D572AC48CAF2BE8F8D8DC9609CE60AF71BE116F3C52DA37F1FAB039C6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701350v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F75E1FFD9235AD59A4BB9A1FACBDC40	2EF028E29F450A57F5360AF491B6D47914E6CA4D	33A55E84EBF57E9682C9BA451A73F2A412AC7B6784F04F325DF9D11A7EAFE903
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701350v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7069E0DE27ABCBD341CA09C374DDFF55	02396177DE415810FE140A139BA5E3270FE9B08D	F79798F215108ECAA14827CB113B0250174F99742BCC99E9FA8B5192367FF7A1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701351v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B351551F2EF7D18F831A344919B150E0	0BC6117C4DF31F17079542269DA5EE6B5E772AC0	8792F3D841F86DA5C9A4A99194D9C1AA61158B6548E271DC1106A3A6B8691AF3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701351v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	65287C557E1BF7E8D6E9705E568796BF	33C5A626859B36C9908FEE7579715592B785DA30	099E514CBAA7DC8CAF704EE948DF5AAC655BBD62DD0BADB2F754E8BB6C204742
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701400v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F7D41E6E7F1D2D2A2DB4102754590C4	55ADFF6425D8145FDBCB28C4D62826A2274BEF2E	422E16C713E9F71643412CC02934F53DBD2120106B8E7C0C4F8E3A6B4DD04686
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701400v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7F0EC4244C4336C8E19B8B55C28E6B8A	95A2B50997173FB4CBD6E0FA29FC0A2C34F657C0	BA299513A4D77BDBA61F7577BD30D542AFA3C6B1565C7C1CEFB56891C22C759E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701401v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6C2CEEF09E9EDF28D8B543CF752450B4	2FFFD25A2D1BCBAC179AAD5A7F301FF4C684359C	46E96340FBC97847431908A8129C1B1BA3D5DFCB6A07A87F4F1D97E76A7FA8E9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701401v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F381C846F071B39B8BD4F5FC49D36F74	283054FFB1EB95183D986DC1490C3185B21741CA	1185BA23A485EEC836872954E3F9E12FFE806ED03ACFDF29D9965D15EF16364C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701500v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	597190139216B3824EDC5656DBB8C424	283DD42AC1A2580E4BB5062CC55024B68BEFC82C	865CC45D742AB6AC8D6A55CCF05F824CF18D981D7925D7B64DB0958DD16FC46B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701500v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8082DFC66868D747E832766FCDE6F925	32CE20DF66C7CD0037E7AC992C769FEB9F1EF8AE	9FB919661D76BF814CB792B605E3188CD366F13E6BEAA8F38CB90CA8843BB7A5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701501v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE685DAD1448C8743A45A074252770EF	FA81848E29996C03E5F41F4C4FC632E2BECFFCA3	EB113167EE284F7692CB0A5FAA082BC9B60B1822DC9FCE2C28891288F7AFCA8C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701501v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	895196379E973546AE58A5D2FE850FF8	F291589FB5E8EBF0C16778EB36825F06758CE3B3	84D466740DD47A0F9956119834B9C85EB8893C1009BAA16A2735468425FE94A3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701550v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	841C54B1C0861B590E7CA30606E67AB5	14BE8A08B76F90B16DA25CB24DD0ECDDDAEAF2E6	B0837DE2B6C3906378F5142716D0D0BB56FA0D268CB049BF74DC96CE154297B6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701550v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55B5BEAE0B6594D6C116862472C44519	7F8F132BBCCE597129C117142A9FB44244B9509D	12F09DD362A938DDFA2790CC6D4AED31C4A350ABC8CBEC079AEEBE4E5D863441
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701551v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	99AC26B43D3F0D21A31CFD9F0F49C9EE	EB8C5D7E1CE623E8262BBFB5672CD695A471CD71	64AAFF63F07964829BF475F54D5344508A7D222ADD937D75E6EDD9D5B08192E2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701551v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F9682FB347B0228FB8F308296DEEE28	57BC6895777CDE7035108A699255901400359A7C	E66827DD2B37B2CCE04F84116F12BF90D40727C08A61FB0B0502BD2029A965A4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701650v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D609675CBCFD34BFEA2F2150A062FC42	A9D65ACBD1A14D98D4997878C13C8CFDA5108D8C	068B018A8011DC030787F188A06CCEFF43C78D183FF49D5C5C4E57AA05ED7970
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701650v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6D4944349ED814651B1E54CCF801F9AC	BDE71F055B7DC61B046C2B75C3A6E1718A477079	90590DFF894E7CEF1B1E137560C3B8D99D99E31010555DD8D1420515C35FC3D6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701651v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A3CC4810FFFF6DE24E7B7AB54A80E80A	1F414A4E410BE6F01D18DF65E2CEEC336DD79CD6	E02DAE642721FEC8E928CF79C5063765E6C78A9B3D4D02777A06D4650FBB5587
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701651v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	10BCC68F71403AD060BF49BB50BF49EF	2209AA95BC56FA4FAC4529564EAE4C1A142B9EC6	4D70F1094F0F2212BFED84BDCCD6C6AC52D7807A7D516A1B2624B755EF3D311A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701700v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4235BEDC04FE7B842EC03C2C4C02293D	85D2FFF8A6A4D1D7F5A8FC8FBC882E88E2863162	27B3B72C484C358FBB34432E75862805545685820EA9A36F36E010FD004FA52E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701700v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B90B85DCFA8D7FAAE742AC5D48FD2C74	79B7EC9ADBD46B633F00D3D3E35CD146CDFC4C16	B7F1CA33463AB0AC0652B917DCF0B4EA42BB6DFB465DC0F843A039D62D0D3585
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701701v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE7A527FE049151795D8547C08C0CEEF	F513363584D3B9E63D49FC06CC48CE2B622B1F3B	A80896AAA3288F50B173FA5F71D01980C233AD9B1158FF8FAB37F958FC107935
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701701v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	496145967DD8864D5ABCCE3412195452	2A7CC98E751819093F2B8CDF57149E44854618C7	8FA39B7937BAD1B80834AF170164B9EEC457E8FD4D70DFF29F76503A1924356F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701750v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C14062D8D1D11B1F5316EF4448108561	97E730BCA6A429F6FE716BF19B53FD6254543B50	9F2C535119C9A7248C567842DD4B3497BF6B7E888032C1DBD0006999236EA3B7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701750v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06734D8245638FAEF084F206F2234D9E	0DED9642E8558D331456A9E7E0BEF97962DE5EA8	2F12EE35962D09BDFA5779ADB3FF5472D99A596CD761C12323E9F2CB4CC271C0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701751v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1568C977203AA52DFEFB66764EFBE555	2BB90D5770828D01B132A0A85B6C6E8362BBBD9B	BCD70A7ED2614B6C967C65A23B6FB36A3CD7C74EF0DDA5065F92906440E165AC
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701751v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0EFB37DD33D26BE1FD1DAF0C0AE8CEA	C17CFDAAC77C1079AD67037D34AE2F61462ABFD1	EF1E0EF7D00837454A02E939B263CD350D13D8D41F41EB428E47F02580434F11
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701800v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5963CD6C35FFA876AF5C8D7E6A08A1FD	D662A983530EDAC907D3CBEDEA650C33D9151C5A	0ED39085197E381E13E4B6D02B30A4791B325EF07C555FE5B48546696A7226F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701800v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	50E257DD5F02C83EE98BE854DD6071D0	7C21A4365CB0ECE96395C5C58C48C6BC8A4A91A3	A34410AC2E91973C754F1DFC8DDD366886872324150F417000AF2BC874BDE0F2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701801v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	88E4CF0F7339386DC29CF4E03C38A2FB	D986171A31CF9AA7A860B27F7FEDCF89CCA2B209	F71D174CE4B8DFA3E013D82C658B81E628B0EF9E7ACA71DEF87674DF57E7078B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701801v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5FEFCC2DF23CB636DA264F5C0DB1DB93	7B708221B5C2FFF8573059441416003A8BF1378E	68DC05DD31006A617BF6B8D72532D826433C81210C9334021FE58A98CFDB0753
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701850v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE5C9062E25A8F299199973429B78FFB	3D235D51C6FDA0257993C418F58D7988D29C4225	234FC80E867633D3AD8C7130A40B8AE0C59FE8FD95803C49410490CB3BCB080C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701850v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE0592472594C8502FECF374BB92D3C0	3061E0D7E0F485CAF1E9D0AD59BBEB0DE2742A55	E8064B22F1BB0477BB2DE190EFF8F7DB1AE77DB457818BD2EA9141D2683627C9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701851v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A9EB1CF0FB15C76A66376A5E2B79ACDA	70E3B9844ECA8A4852BED965D8755F9E3492FA2D	152F2B34B87DEA7A0CA32D52D875175961689FBC83B7E412CC77F6713C5FA413
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701851v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9B121D4F17F2B6321C1B7C20B6897B1B	518B397F8BDF9FD9A93227387708C5276E48B0F0	FCF2CC192E6D87F954458429041E9220A2A79036F7BF22BCC2F744089EC1C7EB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701900v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C263E7350C0F32D51F883D20BC7CB5A0	754A2CFB4A3A7B56D7BC18056BB51D34BF75188E	27191ADDF8989696409558F030488AC8DA2C015888CEA7798CEABCBC9FF1F552
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701900v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	19E0EF78CBF51F9C44A070912D65C09E	3BA7C084D51A34382B52E1688EA5DDF96A82745A	08F3E7C84FB7DFE95EDDC79F238448E8BBF33F84A623E358EFC2F6AC5E68076C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701901v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8C256902561452E9AAAEB50DCFE7ED90	96B51E137881948DF7509740D9E73FB0AD845073	A529B902FBA79CF03338FE70AF79214A35F13152744E28AFFF393EC00FEAA7B0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701901v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B1C8820A027C80692B51FE40C3615A0B	FDCFE274C7F17C7B1396BCD95CC1E41E5C87B4AD	79680E6D81B4502E680E0175B5B181C535EA84197317F6BF41FC77CD3E8CAE8D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701950v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85D11BFF07C13861090D40E0E15F19C6	CF49C70479C8A9CAD0CE707FA86B733E981F160A	11FB5CC605459CFC576C7834E31BFB652E1C7A04703654C8832B576692F2187A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701950v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	677ABB420C15E565F2E7F830305877A3	B4A10FE9A9371D7F58291E6F649AE2B7939D9458	677F6487D13C70BBA14D61A1F4708252001197E69326A5E06F53A794B8C67317
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701951v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06A7DEED3410A81CBA7F8FD8B3D1201B	4ABDDAFC4EE3642C33F20562CC07DCBA3E8BEC3F	72C480C190DEB5EEB3B850B6D7A003DF647ECFA6F93BC095152D0BE9731606E5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule701951v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	15478EF14AB40395B6F9C87FC42E0066	FD7A492659FDF3BD5B6D780D32CB3A2EECF11666	9402195218203B840E457F28A2DAB5F63581E9EC43005CB59CDA25706A026394
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702000v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	232BE673AB00770E88F838F092216B1C	1606EE6A4D0D5EF1E5309D6BC3CB0B47046C18A8	40475750D9DC73BE976D92EE2F5489786BB7CE240E076E3E1AC872A43EC06759
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702000v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA6AF4D2A1D48D2B37845CB08C553B30	EE7250A42C1F35E5C3D70065808AAB3BC6C46F06	83323363693B33E13724EBE48A9DC93C5E718D0F74761AA1121F05150A3B04C0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702001v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6C8C298A5F048AB97C670AC72DD093D3	71B619F1503E66C57D0297A9FA4F66D96E28C30B	90249551C0510DAA1C79391FB9651DC59720B0B04A75B6A7D207AE92D5FCBEC8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702050v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B18D04FC86A75E7DBC8A3018695564AA	EB57F1F40424BF07B4AC7A78AB97DB6AD85D3941	750EE5F346D4219670BA373F53C4CBA5E3CFBFE4A0D01BCAD0F1DCB429A292BF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702051v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EFF4D883B236E6C16438676EF1A73579	22F05F2D8870354887C79DD704D8C9C52199F1A2	B12C0796D48F6C3E17B3846669AEC681AF56754B69320A10BF4FC0F873D50172
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702100v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	65E2757D54ED6C16F8ED408F5124EDFA	92057D961B75F13D95556EF5DE8AEC70F7E0E0AB	3CD7206F07B07D44719637B47C06B4BE472740798D4BD8447D75B2A849476E67
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702101v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DA69C13ED20584A262C40EE6A8646D95	C959377537693C646D297639280827E34E77A3A6	5E8CD881D2EF742E55A71755418DE472E2997C498EA8AB1D5F2145536CCCAD17
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702150v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8A1F53BDAF1CECF37D16954F74D24467	5C776740CDF8711975395C57AD79582ACC22F473	555F959C60B8E8B9A1722380D0A90807BAD702EF7744551DD60D5B0B98C234E8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702151v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2BA378B5B996AE76A5866CC4D7B793DF	74211E4A1FFB8EFBEC9A6495AFAFA5F6A3F72FAF	386EA40C3B53F7A4A362A439CB2BBF8C7245D6ECA4982C27F65F57FC735430DE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702200v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FC52DF703AAFEBAB053BCA5FF4916158	BC2EE9831795AB96D05458444F1B8A4F61879DE1	E0D37B7044EB9D42407F0E98D84BDEE048BA9C7A430BCE418A91A2602ADF8774
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702201v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5FA2556C1CF66302E303E0A7CC67A16	B24B4A89E5A5732DF72AA772D114CAB6C49F39B8	47462B546383EEEB4A13217E23023924B3B8165BDB27869485417CA9530305F6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702250v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C55812850E96523CF49F47003B280D41	6E87B3DC14A692E9F537B9B57000963B45F4949B	54B332BE7423657EF386596422EF7D86E3A4A36BEABC830C72306ED8746AF6BB
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702251v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55C20772D9999625351EF9937F500395	E2430A62E57B78B62A56E829745B5CCE8C47B746	CA58B61C8BA5E9B85E682E8FCDAF6D6BE17C1AA5E64A467559B6A93A9778CB1F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702300v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	95F96D4DA1384E356A87421EA67C83FC	9972BCBDEF337D658427B3EA3D6D0A8558BAD5E0	55E11EDE3023E29FB511A51B4E4ABE4333706AAB5600D445DFC0D2E1F53014E6
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702301v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C2C3C0AB55AC3EF3EE776BC6C5169037	02EE25D70906F6238B579C4C21C2A062DB939A7E	443925A0FE2FACE8956D7ECC0A220FBD5C9FE31843A6C7EF2E5DE7AFFB43FDC2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702350v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	617416A3E9FB4CC2C47130672A6610F8	21F41BC81E0EF82315F266B7B58C6899D5E4156A	768ABFB4CDB19A56F9B34FD1A293A95EAAB43D580F29214ECEA97FED92497C4B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702351v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E56EE51415179DCAB85E112B11E7F51F	8E97D48E9DB6C82EA402841CC33117CB67644986	B3FDB009581595219A7C31B7366FB8A5DEDACF336043D19CD59F9450D05A8169
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702400v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B2F0C1E873CE916355ED20FBE0F5C9B6	F0A9FA3D87F6171D8748C6FAFA279417E95F0DFF	F055643822D42E7BB1DA3019BD2EC16095BA9F19B49705CAF45067C6268B3F2C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702401v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ED29A839FCFF1E339D2F886ACA38376B	5294E9D3C468A1C327F441118DC4FE292025F541	35FB9A560A5B5E06163D86B64C386177F4296C671B23241D457E37E8A4D4FCC8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702450v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	06292D065C88C6281A6FFE886BAF8AAD	B2E6AB827483CCDF79B900FC21B7099F2932630C	C0AE5E660042804936CB72AF7B3993365B12073F7E7E069F6F9B2D9145B79D46
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702451v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3EF7B3834919C35CB7B743D213DC2FFB	70A062CD8D0F439D3BC679D260D73CC9CA0DF61C	EE1E2D2BA3CD3FC72EF3B40794C16A3236099E8A379B4BDC6D4FDDE5F6E4DF4E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702500v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E356D88DE43FF55D1C03ADA7FAB7EEC2	6B099AD6E6A76AC790961BAEB656572D40D4E728	400BDC27EE9448DBF082DFCAA8CA18C5A7DC0BEBD0E49B90BC2D98872B362D32
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702501v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	25A95B73A93A4B8B1925F7ACC9D59D33	AC6C5CE5E51B3281D012B8A2788941D1417D4B1B	CF45D6437A86903888A47B5D52749874BAF97D40C14C83A9FEE753715270D205
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702550v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	22ECDEB1788DD51EE9E2BC6736146CD4	FF18A996C71C2B8FE1754C8BF100B3C2B203058B	4E5A5606021BEA93CBD3B122ECC4D5A811E9B496844734181341D2BC562DF47A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702551v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DB9DD30329BF38CD6CEC1E423ABFC3D7	626B622E9E67F3870252708D167E1361C2928155	232EDEAFE02407D6D2807BFA035AE26C6C3B9243047505B5E69358588FBA8F27
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702600v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1F204FCA4569A8ED0FA1BB939A2928A1	7DC84BD2D1B35907719F7A59DFC44B83429B117A	C74FA3CD5182FE7EF7C14CA330AEB7EEC61205F7A46D5FFFC89C031FFAC8CE16
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702601v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2DACAFE6921C3FFDE3AC6E0D2BD5AB4B	B5EDD1713DBB8C839F88E6CE151F08D5D778EF50	B4E1C88729A44FEF7C55335BF1BB39E65BFCF82BE477CB52CC5B05A810D65FA1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702650v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6B052D3D5C0AC340274D3E055AD715F7	4BCC7AB171969447616956F62FD19E7C8F17A336	03102DB06C1323B9A91EA4BB7746E8991B568C99F0CD063B099819BCE320AF66
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702651v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0C8CC5D1E2AFAEE9457F030D6D7E160	7CA384510C6412722C01B51C2AF12D15F3B077B9	DE84EAEE12A24036AAD45A7CE2CCFE561FBD2B54575553C1DA942511F160F908
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702700v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	48B4CBBF56D0FE05CA52BD419F671E81	AFFC2492B01A6B3FB85012006A3CC4CF70391603	93B5A75F8095D9E484D1CDE58B9B5ACA3999F23C151DA8C59B764E449F797981
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702701v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	816FBA02854577552527BC3855599BF9	DD27420D709E8D78BAA6D8395F018893DEF7A569	81145BFC743F57FFA27E71B1647EEB2AA2092D23BE50FB6093946273492D502D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702750v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FAF681B947236618EF12C0DDC124BA86	AF2441C8E75FEC1E34C3F0EC257572472092FDE4	E6C713439145FF6737F5ED79EE3DBE67A7215DA7B6CAC9A774E6A9F9625F9D3B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702751v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	25C030C7A11CB7EBBCEE0CD0A2616E55	8CE6BEC99A54D1AD518F6F7AA27C5701EA21129B	144F332406B757B7EA1939DC730596950318BAF8933C92227AA2F4279B816C04
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702800v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	42A848DE7032E86D8BCB61EAD9846ADD	E5188C8579C6E0DF0A9DEA1F94D3A5B9F0A2B772	B2834AF7287148375EC289777391BAD25D5BA474474861BF5CDF57B8BAF1616A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702801v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	49C46DABF7961FF78C16C8515CEA634C	2868C2A9E449E9E77540D077DA0B81644D10CFA2	46BB8E0EC0CFEEA803FFC9738771122E140F2F9FDAC8492E29719E140A17D06C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702850v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	038833A271B3CAB3B23C62896096CBEE	6190025B8B3EE238BB9140B2CB1ED8710AFACC94	3AE91CFF7A3FA5F38F35ED793492EBDC4569C71B60A9DF98F00BC3FC8280B4EE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702851v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A90F0D27520D33E25BD0BA422248A99B	0FD9B0EC69FABC196AA2D9BD9EF16EB6CEA6CC8F	02FE02A93FB524F995DFF7AAC019A1B97FE7686F040D10DBF81DAE1B63360E20
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702900v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D716C67C0F883AF1AAC0CA4B54358892	B7B55DE95642569F35EA457F0EA851B36AB07C8C	65751EAABE3B294CFB3D73D7714E1A71302D68D100FF134CA45220D2374441DD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702901v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3D842379230169CA8B1A3F51C13431E1	4E0724D47EC4B2B15292D39DBCC535534B45A258	2184F68C75129CAE8046370097023E70C9A4298CA5CE7AF5F82AB3F9CC65E73D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702950v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	82EB63FF57E18CBD561DEAB80610D1A4	DEFB321D586FD711A552B18BF9076F7D964B8FF7	284C1C9876CD11B984D3E3B16EDD563B7E496FAE3AC18794CE7D6DD082B395C3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule702951v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D2F19C7232E81319DD40EC196CA1F70	67F4501FA2498133D637FA7FFF5A7F3D37024862	2E5B5CE41955C9095D806CF1D08AD3AC494F98E29D90D6C1BAC5BDBCE11B633B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703000v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B011AEB482712D557D9D5D43765AA688	49878AC50AE2008B36526BDE5D04677916AEDB1B	F3EDD138641B41239463925036034866358DA1BE6EB42591240659C5F7F5F247
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703001v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	558385E11CE24DF849FE6831BF5720F6	3524051851B7E70C9706323CE1CFE0FE7959B396	DE9ACF3B06189507AA232AD1D4D6079198855A822292F3DADF1C74FEA49A32EE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703050v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A873830485A326D53EA917D86478380C	E7169FB3D6E5AD861584CF16399DBF050FC2F31B	CAE09FF00F9874261944BAD781ADA8C72F97E82616B834E1F046E6F456E195B7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703051v3.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05E3436512BA0AC2144928A8A3D44E6C	18486BDEC0EC92C6EDADC569B7D6856DFA52A188	BBE26B5C90557E7708598C6925FE4D5172EF66733256052E9A9ADE7396805B0C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703100v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9214F95169AB3C77D55103D6093D6455	42EE593B01FA12DE36AC04EE5A374CCE8FF1303E	63BE7D3AB71C104D4D6FB6607739A840EE81550075875FC18DEDBADF36686CD7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703101v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8C2F2D5404058A075025AC239DD7A3A6	1571E6712827AD0E70BD01358C9A1BC6BDAAE48C	A18B26876AE768E4340E1D8029C3478211532CC2B3618DF1AD29239378E01EFE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703150v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	394ACCA589BF93DF46EE2748E6BF167A	D840C3831CC4186CF7EAF33AD479B9BFF3F0211B	C55AAE23B06D73C0E0668079979A70971850E694E4AE594AC487E96D55084B4C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703151v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	54E63FDFAB74918D87365DF712860BDB	28CCBA24549830407FEBE0D4AB2D2F311503C3B7	E1A556D4EB7CDD4CCEEEF187D220335DBF14555AC35D9A965C5012AFB2A16882
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703200v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FD9A30F0A2032834A1FAC6DEE6C3AE48	C50B5FB26C7B4ED0D274E8A7C06CB9072AFEDCF2	A34F1E8ACBC62A85FE957C5134CCAA50F653C0A29964A0B8876CDE28DA93C558
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703201v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AC84EA35D7C62D3A75CDC387AABEE5F0	AB49692AC988E8E7EF721682492787F9FFB7495D	C14A321241F1688BF648FB9685B988A30D05CC9E30C06C69786BADE6718255B4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703250v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F1BBF283D3B65386E6359ECC1395D3E	BB8B71ECAF13E752256F8A9F630439EFCBBE7CAA	118DAF3BBD76D83DB439C80F1ECCB774F02ACDA6F2E4EA69C6FEE5D25071F6AD
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703251v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4D50FD8999279E32CC22D6572F5F317B	C5D370112C0A1339A3714356EDB4E10AF53E1A30	337C48B276A7BCB25BE6E5614ABEBFE57B69CDFFD8B51E735AA575C83AA099AA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703300v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF70E3F35B372612E1CFB2DBDF478C2D	02851A0ECF9B017E20554D4EEB433D3BA562C091	E2C4CC0A861F819F38F51FC1D7706522C2B6A172D89148D0B70799FE18520336
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703301v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A33D3DC8303068325ACAF8C6DBB17505	0ECB8BEAE25CE48AD29A707546938E010DAD3406	DF62A7F1FC7EC682EA2B3875CC32828A2C967260E94024625FFFF8F154FB7B37
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703350v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C8FFA54598C958D5722C4E2277573902	CDE252D79F36556E190CCF4D8FFE3924B1142C0C	B588BCDA100F8758202B9AFF41EE475F7F970BD67626F1DF0C92B74C051CF8C5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703351v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	85E0FAF068B8B1AF997902B2CEAF51FA	D84AE9C1A9BAB18DD362CA859D1010B4932B4657	908F1DC31CCCFBC11E30D40545AD48355E060B3E7B4D880AE219F696684B91E3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703400v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E904AB4451304802B60C1A7E86402EE2	A2C952D55498C173FE01BEF4EE1BD7A599B28FB2	9A0FD7E72CDEE16BD9C6CD94026AC5934B4949DDD5F6A23A0A52F8E8EFF2CA8A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703401v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A920025FBF1C258BB9B6EDE92A64AD34	D8D334656E2B80F04D3E9B98248F528A777E5E8E	FC59C3542499276F8A498A84FC1A2B1EFF4E9A96E0EFEC4D551888334E97DC06
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703450v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B2B14D5B3278CCE8C4719D21E3423201	0D434C4E042E5B0FF31FB85E72B1B7E74087BEDD	AD53302C8D49568E70DB53F4C60ECCD9CEAF51978AFEEE48B8921386C871E428
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703451v1.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2CC37A9594E30335C676870E945E3B77	0CC5167CBAA91B0EB11F64D441AA04C39BE53C80	E4C660E9822E771BD8CF2C4A8739B5B71E9B95927E720FF80086F895C17BE9D7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703500v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AC618C4FF7721FA2D6AC3A5F57FDF7E	2F4CB4132E1B862F10F5B5EE9525115B04A096DE	F4CA879B76AD9FE06C13FC509717DFC8BA9B5BE4C416A76541D6EFBA547AD777
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703501v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	644DA6CFBD30D1080388CB6B1CA99B41	6AC9CD1E35435EEE222600DAA3A3D68BE42E1F8A	3B90BEAD6C9C00C3855F96BC30ED62C0300090A15F1581678CDCF66672F8DAF5
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703550v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3E63E38A128C3C3D80151F6EFC778DFF	5F05C38839348BED2965107601A8B7820A90BE2F	365687DD87149AD276D2596D19166836F8AC22BCEFC9DCF057DEBF08152AAE64
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703551v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E9F701DFA7A93CB1CE1F9D07A9DB0E11	A724DD0257FD89DDA44859CBFB6CD4B896AEC748	86B4066DB941EEC928D56428D908B5EAE9D818C5C18DE029ADD1A6046F5BAAD7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703600v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3D00B2B9D56B5CE403F62B5DB3E5A6FB	9ACA5E9DA24C97D1AA42530C7BBDAD0F3658D160	5B627E478E4CCC5B2D5C20002DF7707396B26F3611759910B7A866CA7B9F8C98
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703601v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	184831648F0949F5227BA1713755AA58	EC199BBC6599928F071179FC3B0BBACA5AF9062D	4495FC02C1549BD1323BAE96F2ECBF79D663ECF135D1FAE316EB13D6082F4BC0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703650v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	31BC9B8AC77E8E832C40A2150C9F98E2	A55F059AA65371515B12DF979E3FE738B1A70325	10B805A16F0AFB20BDAF2B94AF0C3BA1D7899B8FCADB03D6BCE005D6B3872F23
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703651v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4B9074A86D18F5578C0D39811D57907C	BCC701ED1F82AC5C8C377993323D61D588848327	D89210AF6399BFC54FF61081FE89AE6ACEC8022CEAA97D70A54BD02587FD699F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703700v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	387EDD2B69248B8A4E69EA125F4FF41A	16CB22E7ADBA9D4470CB88B6B49A1FED96424DB7	E226CE384C8954DDE8FDF5648BBB12DD81F9FAADAD7D1907CB657FCCC1BF988D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703701v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7A4D86075105F3B4DC69F5CA0CE3B60D	2C8F86725A00387315B23B9B4A8AECA71F7A9EB3	4135E76FBF9D731E749A293ADD5CD2180E31BA14E69F864863B4653EF447EB3E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703750v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	76A4DD0E28FB7B393B455853B173C0DB	3033AFD5DDE7B2F16BFCE0E381AF8A33D469B145	BC56E8F2D6BAA1F2D0F5891A6E40D1A4D10B45B25BFB37DBD021B7AD5C8ACD2F
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703751v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9FDBDBD587EAAA8C05F7CF2D4F3882E2	C46D23BA6A5579EDC82137DC8D2B916175CDE49D	B2F6514482C41BEDC2AE822768A8176CB66B67A7AD0D7FE85364E5BDCCCE6926
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703800v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BD6E1D09801CF50D4F9D50D882C52204	CE4E4AD337A15AA769B464AE7EF7C1EED7E01B2A	4F3E77822FB769B7E54289C8FCBBC4E44AE503FFDBF060ECB03EF0976CB07AEE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703801v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	33DB6EC0393543E1DF272BBFFF036C97	84630DD94C4533AA70D0AE5CB8643C733FCFA1B5	F698F7B0A90713D102E39E7E433819D9A4AC61734F4F24C3CA4B951FD1AD355D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703850v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D17EF48157973702FCF86B1A11D46E56	1D307FA006A520B838BA261FACCDF8AB995CDAF6	E6F7AFCB6FBA199771E3C80BB01539DB72DB75BCCC347A7F1F1734DB0A1EB6C4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703851v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E40FA0AD12DF05B4329A194C188D3327	61A4BC8BD391FEC81556761DAE7083A2740924EF	FDE7D3B48F5413134F1465A144FD6FDC4AC68825E12CA91EE769316B776EB89C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703900v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8521C8A920144CA4AFF20F4E22247E26	48ABD012BC818557E84C754CA80E3DAAB2693B62	298C9DC26A4D17BDA20C5E094F017347648345D52EFB68FF487009BE555DF6F1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule703901v0.xml.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5ADA2BAC3F7E274BD4CB92F94F8F2499	81EAFC917386E28524CD1C2E01E63D9015DB6C22	941D00119881DF16D3C87094A1D4D7B413FBDDB210D50B288BDAA6A42169C054
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120682v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E0A2BCA4E1A12178DEA873BF3AA56320	CE4C94C1BE21C2DCACA716699C8F86085BFD291D	7EE9C4EE293C43F3079F8C0B93449764E17E4591610D992B539C3DDA043DB1B1
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222015v6.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	11F9EA45CB203B3E0720B153AAF65933	B35476E91D29165224D2D0903B5A7CA16902A519	CA76F269B4348C3E984FF3631B8C3B10E9BF63F5EE6FBB58E5D84BCA8E65D34B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222042v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	92F9F74430A213FAA5F4FFBCDF6AC219	B838A6F4AAA1A87CF73D1258B4416DBB43C1EDDB	68EE427913B5D36D71D0E8D1561DBD5F474CA7D6E21C49B0A2890904388DB049
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222043v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EDB580DDCBD43E3B5F7CA6379F391726	8CDB80541F613562A66B4C0C4FBDDED502654CFF	9256FB03B456222A52B49611B4D78BDB4A579CE68376B6AAB0ADCB796F579562
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222049v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8EFD26D27A1178C3BC3BE9BC31A1468A	015535D997E1361369A62CB6BF179F89F34E7A42	90B0090140F34279FD74F9F19C4294C9D826DA1639F34C0975BAAB51D0747A1C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222100v7.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	537DB58A8AD7160503960529A8123D60	43EB0CD45326344583400A6E4EB660E25F55C3B2	CEFE2E712415732B6CB0D653CD4936FE13058C7F6F2E84F2E47F7977CB9B2937
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222101v3.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C545465A0125232AEB54F7AC42FEA738	F1A9BB1ABA1DC1D816A674502BC13A9240DC09AB	DAA05B9FCA603765FDFEF3206ED59070841AF5C941FC50094807E63A424CE046
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222102v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8A2AF410218D26D5EA45EDB30383FE96	E25F79D027562E94CC65EAC5599FF2D926024D8B	1B9696EDAE73699977D4ECD342DD1198FFA15DF0EB7F38B04A03FB2A489CF3A7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222200v5.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7624A8401D841BB26F3E8B0DFEB8E989	744261E5A3872EC5DC845E29D11B6A43BF663F48	8D3F6AA9FB1CDA2295C2A5634053C2218DD9173B0AEB7A385CC63B9D3FCACF58
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224900v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	94F3F746A1D47BD99B0EACE8DEB5371C	18C459AC4CD330144A00C9C03DAA3A4D1A13109D	234BFA75151C293F8F6086C998B9CC0B91427950C03D2F6D6E5255D0386668E3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224901v11.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E81C2DB42B9E7F207ACFAF8A2DABD07F	C98EEC274E35B6C0AEB917B6B3F036DFB5B2E21B	0EC6703BF55E8284493A6D3C4161C5884D238E03966A06AA6B2623097D2579DF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224902v2.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CE1AB92F96158179EDDAED595494035F	14948EA03155085844F648677DB8DD51A54B5E9B	3990A84C4118A929B79378926F84B2D83F4C062ED9B398991D509582B22670A2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230104v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	31793462512088C03E6E581FD2482150	051B5CC8ADA69A9C7FEFD04E9A6405549E5E3BFB	A884631F4A5BAD7C3B717D4C0088838219F1DA0026A28F664D0021999BD54BD8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230157v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B55E97FBBD9C3926F92A68FC23AD8FDD	C51749BEE2E407E51A7FC94228FF554F5348F267	9A8792BDF043B8FA259FD9D356A40D51D4CB06A24CBC9DCD8C661DC82BB61FD3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230166v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	36732476D96786C88B44AB072E636F95	7C7FEE9480ACB8BA2BE076A958FE788D507BF846	722891442CDE7AF56DF0928A1B66D3ACAF2EE4E54AD52A2FD594AA2D6AB6CDCE
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230167v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8F1ED487A09FA383B5371CC4D317A8CE	529574FA9D22CEC016E431DB07C4C60B629F3D1E	C0D9BA46E39F0D90F1CD8B114CBB8DEFA99FB65F41E83DE2796ADA4F0C4888B8
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230168v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5104FD5760DF4A303AB68F5CF7E2DB67	F738245D233A9D9EC0ACAA38F911759CFD8DF3CD	574797742FB8CD5403F1480CC8C19D8D46AB9ED90A7144A3C0C3D617944BCE39
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230169v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	08A85BC4AF041420418E988645C59359	1669B38F82306C81EE119B7A18A5DFEE1A50D78F	FC87D1908F4150597C54F941B7C417D4B5A9ECC52B49841A46AF3A815C144121
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3F196A85E3882AFCE4F36DA1B702FFC1	13A1957320EFA1175D48ED477456941533897092	973AB7C7AD14F68643499E586C5718A7A2B528E8EF88A04F5667E3DD659C91D7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230171v0.xml.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A354387FBF568535A9B264B43547F4A7	A33157FEC999FAB2FD94EC5471D0591A4A37C0F8	AFF3EFBDACE25344D1C4AB90F886310B0E88910DD7323441FB36AFB2CA8068BF
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AD30348E851ABB4B8ADFE3FC9E073DA7	2E5F9A2FCC83A9B8F258CE990B867AFBED75F8E2	ABA7FEF1C92265C32E3E291F5066024C94C9D944E7DF46F2312FAD4006E2F2C4
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\settings.ini.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA85FB3469A51FFBD61750624CAB60EE	FADC92AD3F2FDB5B8B6D190441E5C5EF488A3BE7	14782EDDDC46CAEE4D1A3FADAA3CBAE36322378FDF4E7CCF98133E5529452CE0
C:\Users\user\AppData\Local\Microsoft\WindowsApps\python.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BE06F3B4B94683ADCAAE85D7BD84B232	BF79981AF4F351ADB1C8A5D2C31E4ADB7E4B06EA	940D3B883EA361FEC3C185064978DD6813E72D96DBB2DE4A60AA3BAC43F5B6E4
C:\Users\user\AppData\Local\Microsoft\WindowsApps\python3.7.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0B219D152A6C84D874A658F02F22D6CD	38A0A1CD193CB566EC5DA80A40FB19537853F7E9	A0F178742310572134680FB4B5F148D98A685BEB9DCA92EA38F4B97F7E7919DE
C:\Users\user\AppData\Local\Microsoft\WindowsApps\python3.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AD0935084DF52EBA9D260671F07C50F9	1434BCE3C47DFC414C5718D3C6CE192E242F8799	FE5A8BA64B719E73C8D7934DB8DB6C2F9639B49FDADB2487A1191FFB04CECA28
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1EDF22D8E037A982C69BE7E45E028D5	978E43A8EB057A02BEF03B37FB0A8644F0FE39FA	7F9B837B88C1A5AACB3EB12560B656FC383287DB5F38CF76556F29C9DE207B43
C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AE4B2C9B3B58588AA51559B2B80C526E	A812778D325717FDA9E4F3902CDAA994DFC1C3AE	ACE3D3A38D33FDB82A309101331775F7CECEA48F6EA9F381A8AAC76A2B3F92ED
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B15298FF9882F8A4FBD0EA594D10E42A	826B5186F6724B1EE94D25E38A2F35FD57BB2A45	A9DDFF71555F8179B0F79FF992413C613F5BE3FD59655AABBEB3F49BE5AE2662
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1CE92763EC1B1FD4477C9AC17FF185C7	4A7D2A532375634B6FA22FFAAE5028624E51EE48	20B628DE0AF56C3632B41B2D46F9DF448347170E58375B01F9012EFF8E1E1C25
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0B438F060EF28D58A42CAF6BEF1CF6A7	2F309694F336ACF79CBEC1301318005166FC06F0	FE4184C6DF6E44A464C150B984B17CE57971E68EC99AED28B0190F2032512370
C:\Users\user\AppData\Local\Microsoft\Windows\WebCacheLock.dat.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	57502B83C14D69890CD2165EFF542ADD	EB8B63613C461C876A8BF5C08E1C9DA69E547112	9287D678B84365D578AFE09EF39B26A7C23DD0C3F931FE510936FC9F2270384E
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	18ECE160017045E9EE083C549E07B367	0AAA63BAE18FC7890FF972BFE8409E5873B32B3A	A00C322AC9860378AD478DCE4B794ABCAB995A9305200F2BF0732848EEF98789
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EE8FB70E4BD4367BF65DA37DD0F0FFE1	811897B19EDE1D831F5A7C72D1B8CA415C1DF327	B7DE41909AB90AEC34A9C0330B755EB510B47ECE37FFB2AC47545CD1691B459D
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5DC098FF6E3EFA189B02557AD5189C1B	BEB166777C523EA15CF9BB44722517B5585C6446	144C7865D8D012B48B5269D3DF45DC0B58B5E4F83EB788D7D977A900A3E78FAB
C:\Users\user\AppData\Local\Temp\.ses.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9CA467325A4B7FC04E904428F944FE0	FB23B90B263AEC537902378F5FA8E776937AD29C	3CE7D617E86A0E5727639C780A926D2FF6CB65F51B0EB747FF69A19F31F3FBDB
C:\Users\user\AppData\Local\Temp\0164771190.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BB5DC14993912091AF9C9241EF88605B	FF2DAEBF4894A7DDE06EA23FA7444E6D2B8EB3A3	0906D3BC4E39C6D53DB6949306B35E48F983B03A8102FA0CAB6A1EA8624988E9
C:\Users\user\AppData\Local\Temp\0196354653.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	707FE198673CF454B0CCF961A8FE132B	F785BD2D476124F32987C89B660D1C81499FA8A9	7CCF90619B2861855C0BBCF57810A48D502FF683E4B5442B78BDD7EFA70448B1
C:\Users\user\AppData\Local\Temp\0409654664.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9C2A65FDB2342D5D22F6A3C8B11B98B3	85C0F9BA64B354B64EE75E14D68F234CB53735BA	09563450F59698EA59679B731385EE69D8D44B6407C6D199922E21A27E8A93D2
C:\Users\user\AppData\Local\Temp\0450125302.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	67304925BF45A1B310108F1D5DA782C5	7FCCEA96CC989D979F7F220C8BB1FDF7175AC21C	BBBF1B4C66C5C159EF1BAD05491C88E1045F55E51E8B3341987A7108A67CF3E6
C:\Users\user\AppData\Local\Temp\0518291756.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	051282946F6C2FE438D0915CD8D93938	00EFE6B33E10B59E4493B092E11BFDFAF5018F5A	991B4E1451BC4E76C768BD39F99D33516A28CBA75101137BE644D91F503A6AFA
C:\Users\user\AppData\Local\Temp\0653671941.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C2C02306AFDF36C687279AB6C908D02F	7C88FF2903DBC0D10EB2B6CABC7BE58844B5F152	54C320CA2F033B2D8A39BE1C3593F6B0412EA8D33D8E1794D2184FB8479F5505
C:\Users\user\AppData\Local\Temp\0982390758.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	30F0DBBB3A0526A417D3AC10F63DB160	5A6A238781F3E7BDA5D31AB51B54D89D92E659CD	6D002A890FC77D2DB9F28D9C8DB8C10D7434C4193F911FEC690FD4ACE4F76F2D
C:\Users\user\AppData\Local\Temp\1033868256.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B014C4F64943D44739D2A21F1330C39	3E61E914EBE451F3E4360B5166C88BA4E9E34F32	9AC3CBCEA7D17E58028F785C6631D41B70B9D7F3F94A899700A387ED83078AAA
C:\Users\user\AppData\Local\Temp\1141274626.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9190138595AAD8CACDBBD33ADD8DC0F5	A3AADD1AC8426D0F5F95821F33B735070A03CC5C	4B66AEC6BAB5062021D8B5F1357DFF087DAAB59287E9261792799C31A0A9627E
C:\Users\user\AppData\Local\Temp\1206337459.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1A72AC0DE5FEB33B5EA650531BC08F67	578DF5D1B9FC274FE957B994875921B42929941D	77DC02DADF6B22C39998CA371C839F23741CCC08FBA755DEF40B75AF67C22BB3
C:\Users\user\AppData\Local\Temp\1237160943.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C46BAD24F3CE9023D0B2A18154AE565B	CAC933B49AF87C5A5D11B39EAAEA6C893C39F3B6	4BBA1D46CCD8D6A9F9927C69E9EE6FEFB397311BA6CE7E50602238226FF3E956
C:\Users\user\AppData\Local\Temp\1239919175.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9809EC0C72B195D6F52141C45EEE1704	FCB0F8A045200755B80D331F2AF9451B1D8E5F97	2A4D980B7F2D6F7A7B885680FC3CEA770D05A42146DD2C30B2ADA71B5178DD5D
C:\Users\user\AppData\Local\Temp\1287572840.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A176B3947EAC28E3EEAA531C7761EB8	0BF70423F950C9EC20F31EB4D8A03DB3F6F100AA	6F398A54D9D9CCC57FD7776632DA76330638B87238EE28760B9F95F56BDCEBDF
C:\Users\user\AppData\Local\Temp\1422339599.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C31CD895C5F2B1EAC9A744BA90BA4C8F	AB4DF0788AF7AB02EB6489186841035AF9CF7F40	4D937810955BFE0E91356B2BE18C7DD9E592F59745F7D7CF584CCE7330E2711E
C:\Users\user\AppData\Local\Temp\1927994670.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	90AC5EC682C4397138D00EEA17189D67	FB060CDE4AD38E0FA42B614A4D2F42839DBCA839	2582AB50E0988CD5637F4447C259D98B4F32C3F96CE4A265E16855619F5D27D5
C:\Users\user\AppData\Local\Temp\2103954313.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D6C05A214778AE37B7C35006401740D7	57B421E1A469F8730A6A0129CE31D64B7172ACBA	CBD8EBDEC08AECC1CDEE585D2F9759719C9618A7C7F39C0EC9910BAD4E582D3D
C:\Users\user\AppData\Local\Temp\2168651637.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B31886B0563B46DEC128E0732BD11489	3CF5085BDB41ED925BE59FBF69C424C022E55437	254C0A04D22C046B9F7E04F9E4BEEB50C1511FE6F8A4759D012711512A7AB7D2
C:\Users\user\AppData\Local\Temp\2265332024.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ACA34A893FC6E78CA2B68E5CA9727D0E	7D8642C181E576B0BC1A49EDF66A31205399E69C	EA9B92279AFBA354D8109BAEBF03116B536E4E037684C193B1DE0E28FABD5BD3
C:\Users\user\AppData\Local\Temp\2385760553.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16364FCE11E7124622456DD7DEB4F392	957DB2AFD95943991F6AE8B110D4D8BE92CD8A41	7ED3FA75E8CCFE81FBA21E48A54DEF7A970EFA30244049661DC0033108BE3FBE
C:\Users\user\AppData\Local\Temp\2585558601.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4156B044C3C6019FFFD3F2CDADEA464A	0D0DFB996A00C2EA5F8ED93AF650A9FCA905830E	A9535029F155024A0162BD4FCF2F4EAC1C330B9759652D1F454ED00817B8ACEB
C:\Users\user\AppData\Local\Temp\2585558601.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	13C3545C250F025318C4CD100BF7801A	B4728D132966F87546D6A73B4E52840F50EACE26	4D0EC803BB2A4AA67EE16BCF44979ABDB3F2B095C0C644388E5EAE3F9F8F9088
C:\Users\user\AppData\Local\Temp\2669049752.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B42B6424118BB6754775BF8889DD93DE	5066DCA8A2074566B8B8ED153EC18B107EC4CB4E	217D8A24E3B13A3A8E245811643EFF4F8BF4ACCBD205B1DAC6FB83087618C900
C:\Users\user\AppData\Local\Temp\2669049752.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	11D2E56869066D47352C7EAF20E5DB90	4FFC8BCB0AC9FB29B1BBFD77680BC46348A1E106	9527316D4A46735E7A8049A560C40A245B648F6498C72B0410909D33354B3892
C:\Users\user\AppData\Local\Temp\2843307863.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C6D959775D32E3A70DFAE96938744DF2	FFEDDA036C8105AF9B5A3E07783343B152EF9B91	01EF999926D8E9E0C0179BFE0633A7D26371BCD8B56C405E484147BBE4DEFAD3
C:\Users\user\AppData\Local\Temp\2843307863.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	23BA27C969B8B942B59729D651293F89	0047DD26CE6CB993703F2E0902F0BD216CA14180	14284DF8082B7048D4C2C8715AAB44D9688B465E56FEA147957BCED22C2ED7E8
C:\Users\user\AppData\Local\Temp\3024948866.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D91E857BCE37888A5EBE76D6AC437927	1A79F02B58AAFC0D6A0C6FDF0066835AAD947222	4DBFAA752BF29C01D49A2E00A820F05B09F30539943AA8741A52E4A1DAED509C
C:\Users\user\AppData\Local\Temp\3024948866.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0B828E2BF5222540219E4B0C7B77C60	ADB0AFCD560FE222FD3D7AD082C04A4E64F13B2B	757A9999A9BCCE40E88C511CE2504B0309D224783E878C09B79C125C9DED54D0
C:\Users\user\AppData\Local\Temp\3322604653.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2D8E429254A3E6A6BEE61B952A47B5C8	C23D265093EB18BC21C91E4ECAAF533FEEBEB5EF	DDAA2A9517F850A3D0285B63BA4B8315009FF0EC64264B0430BB589CFA413AF9
C:\Users\user\AppData\Local\Temp\3322604653.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DA491E43A8CD99D72680DDFECD1147A1	11A546749F81BD9B52D7967277FDA7CB24224FB6	CDB813C324FB64FA002726A5EB0C8DC9468097BBB5CE0FD721B6BD9527ACB77D
C:\Users\user\AppData\Local\Temp\3476888679.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2ADF9A1C22F5880DCD99A48E833CD1E5	6EC132B8745FA60FA4B5E05897147CA4CD83FA9C	B937EB1AE47CA52B06F6E92FAF665BC38D4E137D8FFDD843852CE078F587570D
C:\Users\user\AppData\Local\Temp\3476888679.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBFC841D018B54A749301195166382F6	FA39A64CD33D323370AECD120150D9DDB4DD55C1	3F5BCC6713CFAF0A8D2C56A066012CF32603E39ACEB447E723AE404B6D8BF3F5
C:\Users\user\AppData\Local\Temp\3643399760.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1427A0FA87256B4C8BCD17F76A45BF3E	6E739338BAB4ED3ADB453D1FA36AC7C7DE66CC75	9FF7FB9794AA98278276FD71B8B3A75FD77C0FF689812D2986066BE5A7159280
C:\Users\user\AppData\Local\Temp\3643399760.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	191DBC59D80615D5C33CAACA9A28D003	821C977E64C5493178608EADA229C8ADA6DD0CF6	2008F84B25E74DDB64F1949B5DC4ECAC90CB6C234CB2092D82E03C8CF1E03CA7
C:\Users\user\AppData\Local\Temp\4478492829.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	82695285AE49DF33FE8C48E96CBA3728	4629A4244B0A2FFA4F7BC24155994B8B3A0AE676	E2563504D1F7A7F1A124EEB50A879D6E500C4D6E2D6B4AFFA84A8B2F831403D6
C:\Users\user\AppData\Local\Temp\4478492829.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64508EC547B00963F71E994546B15607	92D044DC95D976C8317E6C07DC7182C262D41716	75C9311E6AD8314E051227D04B90F5BD514BE0DF11F4E3BD9EE0720D64D4D827
C:\Users\user\AppData\Local\Temp\4736274156.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AA3154AA3912D1E7B453072123593882	2A47FD107BE705A5DBE8E76CA1B3C1494FE67193	95492AEC47FB5715FCC87789D039175923C1380ADDE9301AA113C41A7B59E5DE
C:\Users\user\AppData\Local\Temp\4736274156.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C7F0EDF7B5AA8171402AC0B805DC52A3	FFB313E42B5A1832D7A24272E6AC9F1818325C8E	AEA198E28D10CC3DC79C3966B11EBF9C473F2EB8C77EB89BC04EE208CDBF5A31
C:\Users\user\AppData\Local\Temp\4941266003.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DD687820AF011024068A1014787D9BCE	F76FB862177DC94819B9C1A70744E6E3D5A82AA6	B3470ABCA0476BBDE8CFBE4B708CACBF9420F2809A285D309B6E398E4D4597F9
C:\Users\user\AppData\Local\Temp\4941266003.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05EE235A69238A3C182CB7BF2A9CD3E1	EAA548743C7D0929534CCAE5C07C1555BC2A99E9	C170DED4534A175118FE48CE931D330B52E6F9990EBFA5713146ACDE688301A1
C:\Users\user\AppData\Local\Temp\4965367024.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	7AAC363AF968BD2CF28474211157539B	E8BFA1BF09386F78ABD30E77F7DCE7CDA38A9950	CB44C8B9EAF11232CB63DABA2BA20A92CA0856CF12C74E5F83B3FD6FD5314B20
C:\Users\user\AppData\Local\Temp\4965367024.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2B6C95D2DBE9E3B771AF8471816720E8	5A4C30C9448EC2C128D6F61CB04C6C794AA59D20	45FFC875AD4C98EE4EED523643B3782F5BCEFF320C779D7462D149A775ECA281
C:\Users\user\AppData\Local\Temp\5064077962.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09FA091540C2E565243041F573692D07	47ECC509AFDF730A4D5EA03938BB6823DC72E6B0	496F654EE200A971A516162EF7D1C434BA73D35865D6D0BBA0205C7B8FB93C58
C:\Users\user\AppData\Local\Temp\5064077962.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	69BC95AB6A1D2D8A1FACE31116E34DC4	27A4493560353A74211CFB96AE7B4B1342E65E48	3A2B438D77AE9A58555EA41D12741059F569F277DE5FB5C5560A08AA976CA04F
C:\Users\user\AppData\Local\Temp\5281104033.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB1FBDEA6A82DA586E21F50C545EC5AA	1B1A0F949BB18086C745AA2E8AE4359DE91C9309	E705883A23DF79BF1C158464E6E8476847956DA06030B38B2692E0696840C0EB
C:\Users\user\AppData\Local\Temp\5281104033.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	05AEA4752D42E8EFFFD8396FFF6F193B	8E63E0562F4CE4206580BB1CE9E073160653DAF1	E99558D08C0F4F46947419AE77CDEB2545C49BB6F41EAE838639DD0798729017
C:\Users\user\AppData\Local\Temp\5491630718.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CD9D3DCBCCDA2C3E4FD25C0F11F4259C	72770C524700D35609B868A7C2D428E47A1F404D	DCEC0A6CDF39F2115B6C04FDD8BC66FEB8A4EFC916C06E90628ABC6715112BDE
C:\Users\user\AppData\Local\Temp\5491630718.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	2C323BAB342066C44B76FB4FC7692D97	F9376623BD8CFDABAA6A7B0DED2DA1D0A03A1A3D	141DF018F4AEEE75465A813C519E6FE510FFD7CA854F2BFBC14C662264507E91
C:\Users\user\AppData\Local\Temp\5622580005.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	822ED58F73BBC762ACA7AA728371FC64	F8AA4042724031434A3AF1BF9B4299882EB2909F	64282CA76525216F2494262EF905C15DFCD8EF7390C926D74B9E20A0E4369262
C:\Users\user\AppData\Local\Temp\5622580005.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BEFB839C6829F47E66BE0CA458433133	AAEE14D37F152B9250AA5647B29DF35750724BB9	46F00C436C838653205E0EAC12F36EA9B7F81A8EFA2D1C3378D609AD2CE33C61
C:\Users\user\AppData\Local\Temp\5713452101.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	52CAD39E05F3B28B7AF6AA0006FE20A5	252F6C709D207746118A7E4628C83F5C216ADB97	074257FD241E12A12D5F1037B39D8A2FBE6122844EBF3830A1F04B7814033D07
C:\Users\user\AppData\Local\Temp\5713452101.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FE3E94143630C2A3C16F6A0F25B3E476	78D114D536FC20FDA35B2EC43B8A8FC487884DFB	046029E048ACA8AE64B61FC5E7C432A2FB956A81C4450CC476A08015E893F4B7
C:\Users\user\AppData\Local\Temp\5809130301.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A7E87C882B03F7FA65F07BB28CCB6081	F184CE54DE7954733FA697EFE4A3C69373326BF6	682437A2101CF4D1B9C9D6A0B2C859D5973F962A6AA56958E320054234F263AA
C:\Users\user\AppData\Local\Temp\5809130301.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	37DD8B67821E74478090607E1D54321A	C581FF69994E04E7F118BE608CC072522E08E34E	CFBDC6D09E0E53C5236AACFB8A59728EC2F04B8F406727F66C6440FB3A6511C3
C:\Users\user\AppData\Local\Temp\6092905029.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43699DDD0C539088C315B8FA84E0E121	D23259E8C3894DE0CD639EF75BF8B7301D8DB3EB	F25E5AEAD8026FC121E35231B1B0BB976F54FEFFFC67F9EDA271B87774837F32
C:\Users\user\AppData\Local\Temp\6092905029.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	09CB47E3A18B0B4D2CBA6E8CBEB1F358	49066833C73B9660F9D6C04592435A0CC7236A6E	853C7E8B0E35A41B240B725CECA31DA33A642916D73B0D30B6256403E9BD8E01
C:\Users\user\AppData\Local\Temp\6109303877.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4C34CC4DC3663D21D9F8E89796675DAF	36EB0AF1409158E42D3B3CE54FF686D3BC3C3873	BC3A5033E3AC0692E69A1698BF45650F8652058EE6806A410A253D6FD7DA23C7
C:\Users\user\AppData\Local\Temp\6109303877.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3381C4DE30259B645675523C48F92A8A	971D6954111DCDBCE5C36B5FE9DAF75F907B9CC7	672F6E9151E56B5CABFC5E7AD5C20578704BAAC18D4EFACA0468B3E4FF7114E3
C:\Users\user\AppData\Local\Temp\6183211589.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E70D4C2B52AE417C24EC8F4A582AE02A	1B79113744C6AB7CF52917CC0F5A0816A15D076B	5946C85FA98BE162FD3E60C59D0DBE73695D64DB8EEAA5A4FF6B52171E92AE07
C:\Users\user\AppData\Local\Temp\6183211589.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A0681F52FE344B1D3B212A7B78634463	97F8B075515536A12BB0B3C8E2973C3896A0966F	3D22AED1BA796E36E9F7D7224D3AE612D5E1EADF414DC4098CC8232C1ACAC833
C:\Users\user\AppData\Local\Temp\6213653276.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1833B2C5E37ABC9A91ED6F2B71484C0C	3C009C353A0AE522227EF7CF726DAC9EDF1C8A42	87B070C71A7E4E80C64FFA025E1F056879FE193C4040627D4489B9FC52A27D72
C:\Users\user\AppData\Local\Temp\6213653276.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	F462C74E8219FB70883FC71406740C69	A7CBED73F38519338E19FA0B72B32B8068306EE0	F4111666C576C02AE4DFBC53C2D4A4DB336925FC2890B1FBD95263198B104737
C:\Users\user\AppData\Local\Temp\6329227256.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4215FAC7A0EF74D7C9A0618620545318	9E1AD0C36B7BD996B9BD30A0D4432DBC0342C2BE	9842CF6497FC786C09F0D5FBDDBCAEEE1A50A40C24E0B29C41E9568F5BFC61B0
C:\Users\user\AppData\Local\Temp\6329227256.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	87BA4A62BACC79E376D9754BCEC1688D	1E7A98C8158885B3F10E7B3DC63801482A48E532	D14EA865F463907A86A3C35C8721769038FEDFC094C43EEBFC84D08EC3729DCA
C:\Users\user\AppData\Local\Temp\6422942404.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EA3ADF10D81DA4E5BC48CB93E93F120D	C4F1755CC227A2ED3FA386EC806510C59434F5F4	C2A5291C0B90E9E929C3A6AA67165FF50FC7EF7FE8956CD378F3816FA9C60D76
C:\Users\user\AppData\Local\Temp\6422942404.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	64CCF6836F4E2CE34E55D27348661FD6	FCC8258105FF92A3FFC49B03BCFCA5BF8A60A94E	CF19CFEA38B6CA425A1376DC33E1E543816F055C1E00B23012925520506513AA
C:\Users\user\AppData\Local\Temp\6750529025.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	98803B4FA85922715F6D7A59A0696C32	6B430AE3A9056BA5EFE379BE212C137824E2092C	C75C99977B36B996E8EC502B16DD5504A7E5C0FD89CCF3363DAF6FB12EA33852
C:\Users\user\AppData\Local\Temp\6750529025.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	02076B06F7D449E224AA1124C9D39594	94BD062085CC094B91414EBFBACB510C6CE80C56	06977531299153C146A2BC480814CC835D3FDFC611F78A09DEF3C63C25637505
C:\Users\user\AppData\Local\Temp\7011884383.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9760EC7CA42E81AD7C5EAD18FE2150B0	4C9D52005E3819FAA7E7C4EEB6F60A8F21FED804	7CCB0DB5A66712180BE4CB81A17CDCDE73E22A3B0E8903E94774898045CD2A67
C:\Users\user\AppData\Local\Temp\7011884383.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A205F249390CDD8B70CC9B976604583	E217F76F8C16EF85609CE0B988D4C2F07C965F55	ADB461F32791F1E7112B2C8DFB5777804E6A1E7998DBA864A6D94FA868640134
C:\Users\user\AppData\Local\Temp\7155756679.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8DB93CA54BB689DCA7433A7A5FABA1C2	252579DD7108A1AED7BA3A4B94312A16BF42F3E9	A9CC9A4563BA652F620C95818B0F2854818F7F5D274218CA08D98A76360D8CB4
C:\Users\user\AppData\Local\Temp\7155756679.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A62AD3DA73259829C068CC026E23E32C	8596DC381A7F978BCF8F7F140418F999140C93E7	DE1417D9AA94F03FD1065BCFC90A4F826D252AF3BA33B982E01988E9F4C38D6B
C:\Users\user\AppData\Local\Temp\7216804956.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	78504334BF1098BC1FBCFD9FB545AEFD	5C4175BF62233D3B22909789F598C854B62B837B	ECDD2313A5D0FCA1B452FFC3FD1725AE34D0DC782A170A7AF6C4836AC1107DDD
C:\Users\user\AppData\Local\Temp\7216804956.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	68C23EFE712D7BD75AB2599658908EB9	C36F1E9486CD5694B49F7A6826A2C898C63970E9	D9BC56CCDA84DBDE587450248677F4D2601EE1FFC41131BDE764DE7D1E7230AF
C:\Users\user\AppData\Local\Temp\7245361316.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	99EB2B83CF67649DB758E88F0B08C729	C2EF9D8D4E217307B1135D4CCB9C15E45B3FB345	41C9A6CE7BA6A09BA47CCFE78D2291641DDC7E11002A43411E076F4192902A4D
C:\Users\user\AppData\Local\Temp\7245361316.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B2BF487984C305CB2804D60BDC9BF24F	21B378DF3CCF09FFD09C6145B36761509BD1D163	857441F8D4AD10E82515F528F02CBF9578EC20278C214D263815A1B519932CA2
C:\Users\user\AppData\Local\Temp\7457734050.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	B86D1FA471CDBC2D88B70BB18CB7584E	F92788384007A62CD86EE13DDABC19F3375F5889	62B60FD57147ACA7D1FE25859B6E5A09B8CAF8B839CE0F493FC999A36E3AB0FC
C:\Users\user\AppData\Local\Temp\7457734050.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BAD572CE24097FA5C62A1C766600F555	7742E73B5DA137D9E2AC8D90BBC55637F394451C	CACB59580FAABC964DAE2A0C27FD2D93AF4D84E8AC19B8AE5D7076E8E60AFB6C
C:\Users\user\AppData\Local\Temp\7676687441.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C7A969E846916B6E3D438C0C237A503C	7D10417CDC584F1D62065901A63A95CEABDF1012	0987290B11FB1E2824A6F25B3BE50D80499E4FDBFDBF72C013CD937D5838F7B2
C:\Users\user\AppData\Local\Temp\7676687441.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	19930D5ADE64B51C0E340445CFF2A38A	44A7191B8B8208D5FEDA7D8BE08BCAEEA88B4B6E	6FB9532634EA03C39E46BB859F5547E72F4D16EA8AEB7398D16A26EA0695DF49
C:\Users\user\AppData\Local\Temp\8182259827.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FC65D0F11132AD708E15379A45D618A4	61A1EBF7E3DCC19C86796EA986BC0BF19C373FD0	5841E6451A3188CE79BD4F100BD0B64D8CAD4F0B54B51191C9BAF44C7C4061C5
C:\Users\user\AppData\Local\Temp\8182259827.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5099178613AD998B9C89FC12C3D3175	CB944F9A8ABE83DD7518626F8A43D8F88790301A	29C852D6F8E1820A22CC0F464A1460F312750E5FD790D64C1FA85599DED027FD
C:\Users\user\AppData\Local\Temp\8200946536.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	032F308CD517F1912C1482C908ECDE7B	5F60CF00E1C6545FDA9D7AA32A40936BA9F56110	7E8447BD1FA263E6813BBBDE6455EE58F52A40524BC2C05499A1A32FE95E513A
C:\Users\user\AppData\Local\Temp\8200946536.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	44DF60730B53D11654B4563D50E91E61	9B90F1E06DC0B0D552DFAC479A91F56D3F1E274E	DA7AAFF1A26420FF818093A0FC466E01AC7B461BB20639E3349F971C055A356B
C:\Users\user\AppData\Local\Temp\8351801105.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4867478A902183BB4F1CB9A9A9CBA96A	A86D0071C6CF711F6AE16883015C0B7D4E1BD64A	8C82D9BB80F97384BCC05370703DD9DCAEBCF21F29E98C6BB2B00A6865B5CA9F
C:\Users\user\AppData\Local\Temp\8351801105.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BFC09F24552402A9C278AEECED8A20D3	637842BCA262A1972067FEE61077A4C40015DD10	2335480AFCA8DFE2CD8798C17E4DD5ED4C24C95E6CF4B3438D7F1EE8AC534988
C:\Users\user\AppData\Local\Temp\8492240360.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4E39B97257A1835BFC5AB6F26BE6725D	B7311C41C9DFC530F4D6FA7F3F09B55CA740D25A	497FE567A1DD0EDD693B56EBC63280D703D987B4FDCC6D03DBF4304DD65A34AD
C:\Users\user\AppData\Local\Temp\8492240360.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A5333E46E71EA30086288A8897FA4322	AE4CFA746B7520DBE753BDF8B97A544330E49E8D	A7153336F3D16618525F6C466DE9B9AB8F46947F0773CFAC2120505AEC6E73FA
C:\Users\user\AppData\Local\Temp\8552718761.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A2D49CCD77C9EB93467DEE19F482AC29	A68EEC47DEFAED049D291D668D16D7447BDB1C02	8C43C770C3D91033A253053F3CFFB41E8319C88A8C2F2897ED5BD332793942BB
C:\Users\user\AppData\Local\Temp\8552718761.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	24CF1149CD7DCCFEAA66429F218DE620	1C207DF9E247BC5E3B49826AEA1CE2BCF9E63806	9015F706BF65483E4C207DB08DDB094EAA8D33F2F82C0D339149DAFB3244877F
C:\Users\user\AppData\Local\Temp\8886835349.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E2FD9471CEECB7C72FF773F2DE185CBC	E5F5743804B696D410D7F81F84708BA003F690EB	2CA2AA742E15565599D79AF1979E0EF1C407C25FBA4760E5DDA5D007817098F3
C:\Users\user\AppData\Local\Temp\8886835349.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	EB9AC6236280EA55644C0BA98C001AAB	4EF8CA8BB1547CBA9A00C97F9D649B6F82FEFCCA	EF53740CEB81A331401926F1010F6134790346F72523F9533B8D8168C863DAF8
C:\Users\user\AppData\Local\Temp\8975065801.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	965D0F378FC80F383D8C1DFC4ABCA964	3560049A043398730C86F94E0A9F6E3FD7871F0C	6850D57BD4FD96D751864B0F19A76AD274B767078CF10099E3B19ACA98D2E53E
C:\Users\user\AppData\Local\Temp\8975065801.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6A0622DEA1836843A15C1E79E66CC055	04AE5BEA5351676C129F1748F1304E92EF367C13	3488980CB561D98D177069890BA1F0DC424FC0860BCC9FD4551FF1C276579869
C:\Users\user\AppData\Local\Temp\9217021447.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5AA5FECFE6B222B7316FE9385F341216	807AC9365A9457313EBFF93CB68A8253FD08CB21	C6D0BBB266916F997CA3AC72C8C971A797E4E92FA3C06D97B51EAE43874AFE45
C:\Users\user\AppData\Local\Temp\9217021447.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CF49F5DC00FE68D4377099E91E9129E1	1C34886BF17A86886E78F41D87FD033505066FFD	D463E1B3567BB6FA36255820B0EBAD9EA9AA765685B328E3B45329B5699050AF
C:\Users\user\AppData\Local\Temp\9275373402.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0947DEA63AC09EC54C405AA713811139	201D6690A0A332F7908553D9EA3040DA205A51E5	5269224CA35D30939C19CF7E82F79DC32EE7AE73D3E99824EA7735FB49BB6AC2
C:\Users\user\AppData\Local\Temp\9275373402.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	74129F43AB363827CBDB4608C3389E46	6E4BBAD53FCCFDDA9AD66D60BE9AF5F4042C408E	45DB3344BA976A7E985A29DB7A7ED77814CF107CB44201F2AD831EF196E35BD6
C:\Users\user\AppData\Local\Temp\9329238007.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	30CB96F9698A535CD3C1C2BE0F7097DE	CED77A2B400B477C809214E1EE0F47A422C2FFFB	E9D1C7C790EF0C21DC08767C7FEE8DB44C7758F4D3C509DA8976985C320C15C3
C:\Users\user\AppData\Local\Temp\9329238007.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	4FE9D2CB7585DD8EFA2F4DDE159EC31B	71D81DDBE763CFA87F7719446AEF24F3C0273391	970A6812A7C28D7FE5278104D41CA511F5A28091EE09620F1ECCB9163958DAE4
C:\Users\user\AppData\Local\Temp\9422479677.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9A6FE09D8A87051C131D292E01A8DBF5	21C57EC1FB051284E6798FBE8CECFDBBBF028E49	A946C66870184CCD85585AFDBD0CBAC61B5F93D0EE3EBD9C04A8B854896FFA7E
C:\Users\user\AppData\Local\Temp\9422479677.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5C5A5E902365BB57834E1BBBE4D7A674	B25B46CC21D7713E30AA73D5C213A4A477FEF12A	B2078DD53F84755B3D9BFC12623786077452E331A10EE5B9631F04B687E7C2FC
C:\Users\user\AppData\Local\Temp\9655434068.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C502CF946AA85DFEF9B7DBE3A5DF8E08	D1148DADD1C16759B3A8870127E1891CB8B642A4	6CD3246B5471756259702923F389CDD9011CEB80F28D6E58ADC961F1757219AC
C:\Users\user\AppData\Local\Temp\9655434068.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	9CF6A6778804D68093A9E515F6A37C20	D82CF479B57CBBBEF28E09D5926C6A28E6A7FD49	03EF3686A88EFC564C550D122A9C6E03295B42E832DD0E22150AC5D7C2BCF22C
C:\Users\user\AppData\Local\Temp\9659692161.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8333F77296A419425FDD515BDEBCF2E1	BF25593C39D8208A2EF6D9AF6F91346482930100	BFDFCAA58058BA0E72DF967302907B7C4FB918B42AE58A94559F9504AFE360C4
C:\Users\user\AppData\Local\Temp\9659692161.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	1DEB2846E32CEEE9DD0A6EF69462BF80	CDF0F8FB674E483BF8C3C139F2757033F7CB7348	67FF6499271D500704D4A7EEF3E3CF2DE45252A37D013A0F886792F71C43D3E2
C:\Users\user\AppData\Local\Temp\9925478147.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0B80426267F499B4BBC722A373DC233C	F4F9BF97CDCDB896356FD5CDA56B43F39D984329	B3BBECB4B40D7A3A6A61A232726A79CC47653521ABC4E6809CE137F6B569351F
C:\Users\user\AppData\Local\Temp\9925478147.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	E112AF40AACB47E1919A9F8D21A58236	188628D05F1C435934988B0E6D29C1A6BE98331F	3CD48B7129AB529B3A15D2A8914E6FD33FE40BB615FD33062D8FB02218E3FA7D
C:\Users\user\AppData\Local\Temp\user-PC-20231004-1445.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FF71C251200AFE3BE7D88EE6E2738199	FE6AF0BEF706CFEB0996F4120D3232EC0FDECB58	3A00324AC093AE1465C6F9810D626D05AC763CC5FD6FB0B626A545B2B8BC556D
C:\Users\user\AppData\Local\Temp\user-PC-20231004-1445a.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3F65602DD7797B9838621D846353E2A1	D952AA88EDD9A362EFB4CF0A1C6C91696683B0D4	7FC1590C77C5AD4C857D43DDB18DF037BBEB829894A292B7CEF1B3D59E9761D7
C:\Users\user\AppData\Local\Temp\user-PC-20231004-1546.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8EAC84D824F8853FE4D807AD9B085167	A63169F2A41C83E88692259DDF19387729055CCE	A0A5409F8A930F382D1F7CEFA8749E03FDABC413D0CF7DA28E33F46EA493DC58
C:\Users\user\AppData\Local\Temp\user-PC-20231004-1547.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	55B6D83C0ADD9E9B311E40F672D5C570	3AD3785BDF95A0C51739FDECDBFE22552A3314B9	02A81E35A6C8FAEF9169076BC016942158536F32981CF1F80C09EB57192AE5E4
C:\Users\user\AppData\Local\Temp\user-PC-20231004-1550.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	431B087353003B2B715449C9E81FF36C	946DD454A471DE7BB70DD85D511794FF6B16729A	8E0C2D2B3A106E156EA4B1249554F7E27E063D581B8FB8421478E05E18736BA1
C:\Users\user\AppData\Local\Temp\AdobeARM.log.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	CB7EE3746B0EC52E7EA0582B525C7615	F9D318B694D81893BCC948F7909C3ABE4AA83395	CA58D8DA666EC9B5EF1F07E04687D718023A9BDE9E4B394F2331AD49DEB6D174
C:\Users\user\AppData\Local\Temp\AdobeARM.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FEBEFFA77D1DFBA6A53A20392A79667F	0339C91B93400DD13BFCB3EE2D9245EC378425A8	23352B3EE5070F7BDE3FE8ABD05B1A454784351D9AB75214EBE309CF98EBF493
C:\Users\user\AppData\Local\Temp\JSAMSIProvider32.dll.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	285EBAF94A70601542949670795C92BC	87C975766336ECBC8F3343896381ACD88B71E39A	500A3226B874A65807AB92F795DD13A3C682A49EAD3C02FD90E765E89459B573
C:\Users\user\AppData\Local\Temp\JSAMSIProvider64.dll.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	16E9E840C3238E3FC849534B845918C0	EE7631A0EA26FF21F074FEA9703D70DDCB0B07B2	A55DF6974256A9B32363101907F21142D7BC822A522A231C014B9B10D947D400
C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A75288F49481EAC616805EE9E98D9585	80ED094F1F8659DDCC6C7D13C6DE33EF68A967F7	0DE32EEF0A2AF035EDBB8A9CD49AC0B65F99DDCBBDBEE750995C24A172A0F07A
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43BC2512399370FEF481110046D5E597	E6F60156759A2A7B516D89A25CA331AFAEDE6247	C88CD5471AB5EE2FE8001ECEAFEFD06C9F57350EE9E4E70A165684CF6EFF4C9A
C:\Users\user\AppData\Local\Temp\user.bmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D5BA90D8DD40130C8DD6061531FD83BF	3EF3737CB45112EB8440452B3BEC7A43E56EE533	9CC066CCD61D4BF1CF7FABF0C55B7D4865376D23C6EFB8BA351EB1DC8128FD31
C:\Users\user\AppData\Local\Temp\chrome.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	DF53DFBAE2AF3C4E323AD9C40D9C6E12	913F91E3481CDCF932179F22BA3FFA5A408B0C97	B978CBC9875B1C55C6BF98A22A4E513E4CF99750215D1E2D951CE8A40D9A4575
C:\Users\user\AppData\Local\Temp\chrome_installer.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	A153DBC171706EABD128A5FD18E535F7	E0C6259D93B6A89867860BB7B073E460485095A7	1C5AE1C7E7D910C239A16A4209012D3E6D413ED8171D3152F429A579FFC5DEB8
C:\Users\user\AppData\Local\Temp\cv_debug.log.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	059B5C3D1DB3108A8B5FBE441D5EF3C3	D72A1F4E78BFD4375621EEAAA95E908826CB9F6A	BAB1AA38123718F1590DD5448C0ADC4876C2A898A32209D28FD940CAE5F17E0A
C:\Users\user\AppData\Local\Temp\cv_debug.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	FA5033A87759BAE89D7BEDBE538235F1	19CDF4FA934B41B67BF6F20D0556821C4036092D	8F316E27EC13C219ABAC0C192EDA996270AC0A7F4377D82AE44D22C2CB024679
C:\Users\user\AppData\Local\Temp\dbghelp.dll.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	8BD108491FAC924FBD2FC0BE0D09BA0C	9FE1DB76F80F01A444F642DFDB2024EAAF742003	ACF2482F9D00CE80800440A81D19A09319BDFCD3B9E85BFCD218A6382934B722
C:\Users\user\AppData\Local\Temp\jones.bmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	5F3C5A4035227D1B479AF6007AD008AA	D6F211D2E06791F7CA6EFAD10B427C84BE628C53	AF15D654C522506C2485E8DC53D76F78FF03DACB4714C4D694B80B0BEC8E634B
C:\Users\user\AppData\Local\Temp\jusched.log.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	882211F1CBB5AB36DE2197DC3E9F0D36	29B9EC869B2F65F01BBFA7860FA219FD537FACDC	C2FE78D61EA48751E8AFD6975EEE7772D9B2BC010ED5170A3CECB7D13DF99D52
C:\Users\user\AppData\Local\Temp\jusched.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AC78A442BE37A039C6AEEA1E7DCAE1B7	479E6BEC427FAA30FBD9E4B31D2869A34DBBC947	3871A6EC34ACFBFDDCFB3BF8E2E91C4004A21DCA018E5DCA537C535EE8E67537
C:\Users\user\AppData\Local\Temp\msedge_installer.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	ABE05FDA1F2A29A38A8F6C1E97C6C71E	49B91AD9A1C5532339F0847CCB32F60DFAD23E7E	581EC04A547F2ADFA926405260C3B357F847B386FF59C7322B04C540187B0958
C:\Users\user\AppData\Local\Temp\offline.session64.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	43F209F87550EC8A37B35FAC93F7D132	E7088C2EAB4DF46671EEC3BF61B0B8E74066B371	E06B20E047B279792B2B34958710D41BFE73ABEA4CD183408377C40327C7C826
C:\Users\user\AppData\Local\Temp\offline.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	0E7E29C23F85CCC8A73D20E04E651A36	C35217639CFBD08E32E986EE24057540DE012300	D8C17C5DC1A320B592B0A3427176854B613169E0AFE44EEA7BE96285B329AF06
C:\Users\user\AppData\Local\Temp\symsrv.dll.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	72A28AB9737AFBB929B984A542D0B968	ED0003D98960F430C8F4AB4B65EBC8239E4F9911	B199E27A81791132F9B144B1B3637F9D62F2046C1D177073F861E3206BF98551
C:\Users\user\AppData\Local\Temp\tmpDD17.tmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	BBEA96BE48EA9A54D486E8AF18683ADB	9A5D62E7FDB77077EA77CEEDAA52FA24F14075B8	ADD35CBCD7A8F8FEA357CA832927B6F84B6AAA50DB873DBBC3D05205A8D0EC67
C:\Users\user\AppData\Local\Temp\wct1834.tmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	C9472826CBA99BC720EEE848E49B4641	80441EB632D91878877E8AC93AD21B60D12268D9	EA99491EE3DC0844C55D66CA6749A42743E700EF07ABED23F5353402B7DA42E9
C:\Users\user\AppData\Local\Temp\wct42C5.tmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	22913CED2F6D1DF421F1EEF4707BEB1B	D15BC4D8BE3408880AD375C29AAB564B461FA76C	494E48F2947F6E642B4C63A7509D0C892C69428D2C696143203ABDD46B88A1A6
C:\Users\user\AppData\Local\Temp\wct4B1.tmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	83EEBD57BFDCE2524930E7ED2CDF3E27	6DDF2822C39FCBFDD37791326458D4EF8A7BD116	5613D6680E62BAAF4352747BBF2CEEC0C6F646B48E6E04B7169FD81DD6BE50A8
C:\Users\user\AppData\Local\Temp\wctB04C.tmp.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	AEC11006B130D0C42534496B32C59F0B	79BDFF17147FBA035997FD839F447738CB0A190F	871F9874088D10F8253DBD798F6F3CD8F17BEE0D856AB2C63CAF49C966856739
C:\Users\user\AppData\Local\Temp\wmsetup.log.exe.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	3F42BCBA10C6E1677B4177159E8E266B	3C384353D9F5EA41B30F1DD73DDE6645ABEF1ACD	ED3E517CEE0E35C2C4A246898ADA1CE07ABF6CF62937F6E34233C72E3FF1B845
C:\Users\user\AppData\Local\Temp\wmsetup.log.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	6603F7DF76CDCCD762DA16B120D78E3E	A3D62ABF50A0AAD591C2E9EF0C49B5E2B580AE24	DC812E09C3B7786BE6FBE012BC7A2DA82C1B7461F3B6DF9B91CB8726C36773A7
C:\Users\user\AppData\Local\_curlrc.tmp	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	D1546D0C79ECF746551AD9CEA741D887	4476E6CE9FFAA8C55BA6BBFD9D00ADF02530880D	64CD98E6DEC9B694BDFCE518538C37F5B7F77AE9B5647BFB24962731A984D801

ID:	1540703
Product:	CloudBasic
Start time:	01:25:06
Start date:	24.10.2024
Sample:	Tb3mfWybe6.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	8f371ea29de946aa1b73efb064e9a890
SHA1:	29bbc530e48752351443dff5f22c980ce3220c77
SHA256:	ab85a4b94d4e18366dc43e2e8f2f4ac6a2452887804ffa67f4ac05987ebf1dfb
Filetype:	Win32 Executable (generic) a (10002005/4) 99.66%

Windows Analysis Report
Tb3mfWybe6.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Tb3mfWybe6.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Tb3mfWybe6.exe