Sample File:

	MD5 hash:
		6ed8c24732529fccf847927c68fc0174

	SHA1 hash:
		c7155a3d2dd0ff0ff2f746b79998a5aabe79735f

	SHA256 hash:
		567bdc9330d3ff2dfc138fa9f284ebb17a83a5ec0305d846474d7b30cbc36247

	SSDEEP hash:
		196608:BWvq6ulMDaZkjYTGa44XFcxzkOGXDjD/E:IvXKDk8Sa44XFcxz3GXg

	Filename(s):
		gblyrzexggw.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		WinRAR_Busy


Registry Key IOCs:

		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FirefoxUpdater
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_CURRENT_USER\Software\WinRAR
		HKEY_CURRENT_USER\Software\WinRAR\Compression
		HKEY_CURRENT_USER\Software\WinRAR\Extraction
		HKEY_CURRENT_USER\Software\WinRAR\FileList
		HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths\mtime
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths\name
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths\size
		HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths\type
		HKEY_CURRENT_USER\Software\WinRAR\General
		HKEY_CURRENT_USER\Software\WinRAR\General\Priority
		HKEY_CURRENT_USER\Software\WinRAR\General\SMP
		HKEY_CURRENT_USER\Software\WinRAR\General\Sound
		HKEY_CURRENT_USER\Software\WinRAR\General\VerInfo
		HKEY_CURRENT_USER\Software\WinRAR\Interface
		HKEY_CURRENT_USER\Software\WinRAR\Interface\SystemProgressBar
		HKEY_CURRENT_USER\Software\WinRAR\Interface\TaskbarProgressBar
		HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
		HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes\ActivePath
		HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes\ShellExtBMP
		HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes\ShellExtIcon
		HKEY_CURRENT_USER\Software\WinRAR\Paths
		HKEY_CURRENT_USER\Software\WinRAR\Policy
		HKEY_CURRENT_USER\Software\WinRAR\Profiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\AddArcOnly
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ArcRecBin
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ArcTimeLatest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ArcTimeOriginal
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ArcWipe
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\BLAKE2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Background
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ClearArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\CmtDataWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\CmtFile
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\CmtTextData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\CmtTextWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Default
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\DictSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\DictSizeLZ
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\EmailArcTo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\EncryptHeaders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\EraseDest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ExclNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileCopies
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileDays
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileHours
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileMinutes
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileTimeLimit
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\FileTimeMode
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Fresh
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\GenerateArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\GenerateMask
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ImmExec
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Lock
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Method
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Move
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Name
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\OldVolNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\OpenShared
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Overwrite
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\PackDetails
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\PasswordData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\PathsAbs
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\PathsAbsDrive
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\PathsNone
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ProcessOwners
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\QuickOpen
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\RAR5
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\RecEnabled
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\RecSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\RecVolNumber
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Recovery
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SFX
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SFXElevate
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SFXIcon
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SFXLogo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SFXModule
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SaveHardLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SaveStreams
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SaveSymLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SeparateArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SeparateArcDoubleExt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SeparateArcSubfolders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Shutdown
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Solid
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\StoreNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\SyncFiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Test
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\Update
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\UseRAR
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\VersionControl
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\VolPause
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\VolSizeMod
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\VolumeSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\WaitForOther
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\WipeIfPassword
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ZipLegacyEncrypt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\atime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\ctime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\0\mtime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\AddArcOnly
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ArcRecBin
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ArcTimeLatest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ArcTimeOriginal
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ArcWipe
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\BLAKE2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Background
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ClearArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\CmtDataWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\CmtFile
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Default
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\DictSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\DictSizeLZ
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\EmailArcTo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\EncryptHeaders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\EraseDest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ExclNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileCopies
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileDays
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileHours
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileMinutes
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileTimeLimit
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\FileTimeMode
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Fresh
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\GenerateArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\GenerateMask
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ImmExec
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Lock
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Method
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Move
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Name
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\OldVolNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\OpenShared
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Overwrite
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\PackDetails
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\PasswordData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\PathsAbs
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\PathsAbsDrive
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\PathsNone
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ProcessOwners
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\QuickOpen
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\RAR5
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\RecEnabled
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\RecSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\RecVolNumber
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SFX
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SFXElevate
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SFXIcon
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SFXLogo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SFXModule
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SaveHardLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SaveStreams
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SaveSymLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SeparateArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SeparateArcDoubleExt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SeparateArcSubfolders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Shutdown
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Solid
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\StoreNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\SyncFiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Test
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\Update
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\UseRAR
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\VersionControl
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\VolPause
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\VolSizeMod
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\VolumeSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\WaitForOther
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\WipeIfPassword
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ZipLegacyEncrypt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\atime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\ctime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\1\mtime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\AddArcOnly
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ArcRecBin
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ArcTimeLatest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ArcTimeOriginal
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ArcWipe
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\BLAKE2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Background
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ClearArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\CmtDataWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\CmtFile
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Default
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\DictSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\DictSizeLZ
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\EmailArcTo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\EncryptHeaders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\EraseDest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ExclNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileCopies
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileDays
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileHours
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileMinutes
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileTimeLimit
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\FileTimeMode
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Fresh
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\GenerateArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\GenerateMask
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ImmExec
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Lock
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Method
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Move
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Name
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\OldVolNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\OpenShared
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Overwrite
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\PackDetails
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\PasswordData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\PathsAbs
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\PathsAbsDrive
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\PathsNone
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ProcessOwners
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\QuickOpen
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\RAR5
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\RecEnabled
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\RecSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\RecVolNumber
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SFX
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SFXElevate
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SFXIcon
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SFXLogo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SFXModule
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SaveHardLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SaveStreams
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SaveSymLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SeparateArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SeparateArcDoubleExt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SeparateArcSubfolders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Shutdown
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Solid
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\StoreNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\SyncFiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Test
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\Update
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\UseRAR
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\VersionControl
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\VolPause
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\VolSizeMod
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\VolumeSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\WaitForOther
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\WipeIfPassword
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ZipLegacyEncrypt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\atime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\ctime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\2\mtime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\AddArcOnly
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ArcRecBin
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ArcTimeLatest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ArcTimeOriginal
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ArcWipe
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\BLAKE2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Background
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ClearArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\CmtDataWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\CmtFile
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Default
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\DictSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\DictSizeLZ
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\EmailArcTo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\EncryptHeaders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\EraseDest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ExclNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileCopies
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileDays
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileHours
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileMinutes
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileTimeLimit
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\FileTimeMode
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Fresh
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\GenerateArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\GenerateMask
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ImmExec
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Lock
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Method
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Move
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Name
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\OldVolNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\OpenShared
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Overwrite
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\PackDetails
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\PasswordData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\PathsAbs
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\PathsAbsDrive
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\PathsNone
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ProcessOwners
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\QuickOpen
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\RAR5
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\RecEnabled
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\RecSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\RecVolNumber
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SFX
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SFXElevate
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SFXIcon
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SFXLogo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SFXModule
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SaveHardLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SaveStreams
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SaveSymLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SeparateArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SeparateArcDoubleExt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SeparateArcSubfolders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Shutdown
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Solid
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\StoreNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\SyncFiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Test
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\Update
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\UseRAR
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\VersionControl
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\VolPause
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\VolSizeMod
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\VolumeSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\WaitForOther
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\WipeIfPassword
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ZipLegacyEncrypt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\atime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\ctime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\3\mtime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\AddArcOnly
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ArcRecBin
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ArcTimeLatest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ArcTimeOriginal
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ArcWipe
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\BLAKE2
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Background
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ClearArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\CmtDataWide
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\CmtFile
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Default
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\EmailArcTo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\EncryptHeaders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\EraseDest
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ExclNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileCopies
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileDays
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileHours
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileMinutes
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileTimeLimit
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\FileTimeMode
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Fresh
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\GenerateArcName
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\GenerateMask
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ImmExec
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Lock
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Method
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Move
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Name
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\OldVolNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\OpenShared
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Overwrite
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\PackDetails
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\PasswordData
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\PathsAbs
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\PathsAbsDrive
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\PathsNone
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ProcessOwners
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\QuickOpen
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\RAR5
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\RecEnabled
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\RecSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\RecVolNumber
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SFX
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SFXElevate
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SFXIcon
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SFXLogo
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SFXModule
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SaveHardLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SaveStreams
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SaveSymLinks
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SeparateArc
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SeparateArcDoubleExt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SeparateArcSubfolders
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Shutdown
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Solid
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\StoreNames
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\SyncFiles
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Test
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\Update
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\UseRAR
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\VersionControl
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\VolPause
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\VolSizeMod
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\VolumeSize
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\WaitForOther
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\WipeIfPassword
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ZipLegacyEncrypt
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\atime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\ctime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\4\mtime
		HKEY_CURRENT_USER\Software\WinRAR\Profiles\5
		HKEY_CURRENT_USER\Software\WinRAR\rarkey
		HKEY_CURRENT_USER\Software\WinRAR\rarreg.key
		HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
		HKEY_LOCAL_MACHINE\Hardware\description\System
		HKEY_LOCAL_MACHINE\Hardware\description\System\SystemBiosVersion
		HKEY_LOCAL_MACHINE\Hardware\description\System\VideoBiosVersion
		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
		HKEY_LOCAL_MACHINE\Software\WinRAR
		HKEY_LOCAL_MACHINE\Software\WinRAR\Policy
		HKEY_PERFORMANCE_DATA


Domain IOCs:

		- None -


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		
		-Rh7mA95EzQMCjv.pptx
		0SoXJeVDMd8XB.wav
		0WMsLhv.docx
		0XuPmKuUcJqUgUNn.pptx
		0eTc aT.pptx
		19uvJahSx.pptx
		1dt_j0rkw.xlsx
		3gZT0e1Jc7KRhrNwc8F.xlsx
		4Vw2ygLPEu-Maci0qp
		4XGIZDiLaaAzBLi8uMJ.gif
		6_vMe3CazzKO.docx
		6so3uw
		6so3uw\9Cnbfi2a
		6so3uw\9Cnbfi2a\B5WGJFxuORhJIbLXl.jpg
		6so3uw\9Cnbfi2a\JzMMZnM0QB06bugb_OB.gif
		6so3uw\9Cnbfi2a\RIcQ1EmpXOwuZfKzm7T.bmp
		6so3uw\9Cnbfi2a\_J-TfTf8bux6i5ev.jpg
		6so3uw\9Cnbfi2a\mwTl5gGRtX.png
		6so3uw\F6rd1F-UBg20OJcO.bmp
		6so3uw\c0kYrk2r.gif
		6so3uw\kSdj3VO3TR7ki6gTEs.gif
		8ZCScAn2t4O2J7-d.doc
		9klODxiFKz0-WlOc t7.xlsx
		AE1NPe45_G.xlsx
		AVuWJQwE5di201z9 d.ots
		AtQu0 xTj.docx
		C8sP.docx
		C:\Users\WhuOXYsD\AppData\Local\Temp
		C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\
		C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll
		C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg
		C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE
		C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE.config
		C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE:Zone.Identifier
		C:\Users\WhuOXYsD\AppData\Local\Temp\Wallpaper.png
		C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe
		C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini
		C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng
		C:\Users\WhuOXYsD\AppData\Roaming\WinRAR
		C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg
		C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Themes
		C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\WinRAR.ini
		C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat
		C:\Users\WhuOXYsD\Desktop
		C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe
		C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe.config
		C:\Users\WhuOXYsD\Documents
		C:\Users\WhuOXYsD\Pictures
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
		C:\Windows\system32\RichEd20.DLL
		CjID.mp3
		Da5qX9dUi.xlsx
		Desktop
		Desktop.rar
		Desktop.zip
		Documents
		Documents.rar
		Documents.zip
		F-YPFV_qYj4bfRfXw9yB.docx
		FF-GXA22K-J
		FF-GXA22K-J\23KKWJn4X.jpg
		FF-GXA22K-J\FKAF idlRz23ptJ2k-O.bmp
		FF-GXA22K-J\TXT2nL.jpg
		FF-GXA22K-J\i--dke3Y4B2pF6twr.bmp
		FF-GXA22K-J\qe4w BUBvbI.png
		FF-GXA22K-J\y_NnvZ hOSogKdF.gif
		F_g z.xlsx
		Fj4kdfeguFEe8WDxBVP.png
		FuvJMN.m4a
		G8MmJscBgVAAB6EEG8d0.docx
		GIwIhnYq\01ty5ZVjiFX.xlsx
		GIwIhnYq\4aTOLAatL.rtf
		GIwIhnYq\gJxsA3QDXPNzu_.pps
		HAuM_g1AD_0J.mp4
		HaxwmHj 0CtV7r4.docx
		HoZdmtHokVR3Wl.jpg
		IdJZzMH4BMOKYzj.docx
		Itucwf.jpg
		JhTtCfiuDFLeGwcL.bmp
		Jrdm wCY_KpB5kAazb.docx
		K3zCHl_.xlsx
		KZD3FfQJWWhay.docx
		L4AvX7khKXUu5.docx
		L4T8mDg3vHms9Y.xls
		LFfk9JORsG.avi
		LUsVMCA2kX5.xlsx
		M-At.docx
		M53FxPpcT\-GriIsafw.csv
		M53FxPpcT\1ue2Dui.csv
		M53FxPpcT\FCaj7Z UR1.ots
		M53FxPpcT\oGJkVukoMxIO6MpIrH.xls
		M53FxPpcT\s4EDs60 8.csv
		MKzdWyU3NziO.m4a
		My Music
		My Pictures
		My Videos
		N-1n4D-yiI1zNCjze.pptx
		N5ZN.pptx
		N8uU1e.xlsx
		OKr5u -WV3PR.xlsx
		OhMb-UaJPoxHiI.pptx
		Outlook Files\asdfasdf@rrrrv.com.pst
		PQcpfPJA3.pptx
		PWldfUkUS.mp3
		Pictures
		Pictures.rar
		Pictures.zip
		Pkijc OVe1YF8QnT.xlsx
		PonYvH9js.docx
		QVNqG4sHjJKiemivuPP.docx
		Qes6-o-.docx
		Rr-L433.pptx
		TM7LU.pptx
		TYcyuRxH.mkv
		ULcrruHeMH6lLDqYX5zP
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\0XRpWOZ7BIgaFl
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\0XRpWOZ7BIgaFl\AcSwmq12.png
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\0XRpWOZ7BIgaFl\FS9X-Jz92l3SkJz_uf.bmp
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\0XRpWOZ7BIgaFl\G StNxmi.gif
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\0XRpWOZ7BIgaFl\o7iZDtChRQGlm.png
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\Ni-WplZKUKZ.gif
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\UqtyoyIZxKksp3kD
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\UqtyoyIZxKksp3kD\dn2lN2aa
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\UqtyoyIZxKksp3kD\dn2lN2aa\PSQZiwIN8uJzzTdjOFX.jpg
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\UqtyoyIZxKksp3kD\dn2lN2aa\pQzU4fgJS_VJhSEBB.bmp
		ULcrruHeMH6lLDqYX5zP\HNlFrbJUHSODl\aEAx1CrFMianQavi.jpg
		ULcrruHeMH6lLDqYX5zP\u_fq38hVgFy.png
		ULcrruHeMH6lLDqYX5zP\zTrGUpS5uq YgUIf.png
		UrPVXySoY.jpg
		WPnyp7euOOTod.docx
		XRS5ksD\8quW\2d1Kv.xlsx
		XRS5ksD\8quW\DmJHZllsIDAO 6.csv
		XRS5ksD\8quW\bwEoB.ods
		XRS5ksD\8quW\geTVB4WtFHycydi mP.pptx
		XRS5ksD\8quW\hoT7s0jqF34TpSdFkEG.ppt
		XRS5ksD\BZEpulzPesbCLsb0\0L7s8edhd_6mnq.ppt
		XRS5ksD\BZEpulzPesbCLsb0\2t61b\jBnkdFwHfylWaZ6YaRt.ods
		XRS5ksD\BZEpulzPesbCLsb0\4bPCYUxUkyRXz1a.odt
		XRS5ksD\BZEpulzPesbCLsb0\4fPI cdQ5b.csv
		XRS5ksD\BZEpulzPesbCLsb0\Cyhav4m7LPhUY.odt
		XRS5ksD\BZEpulzPesbCLsb0\Ey3s.xlsx
		XRS5ksD\BZEpulzPesbCLsb0\T4drjs69aH-eO2f3M.xlsx
		XRS5ksD\NnHAm7cjtqLnMEvQK_S.xlsx
		XRS5ksD\jRXwpLVqeVbMwn-9J\8BCPb3BzgmrIOA5.csv
		XRS5ksD\jRXwpLVqeVbMwn-9J\O0Hib.csv
		XRS5ksD\jRXwpLVqeVbMwn-9J\VpyteSPe2.ppt
		XRS5ksD\tiCKnWYQXORSFs05KwkK\2J0TC8BES4f8Vy_7 a7O.csv
		XRS5ksD\tiCKnWYQXORSFs05KwkK\MoqtBms5meoe1w.rtf
		XRS5ksD\tiCKnWYQXORSFs05KwkK\PHjFMjnQ02ATkGOZl.pps
		XRS5ksD\tiCKnWYQXORSFs05KwkK\PJuyGmzhd Ku-a_pm.pps
		XRS5ksD\tiCKnWYQXORSFs05KwkK\SwMu.rtf
		XRS5ksD\tiCKnWYQXORSFs05KwkK\fcVw7y.csv
		YR5cgi5pBZBxCXpLKz.docx
		ZHKgPcRuClqfpQx70d.xlsx
		Zrs5Ud.odt
		aZCuN2.pptx
		atEaVS6T.pptx
		atyP90aK6HDTB.png
		buu1yiRA_xVu8tVc\hLAWY-nuLL.pptx
		czSQaVnIQO  0LFtEP.flv
		dPdybr639pwn.odp
		desktop.ini
		dfxuFxjX5YwdPMIH
		dfxuFxjX5YwdPMIH\2A58ceH2t.png
		dfxuFxjX5YwdPMIH\OsbsjTTafsX31mSiaRnW.ppt
		dfxuFxjX5YwdPMIH\YEeHQp1lME uExplJtB3.flv
		e-bHwq0LPy0uA9lpR0jp.jpg
		e8 DbP8IuWCbGEcy.docx
		f7H1LR6Kr4.xlsx
		f7MdNo-AKV0.mkv
		jGh255P.m4a
		jWTOiGMc8-CGVj37-J.xlsx
		kSD3eNYHYfeDhhgpl4.pptx
		m6NzXvQi8lk.jpg
		mevC_E6.docx
		oAWd.pptx
		ohVGFnet7R0TYcogm.pptx
		payrmo-.docx
		qdf-_fT\JqbhJrWJOhGgC.doc
		qdf-_fT\nwePxLPwZrM _B2.ppt
		r8gP7fn6WcydRhKaYYc.png
		rONkvDPUqOyiM9A qv.xlsx
		s6aMY83d27.xlsx
		sZysAGTn.xlsx
		s_UnG.docx
		slFg55xQ.pptx
		t8SaG24LSbJT7XFl.pptx
		w9CVHhfkQl0.mkv
		wIOu8U.xlsx
		wfNksu nJRG5
		wfNksu nJRG5\3rrOtsNWKjt8qLje.swf
		wfNksu nJRG5\GeJdlc0asWB3ISPXdFJ8.csv
		wfNksu nJRG5\RFLcwh3Vitv1c_T4nL.avi
		wfNksu nJRG5\WIsnHaDYoZ0.ppt
		wfNksu nJRG5\XTt3.swf
		wfNksu nJRG5\_acNQOwErx 4yX.mp3
		wfNksu nJRG5\qHh6uE8iAnd.xls
		wnB9v0ottRO9k3_.pptx
		xipMOvrpEcaMKsnrOoK.m4a
		xuzEq3zwZkPG
		xuzEq3zwZkPG\UhrjNpf0XOWEy -M.png
		xwucnZa1H0T.xlsx
		yudTBCftS3KtXZdN.pptx
		zbK0RkNWW_QYl4NDka.xlsx
		zqdJ P9hDbwBTPl.pptx

	MD5 hashes:

		1e3a2a966f593ad33125f26916267008
		6ed8c24732529fccf847927c68fc0174
		732cf0fc10856b7caadb3f8522ef6947
		7bf2ee95ffc00b4496762468e4227d44
		9fe566aa83d07bc948f5a54e86c37214
		d28c293e10139d5d8f6e4592aeaffc1b
		db956a02daba647f229b01d56ea5d892
		f86ba5fef5fef6e7f3328faaa8aac027

	SHA1 hashes:

		1c8d576d60f74b97ac0b7a419fd1ee710bf0ab8f
		38b1a547ddee671edeee7385cac138458a6a6858
		3b575420ceea4203152041be00dc80519d1532b5
		9703bf05e525500ddc7680e0c6049eb2c8b28fa2
		a1da653bd2d3fa8e0da40a261e2fae3ef5d24293
		a1debb2f8cbcd9420ff06d9127b72dd3df24daa8
		c7155a3d2dd0ff0ff2f746b79998a5aabe79735f
		f93457257e95c65a24ddc307132053c00c5a5b08

	SHA256 hashes:

		1e0611ee8df0cd446b1d7aa1c6719e4c42fddd6b51db155422cbe0c06b8e03b6
		544bc424404caa14d14ed54e44213ece17bfd68128e93358e17fb52e30d19411
		567bdc9330d3ff2dfc138fa9f284ebb17a83a5ec0305d846474d7b30cbc36247
		5b4f5e6cc52df647673b94249e5392e6f00cc5ffb7e1fc7c4219351762618cdd
		61126de1b795b976f3ac878f48e88fa77a87d7308ba57c7642b9e1068403a496
		b18c9b9200e354f81882b29dc8143ec5d6f2b731cf4c7da3800e339ffb3c8827
		f8681cc352768593054fa68706127f28810fad25aee6c108ddf4ae3c1655395e
		f8cfc5341886e9e8b6f76e276172fd81c26b5869397ccf14787fd8d6f1d4c5fa

	SSDEEP hashes:

		12288:4ekXjvAyvEQ8ZeK/+1VTArMH7k4ds9t4WJHpH8Ea4GfY+OzsC:LkXDbMZ21Vs74dsnZJHpHnacwC
		196608:BWvq6ulMDaZkjYTGa44XFcxzkOGXDjD/E:IvXKDk8Sa44XFcxz3GXg
		196608:Oqc0UeJbHEOp0EV3pDYcBVrj7SzekHBhZk22Vp8QBvxWuH1e:MCJI+0gJYcPNCvkV8QOuQ
		196608:w8yCznar4brhLNAMf3uR0edxEjMLw60dQNI7hPr1xBG:wJCznarCZiMI5dGMAFlG
		3:8i:h
		3::
		49152:m2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nAzNjteyUHBdH3y2:xrCBrtcy/lfkD0nANte9BpC2
		49152:tErk8yoNXvvBxlC/ziloFcbhXvmZF4nse2MmnbSUJmrnSloKbS:tErk8y6/Y/nFcVXgesEmOFzSfbS