Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1522709
MD5:02407819cc6ae6260f0f7e8e2a7114f6
SHA1:51a9dd65f885d60f14fe63e0a223959888ce4a8a
SHA256:1e17ccbc9b53289a0999d820132c9615ad6618a83ccd2b5b6f1ac48bddc9f6cc
Tags:exex64user-jstrosch
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Drops executables to the windows directory (C:\Windows) and starts them
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 02407819CC6AE6260F0F7E8E2A7114F6)
    • conhost.exe (PID: 6272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • VnYfUNA.exe (PID: 6036 cmdline: C:\Windows\System32\VnYfUNA.exe MD5: 3FFF535448E56B713501BEBB76F00F8B)
    • bIkaAuF.exe (PID: 5412 cmdline: C:\Windows\System32\bIkaAuF.exe MD5: 066472B8E84ECAA9199CCB57CBCBD21D)
    • jcnyUWd.exe (PID: 4752 cmdline: C:\Windows\System32\jcnyUWd.exe MD5: F8FAF9FC5824C121988E4FD42C6F44A7)
    • NyQTRVw.exe (PID: 1144 cmdline: C:\Windows\System32\NyQTRVw.exe MD5: 12E125FB6F7305BDF82D3821C85F46FE)
    • bRMguRb.exe (PID: 4944 cmdline: C:\Windows\System32\bRMguRb.exe MD5: F92C06BFBC0A4D85CCD7831D64DC8034)
    • urnxCEN.exe (PID: 3820 cmdline: C:\Windows\System32\urnxCEN.exe MD5: 9B5462CBA101E0E9A9CC3B4E3FF0F42B)
    • yjwCZgI.exe (PID: 4984 cmdline: C:\Windows\System32\yjwCZgI.exe MD5: 721695C3B474AFC4226E1D596741524A)
    • ODcBTbU.exe (PID: 4080 cmdline: C:\Windows\System32\ODcBTbU.exe MD5: 97CEF20B23DEE540F43EEB5A26712E57)
    • QsDlHSI.exe (PID: 4928 cmdline: C:\Windows\System32\QsDlHSI.exe MD5: 6440CA6B59386D338C2A36B13EB0A6F7)
    • NUQghJW.exe (PID: 6516 cmdline: C:\Windows\System32\NUQghJW.exe MD5: D95F7A764C614A60B96EACFB55174C3D)
    • WFQtidM.exe (PID: 592 cmdline: C:\Windows\System32\WFQtidM.exe MD5: 580C8A7235B807E754917179AA31B03D)
    • kcOtUgS.exe (PID: 1812 cmdline: C:\Windows\System32\kcOtUgS.exe MD5: DBBAE3A021BBBDD4289A0F770C7143F4)
    • CtGCMUU.exe (PID: 1380 cmdline: C:\Windows\System32\CtGCMUU.exe MD5: 3F3C9FFFE8D7C20D64DF44DEA9737C3D)
    • khzlYlB.exe (PID: 3784 cmdline: C:\Windows\System32\khzlYlB.exe MD5: 697CB4F46875AD109B35AC692025126E)
    • dNcZNsO.exe (PID: 2616 cmdline: C:\Windows\System32\dNcZNsO.exe MD5: 07414CD6932DC946A9895DF146E7EE7B)
    • tlKeaSH.exe (PID: 5072 cmdline: C:\Windows\System32\tlKeaSH.exe MD5: 6AA56D47DEDDACF6E201C525DB4A7068)
    • purtHeQ.exe (PID: 1488 cmdline: C:\Windows\System32\purtHeQ.exe MD5: EB02D786EDD3416EE862C2F991182502)
    • YrgSOdx.exe (PID: 1796 cmdline: C:\Windows\System32\YrgSOdx.exe MD5: D4536C54CE755CFDE2B091812A6E1D82)
    • NaIzQZQ.exe (PID: 6148 cmdline: C:\Windows\System32\NaIzQZQ.exe MD5: 1133A34B13F4DABFDDF454C6F7FC7110)
    • BDQRaAY.exe (PID: 1104 cmdline: C:\Windows\System32\BDQRaAY.exe MD5: 14BE554073075A590E970B10FF2F1E78)
    • EAmedTr.exe (PID: 6576 cmdline: C:\Windows\System32\EAmedTr.exe MD5: C72ADDC8E24253A63DB266F2F88EF08F)
    • OeidtHB.exe (PID: 6756 cmdline: C:\Windows\System32\OeidtHB.exe MD5: 3D178181445D102200E3FEF7332924A3)
    • ulxEuWR.exe (PID: 3656 cmdline: C:\Windows\System32\ulxEuWR.exe MD5: 4276919ABBB3DA98E3301C3FF24C52BF)
    • bpKoOax.exe (PID: 2564 cmdline: C:\Windows\System32\bpKoOax.exe MD5: D6510545F21CF2343AF1F03BDDC23C6C)
    • kCmzHfG.exe (PID: 6612 cmdline: C:\Windows\System32\kCmzHfG.exe MD5: 4E56E2D7DD6638118A23639F6E5BED34)
    • jTZhWqf.exe (PID: 2036 cmdline: C:\Windows\System32\jTZhWqf.exe MD5: B2E9AC7EEE970239A5CC0517DC6C14F9)
    • tizhzLm.exe (PID: 1880 cmdline: C:\Windows\System32\tizhzLm.exe MD5: E8E20EEAD7A02FA868A2EB1365652CAE)
    • kWmKVbB.exe (PID: 2148 cmdline: C:\Windows\System32\kWmKVbB.exe MD5: 85EA65CEA1789724114641F94421E9AD)
    • qfZMSiS.exe (PID: 2572 cmdline: C:\Windows\System32\qfZMSiS.exe MD5: ED3339A9A713DB82D408833CDCB76D09)
    • PerkPVz.exe (PID: 2804 cmdline: C:\Windows\System32\PerkPVz.exe MD5: E2785C919A05874FE7FC5912059CB424)
    • dnULvmA.exe (PID: 3124 cmdline: C:\Windows\System32\dnULvmA.exe MD5: F3BFCFC5FD1749AC3ADF08153780B6F5)
    • iXrmqoo.exe (PID: 3360 cmdline: C:\Windows\System32\iXrmqoo.exe MD5: 113BE3584286A043FDEB8C69E0DA3208)
    • EIuVwIR.exe (PID: 3560 cmdline: C:\Windows\System32\EIuVwIR.exe MD5: 9DC1188D68750D755199C7276275B8B1)
    • YfdxMIy.exe (PID: 6204 cmdline: C:\Windows\System32\YfdxMIy.exe MD5: 78C1BD2238C2BEF6362DB0C713D52B92)
    • dgZNHyj.exe (PID: 3564 cmdline: C:\Windows\System32\dgZNHyj.exe MD5: 8E2175D462688C40877D4D3D1126B74A)
    • leQcUpZ.exe (PID: 3732 cmdline: C:\Windows\System32\leQcUpZ.exe MD5: 2A016D42911E2572CE995391825D2A92)
    • TVvGYeO.exe (PID: 896 cmdline: C:\Windows\System32\TVvGYeO.exe MD5: 703388D08E4170A239DD75DAA4A8BDF1)
    • onkloSd.exe (PID: 5632 cmdline: C:\Windows\System32\onkloSd.exe MD5: 71251399E8C3773471EC83C1B35262BF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1491009389.00007FF7130E1000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
    00000023.00000002.1530111875.00007FF6AAE11000.00000040.00000001.01000000.00000024.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      0000000F.00000002.1505239783.00007FF780B91000.00000040.00000001.01000000.00000010.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000027.00000002.1534105233.00007FF64F611000.00000040.00000001.01000000.00000028.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          00000004.00000002.1487464272.00007FF79D831000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            Click to see the 33 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            19.2.purtHeQ.exe.7ff63f3f0000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              19.2.purtHeQ.exe.7ff63f3f0000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
              • 0x12d591:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
              11.2.QsDlHSI.exe.7ff744930000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                11.2.QsDlHSI.exe.7ff744930000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
                • 0x12d591:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
                18.2.tlKeaSH.exe.7ff7d1f50000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                  Click to see the 71 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Windows\System32\CnslmiL.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AMuEAdw.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DidVzfl.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CtGCMUU.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BxDaCaN.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DUFctGh.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AtsENTD.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DFzhsjf.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BtVojZD.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\ACOyQko.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\EIuVwIR.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AOQhxsp.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BzqtleM.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DqaetZp.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\ByCTYRH.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\ApNtYXM.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BSAmgMR.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\EAmedTr.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DTtAXtk.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AEbmgKr.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BVyPfAG.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AlmQZUd.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DkxEByF.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CSPmMtl.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CvjsAYd.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BihslAp.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CpJNBhW.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BxIGjlT.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BYyVCgg.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BDQRaAY.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CJKkuDs.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 92%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.7% probability
                  Machine Learning detection for dropped file
                  Source: C:\Windows\System32\CnslmiL.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AMuEAdw.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DidVzfl.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CtGCMUU.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BxDaCaN.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DUFctGh.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AtsENTD.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DFzhsjf.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BtVojZD.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\ACOyQko.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\EIuVwIR.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AOQhxsp.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BzqtleM.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DqaetZp.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\ByCTYRH.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\ApNtYXM.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BSAmgMR.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\EAmedTr.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DTtAXtk.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AEbmgKr.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BVyPfAG.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AlmQZUd.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DkxEByF.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CSPmMtl.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CvjsAYd.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BihslAp.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CpJNBhW.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BxIGjlT.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BYyVCgg.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BDQRaAY.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CJKkuDs.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.1491009389.00007FF7130E1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000023.00000002.1530111875.00007FF6AAE11000.00000040.00000001.01000000.00000024.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.1505239783.00007FF780B91000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000027.00000002.1534105233.00007FF64F611000.00000040.00000001.01000000.00000028.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1487464272.00007FF79D831000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000025.00000002.1531762604.00007FF6F31B1000.00000040.00000001.01000000.00000026.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.1500954717.00007FF744931000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.1520206441.00007FF7AB881000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.1489866046.00007FF721131000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.1512308219.00007FF787351000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1489087059.00007FF738F41000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.1528592393.00007FF6547F1000.00000040.00000001.01000000.00000023.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000026.00000002.1532732025.00007FF6EA6F1000.00000040.00000001.01000000.00000027.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.1506564947.00007FF73F461000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001A.00000002.1516688558.00007FF6269F1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.1502343200.00007FF706E91000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.1535061619.00007FF63D531000.00000040.00000001.01000000.00000029.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1493994329.00007FF795C51000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.1512588672.00007FF6CE2B1000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.1497070858.00007FF6C1A51000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.1503261478.00007FF6B6581000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.1514677050.00007FF732EC1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.1509555221.00007FF63F3F1000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.1516196193.00007FF73C121000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.1518939971.00007FF7BD7F1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.1510602848.00007FF6FC1C1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.1493458824.00007FF7BB051000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.1525011603.00007FF6C8291000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.1530752170.00007FF732FE1000.00000040.00000001.01000000.00000025.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.1508262292.00007FF7D1F51000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.1507803340.00007FF6AF791000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.1521977087.00007FF6BFC91000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.1504643914.00007FF7DA521000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.1518173894.00007FF6C80B1000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000002.1514375763.00007FF7F63C1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.1523000811.00007FF7F6521000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.1520709853.00007FF72D921000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF66B76EBF0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D89EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,4_2_00007FF79D89EBF0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738FAEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,5_2_00007FF738FAEBF0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72119EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,6_2_00007FF72119EBF0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF71314EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,7_2_00007FF71314EBF0
                  Source: C:\Windows\System32\urnxCEN.exeCode function: 8_2_00007FF795CBEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,8_2_00007FF795CBEBF0
                  Source: C:\Windows\System32\yjwCZgI.exeCode function: 9_2_00007FF7BB0BEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,9_2_00007FF7BB0BEBF0
                  Found strings related to Crypto-Mining
                  Source: VnYfUNA.exeString found in binary or memory: stratum+ssl://
                  Source: VnYfUNA.exeString found in binary or memory: cryptonight/double
                  Source: VnYfUNA.exeString found in binary or memory: stratum+tcp://
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drString found in binary or memory: http://abakus-biuro.net//a9zqemm
                  Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drString found in binary or memory: http://bemnyc.com/u8erijeq
                  Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drString found in binary or memory: http://eastend.jp/bl5kfa
                  Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drString found in binary or memory: http://fenett2018.com/dobgx
                  Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drString found in binary or memory: http://habarimoto24.com/nh

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VnYfUNA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bIkaAuF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jcnyUWd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyQTRVw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bRMguRb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urnxCEN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yjwCZgI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODcBTbU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QsDlHSI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUQghJW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WFQtidM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcOtUgS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CtGCMUU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\khzlYlB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dNcZNsO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tlKeaSH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\purtHeQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YrgSOdx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NaIzQZQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BDQRaAY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EAmedTr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OeidtHB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ulxEuWR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bpKoOax.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kCmzHfG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jTZhWqf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tizhzLm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kWmKVbB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qfZMSiS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PerkPVz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dnULvmA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iXrmqoo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EIuVwIR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfdxMIy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dgZNHyj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\leQcUpZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TVvGYeO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\onkloSd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJXSYZw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\igBUVJa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TThpyBV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvTBMbj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeTsgVg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sAIFVZs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lFCXyhy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wQLXnvy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZXpXprY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kQWzsiZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysATWub.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gryDQnK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DTtAXtk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YqZAYCh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sckivUs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUTESmb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kJKNrrq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTtlbMT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GGwjxCd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCMKsbF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVpsUlM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zNwklTy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwrTqiM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyJnahZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rjIteOz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NmGXkLf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zwUwyun.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CJKkuDs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pywYtWb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biRfUfo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnGUQzq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bXuGBXO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dyGPlqF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ptxhrCA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wzMhfwL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GSZfKir.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sUyqMdO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wmqBXvH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrkVtmd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CvjsAYd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EkRQFxJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tPjVJkZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUYZgKx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rHbibYS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BtVojZD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mmNbuQQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rwdjFzY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KknUyhA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZGJJqgk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\toxqCjT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YbGAwak.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dmaafTQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ztldFeA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ktUKQGB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NARJDKG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MpWfXty.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXeZCvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfQtiGn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lcXqCuq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vVNNzfk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vvYHGgY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NKHpvXf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WlFpFEG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvtKXyI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOEJStF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPwRGWN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\scdQUOw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nthnzIV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\avakYZH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Njsquvm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EXWDvEz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TPGgdFl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyzFIdo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OVKsVjk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVbMnbu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQQgXXK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WXYWrDV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AEbmgKr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RrXxnLK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YlGorhY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YQVsEch.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ryWIDGN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEoaLTP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZbhesDT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MjTkVAq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EKOSilO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\StNdznI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTfxEHA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fbsOELi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\phjebwL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IUOOQRj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Owwdyfl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LVOAoyf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FhlszaQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oNkODZX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dDtDLHD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uolcsKh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IFmsxdu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SRAKIgS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XODUUPe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\twdmntG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yfBRNjZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hlaiAXN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mYmXotx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dGceAQD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BSAmgMR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lhUuhgW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NREQyWy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LViLDgE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEIpOYd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxIGjlT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PsPYQIL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FejCdzl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WzZvjXk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qLFpkyL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WqXimyX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gJfLIkn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eURhaaq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LalIpAN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEsjqCF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CSPmMtl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcTuRbs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AMuEAdw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GclqrUY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tawwJws.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdPyZTm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MHLbrud.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hLZDZXQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\huDYzjy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LoQJpKn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HPQHWRf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qnwzIYG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NOZziQl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuukKJw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSTdbqi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\raQtysG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OEUrUQd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YGfIDfV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fiQoDpS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MGzbrnO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VYQDcrW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eysETzm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VKffrdq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cpzBcQW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZNTnROi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOQhxsp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJCJVli.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqKVuGv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\juRRbWT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Ofjsurf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wwYZKEK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FbYGtmf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pdDIOxl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhauwZm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pbrsmwX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cfnMrSt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EhgZFQv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GMzJhGN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QlrrAWr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BihslAp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MSMdCif.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uWhVEOL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uenbslS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLaokfk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iFNQXDN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mrWQLEP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ApNtYXM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zscTvPp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcuxjwf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hOtQuIc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxDaCaN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KcRJXPZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\auNdheo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mVeLdBO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jfozzXV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lEZxRNn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ThUbzwp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nDxtiiw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyaqMPu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HnFkqxU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FKiQFhm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NqtVQAf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ltytQGi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gCwOtYl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WQfkGca.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YSdFoTl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\USJJelL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QAiGqNb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urlTnoj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ufXvwcd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KpKSjOq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBTsLgc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVETfuw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dFVXJJP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ACOyQko.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RiXVDoR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wlFgCWZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lzyiWde.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OvMacMA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FXlfLgD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJHKyUH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aBFaHyB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxEhkcb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBCoAZz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DidVzfl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aTbWXFt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZHbbuyV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WAadpRI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\buTLxRn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZPbxJBg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmArRG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ySISxgi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qaosjzf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yOOmCzV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZDInXvu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvjDyvL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbfFUBN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pWpMupI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NeDxvFE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GQbhKtv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mzTefuh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QdIDwgP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UKSFPqC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nklGrbU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YCtLpfR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AtsENTD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vzQsfTD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lxNZCSl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HbtcKta.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\caCYhXO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SStjyeF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FvcymNb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUzrJhf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RLkhMKB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bosjKmA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TYjzunq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ERQoRPm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\heSposr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NismUEF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BzqtleM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CnslmiL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EduFCUz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipSPLpG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XtYrgrE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iwtHoSn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eHQNumx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eaIIdzi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\arGCgTC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xOFVnEt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WCxbejU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vcZfLey.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qJwMNFF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\npKAqbE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DkxEByF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sFCsFSy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnfhVHJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xbNnfWz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysGrSzS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eIXVBZJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PveCbOn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HWVrnQY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DUFctGh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BYyVCgg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIkBMuV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CpJNBhW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LQcSNEY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUGCwZs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iSmQsnc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FpKaoqH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbREdEh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EdoJevv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tLZVeAL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DqaetZp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pxyqeBW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TiJXIOW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lbvtdts.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NugSADC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVcAZEf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LccHBBJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFNNXcc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KwHrtOt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gXRpWMk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uDxTgCB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wCvATWl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipKMruV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rKjUVqd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wFCiUxj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFPbAGj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uuEcvKg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZozZouR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SCUtGmI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZQREVkQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gKWutyC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nJsAjeN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hYxTNod.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNauFZd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgKqoCT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AlmQZUd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aGskKzf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBJLquS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VpreOML.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BVyPfAG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ibxPLHw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vZKJapN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XNKaYQF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MnoIUSg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YiUcCIC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DFzhsjf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\moNzgxD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wDdVPes.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nrbVMPg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTkxDDL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ByCTYRH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zStyRhG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mhFlPMp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kAvcvMe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fTvMnGo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQKRLhi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCmnkEl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TsvTSDe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TUEKfLK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fggtuAI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJqkWee.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Jtfotww.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FMSBKwx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jQvONnt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OHlpuMI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUCONsL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFSInIN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFzAISt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSMPQOu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwzttYD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GlEZGgb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aCNewAK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TAZaUOv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RUWymnC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lZYCJzL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FUOWxsn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OdXSJgr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SNbeoeM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rZgavmv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKkeYCO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmxqcfL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eLGbTft.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tEZdSza.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TzFLQWr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ooexJtv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aIIttDk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LsasdiQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wOtJPek.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HAKFCDP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YGrYdLP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JJriMNs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GIfoEBK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\btWqxiq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VdCGeBm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cafrTqt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XmZUkiV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CXSdyVU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gLnOzOH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IXsxZGR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vYCRjRI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DHultxg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FjoGAAA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PRcexDr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ywPWptN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HQXGweR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DGYuaZz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CJHoRMr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cDKkUOr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sylZhdr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HRjhxrB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GRRqKAR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Mylhgiv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sxCtJKa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fCvNBss.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aqFNBwX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DQFIhzu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cxHzEgq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ifymaKl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EQOBNTm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JLBrUFz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ikLRdOu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WXJcTYo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TgBaihG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UFWxfBg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DuAXfxs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoMFJtT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PKUIisR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MjAMXWy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gyAEwDN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZnGMtvm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Ibdmwrk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oHLoNex.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FnHQfRA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zistvYd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jyKxKVn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ycApKVj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qcbgnNO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gJhypTL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hzANoJm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\twPTRuC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vzPJSrc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EAvNYpv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sUVYEIu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QTzYPqq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EliKOUk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gohZjvn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hQynOqQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JHaUAgd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VntnNZy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zopMtOf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vhTmABy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TJyTvWn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NYchaxO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bNPeiID.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SaMMymA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HyEdeTC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xbLLjrh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cOLuUOa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DcxdWdi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yXBVYUa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YEQUJWR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oHDKNMG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JNQUPCn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tVqILdt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ykPWwlk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JqULrat.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rrMUCCS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SaYojjk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UHpcGoe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\setTVeS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GhjuuCG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ggVzJmu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aWdOriN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KPTQYzx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GujjqWa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\adPKdcX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MRNCjwd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\icmBSTH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uZcXlXr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sTjnXod.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XRoZkoL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mciynve.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zhRBVsb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bKfpVKI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uvgREfG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YahmPDr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RsiKeda.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dXZPqwv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KZEfjJT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IolcmoB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xrOmMag.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rdXKyvf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BXgRYBK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhOqAwl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\clbqhMI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AqDqECg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OTWxyBM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fuyznPl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MRGsLNI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\khCvPEB.exeJump to behavior
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F94D03_2_00007FF66B7F94D0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B803CE03_2_00007FF66B803CE0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7634B43_2_00007FF66B7634B4
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B718CF03_2_00007FF66B718CF0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FED003_2_00007FF66B7FED00
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7DBD003_2_00007FF66B7DBD00
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7315003_2_00007FF66B731500
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71CD103_2_00007FF66B71CD10
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71DD103_2_00007FF66B71DD10
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7D9D203_2_00007FF66B7D9D20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7C6D1C3_2_00007FF66B7C6D1C
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7BAD303_2_00007FF66B7BAD30
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7305303_2_00007FF66B730530
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B730C403_2_00007FF66B730C40
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7ED4503_2_00007FF66B7ED450
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FFC503_2_00007FF66B7FFC50
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B721C503_2_00007FF66B721C50
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7204603_2_00007FF66B720460
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F8C703_2_00007FF66B7F8C70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B746C703_2_00007FF66B746C70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B722C803_2_00007FF66B722C80
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8054A03_2_00007FF66B8054A0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FE4A03_2_00007FF66B7FE4A0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F4BD03_2_00007FF66B7F4BD0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B719BE03_2_00007FF66B719BE0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F34103_2_00007FF66B7F3410
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7244103_2_00007FF66B724410
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F3C203_2_00007FF66B7F3C20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7073503_2_00007FF66B707350
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FA4203_2_00007FF66B7FA420
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7C9C203_2_00007FF66B7C9C20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7214203_2_00007FF66B721420
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7B6B443_2_00007FF66B7B6B44
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B80F3403_2_00007FF66B80F340
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B736B803_2_00007FF66B736B80
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71FB803_2_00007FF66B71FB80
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7C93883_2_00007FF66B7C9388
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7473A03_2_00007FF66B7473A0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7E4BB03_2_00007FF66B7E4BB0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8062C03_2_00007FF66B8062C0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B732AC03_2_00007FF66B732AC0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7092E03_2_00007FF66B7092E0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B738B103_2_00007FF66B738B10
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7CCB203_2_00007FF66B7CCB20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71BA403_2_00007FF66B71BA40
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B805A603_2_00007FF66B805A60
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B800A603_2_00007FF66B800A60
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B728A703_2_00007FF66B728A70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7459C03_2_00007FF66B7459C0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FA9D03_2_00007FF66B7FA9D0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B80C9F03_2_00007FF66B80C9F0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B80E1F03_2_00007FF66B80E1F0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F59F03_2_00007FF66B7F59F0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8002003_2_00007FF66B800200
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8072103_2_00007FF66B807210
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B748A203_2_00007FF66B748A20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FB2303_2_00007FF66B7FB230
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7302303_2_00007FF66B730230
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F69403_2_00007FF66B7F6940
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7631653_2_00007FF66B763165
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F39703_2_00007FF66B7F3970
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FC1803_2_00007FF66B7FC180
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B80C1903_2_00007FF66B80C190
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71C9803_2_00007FF66B71C980
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F51903_2_00007FF66B7F5190
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8019B03_2_00007FF66B8019B0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7E58C03_2_00007FF66B7E58C0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7371203_2_00007FF66B737120
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7381203_2_00007FF66B738120
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B72D8603_2_00007FF66B72D860
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7ED0703_2_00007FF66B7ED070
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B73A8703_2_00007FF66B73A870
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7070F03_2_00007FF66B7070F0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B80F8903_2_00007FF66B80F890
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71D0A03_2_00007FF66B71D0A0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8077C03_2_00007FF66B8077C0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7197E03_2_00007FF66B7197E0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B702F803_2_00007FF66B702F80
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B74CFF03_2_00007FF66B74CFF0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B72A8103_2_00007FF66B72A810
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7470103_2_00007FF66B747010
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8080203_2_00007FF66B808020
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7480203_2_00007FF66B748020
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B73B8303_2_00007FF66B73B830
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B70D0303_2_00007FF66B70D030
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7347403_2_00007FF66B734740
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F77603_2_00007FF66B7F7760
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B808F703_2_00007FF66B808F70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B801F703_2_00007FF66B801F70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71C7703_2_00007FF66B71C770
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FCF903_2_00007FF66B7FCF90
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B739F903_2_00007FF66B739F90
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B74B7903_2_00007FF66B74B790
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8027B03_2_00007FF66B8027B0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B74A7B03_2_00007FF66B74A7B0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F36C03_2_00007FF66B7F36C0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FDEE03_2_00007FF66B7FDEE0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F6F003_2_00007FF66B7F6F00
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8037003_2_00007FF66B803700
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71E7003_2_00007FF66B71E700
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7FC7303_2_00007FF66B7FC730
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B72B7303_2_00007FF66B72B730
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B71EE403_2_00007FF66B71EE40
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B729E703_2_00007FF66B729E70
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7F86B03_2_00007FF66B7F86B0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B728EB03_2_00007FF66B728EB0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B749EB03_2_00007FF66B749EB0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7D1DF43_2_00007FF66B7D1DF4
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7AFDEC3_2_00007FF66B7AFDEC
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7E2E103_2_00007FF66B7E2E10
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7336103_2_00007FF66B733610
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B761E203_2_00007FF66B761E20
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7295403_2_00007FF66B729540
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B8045503_2_00007FF66B804550
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B736D903_2_00007FF66B736D90
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B70ED903_2_00007FF66B70ED90
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B710D903_2_00007FF66B710D90
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B731DA03_2_00007FF66B731DA0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9236C04_2_00007FF79D9236C0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D858EB04_2_00007FF79D858EB0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D879EB04_2_00007FF79D879EB0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9286B04_2_00007FF79D9286B0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D926F004_2_00007FF79D926F00
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9337004_2_00007FF79D933700
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92DEE04_2_00007FF79D92DEE0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84E7004_2_00007FF79D84E700
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D891E204_2_00007FF79D891E20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84EE404_2_00007FF79D84EE40
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D859E704_2_00007FF79D859E70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D861DA04_2_00007FF79D861DA0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D901DF44_2_00007FF79D901DF4
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8DFDEC4_2_00007FF79D8DFDEC
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D912E104_2_00007FF79D912E10
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8636104_2_00007FF79D863610
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8EAD304_2_00007FF79D8EAD30
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8605304_2_00007FF79D860530
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9345504_2_00007FF79D934550
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D909D204_2_00007FF79D909D20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8595404_2_00007FF79D859540
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D83ED904_2_00007FF79D83ED90
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D840D904_2_00007FF79D840D90
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D866D904_2_00007FF79D866D90
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9158C04_2_00007FF79D9158C0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84D0A04_2_00007FF79D84D0A0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8370F04_2_00007FF79D8370F0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D83D0304_2_00007FF79D83D030
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D86B8304_2_00007FF79D86B830
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8780204_2_00007FF79D878020
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9380204_2_00007FF79D938020
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D86A8704_2_00007FF79D86A870
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D93F8904_2_00007FF79D93F890
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D85D8604_2_00007FF79D85D860
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D91D0704_2_00007FF79D91D070
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9377C04_2_00007FF79D9377C0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D87A7B04_2_00007FF79D87A7B0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9327B04_2_00007FF79D9327B0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D87CFF04_2_00007FF79D87CFF0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8497E04_2_00007FF79D8497E0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D85A8104_2_00007FF79D85A810
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8770104_2_00007FF79D877010
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D85B7304_2_00007FF79D85B730
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92C7304_2_00007FF79D92C730
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8647404_2_00007FF79D864740
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84C7704_2_00007FF79D84C770
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92CF904_2_00007FF79D92CF90
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9277604_2_00007FF79D927760
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D87B7904_2_00007FF79D87B790
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D869F904_2_00007FF79D869F90
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D938F704_2_00007FF79D938F70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D832F804_2_00007FF79D832F80
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D931F704_2_00007FF79D931F70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9362C04_2_00007FF79D9362C0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D862AC04_2_00007FF79D862AC0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8392E04_2_00007FF79D8392E0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D868B104_2_00007FF79D868B10
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8602304_2_00007FF79D860230
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D878A204_2_00007FF79D878A20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92B2304_2_00007FF79D92B230
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84BA404_2_00007FF79D84BA40
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D858A704_2_00007FF79D858A70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D935A604_2_00007FF79D935A60
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D930A604_2_00007FF79D930A60
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92A9D04_2_00007FF79D92A9D0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9319B04_2_00007FF79D9319B0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8759C04_2_00007FF79D8759C0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9302004_2_00007FF79D930200
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9372104_2_00007FF79D937210
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9259F04_2_00007FF79D9259F0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D93C9F04_2_00007FF79D93C9F0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D93E1F04_2_00007FF79D93E1F0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8F41F84_2_00007FF79D8F41F8
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9269404_2_00007FF79D926940
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8671204_2_00007FF79D867120
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8681204_2_00007FF79D868120
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92C1804_2_00007FF79D92C180
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8931654_2_00007FF79D893165
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9251904_2_00007FF79D925190
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D93C1904_2_00007FF79D93C190
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9239704_2_00007FF79D923970
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84C9804_2_00007FF79D84C980
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9294D04_2_00007FF79D9294D0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9354A04_2_00007FF79D9354A0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92E4A04_2_00007FF79D92E4A0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D90BD004_2_00007FF79D90BD00
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8934B44_2_00007FF79D8934B4
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92ED004_2_00007FF79D92ED00
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D848CF04_2_00007FF79D848CF0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D933CE04_2_00007FF79D933CE0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84CD104_2_00007FF79D84CD10
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84DD104_2_00007FF79D84DD10
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8615004_2_00007FF79D861500
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8F9C204_2_00007FF79D8F9C20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D91D4504_2_00007FF79D91D450
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92FC504_2_00007FF79D92FC50
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8514204_2_00007FF79D851420
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D923C204_2_00007FF79D923C20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D92A4204_2_00007FF79D92A420
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D851C504_2_00007FF79D851C50
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D860C404_2_00007FF79D860C40
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D876C704_2_00007FF79D876C70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8504604_2_00007FF79D850460
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D928C704_2_00007FF79D928C70
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D852C804_2_00007FF79D852C80
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D924BD04_2_00007FF79D924BD0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8773A04_2_00007FF79D8773A0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D914BB04_2_00007FF79D914BB0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D9234104_2_00007FF79D923410
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D849BE04_2_00007FF79D849BE0
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8544104_2_00007FF79D854410
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D93F3404_2_00007FF79D93F340
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8FCB204_2_00007FF79D8FCB20
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8373504_2_00007FF79D837350
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8E6B444_2_00007FF79D8E6B44
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8F93884_2_00007FF79D8F9388
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D866B804_2_00007FF79D866B80
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D84FB804_2_00007FF79D84FB80
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F88A205_2_00007FF738F88A20
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903B2305_2_00007FF73903B230
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F702305_2_00007FF738F70230
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5BA405_2_00007FF738F5BA40
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739045A605_2_00007FF739045A60
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739040A605_2_00007FF739040A60
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F68A705_2_00007FF738F68A70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F72AC05_2_00007FF738F72AC0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390462C05_2_00007FF7390462C0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F492E05_2_00007FF738F492E0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F78B105_2_00007FF738F78B10
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F781205_2_00007FF738F78120
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F771205_2_00007FF738F77120
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390369405_2_00007FF739036940
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738FA31655_2_00007FF738FA3165
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390339705_2_00007FF739033970
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390351905_2_00007FF739035190
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5C9805_2_00007FF738F5C980
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73904C1905_2_00007FF73904C190
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903C1805_2_00007FF73903C180
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390419B05_2_00007FF7390419B0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903A9D05_2_00007FF73903A9D0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F859C05_2_00007FF738F859C0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390359F05_2_00007FF7390359F0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73904C9F05_2_00007FF73904C9F0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73904E1F05_2_00007FF73904E1F0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390472105_2_00007FF739047210
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390041F85_2_00007FF7390041F8
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390402005_2_00007FF739040200
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F614205_2_00007FF738F61420
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903A4205_2_00007FF73903A420
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739033C205_2_00007FF739033C20
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903FC505_2_00007FF73903FC50
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73902D4505_2_00007FF73902D450
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F70C405_2_00007FF738F70C40
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F61C505_2_00007FF738F61C50
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739038C705_2_00007FF739038C70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F604605_2_00007FF738F60460
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F86C705_2_00007FF738F86C70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F62C805_2_00007FF738F62C80
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390454A05_2_00007FF7390454A0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903E4A05_2_00007FF73903E4A0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390394D05_2_00007FF7390394D0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739043CE05_2_00007FF739043CE0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738FA34B45_2_00007FF738FA34B4
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F58CF05_2_00007FF738F58CF0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F715005_2_00007FF738F71500
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73901BD005_2_00007FF73901BD00
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903ED005_2_00007FF73903ED00
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5CD105_2_00007FF738F5CD10
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5DD105_2_00007FF738F5DD10
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F473505_2_00007FF738F47350
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73904F3405_2_00007FF73904F340
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5FB805_2_00007FF738F5FB80
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F76B805_2_00007FF738F76B80
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739024BB05_2_00007FF739024BB0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F873A05_2_00007FF738F873A0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739034BD05_2_00007FF739034BD0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F59BE05_2_00007FF738F59BE0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390334105_2_00007FF739033410
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F644105_2_00007FF738F64410
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738FA1E205_2_00007FF738FA1E20
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5EE405_2_00007FF738F5EE40
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F69E705_2_00007FF738F69E70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390386B05_2_00007FF7390386B0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F89EB05_2_00007FF738F89EB0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F68EB05_2_00007FF738F68EB0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390336C05_2_00007FF7390336C0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903DEE05_2_00007FF73903DEE0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5E7005_2_00007FF738F5E700
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390437005_2_00007FF739043700
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739036F005_2_00007FF739036F00
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739019D205_2_00007FF739019D20
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F705305_2_00007FF738F70530
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390445505_2_00007FF739044550
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F695405_2_00007FF738F69540
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F4ED905_2_00007FF738F4ED90
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F50D905_2_00007FF738F50D90
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F76D905_2_00007FF738F76D90
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F71DA05_2_00007FF738F71DA0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739022E105_2_00007FF739022E10
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F736105_2_00007FF738F73610
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F880205_2_00007FF738F88020
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390480205_2_00007FF739048020
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F4D0305_2_00007FF738F4D030
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F7B8305_2_00007FF738F7B830
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73902D0705_2_00007FF73902D070
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F6D8605_2_00007FF738F6D860
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F7A8705_2_00007FF738F7A870
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73904F8905_2_00007FF73904F890
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5D0A05_2_00007FF738F5D0A0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390258C05_2_00007FF7390258C0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F470F05_2_00007FF738F470F0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903C7305_2_00007FF73903C730
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F6B7305_2_00007FF738F6B730
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F747405_2_00007FF738F74740
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739041F705_2_00007FF739041F70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF739048F705_2_00007FF739048F70
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390377605_2_00007FF739037760
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F5C7705_2_00007FF738F5C770
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F42F805_2_00007FF738F42F80
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF73903CF905_2_00007FF73903CF90
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F8B7905_2_00007FF738F8B790
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F79F905_2_00007FF738F79F90
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390427B05_2_00007FF7390427B0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F8A7B05_2_00007FF738F8A7B0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF7390477C05_2_00007FF7390477C0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F597E05_2_00007FF738F597E0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F8CFF05_2_00007FF738F8CFF0
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F870105_2_00007FF738F87010
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F6A8105_2_00007FF738F6A810
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114BA406_2_00007FF72114BA40
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122B2306_2_00007FF72122B230
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721178A206_2_00007FF721178A20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211602306_2_00007FF721160230
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721235A606_2_00007FF721235A60
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721230A606_2_00007FF721230A60
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721158A706_2_00007FF721158A70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721162AC06_2_00007FF721162AC0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212362C06_2_00007FF7212362C0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721168B106_2_00007FF721168B10
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211392E06_2_00007FF7211392E0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212269406_2_00007FF721226940
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211671206_2_00007FF721167120
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211681206_2_00007FF721168120
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212251906_2_00007FF721225190
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72123C1906_2_00007FF72123C190
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114C9806_2_00007FF72114C980
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122C1806_2_00007FF72122C180
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211931656_2_00007FF721193165
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212239706_2_00007FF721223970
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122A9D06_2_00007FF72122A9D0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211759C06_2_00007FF7211759C0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212319B06_2_00007FF7212319B0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212372106_2_00007FF721237210
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211F41F86_2_00007FF7211F41F8
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212302006_2_00007FF721230200
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212259F06_2_00007FF7212259F0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72123C9F06_2_00007FF72123C9F0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72123E1F06_2_00007FF72123E1F0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72121D4506_2_00007FF72121D450
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122FC506_2_00007FF72122FC50
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721160C406_2_00007FF721160C40
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721151C506_2_00007FF721151C50
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211F9C206_2_00007FF7211F9C20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211514206_2_00007FF721151420
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721223C206_2_00007FF721223C20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122A4206_2_00007FF72122A420
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721152C806_2_00007FF721152C80
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721228C706_2_00007FF721228C70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211504606_2_00007FF721150460
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721176C706_2_00007FF721176C70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212294D06_2_00007FF7212294D0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212354A06_2_00007FF7212354A0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122E4A06_2_00007FF72122E4A0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211615006_2_00007FF721161500
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72120BD006_2_00007FF72120BD00
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122ED006_2_00007FF72122ED00
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114CD106_2_00007FF72114CD10
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114DD106_2_00007FF72114DD10
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211934B46_2_00007FF7211934B4
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721233CE06_2_00007FF721233CE0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721148CF06_2_00007FF721148CF0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211E6B446_2_00007FF7211E6B44
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72123F3406_2_00007FF72123F340
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211373506_2_00007FF721137350
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211FCB206_2_00007FF7211FCB20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721166B806_2_00007FF721166B80
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114FB806_2_00007FF72114FB80
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211F93886_2_00007FF7211F9388
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721224BD06_2_00007FF721224BD0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721214BB06_2_00007FF721214BB0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211773A06_2_00007FF7211773A0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212234106_2_00007FF721223410
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211544106_2_00007FF721154410
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721149BE06_2_00007FF721149BE0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114EE406_2_00007FF72114EE40
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721191E206_2_00007FF721191E20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721159E706_2_00007FF721159E70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212236C06_2_00007FF7212236C0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212286B06_2_00007FF7212286B0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721158EB06_2_00007FF721158EB0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721179EB06_2_00007FF721179EB0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114E7006_2_00007FF72114E700
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721226F006_2_00007FF721226F00
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212337006_2_00007FF721233700
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122DEE06_2_00007FF72122DEE0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212345506_2_00007FF721234550
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211595406_2_00007FF721159540
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211EAD306_2_00007FF7211EAD30
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721209D206_2_00007FF721209D20
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211605306_2_00007FF721160530
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72113ED906_2_00007FF72113ED90
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721140D906_2_00007FF721140D90
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721166D906_2_00007FF721166D90
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721161DA06_2_00007FF721161DA0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721212E106_2_00007FF721212E10
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211636106_2_00007FF721163610
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721201DF46_2_00007FF721201DF4
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211DFDEC6_2_00007FF7211DFDEC
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211780206_2_00007FF721178020
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72113D0306_2_00007FF72113D030
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212380206_2_00007FF721238020
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72116B8306_2_00007FF72116B830
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72123F8906_2_00007FF72123F890
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72121D0706_2_00007FF72121D070
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72115D8606_2_00007FF72115D860
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72116A8706_2_00007FF72116A870
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212158C06_2_00007FF7212158C0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114D0A06_2_00007FF72114D0A0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211370F06_2_00007FF7211370F0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211647406_2_00007FF721164740
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122C7306_2_00007FF72122C730
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72115B7306_2_00007FF72115B730
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721132F806_2_00007FF721132F80
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72122CF906_2_00007FF72122CF90
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72117B7906_2_00007FF72117B790
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721169F906_2_00007FF721169F90
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721238F706_2_00007FF721238F70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721231F706_2_00007FF721231F70
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212277606_2_00007FF721227760
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72114C7706_2_00007FF72114C770
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212377C06_2_00007FF7212377C0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7212327B06_2_00007FF7212327B0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72117A7B06_2_00007FF72117A7B0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72115A8106_2_00007FF72115A810
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211770106_2_00007FF721177010
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211497E06_2_00007FF7211497E0
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF72117CFF06_2_00007FF72117CFF0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713110C407_2_00007FF713110C40
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131DFC507_2_00007FF7131DFC50
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131CD4507_2_00007FF7131CD450
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131014207_2_00007FF713101420
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131A9C207_2_00007FF7131A9C20
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131DA4207_2_00007FF7131DA420
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131D3C207_2_00007FF7131D3C20
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713101C507_2_00007FF713101C50
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131004607_2_00007FF713100460
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131D8C707_2_00007FF7131D8C70
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713102C807_2_00007FF713102C80
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713126C707_2_00007FF713126C70
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131D94D07_2_00007FF7131D94D0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131E54A07_2_00007FF7131E54A0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131DE4A07_2_00007FF7131DE4A0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131BBD007_2_00007FF7131BBD00
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131DED007_2_00007FF7131DED00
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130F8CF07_2_00007FF7130F8CF0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131115007_2_00007FF713111500
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131E3CE07_2_00007FF7131E3CE0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130FCD107_2_00007FF7130FCD10
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130FDD107_2_00007FF7130FDD10
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131434B47_2_00007FF7131434B4
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713196B447_2_00007FF713196B44
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131EF3407_2_00007FF7131EF340
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131ACB207_2_00007FF7131ACB20
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130E73507_2_00007FF7130E7350
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF713116B807_2_00007FF713116B80
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131A93887_2_00007FF7131A9388
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130FFB807_2_00007FF7130FFB80
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131D4BD07_2_00007FF7131D4BD0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131273A07_2_00007FF7131273A0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131C4BB07_2_00007FF7131C4BB0
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7131D34107_2_00007FF7131D3410
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130F9BE07_2_00007FF7130F9BE0
                  Source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: classification engineClassification label: mal100.evad.mine.winEXE@2446/385@0/0
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6272:120:WilError_03
                  Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjksd
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeReversingLabs: Detection: 92%
                  Source: VnYfUNA.exeString found in binary or memory: --help
                  Source: VnYfUNA.exeString found in binary or memory: --help
                  Source: bIkaAuF.exeString found in binary or memory: --help
                  Source: bIkaAuF.exeString found in binary or memory: --help
                  Source: jcnyUWd.exeString found in binary or memory: --help
                  Source: jcnyUWd.exeString found in binary or memory: --help
                  Source: NyQTRVw.exeString found in binary or memory: --help
                  Source: NyQTRVw.exeString found in binary or memory: --help
                  Source: bRMguRb.exeString found in binary or memory: --help
                  Source: bRMguRb.exeString found in binary or memory: --help
                  Source: urnxCEN.exeString found in binary or memory: --help
                  Source: urnxCEN.exeString found in binary or memory: --help
                  Source: yjwCZgI.exeString found in binary or memory: --help
                  Source: yjwCZgI.exeString found in binary or memory: --help
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VnYfUNA.exe C:\Windows\System32\VnYfUNA.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bIkaAuF.exe C:\Windows\System32\bIkaAuF.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\jcnyUWd.exe C:\Windows\System32\jcnyUWd.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NyQTRVw.exe C:\Windows\System32\NyQTRVw.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bRMguRb.exe C:\Windows\System32\bRMguRb.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\urnxCEN.exe C:\Windows\System32\urnxCEN.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\yjwCZgI.exe C:\Windows\System32\yjwCZgI.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ODcBTbU.exe C:\Windows\System32\ODcBTbU.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\QsDlHSI.exe C:\Windows\System32\QsDlHSI.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NUQghJW.exe C:\Windows\System32\NUQghJW.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WFQtidM.exe C:\Windows\System32\WFQtidM.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kcOtUgS.exe C:\Windows\System32\kcOtUgS.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\CtGCMUU.exe C:\Windows\System32\CtGCMUU.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\khzlYlB.exe C:\Windows\System32\khzlYlB.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dNcZNsO.exe C:\Windows\System32\dNcZNsO.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\tlKeaSH.exe C:\Windows\System32\tlKeaSH.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\purtHeQ.exe C:\Windows\System32\purtHeQ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YrgSOdx.exe C:\Windows\System32\YrgSOdx.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NaIzQZQ.exe C:\Windows\System32\NaIzQZQ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\BDQRaAY.exe C:\Windows\System32\BDQRaAY.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\EAmedTr.exe C:\Windows\System32\EAmedTr.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\OeidtHB.exe C:\Windows\System32\OeidtHB.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ulxEuWR.exe C:\Windows\System32\ulxEuWR.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bpKoOax.exe C:\Windows\System32\bpKoOax.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kCmzHfG.exe C:\Windows\System32\kCmzHfG.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\jTZhWqf.exe C:\Windows\System32\jTZhWqf.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\tizhzLm.exe C:\Windows\System32\tizhzLm.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kWmKVbB.exe C:\Windows\System32\kWmKVbB.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\qfZMSiS.exe C:\Windows\System32\qfZMSiS.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\PerkPVz.exe C:\Windows\System32\PerkPVz.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dnULvmA.exe C:\Windows\System32\dnULvmA.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\iXrmqoo.exe C:\Windows\System32\iXrmqoo.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\EIuVwIR.exe C:\Windows\System32\EIuVwIR.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YfdxMIy.exe C:\Windows\System32\YfdxMIy.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dgZNHyj.exe C:\Windows\System32\dgZNHyj.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\leQcUpZ.exe C:\Windows\System32\leQcUpZ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\TVvGYeO.exe C:\Windows\System32\TVvGYeO.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\onkloSd.exe C:\Windows\System32\onkloSd.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VnYfUNA.exe C:\Windows\System32\VnYfUNA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bIkaAuF.exe C:\Windows\System32\bIkaAuF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\jcnyUWd.exe C:\Windows\System32\jcnyUWd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NyQTRVw.exe C:\Windows\System32\NyQTRVw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bRMguRb.exe C:\Windows\System32\bRMguRb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\urnxCEN.exe C:\Windows\System32\urnxCEN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\yjwCZgI.exe C:\Windows\System32\yjwCZgI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ODcBTbU.exe C:\Windows\System32\ODcBTbU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\QsDlHSI.exe C:\Windows\System32\QsDlHSI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NUQghJW.exe C:\Windows\System32\NUQghJW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WFQtidM.exe C:\Windows\System32\WFQtidM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kcOtUgS.exe C:\Windows\System32\kcOtUgS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\CtGCMUU.exe C:\Windows\System32\CtGCMUU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\khzlYlB.exe C:\Windows\System32\khzlYlB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dNcZNsO.exe C:\Windows\System32\dNcZNsO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\tlKeaSH.exe C:\Windows\System32\tlKeaSH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\purtHeQ.exe C:\Windows\System32\purtHeQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YrgSOdx.exe C:\Windows\System32\YrgSOdx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NaIzQZQ.exe C:\Windows\System32\NaIzQZQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\BDQRaAY.exe C:\Windows\System32\BDQRaAY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\EAmedTr.exe C:\Windows\System32\EAmedTr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\OeidtHB.exe C:\Windows\System32\OeidtHB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ulxEuWR.exe C:\Windows\System32\ulxEuWR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\bpKoOax.exe C:\Windows\System32\bpKoOax.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kCmzHfG.exe C:\Windows\System32\kCmzHfG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\jTZhWqf.exe C:\Windows\System32\jTZhWqf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\tizhzLm.exe C:\Windows\System32\tizhzLm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\kWmKVbB.exe C:\Windows\System32\kWmKVbB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\qfZMSiS.exe C:\Windows\System32\qfZMSiS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\PerkPVz.exe C:\Windows\System32\PerkPVz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dnULvmA.exe C:\Windows\System32\dnULvmA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\iXrmqoo.exe C:\Windows\System32\iXrmqoo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\EIuVwIR.exe C:\Windows\System32\EIuVwIR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YfdxMIy.exe C:\Windows\System32\YfdxMIy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dgZNHyj.exe C:\Windows\System32\dgZNHyj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\leQcUpZ.exe C:\Windows\System32\leQcUpZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\TVvGYeO.exe C:\Windows\System32\TVvGYeO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\onkloSd.exe C:\Windows\System32\onkloSd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\VnYfUNA.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\VnYfUNA.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\bIkaAuF.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\bIkaAuF.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\jcnyUWd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\jcnyUWd.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\NyQTRVw.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\NyQTRVw.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\bRMguRb.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\bRMguRb.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\urnxCEN.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\urnxCEN.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\yjwCZgI.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\yjwCZgI.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\ODcBTbU.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\ODcBTbU.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\QsDlHSI.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\QsDlHSI.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\NUQghJW.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\NUQghJW.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WFQtidM.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\WFQtidM.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\kcOtUgS.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\kcOtUgS.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\CtGCMUU.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\CtGCMUU.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\khzlYlB.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\khzlYlB.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\dNcZNsO.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\dNcZNsO.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\tlKeaSH.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\tlKeaSH.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\purtHeQ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\purtHeQ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\YrgSOdx.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\YrgSOdx.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\NaIzQZQ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\NaIzQZQ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\BDQRaAY.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\BDQRaAY.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\EAmedTr.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\EAmedTr.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\OeidtHB.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\OeidtHB.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\ulxEuWR.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\ulxEuWR.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\bpKoOax.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\bpKoOax.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\kCmzHfG.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\kCmzHfG.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\jTZhWqf.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\jTZhWqf.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\tizhzLm.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\tizhzLm.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\kWmKVbB.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\kWmKVbB.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\qfZMSiS.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\qfZMSiS.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\PerkPVz.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\PerkPVz.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\dnULvmA.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\dnULvmA.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\iXrmqoo.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\iXrmqoo.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\EIuVwIR.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\EIuVwIR.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\YfdxMIy.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\YfdxMIy.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\dgZNHyj.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\dgZNHyj.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\leQcUpZ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\leQcUpZ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\TVvGYeO.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\TVvGYeO.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\onkloSd.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\onkloSd.exeSection loaded: kernel.appcore.dll
                  Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: file.exeStatic file information: File size 1319576 > 1048576
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF66B76EBF0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B718072 push qword ptr [00007FF5F6B9AAF7h]; retf 3_2_00007FF66B718078
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B717FA3 push qword ptr [00007FF5F6B9AA28h]; retf 3_2_00007FF66B717FA9
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D848072 push qword ptr [00007FF728CCAAF7h]; retf 4_2_00007FF79D848078
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D847FA3 push qword ptr [00007FF728CCAA28h]; retf 4_2_00007FF79D847FA9
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F58072 push qword ptr [00007FF6C43DAAF7h]; retf 5_2_00007FF738F58078
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738F57FA3 push qword ptr [00007FF6C43DAA28h]; retf 5_2_00007FF738F57FA9
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721148072 push qword ptr [00007FF6AC5CAAF7h]; retf 6_2_00007FF721148078
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF721147FA3 push qword ptr [00007FF6AC5CAA28h]; retf 6_2_00007FF721147FA9
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130F8072 push qword ptr [00007FF69E57AAF7h]; retf 7_2_00007FF7130F8078
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF7130F7FA3 push qword ptr [00007FF69E57AA28h]; retf 7_2_00007FF7130F7FA9
                  Source: C:\Windows\System32\urnxCEN.exeCode function: 8_2_00007FF795C68072 push qword ptr [00007FF7210EAAF7h]; retf 8_2_00007FF795C68078
                  Source: C:\Windows\System32\urnxCEN.exeCode function: 8_2_00007FF795C67FA3 push qword ptr [00007FF7210EAA28h]; retf 8_2_00007FF795C67FA9
                  Source: C:\Windows\System32\yjwCZgI.exeCode function: 9_2_00007FF7BB068072 push qword ptr [00007FF7464EAAF7h]; retf 9_2_00007FF7BB068078
                  Source: C:\Windows\System32\yjwCZgI.exeCode function: 9_2_00007FF7BB067FA3 push qword ptr [00007FF7464EAA28h]; retf 9_2_00007FF7BB067FA9
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\kWmKVbB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\BDQRaAY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\jcnyUWd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\dgZNHyj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\urnxCEN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\QsDlHSI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\EIuVwIR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\ODcBTbU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\NaIzQZQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\TVvGYeO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\tlKeaSH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\dnULvmA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\EAmedTr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\iXrmqoo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\WFQtidM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\NyQTRVw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\yjwCZgI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\kcOtUgS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\bIkaAuF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\bRMguRb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\CtGCMUU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\VnYfUNA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\NUQghJW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\YrgSOdx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\PerkPVz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\jTZhWqf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\khzlYlB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\YfdxMIy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\OeidtHB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\onkloSd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\leQcUpZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\qfZMSiS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\kCmzHfG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\bpKoOax.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\dNcZNsO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\purtHeQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\tizhzLm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\ulxEuWR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVbMnbu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgKqoCT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AtsENTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcuxjwf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BSAmgMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lxNZCSl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TThpyBV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pywYtWb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mYmXotx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vVNNzfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bIkaAuF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOQhxsp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EKOSilO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FhlszaQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBJLquS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nthnzIV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ltytQGi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Ofjsurf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urlTnoj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmArRG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rZgavmv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOEJStF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TiJXIOW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biRfUfo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EduFCUz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eIXVBZJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uolcsKh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bRMguRb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ryWIDGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CJKkuDs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dGceAQD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQQgXXK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uDxTgCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZDInXvu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sckivUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hlaiAXN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uenbslS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EkRQFxJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\StNdznI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kWmKVbB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OEUrUQd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gryDQnK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BDQRaAY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZozZouR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mhFlPMp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mmNbuQQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CtGCMUU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WCxbejU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCMKsbF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mrWQLEP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVpsUlM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KwHrtOt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FKiQFhm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BtVojZD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HnFkqxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wDdVPes.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jcnyUWd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rjIteOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TYjzunq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrkVtmd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jfozzXV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dgZNHyj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vcZfLey.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ktUKQGB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nDxtiiw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pbrsmwX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nklGrbU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSMPQOu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ByCTYRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyzFIdo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ibxPLHw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IUOOQRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FbYGtmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CpJNBhW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CnslmiL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MGzbrnO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DqaetZp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hYxTNod.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dDtDLHD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VnYfUNA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSTdbqi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GSZfKir.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MnoIUSg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tLZVeAL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUQghJW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\igBUVJa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AMuEAdw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxIGjlT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gJfLIkn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FMSBKwx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FUOWxsn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YrgSOdx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sAIFVZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MHLbrud.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gXRpWMk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKkeYCO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GGwjxCd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEIpOYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VYQDcrW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rHbibYS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LoQJpKn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urnxCEN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZNTnROi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wlFgCWZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bXuGBXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFPbAGj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oNkODZX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HWVrnQY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GQbhKtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEoaLTP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NARJDKG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfQtiGn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ERQoRPm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZbhesDT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NmGXkLf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBCoAZz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AEbmgKr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CvjsAYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YSdFoTl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cfnMrSt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QsDlHSI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PveCbOn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\juRRbWT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lzyiWde.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwzttYD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUGCwZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qLFpkyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EIuVwIR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\avakYZH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\moNzgxD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbfFUBN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zscTvPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KcRJXPZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PerkPVz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQKRLhi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wQLXnvy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VKffrdq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODcBTbU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jTZhWqf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aGskKzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\khzlYlB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfdxMIy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TzFLQWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MpWfXty.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GMzJhGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LccHBBJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sUyqMdO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YQVsEch.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OeidtHB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVcAZEf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ACOyQko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\onkloSd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lFCXyhy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eURhaaq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WAadpRI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NismUEF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HPQHWRf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ApNtYXM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OVKsVjk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NaIzQZQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqKVuGv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yOOmCzV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pWpMupI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vvYHGgY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\caCYhXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HbtcKta.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BihslAp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lEZxRNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UKSFPqC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysATWub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipSPLpG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUYZgKx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rwdjFzY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyJnahZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnGUQzq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KpKSjOq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EdoJevv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZHbbuyV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\leQcUpZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SRAKIgS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SStjyeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yfBRNjZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\huDYzjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qaosjzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BVyPfAG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kJKNrrq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmxqcfL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTkxDDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RUWymnC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XtYrgrE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIkBMuV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TVvGYeO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZGJJqgk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeTsgVg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fiQoDpS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DUFctGh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dyGPlqF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\heSposr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysGrSzS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WqXimyX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XODUUPe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qfZMSiS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tlKeaSH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NKHpvXf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rKjUVqd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sFCsFSy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbREdEh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTtlbMT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZXpXprY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZQREVkQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OvMacMA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PsPYQIL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WzZvjXk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xbNnfWz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DkxEByF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DidVzfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcTuRbs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\buTLxRn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eHQNumx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvtKXyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YCtLpfR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tawwJws.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VpreOML.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YqZAYCh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iwtHoSn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NOZziQl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GlEZGgb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJqkWee.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cpzBcQW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kCmzHfG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bpKoOax.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iFNQXDN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LQcSNEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUTESmb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wzMhfwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lZYCJzL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uuEcvKg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xOFVnEt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dnULvmA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\USJJelL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QdIDwgP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pxyqeBW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MjTkVAq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EhgZFQv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ztldFeA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NeDxvFE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUzrJhf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fggtuAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OHlpuMI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TAZaUOv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNauFZd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XNKaYQF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WlFpFEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ThUbzwp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\toxqCjT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnfhVHJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hLZDZXQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCmnkEl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AlmQZUd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mzTefuh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bosjKmA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NREQyWy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFzAISt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aBFaHyB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\npKAqbE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GclqrUY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LViLDgE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YlGorhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NqtVQAf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FejCdzl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YbGAwak.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FXlfLgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Jtfotww.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EAmedTr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zztfyNw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mVeLdBO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QlrrAWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RrXxnLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eLGbTft.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zwUwyun.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iXrmqoo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Owwdyfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLaokfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MSMdCif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pdDIOxl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lbvtdts.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJCJVli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qnwzIYG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DTtAXtk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hOtQuIc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFNNXcc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\twdmntG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wFCiUxj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhauwZm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zStyRhG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CSPmMtl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fbsOELi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxDaCaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RiXVDoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BYyVCgg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dFVXJJP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TUEKfLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\arGCgTC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdPyZTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SCUtGmI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EXWDvEz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BzqtleM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\phjebwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gCwOtYl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJXSYZw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vzQsfTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dNcZNsO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFSInIN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wCvATWl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXeZCvc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OdXSJgr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uWhVEOL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WQfkGca.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LalIpAN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tPjVJkZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTfxEHA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dmaafTQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lcXqCuq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kAvcvMe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WFQtidM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\auNdheo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBTsLgc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jQvONnt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kQWzsiZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TsvTSDe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aTbWXFt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KknUyhA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ySISxgi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WXYWrDV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eysETzm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\purtHeQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NugSADC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YGfIDfV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\scdQUOw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipKMruV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gKWutyC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RLkhMKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyQTRVw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DFzhsjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuukKJw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZPbxJBg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eaIIdzi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tEZdSza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUCONsL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zNwklTy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tizhzLm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SNbeoeM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxEhkcb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lhUuhgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wmqBXvH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aCNewAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPwRGWN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyaqMPu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FvcymNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ptxhrCA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YiUcCIC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJHKyUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yjwCZgI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QAiGqNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IFmsxdu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvjDyvL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LVOAoyf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vZKJapN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ulxEuWR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qJwMNFF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iSmQsnc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FpKaoqH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nrbVMPg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEsjqCF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TPGgdFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Njsquvm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fTvMnGo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVETfuw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ufXvwcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcOtUgS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvTBMbj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\raQtysG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wwYZKEK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwrTqiM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nJsAjeN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVbMnbu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgKqoCT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AtsENTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcuxjwf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BSAmgMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lxNZCSl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TThpyBV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pywYtWb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mYmXotx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vVNNzfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bIkaAuF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOQhxsp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EKOSilO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FhlszaQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBJLquS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nthnzIV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ltytQGi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Ofjsurf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urlTnoj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmArRG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rZgavmv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOEJStF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TiJXIOW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biRfUfo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EduFCUz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eIXVBZJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uolcsKh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bRMguRb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ryWIDGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CJKkuDs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dGceAQD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQQgXXK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uDxTgCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZDInXvu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sckivUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hlaiAXN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uenbslS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EkRQFxJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\StNdznI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kWmKVbB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OEUrUQd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gryDQnK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BDQRaAY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZozZouR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mhFlPMp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mmNbuQQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CtGCMUU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WCxbejU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCMKsbF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mrWQLEP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVpsUlM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KwHrtOt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FKiQFhm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BtVojZD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HnFkqxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wDdVPes.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jcnyUWd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rjIteOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TYjzunq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrkVtmd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jfozzXV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dgZNHyj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vcZfLey.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ktUKQGB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nDxtiiw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pbrsmwX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nklGrbU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSMPQOu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ByCTYRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyzFIdo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ibxPLHw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IUOOQRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FbYGtmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CpJNBhW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CnslmiL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MGzbrnO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DqaetZp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hYxTNod.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dDtDLHD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VnYfUNA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSTdbqi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GSZfKir.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MnoIUSg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tLZVeAL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUQghJW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\igBUVJa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AMuEAdw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxIGjlT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gJfLIkn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FMSBKwx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FUOWxsn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YrgSOdx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sAIFVZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MHLbrud.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gXRpWMk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKkeYCO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GGwjxCd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEIpOYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VYQDcrW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rHbibYS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LoQJpKn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\urnxCEN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZNTnROi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wlFgCWZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bXuGBXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFPbAGj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oNkODZX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HWVrnQY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GQbhKtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEoaLTP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NARJDKG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfQtiGn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ERQoRPm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZbhesDT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NmGXkLf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBCoAZz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AEbmgKr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CvjsAYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YSdFoTl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cfnMrSt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QsDlHSI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PveCbOn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\juRRbWT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lzyiWde.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwzttYD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUGCwZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qLFpkyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EIuVwIR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\avakYZH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\moNzgxD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbfFUBN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zscTvPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KcRJXPZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PerkPVz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQKRLhi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wQLXnvy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VKffrdq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODcBTbU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jTZhWqf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aGskKzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\khzlYlB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YfdxMIy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TzFLQWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MpWfXty.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GMzJhGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LccHBBJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sUyqMdO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YQVsEch.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OeidtHB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVcAZEf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ACOyQko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\onkloSd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lFCXyhy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eURhaaq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WAadpRI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NismUEF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HPQHWRf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ApNtYXM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OVKsVjk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NaIzQZQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqKVuGv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yOOmCzV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pWpMupI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vvYHGgY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\caCYhXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HbtcKta.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BihslAp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lEZxRNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UKSFPqC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysATWub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipSPLpG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUYZgKx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rwdjFzY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nyJnahZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnGUQzq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KpKSjOq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EdoJevv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZHbbuyV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\leQcUpZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SRAKIgS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SStjyeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yfBRNjZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\huDYzjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qaosjzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BVyPfAG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kJKNrrq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmxqcfL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTkxDDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RUWymnC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XtYrgrE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIkBMuV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TVvGYeO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZGJJqgk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeTsgVg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fiQoDpS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DUFctGh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dyGPlqF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\heSposr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ysGrSzS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WqXimyX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XODUUPe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qfZMSiS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tlKeaSH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NKHpvXf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rKjUVqd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sFCsFSy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbREdEh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTtlbMT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZXpXprY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZQREVkQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OvMacMA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PsPYQIL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WzZvjXk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xbNnfWz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DkxEByF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DidVzfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fcTuRbs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\buTLxRn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eHQNumx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvtKXyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YCtLpfR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tawwJws.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VpreOML.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YqZAYCh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iwtHoSn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NOZziQl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GlEZGgb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJqkWee.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cpzBcQW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kCmzHfG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bpKoOax.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iFNQXDN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LQcSNEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUTESmb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wzMhfwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lZYCJzL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uuEcvKg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xOFVnEt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dnULvmA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\USJJelL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QdIDwgP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pxyqeBW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MjTkVAq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EhgZFQv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ztldFeA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NeDxvFE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bUzrJhf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fggtuAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OHlpuMI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TAZaUOv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNauFZd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XNKaYQF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WlFpFEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ThUbzwp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\toxqCjT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gnfhVHJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hLZDZXQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RCmnkEl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AlmQZUd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mzTefuh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bosjKmA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NREQyWy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFzAISt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aBFaHyB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\npKAqbE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GclqrUY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LViLDgE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YlGorhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NqtVQAf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FejCdzl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YbGAwak.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FXlfLgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Jtfotww.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EAmedTr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zztfyNw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mVeLdBO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QlrrAWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RrXxnLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eLGbTft.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zwUwyun.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iXrmqoo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Owwdyfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLaokfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MSMdCif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pdDIOxl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lbvtdts.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lJCJVli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qnwzIYG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DTtAXtk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hOtQuIc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFNNXcc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\twdmntG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wFCiUxj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhauwZm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zStyRhG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CSPmMtl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fbsOELi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BxDaCaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RiXVDoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BYyVCgg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dFVXJJP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TUEKfLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\arGCgTC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdPyZTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SCUtGmI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EXWDvEz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BzqtleM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\phjebwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gCwOtYl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJXSYZw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vzQsfTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dNcZNsO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFSInIN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wCvATWl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXeZCvc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OdXSJgr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uWhVEOL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WQfkGca.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LalIpAN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tPjVJkZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTfxEHA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dmaafTQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lcXqCuq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kAvcvMe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WFQtidM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\auNdheo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wBTsLgc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jQvONnt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kQWzsiZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TsvTSDe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aTbWXFt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KknUyhA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ySISxgi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WXYWrDV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eysETzm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\purtHeQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NugSADC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YGfIDfV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\scdQUOw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ipKMruV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gKWutyC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RLkhMKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyQTRVw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DFzhsjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuukKJw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZPbxJBg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eaIIdzi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tEZdSza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUCONsL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zNwklTy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tizhzLm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SNbeoeM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxEhkcb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lhUuhgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wmqBXvH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aCNewAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPwRGWN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NyaqMPu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FvcymNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ptxhrCA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YiUcCIC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HJHKyUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yjwCZgI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QAiGqNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IFmsxdu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rvjDyvL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LVOAoyf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vZKJapN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ulxEuWR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qJwMNFF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iSmQsnc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FpKaoqH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nrbVMPg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fEsjqCF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TPGgdFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Njsquvm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fTvMnGo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wVETfuw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ufXvwcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcOtUgS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvTBMbj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\raQtysG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wwYZKEK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fwrTqiM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nJsAjeN.exeJump to dropped file
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF66B76EBF0
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iVbMnbu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kJKNrrq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FgKqoCT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HmxqcfL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KTkxDDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AtsENTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fcuxjwf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RUWymnC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XtYrgrE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BSAmgMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gIkBMuV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZGJJqgk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lxNZCSl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yeTsgVg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fiQoDpS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DUFctGh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TThpyBV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pywYtWb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mYmXotx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dyGPlqF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\heSposr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vVNNzfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ysGrSzS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WqXimyX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XODUUPe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AOQhxsp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EKOSilO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FhlszaQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wBJLquS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ltytQGi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nthnzIV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\Ofjsurf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NKHpvXf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\urlTnoj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rZgavmv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VWmArRG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nOEJStF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TiJXIOW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rKjUVqd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\biRfUfo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EduFCUz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eIXVBZJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sFCsFSy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XbREdEh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uolcsKh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dTtlbMT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZXpXprY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZQREVkQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PsPYQIL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WzZvjXk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OvMacMA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ryWIDGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CJKkuDs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xbNnfWz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DkxEByF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DidVzfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fcTuRbs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\buTLxRn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eHQNumx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rvtKXyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dGceAQD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YCtLpfR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tawwJws.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VpreOML.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YqZAYCh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qQQgXXK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iwtHoSn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NOZziQl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uDxTgCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GlEZGgb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lJqkWee.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cpzBcQW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iFNQXDN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sckivUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZDInXvu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LQcSNEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WUTESmb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hlaiAXN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wzMhfwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lZYCJzL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uenbslS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uuEcvKg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EkRQFxJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xOFVnEt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\USJJelL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QdIDwgP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pxyqeBW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MjTkVAq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\StNdznI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ztldFeA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EhgZFQv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NeDxvFE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OEUrUQd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gryDQnK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bUzrJhf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fggtuAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OHlpuMI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZozZouR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mhFlPMp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mmNbuQQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TAZaUOv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mNauFZd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XNKaYQF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WCxbejU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WlFpFEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RCMKsbF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mrWQLEP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\toxqCjT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ThUbzwp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gVpsUlM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KwHrtOt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FKiQFhm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gnfhVHJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hLZDZXQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RCmnkEl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BtVojZD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HnFkqxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wDdVPes.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AlmQZUd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rjIteOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mzTefuh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qrkVtmd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bosjKmA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NREQyWy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TYjzunq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jfozzXV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vcZfLey.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ktUKQGB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nDxtiiw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oFzAISt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pbrsmwX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aBFaHyB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\npKAqbE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GclqrUY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nklGrbU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RSMPQOu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LViLDgE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ByCTYRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nyzFIdo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IUOOQRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ibxPLHw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FbYGtmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YlGorhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NqtVQAf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FejCdzl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YbGAwak.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FXlfLgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CpJNBhW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CnslmiL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MGzbrnO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\Jtfotww.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DqaetZp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dDtDLHD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hYxTNod.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rSTdbqi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zztfyNw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mVeLdBO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GSZfKir.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MnoIUSg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QlrrAWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tLZVeAL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eLGbTft.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RrXxnLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\igBUVJa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AMuEAdw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zwUwyun.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BxIGjlT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gJfLIkn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\Owwdyfl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FUOWxsn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FMSBKwx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MSMdCif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wLaokfk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pdDIOxl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sAIFVZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MHLbrud.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lJCJVli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gXRpWMk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lbvtdts.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GGwjxCd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HKkeYCO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qnwzIYG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GEIpOYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DTtAXtk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VYQDcrW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hOtQuIc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SFNNXcc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\twdmntG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wFCiUxj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rHbibYS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LoQJpKn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dhauwZm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zStyRhG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CSPmMtl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZNTnROi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wlFgCWZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bXuGBXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fbsOELi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BxDaCaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PFPbAGj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RiXVDoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oNkODZX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BYyVCgg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HWVrnQY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dFVXJJP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GQbhKtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NARJDKG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fEoaLTP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YfQtiGn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ERQoRPm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZbhesDT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TUEKfLK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\arGCgTC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XdPyZTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EXWDvEz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SCUtGmI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NmGXkLf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pBCoAZz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AEbmgKr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CvjsAYd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YSdFoTl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cfnMrSt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BzqtleM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\phjebwL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gCwOtYl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HJXSYZw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vzQsfTD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\juRRbWT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PveCbOn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lzyiWde.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fwzttYD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qLFpkyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bUGCwZs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wCvATWl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SFSInIN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PXeZCvc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OdXSJgr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uWhVEOL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\avakYZH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NbfFUBN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\moNzgxD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zscTvPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WQfkGca.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LalIpAN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tPjVJkZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FTfxEHA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KcRJXPZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wQLXnvy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VKffrdq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pQKRLhi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aGskKzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dmaafTQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lcXqCuq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kAvcvMe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\auNdheo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TzFLQWr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wBTsLgc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MpWfXty.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jQvONnt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kQWzsiZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GMzJhGN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TsvTSDe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aTbWXFt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KknUyhA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LccHBBJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ySISxgi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sUyqMdO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WXYWrDV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eysETzm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YQVsEch.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NugSADC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wVcAZEf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YGfIDfV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ACOyQko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lFCXyhy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\scdQUOw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ipKMruV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gKWutyC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RLkhMKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eURhaaq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WAadpRI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NismUEF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DFzhsjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YuukKJw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eaIIdzi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZPbxJBg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HPQHWRf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ApNtYXM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OVKsVjk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tEZdSza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MqKVuGv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uUCONsL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zNwklTy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yOOmCzV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SNbeoeM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pWpMupI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uxEhkcb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lhUuhgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vvYHGgY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wmqBXvH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\caCYhXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aCNewAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YPwRGWN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NyaqMPu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FvcymNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HbtcKta.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BihslAp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YiUcCIC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ptxhrCA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HJHKyUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lEZxRNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UKSFPqC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ysATWub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QAiGqNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IFmsxdu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WUYZgKx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ipSPLpG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rvjDyvL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rwdjFzY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LVOAoyf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vZKJapN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nyJnahZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gnGUQzq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qJwMNFF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EdoJevv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KpKSjOq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iSmQsnc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZHbbuyV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FpKaoqH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nrbVMPg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SRAKIgS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SStjyeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fEsjqCF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TPGgdFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\Njsquvm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yfBRNjZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\huDYzjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fTvMnGo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qaosjzf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wVETfuw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BVyPfAG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ufXvwcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EvTBMbj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wwYZKEK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\raQtysG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fwrTqiM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nJsAjeN.exeJump to dropped file
                  Source: C:\Windows\System32\VnYfUNA.exeAPI coverage: 1.8 %
                  Source: C:\Windows\System32\bIkaAuF.exeAPI coverage: 1.6 %
                  Source: C:\Windows\System32\jcnyUWd.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\NyQTRVw.exeAPI coverage: 1.6 %
                  Source: C:\Windows\System32\bRMguRb.exeAPI coverage: 1.8 %
                  Source: C:\Windows\System32\urnxCEN.exeAPI coverage: 1.8 %
                  Source: C:\Windows\System32\yjwCZgI.exeAPI coverage: 1.6 %
                  Source: C:\Windows\System32\VnYfUNA.exe TID: 3200Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\bIkaAuF.exe TID: 1236Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\jcnyUWd.exe TID: 6988Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\NyQTRVw.exe TID: 5572Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\bRMguRb.exe TID: 1424Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\urnxCEN.exe TID: 4068Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\yjwCZgI.exe TID: 4844Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\ODcBTbU.exe TID: 3640Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\QsDlHSI.exe TID: 5424Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\NUQghJW.exe TID: 6228Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\WFQtidM.exe TID: 7164Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\kcOtUgS.exe TID: 5500Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\CtGCMUU.exe TID: 1460Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\khzlYlB.exe TID: 7056Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\dNcZNsO.exe TID: 6968Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\tlKeaSH.exe TID: 4392Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\purtHeQ.exe TID: 336Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\YrgSOdx.exe TID: 920Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\NaIzQZQ.exe TID: 6060Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\BDQRaAY.exe TID: 2376Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\EAmedTr.exe TID: 5792Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\OeidtHB.exe TID: 5756Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\ulxEuWR.exe TID: 3892Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\bpKoOax.exe TID: 4044Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\kCmzHfG.exe TID: 7104Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\jTZhWqf.exe TID: 1820Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\tizhzLm.exe TID: 1944Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\kWmKVbB.exe TID: 1816Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\qfZMSiS.exe TID: 2752Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\PerkPVz.exe TID: 2976Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\dnULvmA.exe TID: 3004Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\iXrmqoo.exe TID: 6888Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\EIuVwIR.exe TID: 6424Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\YfdxMIy.exe TID: 504Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\dgZNHyj.exe TID: 4224Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\leQcUpZ.exe TID: 4612Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\TVvGYeO.exe TID: 6816Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\onkloSd.exe TID: 6872Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B76B760 CreateEventA,SetErrorMode,RtlInitializeCriticalSection,GetSystemInfo,RtlInitializeCriticalSection,RtlInitializeCriticalSection,SetConsoleCtrlHandler,CreateSemaphoreA,GetLastError,CreateFileW,QueueUserWorkItem,RtlInitializeCriticalSection,QueryPerformanceFrequency,SetEvent,CloseHandle,WaitForSingleObject,GetLastError,3_2_00007FF66B76B760
                  Source: C:\Windows\System32\VnYfUNA.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\bIkaAuF.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\jcnyUWd.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\NyQTRVw.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\bRMguRb.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\urnxCEN.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\yjwCZgI.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\ODcBTbU.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\QsDlHSI.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\NUQghJW.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\WFQtidM.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\kcOtUgS.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\CtGCMUU.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\khzlYlB.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\dNcZNsO.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\tlKeaSH.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\purtHeQ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\YrgSOdx.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\NaIzQZQ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\BDQRaAY.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\EAmedTr.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\OeidtHB.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\ulxEuWR.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\bpKoOax.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\kCmzHfG.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\jTZhWqf.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\tizhzLm.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\kWmKVbB.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\qfZMSiS.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\PerkPVz.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\dnULvmA.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\iXrmqoo.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\EIuVwIR.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\YfdxMIy.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\dgZNHyj.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\leQcUpZ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\TVvGYeO.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\onkloSd.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF66B7AD6D4
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF66B76EBF0
                  Source: C:\Windows\System32\VnYfUNA.exeCode function: 3_2_00007FF66B7AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF66B7AD6D4
                  Source: C:\Windows\System32\bIkaAuF.exeCode function: 4_2_00007FF79D8DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF79D8DD6D4
                  Source: C:\Windows\System32\jcnyUWd.exeCode function: 5_2_00007FF738FED6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF738FED6D4
                  Source: C:\Windows\System32\NyQTRVw.exeCode function: 6_2_00007FF7211DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7211DD6D4
                  Source: C:\Windows\System32\bRMguRb.exeCode function: 7_2_00007FF71318D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF71318D6D4
                  Source: C:\Windows\System32\urnxCEN.exeCode function: 8_2_00007FF795CFD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF795CFD6D4
                  Source: C:\Windows\System32\yjwCZgI.exeCode function: 9_2_00007FF7BB0FD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF7BB0FD6D4

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  DLL Side-Loading                  		1
                  Process Injection                  		12
                  Masquerading                  		OS Credential Dumping1
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		11
                  Virtualization/Sandbox Evasion                  		LSASS Memory11
                  Virtualization/Sandbox Evasion                  		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                  Software Packing                  		Security Account Manager2
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Process Injection                  		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Obfuscated Files or Information                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe92%ReversingLabsWin64.Coinminer.XMRig
                  file.exe100%AviraPUA/CoinMiner.Gen
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Windows\System32\CnslmiL.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AMuEAdw.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DidVzfl.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CtGCMUU.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BxDaCaN.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DUFctGh.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AtsENTD.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DFzhsjf.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BtVojZD.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ACOyQko.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\EIuVwIR.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AOQhxsp.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BzqtleM.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DqaetZp.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ByCTYRH.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ApNtYXM.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BSAmgMR.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\EAmedTr.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DTtAXtk.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AEbmgKr.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BVyPfAG.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AlmQZUd.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DkxEByF.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CSPmMtl.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CvjsAYd.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BihslAp.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CpJNBhW.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BxIGjlT.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BYyVCgg.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BDQRaAY.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CJKkuDs.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CnslmiL.exe100%Joe Sandbox ML
                  C:\Windows\System32\AMuEAdw.exe100%Joe Sandbox ML
                  C:\Windows\System32\DidVzfl.exe100%Joe Sandbox ML
                  C:\Windows\System32\CtGCMUU.exe100%Joe Sandbox ML
                  C:\Windows\System32\BxDaCaN.exe100%Joe Sandbox ML
                  C:\Windows\System32\DUFctGh.exe100%Joe Sandbox ML
                  C:\Windows\System32\AtsENTD.exe100%Joe Sandbox ML
                  C:\Windows\System32\DFzhsjf.exe100%Joe Sandbox ML
                  C:\Windows\System32\BtVojZD.exe100%Joe Sandbox ML
                  C:\Windows\System32\ACOyQko.exe100%Joe Sandbox ML
                  C:\Windows\System32\EIuVwIR.exe100%Joe Sandbox ML
                  C:\Windows\System32\AOQhxsp.exe100%Joe Sandbox ML
                  C:\Windows\System32\BzqtleM.exe100%Joe Sandbox ML
                  C:\Windows\System32\DqaetZp.exe100%Joe Sandbox ML
                  C:\Windows\System32\ByCTYRH.exe100%Joe Sandbox ML
                  C:\Windows\System32\ApNtYXM.exe100%Joe Sandbox ML
                  C:\Windows\System32\BSAmgMR.exe100%Joe Sandbox ML
                  C:\Windows\System32\EAmedTr.exe100%Joe Sandbox ML
                  C:\Windows\System32\DTtAXtk.exe100%Joe Sandbox ML
                  C:\Windows\System32\AEbmgKr.exe100%Joe Sandbox ML
                  C:\Windows\System32\BVyPfAG.exe100%Joe Sandbox ML
                  C:\Windows\System32\AlmQZUd.exe100%Joe Sandbox ML
                  C:\Windows\System32\DkxEByF.exe100%Joe Sandbox ML
                  C:\Windows\System32\CSPmMtl.exe100%Joe Sandbox ML
                  C:\Windows\System32\CvjsAYd.exe100%Joe Sandbox ML
                  C:\Windows\System32\BihslAp.exe100%Joe Sandbox ML
                  C:\Windows\System32\CpJNBhW.exe100%Joe Sandbox ML
                  C:\Windows\System32\BxIGjlT.exe100%Joe Sandbox ML
                  C:\Windows\System32\BYyVCgg.exe100%Joe Sandbox ML
                  C:\Windows\System32\BDQRaAY.exe100%Joe Sandbox ML
                  C:\Windows\System32\CJKkuDs.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://fenett2018.com/dobgxfile.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drfalse
                    		unknown
                    http://habarimoto24.com/nhfile.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drfalse
                      		unknown
                      http://abakus-biuro.net//a9zqemmfile.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drfalse
                        		unknown
                        http://bemnyc.com/u8erijeqfile.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drfalse
                          		unknown
                          http://eastend.jp/bl5kfafile.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.drfalse
                            		unknown

                            World Map of Contacted IPs

                            No contacted IP infos

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1522709
                            Start date and time:2024-09-30 15:47:14 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 11m 22s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:41
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:file.exe
                            Detection:MAL
                            Classification:mal100.evad.mine.winEXE@2446/385@0/0
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtCreateFile calls found.
                            • Report size getting too big, too many NtOpenKey calls found.
                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                            • Report size getting too big, too many NtWriteFile calls found.
                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                            • VT rate limit hit for: file.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            09:48:24API Interceptor1x Sleep call for process: VnYfUNA.exe modified
                            09:48:24API Interceptor1x Sleep call for process: bIkaAuF.exe modified
                            09:48:24API Interceptor1x Sleep call for process: jcnyUWd.exe modified
                            09:48:25API Interceptor1x Sleep call for process: bRMguRb.exe modified
                            09:48:25API Interceptor1x Sleep call for process: QsDlHSI.exe modified
                            09:48:25API Interceptor1x Sleep call for process: ODcBTbU.exe modified
                            09:48:25API Interceptor1x Sleep call for process: NyQTRVw.exe modified
                            09:48:25API Interceptor1x Sleep call for process: yjwCZgI.exe modified
                            09:48:25API Interceptor1x Sleep call for process: urnxCEN.exe modified
                            09:48:26API Interceptor1x Sleep call for process: NUQghJW.exe modified
                            09:48:26API Interceptor1x Sleep call for process: CtGCMUU.exe modified
                            09:48:26API Interceptor1x Sleep call for process: WFQtidM.exe modified
                            09:48:26API Interceptor1x Sleep call for process: dNcZNsO.exe modified
                            09:48:26API Interceptor1x Sleep call for process: purtHeQ.exe modified
                            09:48:26API Interceptor1x Sleep call for process: kcOtUgS.exe modified
                            09:48:26API Interceptor1x Sleep call for process: tlKeaSH.exe modified
                            09:48:26API Interceptor1x Sleep call for process: khzlYlB.exe modified
                            09:48:27API Interceptor1x Sleep call for process: YrgSOdx.exe modified
                            09:48:27API Interceptor1x Sleep call for process: EAmedTr.exe modified
                            09:48:27API Interceptor1x Sleep call for process: kCmzHfG.exe modified
                            09:48:27API Interceptor1x Sleep call for process: BDQRaAY.exe modified
                            09:48:27API Interceptor1x Sleep call for process: bpKoOax.exe modified
                            09:48:27API Interceptor1x Sleep call for process: OeidtHB.exe modified
                            09:48:27API Interceptor1x Sleep call for process: ulxEuWR.exe modified
                            09:48:27API Interceptor1x Sleep call for process: jTZhWqf.exe modified
                            09:48:27API Interceptor1x Sleep call for process: NaIzQZQ.exe modified
                            09:48:27API Interceptor1x Sleep call for process: tizhzLm.exe modified
                            09:48:28API Interceptor1x Sleep call for process: qfZMSiS.exe modified
                            09:48:28API Interceptor1x Sleep call for process: kWmKVbB.exe modified
                            09:48:28API Interceptor1x Sleep call for process: PerkPVz.exe modified
                            09:48:28API Interceptor1x Sleep call for process: dnULvmA.exe modified
                            09:48:28API Interceptor1x Sleep call for process: iXrmqoo.exe modified
                            09:48:29API Interceptor1x Sleep call for process: EIuVwIR.exe modified
                            09:48:29API Interceptor1x Sleep call for process: TVvGYeO.exe modified
                            09:48:29API Interceptor1x Sleep call for process: onkloSd.exe modified
                            09:48:29API Interceptor1x Sleep call for process: dgZNHyj.exe modified
                            09:48:29API Interceptor1x Sleep call for process: leQcUpZ.exe modified
                            09:48:29API Interceptor1x Sleep call for process: YfdxMIy.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Windows\System32\ACOyQko.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1378272
                            Entropy (8bit):7.18132567689944
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRTeMj:knw9oUUEEDl37jcmWH/IM29
                            MD5:195CA06E67F7C06262F5771E08660962
                            SHA1:DA752FC38249BACAD973897936716809F2598810
                            SHA-256:0D01828F6F200D01EA687BBFDE1549C780E4DD29D5EDD5010E2745F242B3EEAB
                            SHA-512:3736C5813216F5DE19C9CF6EFE56912359D9BF93A8EDA522D5585991B99F0816C4D6AD3BD9B5AE20B1A36B6F304F2681D58CB5CD18163F2277D3B78152FBADE5
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\AEbmgKr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1348671
                            Entropy (8bit):7.20173533499374
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRK:knw9oUUEEDl37jcmWH/IM2K
                            MD5:A618E804AFE475DA3A67617E4ABD2515
                            SHA1:27B82FF6ED7558E20A7D13B4C415ADC5A921FDFE
                            SHA-256:5AF584CD414F0679C0E690A557BA86B4BB43925ADC3CFD93E0641B2828E54806
                            SHA-512:34A63FC0AA440F78B5C0E591D9380B48A2228DBDAF07DDD4AA1F52E5F4B397B0BF9F80E25E198855571DB6AD4DD39852428CE5A85D4351D35AC33412AA200109
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\AMuEAdw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1360056
                            Entropy (8bit):7.193825838749663
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRabmhUY:knw9oUUEEDl37jcmWH/IM2cmGY
                            MD5:84B4D39CD1F8715438B1750B795BFD3B
                            SHA1:0C9C8B1E1A4DF4500F3FA76CCAB7C3DBA19C5416
                            SHA-256:9D49316360759DAB515C21ADB52667D3B303A0004A7D7D0B96F2088026A47954
                            SHA-512:4AFCA2E9243DA761DDCEC8809CF463C6FFD458E4CF90AA3F4A5A2DA69B2321D65BB834748AFF2BB10080A9124578CDE51224D424CA23124A17D89D7E436AF721
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\AOQhxsp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1365875
                            Entropy (8bit):7.189800468631317
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRizAX:knw9oUUEEDl37jcmWH/IM2P
                            MD5:14524AB787128682D32373CC13544ABF
                            SHA1:2337CBA1EA4EC7FCA0C344796869A67BDF758495
                            SHA-256:A712544A68174A7B252F2FC218BDDB76587FC676C1B71DCBD4FE6AB40F8BD8AC
                            SHA-512:9550A4DF9B6477D3939399F5FA06E69C499E58634DAA9C00A7B2F10C81183ECFEECC8A0E1BBBD680D1A7846DCB3E37C787E6DDDB2BF90578E740D45274378220
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\AlmQZUd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1404331
                            Entropy (8bit):7.163816491508126
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVM2P:knw9oUUEEDl37jcmWH/IM2r
                            MD5:233224860904B53CC4B770F5749A0591
                            SHA1:C234F969F5B57B0F2A5A09784934A6DAF50BDA2D
                            SHA-256:473EA88A5BFD967E75D5504AE3FB78EC3540150D475ACE8B61C3D331494B2B47
                            SHA-512:22B768FE32389D0045CB8AB936610BA769B33E342844F4D1A6C38A1B44C73C62D658D026ABF404C6ABCA5600622A58161FF6946F6D44014C9B8B678E4B539047
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ApNtYXM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1371188
                            Entropy (8bit):7.186155031791893
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRV9m:knw9oUUEEDl37jcmWH/IM2V9m
                            MD5:507E8EBC39CC80F976E6091B4FFDE2DF
                            SHA1:5ED08F3D659333B77C35D24E039F06DF2F777E7A
                            SHA-256:089A2D9C7AB7758FB7931A932E117571789DB3EBF869883E7840FC29A67E613F
                            SHA-512:8D26196B28EFB5BEFD0DD5B2D92C0C28B707BA78739E8F375145D6600C304A0B753AAA86B178D4E0C76FD25E758C197EE5BA093EE94622089C9DB8992C80E386
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\AtsENTD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1386115
                            Entropy (8bit):7.176001285674926
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPkw:knw9oUUEEDl37jcmWH/IM2Z
                            MD5:D2E2FE399D322C3777B63A177D54CDCE
                            SHA1:2B09CAE2286253F3180DEF49088C9D0DAC2C2758
                            SHA-256:125CB0F3DBDD2646926701F78E871FFB370DFCAC59330DF367E3B6368A1AF721
                            SHA-512:FE064E17CCB25ED1A2915AD9FC1CFEB73E3759D846416D0F25484258979853B97DF62E9DF62F25285A2193595A16C886FA6910F26B62BBC284D4AA4C7BCA94D4
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BDQRaAY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1324383
                            Entropy (8bit):7.2189093461471305
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRS:knw9oUUEEDl37jcmWH/IM2S
                            MD5:14BE554073075A590E970B10FF2F1E78
                            SHA1:E4A86F1B94D80D1229675354985DADD833C397FF
                            SHA-256:B806DD18F96A5CD09686470AAE7ECCADB3C88BAF1AF1AC3039A983EBCFBD0DC3
                            SHA-512:4C0CED60FBACB6498AC46E3D274789AE72410C528DDEDBDB645299312FD368B5B52BAFB3AFB5139ABCA0D5B1EEC499F309179070FE012D7AB60426472D144103
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BSAmgMR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1355755
                            Entropy (8bit):7.196802502716445
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVD:knw9oUUEEDl37jcmWH/IM2VD
                            MD5:3CE909C5135ED294C5DD550664D44B19
                            SHA1:4C91F533ADF430E357585584F9C03974EB258A70
                            SHA-256:062F35107D095B301B9C8A2BC25FD823CC37F2FBBEF42B4F0ACD2ADC233E871A
                            SHA-512:F97C6C998337C97E525D93E5ACD64C7ADDD0100C4374E33ED47B14404317EBD1EBF834C9E427CF77210EB47FC208065596D3F23E790DDBFDC3954BE2BB4BE982
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BVyPfAG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1405343
                            Entropy (8bit):7.163141282392621
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRnn50P:knw9oUUEEDl37jcmWH/IM2nnu
                            MD5:8D79A2C05CA28C54FEE4B77B9E8E6060
                            SHA1:A3DA04F34BFAE12D3700D5E651FBE0BF058B0413
                            SHA-256:B0C05B72C4BBB8CFF68F58CE1D1111618CC90E4BFEDDF4DA7DC30772A87631CD
                            SHA-512:718DA785DC2129D7B7875853D40CC3700449161195B2C6C3FBA7B1F52557DCF8D0CACFB1DDF6576721E1317905CB684FA85B5692A364031B725B32148DA13674
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BYyVCgg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1395476
                            Entropy (8bit):7.169726319352874
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRN4v:knw9oUUEEDl37jcmWH/IM2S
                            MD5:3DE88B0A2D2ACD478F512C6A335CA456
                            SHA1:6020DADAD50CDBDE758430BCEC1B1BE9DD0FE4A1
                            SHA-256:0C04CB82A9E8B45E090B3D555EEDA1E504408C290E943C9817F45EDC2404969E
                            SHA-512:906BEA8344D8EAFED2DA532DDD2611F61649AD248A1F068DA24ED2F4F2B9E6B44D5F8F97BB77DB89F6DD9CC8D128B5324CE5CD08E4CD9B202B0027AC0E9B7312
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BihslAp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1369417
                            Entropy (8bit):7.187356982385775
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtqH:knw9oUUEEDl37jcmWH/IM2k
                            MD5:7A708DEDB0B5FBEE0CD76ABC62368B91
                            SHA1:CDE39730E2947719DB1BA535E6228578DA66DB96
                            SHA-256:22D93349463C972A490153EBB92C501439CAC0FCAE3A543AFE752070F49FB212
                            SHA-512:1ECA8DE0C7B32305B909C9BE230969B68599BCF734A04BB2C2CE65C901B4E8C3A4FBEDC91C6B3E5CF64A48C4F4B9D9F24396B4ADDE9170C34F90F314879AFF21
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BtVojZD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1340322
                            Entropy (8bit):7.2075880262812975
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6:knw9oUUEEDl37jcmWH/IM26
                            MD5:5DB39701B7C7B59BD5FF04D174EA084F
                            SHA1:5654BE96B7AD8419BF2E632F0E1D88733DFB70AB
                            SHA-256:C8BF2E870747C1E934AF432484FE414B01141F618F1CA5B004EF9250743C6405
                            SHA-512:3E85F99EB18FDE9CA9FA4AACFE5D48D76326243401048F8CEA0F4DC9516B4525FF08010BE42C85D48F0ABC013F4CA47225C82C2CF08BCE8E90AF257B9A7CF36D
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BxDaCaN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1372200
                            Entropy (8bit):7.18546558216619
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjHV+:knw9oUUEEDl37jcmWH/IM2E
                            MD5:42C2043F91779D0CA60B08CFDFFC47FA
                            SHA1:5C83BEC2FAF27647A69C651C50B272577FF41D8C
                            SHA-256:4A54303B575DFDD3B53511CDE23FCCF472C46A735560FD1933477D03E6841F42
                            SHA-512:D53813ACFCA97CD731B71F598C15A24A9B8D4A52E3003CBAC263FA9E3758A3B05313BF1FBD2F1C944DB233EF2A4E7FF08F673E88176DFF7903A3E69E2A7821C9
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BxIGjlT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1357020
                            Entropy (8bit):7.195909094188604
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRK9:knw9oUUEEDl37jcmWH/IM2K9
                            MD5:8B1834B8F92E4E0618928BCC91A0211F
                            SHA1:987FCA6D31B6DFC87998E1C395CCF930C4F36273
                            SHA-256:95062F12B7907F322861459DD90E4DDAB48CA74C0D3BE6E40C223F9DB66B5C31
                            SHA-512:B68E5F382B6FA78B1E9ABA247BDFAEA2C0E1FC1319D308F445A1863B1CFC8EA8615D1D2529CAF19E93807E85EC25582B61A216EA2AE68D36764ABD485A0776C9
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ByCTYRH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1408126
                            Entropy (8bit):7.161306042473936
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:0013CAA2903E022BF47B95E544E31B23
                            SHA1:7C007E5232FB26E7F358BB5518B52D9AD111F41B
                            SHA-256:4EE3CF3D14F8E17B45EC1AD4C6EBCCF82AF5FDCA386DC1F943B92C856AC74848
                            SHA-512:9F2A9E2A50A2F9ED6F25D8CD1C29878F01A13701A117D31DD7335F505940D0B2EDC41052D6788D555C86D8D5406341F409271985CF1C0AC9D45E38C83AD0A8C8
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\BzqtleM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1389657
                            Entropy (8bit):7.1736376786689915
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXLyqY:knw9oUUEEDl37jcmWH/IM27q
                            MD5:41A1BB853B8C463978352DFE4732F26B
                            SHA1:D71D3D08EE25D33063B1038F041670E4309E9995
                            SHA-256:DA1FB69EF01415B69ECE5E766DD1B02B5460F23B1492D994926AC83703EDB238
                            SHA-512:31AFCF15FD31F21AECDC4A5D54C13D4803F7176952F25D1E4F56A17F75E09A2A5E151648ACBEE8EB2DBE51577BC3F230E12EDE491AFAEA9E43E54DA5D21BC761
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CJKkuDs.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1336021
                            Entropy (8bit):7.210626932335434
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJ:knw9oUUEEDl37jcmWH/IM2J
                            MD5:A62BAA19159A1398FEC1400F22D7C6A2
                            SHA1:F380F274E324F576EF215C11F3D6E6EF4878CF9C
                            SHA-256:94E94F86272BCFB1FBA35E0D3BA97C7E76220D75496CDA4C1BECFB69D605925B
                            SHA-512:657DD0AD43AFF5A12EA3680E42CAE81745C365DB6BB0B8E85181E4D907DEAF8D3B442CB815E59152DF9CF87576535FE0F82AEC0FE9F2EDF120BDA61D391FC370
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CSPmMtl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1359550
                            Entropy (8bit):7.194164300618495
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR7nX:knw9oUUEEDl37jcmWH/IM2LX
                            MD5:9AD87C10AD5B3B36B01EBEC319E39792
                            SHA1:9293A0034C7A08A75B4CBF4CD62AA005574D8E99
                            SHA-256:6BE596D07F5B623A788C744645E303919E146F8C142CE3C08905871398D0E316
                            SHA-512:2E0091BDD670410D3AD232D9A402D9CF3CD8477A10F0BD13BC764ECB5AB93DC8BD250798BA3A5D7518EE4F906014134EE1F1D00B757692A2EE23867486123981
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CnslmiL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1389910
                            Entropy (8bit):7.173445859334739
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRkS:knw9oUUEEDl37jcmWH/IM25
                            MD5:A49F72FB4DF7BE00F3D15141B3EF46A2
                            SHA1:3A358A925E0490B0CA4968690C52130E810D9817
                            SHA-256:E8F3C8818693B4EA8A16CDED15852B4077D2AD84F72EEA34ADAB2DA235798D08
                            SHA-512:7492D208D23FD984BC88BC73F4ED45142549F6AB169DAF91643E8EFF59A1B880F4171268881D9A782590AA393C75C851975BC88320A2D6EA21F56493A49122B5
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CpJNBhW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1395982
                            Entropy (8bit):7.1693953748379915
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRwYmYk:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:38832670CEF5CE1EBDA30D1F950CAC41
                            SHA1:CE870F933DEE6F603D3DE14D0D95C6A0E00DCD00
                            SHA-256:D2A509C1C5BCCC84F2DA0B8E6F08F33A6FA1FCA09F93784421B202A0F9D6B596
                            SHA-512:5297E1F8AF855E9C72D2FFBBB24EF3F4623BE780A5DCD6EDDADB19BE6A145D3A124911B05CC3881796C83B7894A5A40154768E85245F8403C7EB28B4AAF94B96
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CtGCMUU.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1322612
                            Entropy (8bit):7.22017469703154
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPP:knw9oUUEEDl37jcmWH/IM2n
                            MD5:3F3C9FFFE8D7C20D64DF44DEA9737C3D
                            SHA1:F65221C062693CE16ED9143FE53434083E3F7B35
                            SHA-256:3B8D84BC2A21355800DB8907111D7232C58424B9B17EE121878A96EE0DA0B8D0
                            SHA-512:F4084EE6AD1978F105E54205D4D13EC5B10912B93484F774AC3F6F23CA1105650345D8C5D2C102CB34D750C0D3DF7D5CE13B0EE9D7AA35A6388A00C1CA739A08
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\CvjsAYd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1339057
                            Entropy (8bit):7.208482188289151
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR2:knw9oUUEEDl37jcmWH/IM22
                            MD5:0D048BBAE21A571021D2CEB2A56CD810
                            SHA1:A9896DD89B928B027B2A3C06E0FCD06DF9536493
                            SHA-256:DF1CF72CAD44F5A784B7263912F5406F88CA34ADFAD049BEE8B6A0ACDDC1C3B5
                            SHA-512:DEA279469A3658CC914FF04FF02306C17AB3EA90A3351250BF45D9A782C8340660CAF4CA4A8F1155043AF205B010B3A3E792219744B9523676D4FF8664AB7196
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DFzhsjf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1406861
                            Entropy (8bit):7.162152244095638
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9egxa:knw9oUUEEDl37jcmWH/IM2Egw
                            MD5:716B2466A00776EECB34FFF407F87E41
                            SHA1:7F0CDF77C2F257BC41071110B662D8F349D00559
                            SHA-256:88FFA16B6A158BBCF65AA0DE4039B1B6CDB766800AB6D8935815A5E45B728450
                            SHA-512:BD9FF4F16B491442800DD17DD6AD7D8F10D930FFB9B9EEC2D8237261CF3882FE1169326654C17CC4AD2FA370B39BC0A9AF48EF7BAF87A33A9E75F92C7076417F
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DTtAXtk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1332226
                            Entropy (8bit):7.21332244804745
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRvW:knw9oUUEEDl37jcmWH/IM2u
                            MD5:8449C0057B0241DA060AFE91E8E6D2FC
                            SHA1:F3F86184A4D46E1311971D349F0B78B753AAF527
                            SHA-256:5D279155470B93F68E9DBBF3545905CDD44C4A72E609D707E13A885FF4F45DF6
                            SHA-512:232AD5AA11E982B16960E52EB9C22FFF80001BD95086E78B11865587F8CE5E532D0D23C91CA1476D9D09B937989182399283BAAA924D17CE18284E910C350CC8
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DUFctGh.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1395223
                            Entropy (8bit):7.1698947524661865
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDN5:knw9oUUEEDl37jcmWH/IM2x5
                            MD5:55A97C6DE8F6BA96B615F54FE278D6EC
                            SHA1:631B770C73F94F9F35D7329DE59E5A3218BC431D
                            SHA-256:76F145624C01794758B82B3C532A19EABA68AE626B6ECDABF3703B17766BE5A2
                            SHA-512:C7FA29B1461E3D13541F521F3845B804C5DC1F6A407DBE99BD3B78DB2C0489EF49FB383B8C6BC27F6673C27D272C219EE5EC68FFA38C59420A08DBE32F968718
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DidVzfl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1380802
                            Entropy (8bit):7.179609078545496
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJG8y:knw9oUUEEDl37jcmWH/IM2sT
                            MD5:4BB5DFBF514C27809A319463A28755AD
                            SHA1:FBC932F831DC13B4619A3C89750AB3FAE6659C0A
                            SHA-256:2BBA5ECF24362850870AA6B247CD3B123A3C560FECF2028ACBE3C3170F495644
                            SHA-512:481A14D006B565D4C0526C8ACDF53EAB6FEDE530EF21338175AC042B26142B93665605B205E8248A7259D404FA8105C994D3E15C7E9F9F491D64AF4735CF2ACE
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DkxEByF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1393199
                            Entropy (8bit):7.171258329246947
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lReNok:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:45BDD2E8274DC0294FA5E96C39BE1F38
                            SHA1:250A00C89876CA1766BB63E5B091567FBCF53432
                            SHA-256:A45E63CD20CD9F85A11C92A415F369F8E40352BEED3C5E0E643BF30E73203AC5
                            SHA-512:4DB99372A78F265D9179BD2D0D69692B648D56471178AA32A05D0E97B7F6D00E487F7E1366D33879BB8C916E282D3025243FB6984FFE380685B8A6F010D40242
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\DqaetZp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1398006
                            Entropy (8bit):7.168019767420368
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxLY:knw9oUUEEDl37jcmWH/IM2NY
                            MD5:4FE4D218E11D2707D477C28F4AD3807E
                            SHA1:E1B64D527391DDF0137457121A61AEF574DC5BAB
                            SHA-256:F4E8C0D1793BDEC6D96B5576F3301B5C6CB387F15A46D55F10D29E02586E38E0
                            SHA-512:6B25ED7F3DC7484438182D94C9172608C55E630C560815D8145FBD166DC94F4D0B1BE5E59F2FB3BE3A60FF2465ED92061D9E2C0305999D37971E257026B70404
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EAmedTr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1324636
                            Entropy (8bit):7.218725930388412
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRN:knw9oUUEEDl37jcmWH/IM2N
                            MD5:C72ADDC8E24253A63DB266F2F88EF08F
                            SHA1:DFF28D527F81409333526520E818D62E28E75BC5
                            SHA-256:D0EDC408B3A7E31FA376EEE453EB064EA4E23BB7D95362C744F5B6C6043CF418
                            SHA-512:DAE64C0A26D79141F49D34809483E21F6EFB7CE8DAA9088F2FCF31F9499F56464EA3C62EAB25FBB05FEBAB849EFB1EC542669044D0DAB2EE152CF2F1C0F494A9
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EIuVwIR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1327672
                            Entropy (8bit):7.216562147099363
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRr:knw9oUUEEDl37jcmWH/IM2r
                            MD5:9DC1188D68750D755199C7276275B8B1
                            SHA1:5AB3C6C99FDDA8907516B7FB04ECD1C0DE5B9595
                            SHA-256:874CF2D3060E171553C7D2D3897046067C645AB2561517B3D59E9893448422CF
                            SHA-512:31B36A25674CE67B4F500E96859F75B1A600D9D9F87F7D9D6C9F7BDD93E389D148F3D163835629AE2ACA880FB81EFF009D32CA0775A17403CB779841F5C16B04
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EKOSilO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1350695
                            Entropy (8bit):7.200317241933678
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRfjO:knw9oUUEEDl37jcmWH/IM26
                            MD5:97696C712FE539B1FD88B53A798F47C6
                            SHA1:DB86158E1F7FFA5B85E7EAB79592A9A772569BE6
                            SHA-256:E5AE4C2E04C6034CE72BE600C9E11B5F815A6662A3E7F5F1149AC8B9437E3F91
                            SHA-512:6F6AA1EC83183E2AB3373C4624B6DADA4DDA2C792A814F82317CD231A62DC53D954963056CB2DAB55E8BAFF51A3219A02CC5524CDC9CBC3F42BF00702C0ACDB1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ERQoRPm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1388898
                            Entropy (8bit):7.1741196897872195
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4yK:knw9oUUEEDl37jcmWH/IM2w
                            MD5:F078BCC8964E1063FB56889864C4A937
                            SHA1:A4E7FCA57FB4B97E1A9564DFE8F09D5CBAE2C01B
                            SHA-256:647AFDDBE0E41908D0C9151A9F6897AD6BB4C585006CDCA2DD938C79F311FD96
                            SHA-512:BC4C069EC12CADF4A70073D32B0C29FF84F8A79EE3DADDCD298854FCB7693ED9563F0E3E5FB070DE9CDE9334C97E71A1D630139FC4D7325590B6D5B315DAAE8B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EXWDvEz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1346900
                            Entropy (8bit):7.202975276172599
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRgH:knw9oUUEEDl37jcmWH/IM2O
                            MD5:7634C0BF12C7620D1E2600FCD3C23D22
                            SHA1:A42017DF1654FF99250466C5438AF692FAF147E4
                            SHA-256:B6E3E2B9D003BD2E0A904C260F4CBC5ECC8CAA95E00B39B18852BBA6B615B7A7
                            SHA-512:6F47EA0F1BC7F19F28463EE09C18F516B551EFA51EAD24E1BB9AE99B62989118A5AD934F624287AFE4785D421FEADA6B6EBD118CD5B955DC619A5BB77D4FC429
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EdoJevv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1397500
                            Entropy (8bit):7.168362208738658
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lROKb:knw9oUUEEDl37jcmWH/IM2F
                            MD5:428D9DDCCAC1BF7080DD682E93D75E82
                            SHA1:A3310556217EDE54193BFB2BD0174D23D9978C08
                            SHA-256:6BE248FB4770C5B96DB419DAA433CBB38518E33AAF21884DA58BB7870251FF48
                            SHA-512:88F85074C40557C532B4613EB2EC1C5B6D2451A094D93A4A395A267CB17A537CF8DCAC2F7EDA38055FBB789C81FE778467BF394A5FBFEB7461554652349FB860
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EduFCUz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1390163
                            Entropy (8bit):7.173284903541229
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRRHZU/N:knw9oUUEEDl37jcmWH/IM2RHZ+
                            MD5:38BC3197DF2834CE1F734C3015683A9E
                            SHA1:07A59D362E6CD11F647E274435C1BBE2B087264A
                            SHA-256:034E622609AA26B5F02499FD8E1ABD8BBD21D5F209FFE6986F3C0FFB11420C01
                            SHA-512:B8B264848471DA189FF65F3B3974E894FC4A40525AE107CBB38B394B43677962799152E6DD8A3033B2B59663F02B23FB3EEC8FB5F41F53FFF6D3518BE438B28F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EhgZFQv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1368658
                            Entropy (8bit):7.1878884728040475
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRUiB:knw9oUUEEDl37jcmWH/IM2JB
                            MD5:01DE4EDC16A6AAF07ECF9A46537F04A1
                            SHA1:37C2EF5B7D0CDADAE7E90CA11CF15888D89CEB9D
                            SHA-256:135041E411ED041B41409E592B824B49215D281808ACBD3F9155E2CA073983D8
                            SHA-512:4D2F4B305590C4E96E03E337BC069E6CEE9502C2B9509D1A2D2C312974540D9094387552D4092DB170939D524649405E1539FDB6CA2671904FA92AEEF1CA8803
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EkRQFxJ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1339310
                            Entropy (8bit):7.208297204038802
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRD:knw9oUUEEDl37jcmWH/IM2D
                            MD5:A60C81B9D6773D803C2CE82E1B9B0496
                            SHA1:D227B6E18C011D92C7DD0F6CDC673CAE0BD4B326
                            SHA-256:7C9D97579C3776B389740BD40620DD5B47AC2D9B7C71B5C380BE8475FCF0B1B3
                            SHA-512:4D98C6112309AC1410BD0E3F3EA8D98AC23E92C8069C2309DEFAD16E64DA9D4C6295188E1BC5FE7EB32B1161770F325A6E08C20A2B8E61D24C5CB7C0B356654D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\EvTBMbj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1329949
                            Entropy (8bit):7.214939857212283
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRNr:knw9oUUEEDl37jcmWH/IM2l
                            MD5:A694DDE014117993A0CECBBCB250FA18
                            SHA1:8EAFCE70660FF112DCDA966A13D32EFA07D43BB5
                            SHA-256:1EB68FB5B943C67E92D8A903F8FDB94109BF97E684F42955EE78F5DB642E7CC2
                            SHA-512:1DB71F169CCFFB8BF7BD003BB40F0354B53FDF3A420783999D4D0E22DA4541FD2E20B2097951E95279BD5F01CC349DBEF265F457B5C1B81D5BAF7DCB2048707B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FKiQFhm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1374730
                            Entropy (8bit):7.183741129995782
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRM7KI:knw9oUUEEDl37jcmWH/IM24
                            MD5:4DE57BC2AD57E8527E33EF620C1C74AF
                            SHA1:5E3C7B66C9D7F1BFE8EA9FC48DCB2C8C8153832C
                            SHA-256:727A920731D3D5A0084CEA8B2C930CE70B306C1D37EFF6A1C0DC868B798A3D17
                            SHA-512:4E5DE1E0B7FEFF9D30B6C37F314E7FA3E0DD93B1D7549F3C63081483EEF31EC3E722E6F7954FED2300F89AFF40DCF9F3708162546266FF121E6C712A3EAEE058
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FMSBKwx.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1411162
                            Entropy (8bit):7.159295479421764
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiYqi1gWzs5:knw9oUUEEDl37jcmWH/IM2Xqus5
                            MD5:D6B400771D58E6C53DC3047053A2AD06
                            SHA1:59DC0AA837FC45D201DA2598F51D90B6CC65EFE6
                            SHA-256:9D1C2527EF041DB627FD653480EB952CA47E0B5B7023EE1B7658ACF9AA1E1906
                            SHA-512:8724B0A46367AC5B4E2A20D60C30813A4FAFB9C88318CE81BA002E93D6AA6B6FA31B0F2C521CF522A8A71E0EEBF85258746E0759B7652B159A60977685D45CAA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FTfxEHA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1351201
                            Entropy (8bit):7.1999600829940835
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXf0:knw9oUUEEDl37jcmWH/IM2s
                            MD5:C036AFE668BD95299976A6ABDD5B9213
                            SHA1:879F327868BE6FC97D67D248451E39726DA8E99E
                            SHA-256:A317DC41FAE10D5BF1990813B50C97B89657C5B724A584A502EA51DD75A748F0
                            SHA-512:635A9A0DAEAE71F94C77E1D4C6E22EE621EB91DB615B2F41C3A7DF5CB45FF646EB69A28A8EEDE886B5E23F845EC8D520CB87528B53F2227D9D7C6C4A75E2587C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FUOWxsn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1414451
                            Entropy (8bit):7.157157196257008
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR5D2n:knw9oUUEEDl37jcmWH/IM25D+
                            MD5:E349B78BBBC3BC57459D2A19781333E1
                            SHA1:29AB73E71D7FABF2FE9FEB547ED39606706C8E8F
                            SHA-256:28802C3130E748A5136ED45B9A5D7978342A21F2AD050C2E02467138543D3780
                            SHA-512:A72279FDB51E8E4FBB3AEE0BC82269933D926D6C3919C19CB9A457BA7C6E6C145C8858669A6CA3F568B493C63ECC6B619BC0BBAF5BA41F633FBB7D408612B989
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FXlfLgD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1379537
                            Entropy (8bit):7.180465547868202
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRN1:knw9oUUEEDl37jcmWH/IM2r
                            MD5:9638E4AA65885406948C056F1C4202DB
                            SHA1:D33D578F5ADBF7A6FCFF04E1E303F49206201F9C
                            SHA-256:5F2757FA94B8E7951996F5E21477EB7B0A64806C1BF8E27C8BE927F18B3CF7C8
                            SHA-512:D8B4B5015F0B094DC433FF87F984AB1C266ECE2F206DA798A30FF866C6A458A47A2563E0421CF3F0BE1A4A31CFF1A9E53B5F8984DFF7590E08930956496E5479
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FbYGtmf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1367393
                            Entropy (8bit):7.188757325044765
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRHA:knw9oUUEEDl37jcmWH/IM2g
                            MD5:F9D7DADA207E97E864A48AC313042F25
                            SHA1:01D48F41CAC962563691C345599F0F5A020DB50B
                            SHA-256:CEFE4C5ACEAA2C27E226FD710172585120D3A1703938A8BAA6C779FC776BC2C6
                            SHA-512:C35FBA1E3A89BE23055A83A30F214718DCA86C3052A8655489FA5DF413D9765B216EE5D2AB579A4E39318B93DBA6709024620AFF901A56CE5900DAD2A84309A8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FejCdzl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1357526
                            Entropy (8bit):7.195573543879882
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJD:knw9oUUEEDl37jcmWH/IM2JD
                            MD5:61179A9D3F3A8ADCCAE4B28A0FD3A539
                            SHA1:E6E49B09C283B898F375D0A5A89E16F7820B79A2
                            SHA-256:6BAC63208EFC87B33300446AA9D42FC606DE2726B03657D58C2C91C3B4E4EC04
                            SHA-512:461C064AD28630582FEA00BE5A0B908BFB4A373410E7C37E6ABE3CFE4DABE7C7CE3F4D7DB117829AEA0AD6F4749CF5468BE6310238F93ABAB69C2D05FD8EAC5F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FgKqoCT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1404078
                            Entropy (8bit):7.163992714151415
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPHn:knw9oUUEEDl37jcmWH/IM2PHn
                            MD5:0D16036861E3DAFCFBC3EE7C7D30DB28
                            SHA1:E9A855C9061FF1E8D185D281440787B3A595B098
                            SHA-256:E5CE97AD5C48820E1987549910F616B9E1DC535ADB09844E604CF8B7043D4443
                            SHA-512:BD3B10E626CDD81FD6BFB3EFAC82F2DB44A72056D6B039A8A5EC43F57B376B481C5E6C0E321CE9CEAAE20A0F0D9C24C9F9B14A0002BE35901C19A37CF0209247
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FhlszaQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1352719
                            Entropy (8bit):7.1989088465767
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRF:knw9oUUEEDl37jcmWH/IM2F
                            MD5:F10FFEE57AD2427923992444F0BDBD8F
                            SHA1:63FBE756DEA391D91400167A66F61E0D58C354E9
                            SHA-256:178ADE91185FF000A1486014D29ECA5436F4FB09ABE9B732C8EDCE15C0D51A84
                            SHA-512:B253C95E6FEF3772B4197BC6F9C3D97494ED510DE0B9F92A1A16479A307B00B57E6695F54C0F57B545D6E9939D143E5D4307F52E509CDCC2D80466764E80946A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FpKaoqH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1396994
                            Entropy (8bit):7.168710138318575
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVBeyG:knw9oUUEEDl37jcmWH/IM2VBK
                            MD5:C72F97339129EE26A68D137B2829B776
                            SHA1:3B036E5E86E2EB406F0A682D8D26399E85ED6618
                            SHA-256:AED1C57BE79FC61BAC98ECB395B2AB1F8714415F588DD45E6841AD63C551AFE5
                            SHA-512:30D719318169A369E9878DEAC1E30092DA8CA9B13B4CFD566FC789E64B31E0C42B3E8706BAF8F8156CFD1161B963AE27B17CB8B60DD921DEC4EBAA6A8260A100
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\FvcymNb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1387633
                            Entropy (8bit):7.174981497177379
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1UB:knw9oUUEEDl37jcmWH/IM21y
                            MD5:66805CE6F7A7266A6AC6F3602DA47E35
                            SHA1:FCA377CFE9ED431DEC5BB4D9069F8703921375DB
                            SHA-256:19060A5CBA5DDFB5FE2092D8DE979E1AC6DF2910198E9774C6DF74C54092C7EB
                            SHA-512:9BB9577F44E98DA49D822F90B86F8325C8575116525C4962BE0D9CF842AEB69F16085D52E21DEF2631F91F793D2DF76459284EB4C2118E673D49DFB5DB7F9BB3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GEIpOYd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1356767
                            Entropy (8bit):7.196089861018499
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9Y:knw9oUUEEDl37jcmWH/IM2W
                            MD5:CED76404331D52E6BF74B28AB1C4F6AD
                            SHA1:886B3833F41E78B10D9DBB79AB79D577060F0ED9
                            SHA-256:F5A3C46D857C5B120AD8B237F1A6923335831A82899DEDF91361DDC14C06DCDC
                            SHA-512:827C8CC4C349512F9590107AC5A654DFB3E62F981624BE0579D55931562DF233741F76E2ADE6062949F89BB1AD44D9F9BCD01FCB5034B4E742AA8097FDC4CB59
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GGwjxCd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1333744
                            Entropy (8bit):7.212239205509502
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR80:knw9oUUEEDl37jcmWH/IM2x
                            MD5:74E0A6B69B4E777DE65DCCAAA5D715B7
                            SHA1:A2A247AD0E24C6B72E879523D532AA1164C04C8D
                            SHA-256:60CCC674D93D0EFBCEB089299BAC91DCD06146DC8C2966D5CFF36E02161F8321
                            SHA-512:4D2CE74D2BA9A00DD404B568359F70EB5C7E4D78BF84953F29B6EACC311080242EF087225DE99C7F447D95059126EA5F1D1EBFFF968835D2369100094F86B814
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GMzJhGN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1368911
                            Entropy (8bit):7.1877163207963655
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRmaQ:knw9oUUEEDl37jcmWH/IM2m
                            MD5:EE6E66D64ECE56987B1A922B5D0DE541
                            SHA1:5084A82B0147B184FFD3BE87666A94FDC6616335
                            SHA-256:41C7AAC85B674DA33CEDC871B4DE04B161CD0A38A5B82A30A80C3A14AFCA5B12
                            SHA-512:F4D9FBB58DF80325933593B4513223DFA5C5863E88F337DC5B86FF35A23B15F8885C45A57FC2ABDC258C7DBEECB8D0C7EC7975A1306491C1EC6A07B7B9EF9EAD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GQbhKtv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1384597
                            Entropy (8bit):7.177015275630051
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjdC:knw9oUUEEDl37jcmWH/IM2RC
                            MD5:AD7642717800E93AC42B092BE5C7DE07
                            SHA1:A810A02AAAFAF596DD0C355FD08FB1D424623E40
                            SHA-256:03E0CC3C0CDB5A02647FB30181C1C90A380C92FDD286B1753A6A82FC26E9C2F6
                            SHA-512:A52FA858BB63E61416876A4D6E45F40570CCC476F33064C354D315D2C96F9D2FC99F68F36BC95E6852AAB628B236ED8314C09D24A20857F22AEF4665027864C6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GSZfKir.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1338045
                            Entropy (8bit):7.209195901906823
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRY:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:EA1BD6355E84AB3C218FA10ADD4C47FD
                            SHA1:C1FE5C8C0641F1C90D9115D2C2C45AEDBF009172
                            SHA-256:EEB8B3256A12BDABBF9E93558C6F8FDEFBD7619FA093A7BF96FA70AFAA6E1115
                            SHA-512:15A81730B6CF4A402AC40191A2F6395203D60FCED1EE12F5FA6139240903AE2CFFA1A1752727A7B4058A505FE23AA67FF175E9BF70CEC08205920A9C9AB5C630
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GclqrUY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1360309
                            Entropy (8bit):7.193651246936337
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRyBB:knw9oUUEEDl37jcmWH/IM2yT
                            MD5:AB4DCAB411A431F244C91902330689B7
                            SHA1:17DC1664E7CEA6369F64D1F056CCAE2F77FC853F
                            SHA-256:BE9A33F93E3A2D9BF371B44409D76A480AC9671D6FEA0D3B6182879790DEDB5E
                            SHA-512:9BAD403D61DDE4B482FE35827024B70A272B1E05F48A158EA62E2DA18174E3D49CE607A3099C008AE69A6B7FAE6F499A5863B414C04B46D70C0B4DED3A5C69AD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\GlEZGgb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1413186
                            Entropy (8bit):7.157973570929604
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3tbJG:knw9oUUEEDl37jcmWH/IM2pQ
                            MD5:06046B67BC383083EC7ACB688D68B43E
                            SHA1:2486857994E05CA99E0EE11A3812AFDAF2BF0458
                            SHA-256:A1A01FB6849365F38B04F54F6BF0E3DE7CC8528A83102FA670877C78B199FF96
                            SHA-512:D925DEE3A7EF4CAEF7B24FB14752C958883DCA91740C2616E702DAC3433EFDE668FB932C1E5696CEB50A8DFD1BE19B9AC6130B877547E9D7E07E34A78BE29E94
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HJHKyUH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1379790
                            Entropy (8bit):7.180299110698434
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRX0:knw9oUUEEDl37jcmWH/IM2X0
                            MD5:3B08265A5CDAA4B5122DD48D4AEEF702
                            SHA1:6430E5CDAEAA92FA40CEE2E43C85D23F076D8DBD
                            SHA-256:D266AACE9E94DFB11609ED0ACEC9B9ABA7CA9453DC08D9EF7C7274FED9EB0709
                            SHA-512:B16E0B4DEF3EFA6D1FF09CE2EE32B83C7C3FAA7F91A66C96F0AD5EDF0606DBF5AD72451A5CE4EE464ADC1CB9706990D3197BD0002A67A57D16813CBEB331735D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HJXSYZw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1329190
                            Entropy (8bit):7.215478115816835
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRy:knw9oUUEEDl37jcmWH/IM2y
                            MD5:C8E70BFCEE493AA15359C866BFB8F9F4
                            SHA1:F3BE2443804B7CE759C3BB08F32F584FAA2B0D07
                            SHA-256:FB140AA1C0723BE006FF779D5D116A8B4AA3B920D8847C1B32E18D7E7414FAEC
                            SHA-512:548D90CF6AFC5185B604514AF4CFDCB3A417AA15E34190B4D3533DF8EE6A2C748F495616E59F344FA6E8BDFE682253FE4A09B1D9D27AC619E1079197A6C7F542
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HKkeYCO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1415463
                            Entropy (8bit):7.156449076154367
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR53j:knw9oUUEEDl37jcmWH/IM253j
                            MD5:EA40B0A2EA51C42EF55E6BFF106A5EF1
                            SHA1:90D39DF2FD28CF6B92B1E5A98B8222D89E16AEA1
                            SHA-256:BD72789C6527FED1DB8E24787972EDB1D0EBE324677F533CE7E5AA3DD5D0A2A6
                            SHA-512:7C953FA3B92E2F8700C755E5FCEC47C829DD72315E9121C975A4D582C49814F2AE3245D57E87E3AC6C2AD009D709BEC5B193E37C4F797357DD1ABA0C6B9F2AD1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HPQHWRf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1362080
                            Entropy (8bit):7.192416374712484
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRX6:knw9oUUEEDl37jcmWH/IM2X6
                            MD5:C3361031AFD53A7DA0C8204B167CAE26
                            SHA1:809D1DAAFFEC3D73153B249FEE9EAC0E697A5169
                            SHA-256:EE43636856629165508B386CE4FFC98F2699FE50903D3F666E6F385AA770C529
                            SHA-512:51D0AA764EB6AB80F99FD375079812D18B7D905C3EACAFAFE7845C309A2FE3A1942A2A844AB22001619902CD4E6372BDE407C78CDE40BD47952C24CFF80BE510
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HWVrnQY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1394970
                            Entropy (8bit):7.170062840468088
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPrP6:knw9oUUEEDl37jcmWH/IM2W
                            MD5:A6315E82091C2D7A7152B14C5A111B55
                            SHA1:065BB847AB82B845CD05D1D6A6D0353E52D95B79
                            SHA-256:CA1FEBABA78548199C9D9E3D8FF6BAEAFAD9EBCB9BBAC6E585D47A926E2F311B
                            SHA-512:A0EA64622F91A248A7914A6BCFA4A27D489DB48EE94EC386F8E2148CC39B9BFE23C2648AAB9E2D1539C3E3BB48635BCF4B2393626C4BCECCE560C4ECB9508EC1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HbtcKta.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1386874
                            Entropy (8bit):7.175502561341935
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRSB:knw9oUUEEDl37jcmWH/IM2s
                            MD5:4B313BC0F5BEF4BAE00DF10F9B6F800F
                            SHA1:AD2881A31A816E9862298E3A357F3CA6BFBB2BEA
                            SHA-256:C65C7916AAD4EBFC0ACD9053DA782A0294252DBC6D9ABB4090161512913AE35F
                            SHA-512:729F4B7F78876EDC19BFE1BE48709CBD93DCB25BFB1D751E937A6980AD1DA0D132C300B90B0AE2B1ED99356AD90D1E38DA9DF5555510E06C5CC1921C6095067F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HmxqcfL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1415716
                            Entropy (8bit):7.156311784095855
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjBDo:knw9oUUEEDl37jcmWH/IM2je
                            MD5:BA72D4AAD9AE7D4772F03DBA133D8CBF
                            SHA1:C210561936EB9A9FC49C3A51ADCB6861C59122FD
                            SHA-256:FA7952F54B939B14B0450FED474D994BADCE4542B2BACD43D235A9DF17433C76
                            SHA-512:36987E2684B0EFFC152F50483E0F5B0E3362EBDF954FB3AE64E01FEF868617FBF4ADFDD1A36A6200507E69DECC1BA4E5406E83ED4AA222E252100D517510BDBE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\HnFkqxU.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1374477
                            Entropy (8bit):7.183894947901112
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRsvTl:knw9oUUEEDl37jcmWH/IM22
                            MD5:F38BDC0CE305ED01F89C59F2D5763183
                            SHA1:D2DC6CB0069BC991E2D3F3BEF0B99AB9D88AF078
                            SHA-256:77D07A0366FD10A59419DBB9794BB2B3788B52A63251064EEF1A730CF71968B7
                            SHA-512:3616B9BF33FF7880B00307B66D896B42C7B3770732A44BB6621E7252C8BC779409956B3675D03CA222D842CCA49754974CDC2836091FFB2C0459F609E4759559
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\IFmsxdu.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1353731
                            Entropy (8bit):7.198199345016729
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRHB:knw9oUUEEDl37jcmWH/IM2h
                            MD5:8E7F5AC64BB0B2DD2FE86229E5D2096C
                            SHA1:D18723E0FE5C98DECF8B31C24122127FFC4E85FB
                            SHA-256:C6AFBA63EF63F2D23B6CF62CB1C6F1E741200B09B34D396CB10864E023527B66
                            SHA-512:106319CC075CE434F7D916280EC15C7CCBF7AE673805E6545731D17CDE53E789EB7703C17AF9DD400F38543850B9EAE0E90A1717B311B60F9EC72E7DCD618DBF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\IUOOQRj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1351960
                            Entropy (8bit):7.1994328549493645
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRS:knw9oUUEEDl37jcmWH/IM2S
                            MD5:CA7407D8F168D918445E77671D0F6EF2
                            SHA1:E003E912929EB384DB5F21FD335F61FEF49DF4D3
                            SHA-256:138A718619FFDC5D8ED03006FD7B3DFEFF5D17F7FA141A9D96719F14C299F6F9
                            SHA-512:D5F111CF7541A6F2523CD69FF92F3AAE0515B517E3ABB4E2565621426AC0CACC942E4790F542CF22826D139ED3539D50C42A63A3EA9D3E325DCC0AE6AA065B6E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\Jtfotww.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1410909
                            Entropy (8bit):7.159459588685892
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRF:knw9oUUEEDl37jcmWH/IM2F
                            MD5:1E463D9FD249D27E1A97BC005B8DA0F5
                            SHA1:74F028E5FFCF59F67C8BF60DD31B9231BFCD900D
                            SHA-256:E4E14CB90071AD6DCC934A35E8BA93975E87C10D08A3A27073BD3594334B9D2C
                            SHA-512:4974351156A6F586E3579934C9EC3662E19AB9667811E984BDDF6F7F78390D849E0213648075C5D442054D4707D39279B3D13D9A78BF12016241140BA570BC40
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\KTkxDDL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1407873
                            Entropy (8bit):7.161473357937885
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRlIt21jd0u:knw9oUUEEDl37jcmWH/IM2Aqh3
                            MD5:1B28238244BB7CB2F7E540B477759B9A
                            SHA1:2362022EEC8581635979855EB9A7159C0B5C169D
                            SHA-256:550951F31BC03FC29DA3205217FDFC58759B07EEBCDA8810CB4266087FF19E19
                            SHA-512:81E36DE3E26B83899CB3FA7BE77EE7ACBDC58332017AC19345A1911274A31C3A71899C44CF87887DA5E3F9D7F9183062DEDAAEF3EE403C5ED343A09860D9FA24
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\KcRJXPZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1372453
                            Entropy (8bit):7.185291514071084
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRME6pht:knw9oUUEEDl37jcmWH/IM2z2r
                            MD5:4E6BAD9AB0976DB9F38FEEF44148390D
                            SHA1:279914A74C3E8ED9BF6C1483177042547B14961C
                            SHA-256:C2A4B587692AB8FA4B772E169F333163690CA1264237F4845910B7F20BF740E4
                            SHA-512:AC177F0C955CF06581128CF09AE03B11E0F387AA6D72B95457377F9ED06C987BAB81F53EB81947D5E8DE74C54EB74922CD803B33FAD61F7A6A2907EDD5D7F191
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\KknUyhA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1341081
                            Entropy (8bit):7.2070628124570035
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR/6:knw9oUUEEDl37jcmWH/IM2S
                            MD5:B3603CBCC0051569A873FC025B64C052
                            SHA1:967197B9D2BEDC9078DAD1B9D80264AAC6158932
                            SHA-256:2BF18C964D23CB682C856FF77B152E97FE0CF5382C260B1BB49848009A04811A
                            SHA-512:51272C2B5E6065AA780D5FE1FB692AF0C20DC97D64B8DFFFC36B668CE7F3F8E9392986FC276A728B3C70B5A2EE4817588FC66A825795ED9544B85C0489AEC886
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\KpKSjOq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1377260
                            Entropy (8bit):7.182013569313088
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR7yK:knw9oUUEEDl37jcmWH/IM2uK
                            MD5:E0EF9D04A0BDB2C919F0A7FCA153EE19
                            SHA1:E36A18E233BBF1D3F0BD37E807CDBC2C5A41F03D
                            SHA-256:2DA00BB835DAA532A066814FC17DB799E31008A3DEF6A318B4F1E45DD03CA674
                            SHA-512:76D942703FA33488E5286C0F7FA2FE8D35A0DB7CBCB0F131A4F010B32D053834383966B87BAFA630B371DE00AFDF70FFD593038A09382FEE5A45BFCC5BC7AB10
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\KwHrtOt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1400030
                            Entropy (8bit):7.166687071433268
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRWOh:knw9oUUEEDl37jcmWH/IM2ph
                            MD5:1BF5D06826F0F4147468FC736CFAC309
                            SHA1:FDED14B0D185A5D0F50CA4DA8CB910A6A11E77F6
                            SHA-256:A6AF2FF9A2FB5E374EE0DEE7395C20BEACF343FE9887E9D23502BFDF8F8E3002
                            SHA-512:AC9D6FEFEDFD2C5489D9B4C9601FD0A88EEEDFFA4093433C4C52FBE0BCF3416CA905700D371A250527D7A9F9B59E4336460B4C8AEE3DC805CB690EE123509B79
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LQcSNEY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1396235
                            Entropy (8bit):7.1692166123630106
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRB0SB:knw9oUUEEDl37jcmWH/IM2b
                            MD5:6EBBC42CABB79BEB42CE1A0D0894D1F0
                            SHA1:54962617A63745E2EA8D52A4F8B23D6B28EA2F68
                            SHA-256:DC2919122A35D028C7E3B3BB95326F14222D7ADE715D9D18DF8300D939E8E83D
                            SHA-512:70C3510BE5106B8125BFD58574E7EEBC7E7CED2A6E69D712854D1BA1DC7DF45C5AFA3B48551C437307F4686D39AF5F5301726A96EA761C8D4B6F02D64272EA9C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LVOAoyf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1352466
                            Entropy (8bit):7.199081455299973
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRdi:knw9oUUEEDl37jcmWH/IM2A
                            MD5:16E10CEE8F729B8B7632DCAB4F4E3524
                            SHA1:C5247FEADE49B8E0D0C7B0F7DB8D84E3A5B02A12
                            SHA-256:DFD782F44FE69F19AD5BC94FE4DB4F673E92B6CC60AEAE352FAF191330CCCCCC
                            SHA-512:3EBF8DA9BE8F71D9EE7361BE8053081193DC2C3DE45A16724B9A964CF8A8D5DFDC808FC5A5E6FA635C11E5516075E79363E32124B7350956980C46A5AF519895
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LViLDgE.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1356514
                            Entropy (8bit):7.196278318163743
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRIha:knw9oUUEEDl37jcmWH/IM2Ic
                            MD5:9EDA1065342FD642D2F431BC3902C710
                            SHA1:3D2B9DF7EA8D1AC4C6128A3939875D65A662E262
                            SHA-256:74742649A87A3DE7098B33BD1B57283369C045AA8917A44C1FAFB0618863CDFE
                            SHA-512:5D688AD79A44C774B6499BAB8DEE14A272F8E85D2147C2C6B6C9D100A22CCC1093FBDD298682C962EF0606A6F9C5E4E7EF368D5EFA943980D17913D07F27C965
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LalIpAN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1359044
                            Entropy (8bit):7.194512455984537
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRHy7e:knw9oUUEEDl37jcmWH/IM2Ce
                            MD5:EC088CB4584481EEDC4763E3CF9BBFB3
                            SHA1:17870B973DF5AB4E104A4775A5A1215554813AFE
                            SHA-256:F4C9171DA30950F7B0A201202F5DAF66C33523FE3F84FA1B008DB5F12CCC5EA4
                            SHA-512:3CC0814AD08BC092A6861F607A7A91EFA5D9E43695CDBF4FFE189F21ADF1DE569A83B1684AF378BB1AEE6292E7ABA014E1229D9696D54402B31F0D7283ACBF6B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LccHBBJ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1399524
                            Entropy (8bit):7.167008015290093
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0fIC:knw9oUUEEDl37jcmWH/IM20h
                            MD5:0600AD5400A6013710D4B24919E824A0
                            SHA1:2BB1BEE8C3E7DEEE549A6838DF4576CA6463755E
                            SHA-256:EDFA19912809953904A718F6677C46BD50A4ADF6B0161CE1DFCCA09C200D8B9E
                            SHA-512:EFEA8BFB5EC11537D321241F9BD77B17C786FCFE28EF1A551769D0C3051455BBC741553092441BA51069606D18ADB9190B7B9A15C591516445C512FBA83F4AFF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\LoQJpKn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1361827
                            Entropy (8bit):7.192595721215848
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8E12:knw9oUUEEDl37jcmWH/IM272
                            MD5:CE47F4A09C5CFAF6D654BD73C8A6FB39
                            SHA1:ABA5A3865DB48CDD18127A03BAD264F6AA500125
                            SHA-256:49F91BDA502AA64151DE7FF9852326B92640362F0C5AF5A8D40279F06DDCD11C
                            SHA-512:7AFD35EC8C9BD56228EFECD45B66E2A721C150918BC8CA2B6468ED92E2F4835DE9A9690A9E8B937E62E426FF68463546987D550AB95A0EEF189A30CBB8E5E1AC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MGzbrnO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1364357
                            Entropy (8bit):7.190856185376357
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRX:knw9oUUEEDl37jcmWH/IM2X
                            MD5:8C0146C805C9CD743F15AC13D02795C8
                            SHA1:45AAFC2E8876FE0AC9A7DA620C2507764C85A17E
                            SHA-256:DC38D95C132F52FF1BDE9D5836EDEBA2DF5FB5C50368535A5FD0C74F9749D42E
                            SHA-512:1CCBCB5AD798D8341F2B4907B58B705DC61ACDDDB2083F559714F92364D1778EB4B95D50C4F3C9E9DDB2EFEE3BE76A33974E9A80248937D0CBE6673CD79B2CD1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MHLbrud.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1361068
                            Entropy (8bit):7.1931155096331825
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqM:knw9oUUEEDl37jcmWH/IM2Z
                            MD5:364099741ABA5E68917EF62CBEB8190F
                            SHA1:C7391ADED960820EC85E6B104907B57CCA0A0CBF
                            SHA-256:2CE2F47E4B6FE0EB278218FB6F14607C41F88BFDAC7927961CD89FCC7ACA9AEE
                            SHA-512:26A79DB0C9E23D466F3C9D108D4BFAFC5638FC8750262B1293067E8087D69B778FD1B5951E49B429C9C91F0148F562C71C2C21677AE69AFB0CC885BAB9E67F68
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MSMdCif.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1369670
                            Entropy (8bit):7.187193053641685
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPo/:knw9oUUEEDl37jcmWH/IM2Pe
                            MD5:523E828D397CECD00124BB9575604638
                            SHA1:590449E10A284B29280593708C7E794E2B4522AA
                            SHA-256:EB848A056F09F1089479485B9BFDDFF8FAFE1CDEBC68C6017F7110231A373501
                            SHA-512:A5ECEA9AF8811A07FA0573D983855129942FBF9061013DC2F576A25E9715DECCB52CDE15B187503A469E6B17364CCFBEA9CC12C46DDB89B1F6D028536F355797
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MjTkVAq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1350442
                            Entropy (8bit):7.200500619443641
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRC/O:knw9oUUEEDl37jcmWH/IM2C/O
                            MD5:36389854D241501202ABFD2D0F1C8457
                            SHA1:3B29EE59084EA6B4AC8E5C144C67B96F2308AAF2
                            SHA-256:F5F8C5337A009D42F9682FC3E951F7AA8FB58BF522E4203A108FB833316D20C2
                            SHA-512:9258262930390569F23B98AE971A3151C0D67DCDD6D7203910EC9AB92731F35958E6729C79ABBA73C5F8428AD7CD72198B123D74AFCBE357FFB21AA489E83C35
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MnoIUSg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1406355
                            Entropy (8bit):7.1624805662508875
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6BG:knw9oUUEEDl37jcmWH/IM26s
                            MD5:AA005DE543201D088C9A9879AA7788E4
                            SHA1:6E187F9A3A769E7E4EB983CF6F1551A71E0E0E6E
                            SHA-256:EE7BB4EAE81E9856E48BC9EFC6E6ACE071CFD0A500112EF906899FCAE5F4E8C7
                            SHA-512:708106E8A948F33F69D0769413DCA6F227A3D1FDC3B1CDF14E1449E0440B13EE1D9AE2FDA28A458014732C60DD1765CB0D2959AAC7F1353E0A367EF3D8D36105
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MpWfXty.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1343105
                            Entropy (8bit):7.205620172406534
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQhW:knw9oUUEEDl37jcmWH/IM23
                            MD5:BDEAC0DDC1F3751E259EADCF22789109
                            SHA1:525E007D6E7BB1A4ED456426597B00A1F5DD01BF
                            SHA-256:38CD29BB9F9DC59ECB1F2647F5ADA29B79A40FAA1F305B3B1A504D09A16041E9
                            SHA-512:565BFBE600D39F26762A953ED692E963357650249742ED40BC5A1E29D912701F772BEA47E349ADDB2CF6EE9510442B0E522C255FAF5DB0CFD1B302DC593A9033
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\MqKVuGv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1366381
                            Entropy (8bit):7.189452387449827
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqp:knw9oUUEEDl37jcmWH/IM2s
                            MD5:0FD60CA2FD73D4B21BF06BEEE4E46129
                            SHA1:4D37C1DBB7AF27D01BB2BE48C8CB66DC1A8FE676
                            SHA-256:7D08C1796E5276AD9BF4DEE6316BABD68828DE43D64DB1D7444DDDFFE2BBA074
                            SHA-512:4EC000DFBA142663B971E17B20A6D77AE6D00E19536EF1C4230176322323C1E72A93E4DC764EB8664B2F4C92D67E414AC58492BA6CF8D8ED4611C422D713CB95
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NARJDKG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1342852
                            Entropy (8bit):7.205808733646874
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0+:knw9oUUEEDl37jcmWH/IM20+
                            MD5:13D03D75D18BC895FD35FF73F623FFDA
                            SHA1:6080293FC20FE8D1E149ACE72C6B988EC09DDD80
                            SHA-256:FEDD3D89D60ECDE0126500BB7F7F6C4721700BD350F9941773CE2DBB6B43959E
                            SHA-512:84462367C12FA545DC8BF446BD401E6AA70EB29E1BF9653D2F3BBE817DF8FEA2C5232ABC8B28EBB159CBBAFD158E0142D4E50251DFADC0F954EC54CBD24B72DA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NKHpvXf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1344623
                            Entropy (8bit):7.2045730351292745
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1/H:knw9oUUEEDl37jcmWH/IM25
                            MD5:4AD028B90C165938C67B75FE762CFD67
                            SHA1:EBC119677A19739516DE2A91DA8DFF0324D72A13
                            SHA-256:E89D849F9D58F8A4942A9B425CBB89BD91C553DB32DAF6E0364E1C41442C9F23
                            SHA-512:38D0DAACA06883CA3B1219E358FE423E8C05A7BCB7FBA1CBB58B8068370F257211720113D37E05C7B9DE6C8DF398C16CAE87E4BCB9B32BF2238F721B055C3963
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NOZziQl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1362586
                            Entropy (8bit):7.192076589718159
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtW:knw9oUUEEDl37jcmWH/IM2c
                            MD5:B299D9F1D83465617E9BAE7104972B46
                            SHA1:ED773EDBF7D01DDCF3225F4DA894DDD91E57AB7B
                            SHA-256:20850ECC5728232E92EEEA86180588DBB2AC8D0A722116F94DFFD89728ECCCFD
                            SHA-512:F4BDE0271D12DB9FA51295AA7687C9319675B81B373A2BABC7A087A9BF8137C44DC08FE828B8A5A9DBCCB4D4D27262F595A667609464D89BC34844BE30969AF2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NREQyWy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1356261
                            Entropy (8bit):7.19644037330414
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPPv:knw9oUUEEDl37jcmWH/IM2P
                            MD5:0C9FE560076480BA2CAD0E8400D6DD64
                            SHA1:E298CBC5E76EA85592AADCE9D1AEA3F8B73FBEB0
                            SHA-256:630CEB1B42FE73BF89BAAF9CFFE5F2D86D665A541F2EAE71CB7FA44CA956DCE1
                            SHA-512:85A9920A8D4276E058C07FC7F89EB07B9E89C6A72E8402C8B2873F6AEFDA55BD433A226AD11C98DDD8EDAAAB1D04CF29B901E52A034F1D92322566971035509E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NUQghJW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1321853
                            Entropy (8bit):7.22071858399973
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW:knw9oUUEEDl37jcmWH/IM2W
                            MD5:D95F7A764C614A60B96EACFB55174C3D
                            SHA1:D4AFE0924C65AFA8E346C986792D7E44ABCE1BBD
                            SHA-256:E4FD6468D16E3B1033CE66E866CC6ABA7B56A7A8BBFA78783F9958EC1ED4B837
                            SHA-512:7C6B789FE788BA1203872C9EE21FECEB21E13C15EC6BC751C85C0F07D5774671D8DFE8485CFFC84D50BA80DDC37B7D4D322CDB81D53B75091DADDBECA543E327
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NaIzQZQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1324130
                            Entropy (8bit):7.219088754425281
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRp:knw9oUUEEDl37jcmWH/IM2p
                            MD5:1133A34B13F4DABFDDF454C6F7FC7110
                            SHA1:E050451CA03CF59170B5DC426FECDFADD8416DD2
                            SHA-256:824AE7A913D3F1834DFE109080B95952D2153D98480E73D6F6EBF458C8B73945
                            SHA-512:3A8303EF898C97E002286C92D3288F901FD150BE9495A8117D3BDFF27AA3F9124CBD7F82DC6995DD18308CA1AD7A3D43E3E5BE38DD160A67747316D11A41AF43
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NbfFUBN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1383838
                            Entropy (8bit):7.177541119916581
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPKjJ:knw9oUUEEDl37jcmWH/IM2u
                            MD5:FD43FF905C9CA04DEBDB335A4A4B5631
                            SHA1:9230CFEAFC0010BC324E79A812DFEEEDEE4A0DB6
                            SHA-256:783DAE8DB89A2E571CEA175D256BC6B63C9D232BD43868AE95DF18E25174C1CF
                            SHA-512:B1DEEDD55AE0BBCF1DB2EAE69723B9F45F3AFD9609C4035BB9C940D4A41B73E26DB22E28D39B65ECE1B102BA98A8397AA331B9069173D9DF8F7787F61D7C4B38
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NeDxvFE.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1384344
                            Entropy (8bit):7.177203166852833
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRrLFR4I:knw9oUUEEDl37jcmWH/IM2VKI
                            MD5:E1D5857AEF7EC367402B91558D04C722
                            SHA1:BD7F050145C44E09481D82F7A883E2FA35F75FE8
                            SHA-256:06C48AAB6A9FFF8B35A87895386FCCB36444D79C595936C8063C26BBEBE8141F
                            SHA-512:FF3B6F47BDD9F734E6B10895F43E0E93446DC66FE866BC9A88EADEFE4050C729036AD2F525DA003C0C0348DF356297D93D6352E918098C26E7DA6233DF46C96F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NismUEF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1389404
                            Entropy (8bit):7.173788342707496
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRnU9LP:knw9oUUEEDl37jcmWH/IM2U9
                            MD5:70D5FF0133E9C34B10423145D3EA27A9
                            SHA1:DED74F5CA2133CD8F49FE3323E0EEF4B6B6A1BA7
                            SHA-256:FCB6DD45430210B901F087B73F587D817DF59D64DC7DEAACAC7E1935DA5A9129
                            SHA-512:CF1B31FD85627F8C52C7FE3BF93F8AAB528EE854CC2D763AE1C6098F3684FBFB55949D1D5453D604FBBCB406E5BA67922C15A5AAE5925F2A298894D488F89591
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\Njsquvm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1346647
                            Entropy (8bit):7.203159069731505
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjQ:knw9oUUEEDl37jcmWH/IM2jQ
                            MD5:B03A5741CF50B43AA072F79D0D2D63AC
                            SHA1:F9774F8AD145CDCA3F6593D7F6384FAE62990FB3
                            SHA-256:D91EE4C662DCCA76A84E0EA11500688E8E967D2654DF3C1161A4DBD8B6092053
                            SHA-512:9F68FA15EBE91436077DA4A515E2FA510175AFF6FDDC3C91F57BAE5C6ABFF42E4D77179A57E2198245F612A55BDDC17F384C268A7E554023BD92BB1109036CA6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NmGXkLf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1335515
                            Entropy (8bit):7.210983694238977
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRj:knw9oUUEEDl37jcmWH/IM2j
                            MD5:ABBC4D14EE1B595E9F5D042198C4401E
                            SHA1:03C44EE1622297D27A6D7231C3A0D321D411C31F
                            SHA-256:F003E92DDF8A02693927798359699326C2BA1D82E6AC2E2C7D67D1409B6BF582
                            SHA-512:1DAC2DBF23F3D04A579C7C9326854E0C6E22803910283F062BD7747EBAECB47F4CFA48163BFA258052ED2768747C2835BCA755A17E3B4927F932A0C87BCEE14A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NqtVQAf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1374983
                            Entropy (8bit):7.183566659960319
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR+9c:knw9oUUEEDl37jcmWH/IM2+y
                            MD5:B8BBCCAE3CD04FF3E092563356D0214D
                            SHA1:74B89BBCA240B2B21F905BCC7AAEE0229BBA6273
                            SHA-256:E6FE3F3C756A23699938D65AE750AAED1093757D232DCF05D6D824466C71DD3B
                            SHA-512:4FF08927C75AB2996690AA3DA7121785716E1F3D37166A9BACA15A9245D18401D885F50668B89414F79EE78584987051C1EF142DAE7973C5C5172B42D744100A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NugSADC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1399018
                            Entropy (8bit):7.167366406531104
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDf:knw9oUUEEDl37jcmWH/IM2z
                            MD5:EE159B40F7B0228C6883D74B573E5984
                            SHA1:548AF469FC8D5A3B1C83021C94C022101AC17DAB
                            SHA-256:BA5E00EE49B487364110081F133CC96E0FFF36A6EA3743743200BECB4D2478F2
                            SHA-512:FE154957E1E0CEBF3975FB7A3EA1FC7611152BC1A582CEB17DF632C228ABB0CAA074DCE6CDCC93D18104AC890A9FF2D8434DD7CCC345FEB353E560DF23B8A09F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NyQTRVw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1320335
                            Entropy (8bit):7.221809357583982
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRX:knw9oUUEEDl37jcmWH/IM2X
                            MD5:12E125FB6F7305BDF82D3821C85F46FE
                            SHA1:8F2D0441EAF435B77C9AB776934F006B357B6637
                            SHA-256:EBDABA5E04B19463EA0DAB5243B9DDEC02C6C0C82736D1F758795B999F6F72C7
                            SHA-512:1502F43558CC568C77C91DCE55C0AA3979B42063B36E0B391342E8B178FC5E8B804FA56B014E983C39BB34F790A8F17753EDB97624464FB12B07388067962570
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\NyaqMPu.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1374224
                            Entropy (8bit):7.184086597148004
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9Wh:knw9oUUEEDl37jcmWH/IM2wh
                            MD5:274FB0FD21B9A8225733176DB17EF373
                            SHA1:94438262E10CBB84FAB57D6CC7735E2FF4550C66
                            SHA-256:D9B9F7CB4DC61908B668B7AF024A623B7BE04246E2C6F0E2FC14D3E6D1EEFCF1
                            SHA-512:32E8DE24788666BC048295F4291F5F68F62EE04C1425E0194E57DE2CA6DBBF5DA5952A736B27CA6D58FCA501B2BF68E78E75D1918986ED81CDB0E2DED96A6ACD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ODcBTbU.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1321347
                            Entropy (8bit):7.221083625352795
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQ:knw9oUUEEDl37jcmWH/IM2Q
                            MD5:97CEF20B23DEE540F43EEB5A26712E57
                            SHA1:055355E02E670B9904DC65BE485F7E895210812C
                            SHA-256:D98AE8E70904EC448A6782187CCD055FDFF5BFDC4BBC4358BF4BAF0691F63B66
                            SHA-512:1E7B5C30037D59015802B17F99B6BA90BA4008E6D2E65A1D4DBB4506656FF82881C4DF81A3D73B426A6440FDAA9AB1D4C02E3D0CCA21DB52993C256B216D7000
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OEUrUQd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1363598
                            Entropy (8bit):7.19135470410363
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRK5zLj:knw9oUUEEDl37jcmWH/IM20zLj
                            MD5:79D95C3AD1B1552FAD2857626BCB719E
                            SHA1:8D76014FF2655130B766BAE90C8093B198B84BDA
                            SHA-256:027B69C7681076D32FAAC95149819271E840B6F0B86ABF305F22DE15E21DCD16
                            SHA-512:6FA8A624D30A869E8D421F4665920B2601460E66065F4083B766DC7A14CA2A156550720CF93872321CF2534B00A6F4EA84B26A23DC3D33D908729C9FA27FC594
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OHlpuMI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1411668
                            Entropy (8bit):7.158966086709157
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRS03oYk:knw9oUUEEDl37jcmWH/IM2Scjk
                            MD5:E8AA36E4751FD992ED50F44D6DEFBBAD
                            SHA1:9CC548ED8B98DFF1B5CC3447FB39A867A50F3A33
                            SHA-256:821AD9EC85919670F487432F8F3125C5C1353987930E3944888847F3ED7CF274
                            SHA-512:57A1775BFB48BC68A678833C7A0D8C4B8CEA4C03EF88949318D4B2D11DD1611E96A8B7F72FAE22B502B1DBD9EC32368D31BC7CDD7B8FD81FA0C65A4B366E2F43
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OVKsVjk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1347659
                            Entropy (8bit):7.202444812086134
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRil:knw9oUUEEDl37jcmWH/IM2g
                            MD5:2C7CD33E7E2D14870C3D7305713DA599
                            SHA1:2CC53129EA1C956928314274AB28C7075B561D7F
                            SHA-256:B8D7DF99EC83EDDCF9258B92D5505E5FF41C750D38B8587207126D0858BD83F9
                            SHA-512:33B467CC538528058DC1D241A4E6E749CAE4724567964862351B06C50EF73580416944D3ACF8886D7E8D87BDBD3A30491FEF847F30066332036DDA7A3C746B50
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OdXSJgr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1414704
                            Entropy (8bit):7.1569637019337184
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR/JC/:knw9oUUEEDl37jcmWH/IM2/s
                            MD5:7B0FB7E620D24C225D9449AEFC33845C
                            SHA1:A01B2CE009B98840992992C4FB5C89004E22E7F5
                            SHA-256:6A3E95A10C43FE9995FB1C913B209957B229614C71E4F8AD9EEC237E9686B11D
                            SHA-512:1E3DDCE71DBE6578EA9A7F03E6402802286A63BE467F18684983806540F4EC6C063F8DB28AE902BEB41DDEE1230CF4F031A6DF59BCD8FC2F39C1718727595F1B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OeidtHB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1324889
                            Entropy (8bit):7.218544099844693
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4:knw9oUUEEDl37jcmWH/IM24
                            MD5:3D178181445D102200E3FEF7332924A3
                            SHA1:A21EC6CBD2E965B1EA5C841751A17A477FF1F475
                            SHA-256:C7F0D72D90C5B976E593F43EE28BB65E8A3FEAC5E82ECBB73333E4B88B5E663E
                            SHA-512:D193B1C4FE12FE4F4BA85B4DE5350053A0DB033F421AE4EDA0954ADECFF3187EB11BAEBD90BEAE1B43828F086F97FD7FB0857D865C740A2437B02695899DF981
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\Ofjsurf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1366887
                            Entropy (8bit):7.1890964737518805
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRma:knw9oUUEEDl37jcmWH/IM21
                            MD5:4E3B460D364E73F9A19F802DDD4292B8
                            SHA1:102756EB62C42B4B07A1AFEE460423F5D34F60DE
                            SHA-256:90CC8D937CA279426614FEAC176D67EEF66BCF863201ECBB5F5AE4850D9D471E
                            SHA-512:0E6EF80F6200D60EFE0E5DF9AB62388D7BB9137654A1504BBE27F8263F80861FA50F5D9FD3446CFCCEA58FB19271F8C7DCFD51FCEC5495AC8A0E84F4A1D83C91
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\OvMacMA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1379284
                            Entropy (8bit):7.180632161228045
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9eF:knw9oUUEEDl37jcmWH/IM2s
                            MD5:6A26C9585ECDD23238775B1E07DA5C67
                            SHA1:CC39E4AD76CF65274F98BCB9AB822D314B88825B
                            SHA-256:33E9DA4B887337D154898825E09D3B02D1C971B61C5560D1B23D6671B0A5DB81
                            SHA-512:8FC6FD3CF33BCE9E51A25938164995A0D4E4F3DB3CFF28144A9BC8FC2ED671EFB7EA7ED0AA3C6A8EC4C7FF57A8EC2F8483BF194ED50FFC4EE1B4F2EF471B1FA0
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\Owwdyfl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1352213
                            Entropy (8bit):7.199249672721393
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRk:knw9oUUEEDl37jcmWH/IM2k
                            MD5:F0E7170865ABB9A137C21DF12064FA54
                            SHA1:638A44FC39E798F2EEB1F2BF90BBB45E9ED5CFF0
                            SHA-256:DB8B478F75B02DF48FCD620B74B8CE62C5C48A6D717950B557C85544D7585794
                            SHA-512:DE533A2B88C19FD7D567AC9F3C4EFF41873817FAA234EBA7C626FC293614498F946363211326BE95BE6F02901989D806BBC6E75789D95242B7A8B60129BEC5BB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\PFPbAGj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1401801
                            Entropy (8bit):7.165495781871683
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqcC:knw9oUUEEDl37jcmWH/IM2qF
                            MD5:EA11F7D3129CD44289401E337F4B5A4A
                            SHA1:09FE2AAAD14D63D5E07508FFEF7441CD87011C27
                            SHA-256:14F51E502F166935D7AEC7361F77BC4F3EC512E29B0A2DC6CE6ECC0E1F4DC4A1
                            SHA-512:70D33DE2101BE6E2C08C33CB994D71838C5D224F1EFA865A6D4C1B18285F7883B73149D52A007630ACCEDA183D525A6406FEA0A973A59759569176003D9C3C22
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\PXeZCvc.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1343358
                            Entropy (8bit):7.205451583010933
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiZ:knw9oUUEEDl37jcmWH/IM2A
                            MD5:978ED9FD18B1033AC6F268F3602F67D9
                            SHA1:7ADFF0C9B8C80D822D7996C2F5D8A06722E2A4CB
                            SHA-256:780848D7CC1A284ADC5A772FE89BFB57C456D1831568341C6B5847F3653B334E
                            SHA-512:BB523EBA3B623EC91F2AF563422800534394B733C21F892C3D0ADF19B123979E9504C82006C5911F02ABF7BBF684964B8D650C7A0441A1381B120F392DD35B9B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\PerkPVz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1326913
                            Entropy (8bit):7.217104516458408
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR2:knw9oUUEEDl37jcmWH/IM22
                            MD5:E2785C919A05874FE7FC5912059CB424
                            SHA1:592D1BC5BE8664E3328E03BCC6A83558EB2791E1
                            SHA-256:40F85586E3E53339A30B7D5BB43C6D8BB14780506E5754C249F65250C8333F61
                            SHA-512:68A71FC82F596E439C3966BF62F4F2EEB64A0A510E895CD912D03F11DA7CCF72C6683AD780E5E01DDC0F635CCF3FFA6FD488E980FFC06B8D2C15366F73DA51D4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\PsPYQIL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1357273
                            Entropy (8bit):7.1957542409977115
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9J:knw9oUUEEDl37jcmWH/IM2X
                            MD5:1AC25746FC3E5B6834C70E7AC607932E
                            SHA1:9C179649233CD1B642C31027B887EE0A82FBE25A
                            SHA-256:CA0A0E88CF5535FE788796F2DCC506D58FB400FF47CA76F135B3DBADC323217E
                            SHA-512:1B7A0FA135C0B7497E5D2B13E2BD1CE175DD26F6EDF602C78FAB5F92F2399712075B720A771C83F745CF94D9ADEA42B6C375D8725573C6BA7948776809839050
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\PveCbOn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1394717
                            Entropy (8bit):7.170225654312879
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRZGA:knw9oUUEEDl37jcmWH/IM2ZGA
                            MD5:4BC562751C99CC707639799D12CEAED9
                            SHA1:CD4485A7B806362FFAB9457725EB6034A9408371
                            SHA-256:1B7610B2D87CAFACC7EBE9BE9636A56CBC9DC4F8FB88F9198537C83D8CEA482C
                            SHA-512:3E8B03ED5E2F922FCD5E0365AC8402977312FF8AB7BD82CECE5173F33376F5E64F848E9E217400489431AA060D1397DF8FD6E9D6CE1D3F40032BA20C95704981
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\QAiGqNb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1376501
                            Entropy (8bit):7.182528087685943
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxA:knw9oUUEEDl37jcmWH/IM2K
                            MD5:3F5BC4DB5534A6DB9E1E2D07EECBAB3E
                            SHA1:64CE88A103B94A2D87A1BA0A4B3BE36E8EEA67DD
                            SHA-256:C4B89662E4251F4C3C4E01BE6C9A0716569853FC5304FA755B0B0BB09F814D3E
                            SHA-512:723ACD2134EFA4F86E3393814FCC443A571B77C105987F55B5923EBBC72C31C069FDA331B7AA7FA0D2D095E8D966B080E3F0E0C364EFD24C8950BD40584E6C64
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\QdIDwgP.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1385103
                            Entropy (8bit):7.176697278896695
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRbY0+Rc08:knw9oUUEEDl37jcmWH/IM2f
                            MD5:A025F030A669212EBC7D9690CDD01320
                            SHA1:BA757312FA2C49060197F164CC0D9052F73568F7
                            SHA-256:7FB5130BD8FEC9F7928B5B896567E791722C12EC5678AD204495A5877A962BBA
                            SHA-512:B082E39D5A2CC031744AE23F1AFB2D0946B33A49217DDBD5B1095A520C4AA43654E75F04486DCC25765D9156C9B7F081BC3803674D14529EC51614B1976349FD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\QlrrAWr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1369164
                            Entropy (8bit):7.187538322769449
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRHz9Nbxl:knw9oUUEEDl37jcmWH/IM2BNbf
                            MD5:E00E3B6E93F6254C2924BEEB9C418177
                            SHA1:23733CDDF9D6D667BCD549A57D8F3B49680875B0
                            SHA-256:4BD22D5CAEB1B422C94196B59AF89DF484F8E218993F7F35B1D882A96E988A19
                            SHA-512:3A5BD103B5250FD6E599D0B73EC0B6120333CF87FD0346DA853822ED8D1C390CBF0EEBC5A0F0DCBD558A6E9C78BB537342EFB8BEAA5DC2E2672B03010137CCAA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\QsDlHSI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1321600
                            Entropy (8bit):7.2209022373666345
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRY:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:6440CA6B59386D338C2A36B13EB0A6F7
                            SHA1:F15F7C8BF7EB99AE9D80883D225F8ACCF735C968
                            SHA-256:2A7DF276BBF75BAD8BFEE3756F22AFDDF695603B0572AFCC1B354A5374FD5B4B
                            SHA-512:04A8BE595B3B51B21BA380FD4D0A87A17721327CAB1477ADB7134F888936F0505F7D4A61EBB2E69EADE5249E525D70B02248AAACC216E917B1E4D87C4CA21925
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RCMKsbF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1333997
                            Entropy (8bit):7.212061742163065
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRR:knw9oUUEEDl37jcmWH/IM2R
                            MD5:58B9246E34B87DA35B5497E6653D5564
                            SHA1:97D69BCBC6FCA2458374634DE164B68D5358F993
                            SHA-256:A574D77A640495B1AE81C751EF72E4AE28FA778E3BCFDA4917BCC2F13BD7AC08
                            SHA-512:186C8A988D7339258E3ABEF4755728E1852719D5F14E5E9F47565FE260EB48435E7C576915EEA0D0EC4CEF961FF8139E046E574E82823F6BEA27BFDC456560DB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RCmnkEl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1409644
                            Entropy (8bit):7.160306094856677
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRo3RC:knw9oUUEEDl37jcmWH/IM2o3RC
                            MD5:0C441DD7A8B86CA2FFFF3423516BF063
                            SHA1:86EE2D5E8A68D5914717A13A0E5A4626AD37B97C
                            SHA-256:E35C8F7F5B9063A6E41D7B0FC257983E3AFC19F8F228EB472A27A73BC86AA43F
                            SHA-512:9C9B749FF5E78FA33288BB8DB1235A36A20AEB5D1ECA9B477DBAE89A9305046935E127451B871B7CDAC260283F2F9D2464BB80BEA587E029123AB1B221D6A456
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RLkhMKB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1388139
                            Entropy (8bit):7.1746475214599466
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRYrZ:knw9oUUEEDl37jcmWH/IM2Y9
                            MD5:EDAAF99EE93BEAB4EAE5ABAFDBE5144C
                            SHA1:2EC677B4FB2F497874E809CCDB5D69381FD63184
                            SHA-256:D7217AB94604EB3412F7EE190469447488C598591FE9D7C5A488242655AD935D
                            SHA-512:7B7610FED2910DBCB2F3F808BA89AC71038375AF423C8639C092ECC2170A2CE168286CE86E971CE8B933050028713DF834E6C51DD8303DA3248C0D0E122806A4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RSMPQOu.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1412680
                            Entropy (8bit):7.158325335580564
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXYBRf4BB:knw9oUUEEDl37jcmWH/IM2Is
                            MD5:744ABF1B1BB849BDB32B3680D8FF308F
                            SHA1:DDEBD579B93956168A5CCA3ABC5CE4EAFE1F4037
                            SHA-256:FBAE1311E8C003E0C9EE8E10E77CA567EED57E9F4931221117968243FDC8A633
                            SHA-512:BA9089DB2BD464C84A882BA3B0A51F0A52E4095CBC0724CA9396EAA4314E16502D62F315A024242FB0F2B6503F9E25A133350D7A9883D9247240E0047FB80AFF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RUWymnC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1413945
                            Entropy (8bit):7.15747815402447
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRKuYO:knw9oUUEEDl37jcmWH/IM2iO
                            MD5:B40C19745ED7855BADA431B09001ED91
                            SHA1:09522CBA963A8518B9603FDA9BDCE59C184658C9
                            SHA-256:1F8F5E6D21E8D86EB0F2E607A6833AD6FC3B93865539A561FCA56A55F49A4B8E
                            SHA-512:23EDBAD406955DB719252995FF1D4DC795AE6D52F2F3FD36B05FDBCC6FD98CA64E2AAB2D2671E1059E8D15B48EC5E869789E34686A98472ED91620B9A40D841F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RiXVDoR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1378525
                            Entropy (8bit):7.181152141709373
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDz:knw9oUUEEDl37jcmWH/IM2P
                            MD5:A8DEF7752567D2A51404A7EAED8A5537
                            SHA1:AC30C42C6BBD4682BF2989A412FCBD371C95E332
                            SHA-256:BD8FF224867ECF23C8B291A70A7F8AE65954E045FA79B695C5BACAB79A5DDCF9
                            SHA-512:41A622D97E9D42518D1B0883B887E9D52839FA41ED1E3D9434C362B5E4124D50F8F6B484B8FAD671BEE6DE44993A3A644C2D846F3CE5F2562600FA006895AEAF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\RrXxnLK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1348924
                            Entropy (8bit):7.201554942733331
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRL0:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:67902EDD9050637C7AFD26E8791D90DC
                            SHA1:0CE120864CEA8548D0053DFE1C4C1C80CF2A55CF
                            SHA-256:856969BB48FBBF5650AC29056CF951D938FF9A7CBC1D0C78CFC0CDA4713E7FC7
                            SHA-512:71AAC29083430D05FACFBC1C90CC7693EEB013E804009B1DAE67139C64A1A2C77E9B952F7D8483131C9DD67A4FA8BE6A2F7F69CB01908927CE8424E15B41C388
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SCUtGmI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1402560
                            Entropy (8bit):7.164990271278361
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRoP4G4F:knw9oUUEEDl37jcmWH/IM2Xh
                            MD5:F82B93BF429627F3E0971786AA38986C
                            SHA1:1EDD535B3E014E54282881F0AAD4D6B063830983
                            SHA-256:6A598A4C21FCCBD2A2CC0F07BD3A09A89CC02F01B98904F0F8DB846A05CFE539
                            SHA-512:FD6FC30C1FC9EB592C3F194C8A3D2C7EE05ACA30BD0977214717D134AA3C4B0BAE054DC3F272F83A2ED902CB156405F3D26B6DD12D0980CCE89BE156A48985D8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SFNNXcc.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1399777
                            Entropy (8bit):7.166852865175291
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR/MmW2:knw9oUUEEDl37jcmWH/IM2/MmW2
                            MD5:D8860AA79D9974DBC8D61BE8A3CCB89A
                            SHA1:40C5D2F7C708A9A35B34EDD82F9D04AADACB80FA
                            SHA-256:DEF44DAC883CC8C1E11F58FCF73304F06CC561034824EE0F3A6CB17B46718A09
                            SHA-512:1EF62966E716F9190ED6569619E8B6BEC4460C4EDFBAA369701C12EDEA6F8A3C2C1C97B4C70553B32EE3D832407ACC059F3443630AAD8F9F21CA37170BC413FC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SFSInIN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1412174
                            Entropy (8bit):7.158647250434745
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRmza:knw9oUUEEDl37jcmWH/IM29
                            MD5:27198F27A5028281EF71676312D9BE8D
                            SHA1:753A22999E47558990C31D906B7F8509AB679C4F
                            SHA-256:909E4F7509FD54BE8EA91760781D64F119CBF97514EA006C04B696295D6672DA
                            SHA-512:DA0D70B1BC4625B16909251D043EAE8411CA85031A010BD33DEC7C925763E1607F61144166CF372411D24E9FB9685797276664AA731201CB458B9501FBCB4EF9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SNbeoeM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1414957
                            Entropy (8bit):7.156812222888426
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR++hyUT:knw9oUUEEDl37jcmWH/IM2+wya
                            MD5:0BD352460EFEB8E75DAEE6FE89C72375
                            SHA1:9C1D75F1B1C800B833F197B31A5FAAE6FBB1E64B
                            SHA-256:D88882A3BE4ED037F5E08CA98590FCD4753010351C94DD02A82AB6CFEEECB3F9
                            SHA-512:036C188CEFF109E54E9F06DBD79C1CF611E96D362BB5F3717C53908BBFF7E428DDF909314760D760C6B370220ED05A7DC372683D51DCC28FD6F5844266024A63
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SRAKIgS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1353984
                            Entropy (8bit):7.198030664541202
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRhH:knw9oUUEEDl37jcmWH/IM2hH
                            MD5:FB268411D4577D8E99A19C9F5B9521BB
                            SHA1:1D660F2A772D273971006F162255E9A7D6F0D0E2
                            SHA-256:AF975208CB5769AE0F9A3AE02098AB4B19BD6594477A9B028BE822DD03602503
                            SHA-512:A786D92FD00D3A9505DAC20B2A04F5077174BA40E04CE118D4B414F3594B98B1B0E2B2C10158A321B3A32D67EC2B4D548FC7C52360AD5C4806A688EBC1901B1E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\SStjyeF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1387380
                            Entropy (8bit):7.175165987869291
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRuEguSMnb:knw9oUUEEDl37jcmWH/IM2fgunb
                            MD5:99581D0AB87D7E4B83B91177BE24F57B
                            SHA1:0B6F9FA22CA0A8A1091BDF1FB7E4E0F1B03F212C
                            SHA-256:191042AEA9D218FCFD768CA6517B18648BD56312123A30072C94BC2AE4BEAED7
                            SHA-512:272F8AE53758115A413D65299BEC6F6C1DB4F5F5B06744B309A69AF1EB030D1DFC65326703308582822BB27E2A1911A8C8D50587AA43A4277E727B3EB6276113
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\StNdznI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1350948
                            Entropy (8bit):7.2001375925415685
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR2W:knw9oUUEEDl37jcmWH/IM22W
                            MD5:8573B71FC655831A750018DF8D9DF97C
                            SHA1:37980AC261DA07E4C2939BD707463F5E46E0C049
                            SHA-256:9B11442FE3C666F64B28C9D83556F038A6AEE37F46158AE481E9D99EABDEFB19
                            SHA-512:C234846DCE6223529E5D39A7B7956DDB1309225B49E9BB1B07204D727FD7EF2921E48DD9EE55D72210B8C2FEC7A25776DA65E743ADB027B339A3564DAC12DDC9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TAZaUOv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1413692
                            Entropy (8bit):7.157640838681633
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtdxfNyhb:knw9oUUEEDl37jcmWH/IM2zyp
                            MD5:6DDCB54E8DB18069D9A69261F0703282
                            SHA1:E048906E6254225CCEB57212D17A237B97D5D35A
                            SHA-256:B5620E599909DE315290210B37C53AAAEA2FAA0C8EAB6375C38FA37BD36A79FF
                            SHA-512:309393F0A2B9AAD91C550C8B7693194EEE1420B15F72BFCAE6237CC7AE1AD21429DD89C8D139909CD75C265E898B100362281298CE6F7EE8A81AB2CBB81B09F0
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TPGgdFl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1347153
                            Entropy (8bit):7.202788113034131
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW1rM:knw9oUUEEDl37jcmWH/IM2f
                            MD5:37F403B14E2DAF8E626CA4A55F99390F
                            SHA1:D7FB3D87E062DD35D652CCDDD975162B98BBC422
                            SHA-256:490CAD18E260CEFF1A3832EA60AF7C8CDA68FA2419DFE96A6D202AE917B92257
                            SHA-512:91605024B81AF8D27D6820BD47CCA7F1AE55217DE257F78E25E425CE7D141E87565DF4E7991184EF08E2C5FB4731E184F5F8131C41A234BC308E616F2392AB5B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TThpyBV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1329696
                            Entropy (8bit):7.21511742933859
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9:knw9oUUEEDl37jcmWH/IM29
                            MD5:2CBEEF6BABAE1172CA525ACAC6916257
                            SHA1:8E80EBBA3DB2B50CE56F1B4990DE4F17D566E4D2
                            SHA-256:860A417093FD0DBA0218D33FFD073848AE9B5C64CD7014420642E041AEA14069
                            SHA-512:735E26824D3F7F48D2C23887A7D22470EFDBC4BBEC27E67B72C048E6BA42C12C2F4B69852C444656F3F5A3B068A58A68F23F33C26A762543674CDA1D4AB6CA39
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TUEKfLK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1410150
                            Entropy (8bit):7.15997496087006
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJUja:knw9oUUEEDl37jcmWH/IM2Jp
                            MD5:134BB784666384D2020021D36C7FAC05
                            SHA1:052AEC0CDDB406D8DA0FA915C18D82A314CF540F
                            SHA-256:1B5155EB79FA5A7D4A9976E0A59725DA924A546E82015BE64AFF4CF0347CA781
                            SHA-512:3E1D95107D17CBFB4C16016A3764B484B52326C4163C6F0A4A65CE89780FCF960C1D46D2CC9258473E395DAA08D1541E14AB46FC5E8B98F620C8B6A2B9F90A01
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TVvGYeO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1328684
                            Entropy (8bit):7.215838956021738
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDT:knw9oUUEEDl37jcmWH/IM2n
                            MD5:703388D08E4170A239DD75DAA4A8BDF1
                            SHA1:26C44C9C54D6933CA796EE82A1BB75130768AC8E
                            SHA-256:7A5416B5A29941949CA37F610883460BE556AB71C9FB643DF945AB522FD4DED0
                            SHA-512:208440A6A5299E25C1FF443A86A1A3CF7AE1986B0D93886328102C2008BF0538E3ED54FBFF87C3D09D8AD934083BEB71E69A37F2ED950EEAC69BDAE9CC710C3A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TYjzunq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1388645
                            Entropy (8bit):7.174299261601338
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRcBX:knw9oUUEEDl37jcmWH/IM2cB
                            MD5:A3E5A60C18796ECC013FEE22FA001A52
                            SHA1:CE2B4AAA1B8431BCD0A312068BF5FE2A62FE9639
                            SHA-256:EE41D1D9CEA8D1B9062F4216E07F2727FF649CC9BD4B08093F5AAC4AA97AA9AA
                            SHA-512:58391E0B530D1EDFDF5CAD2E0259E08C8F4750052AEDDCD397A35BF5A05D6AA885E6BD1978F12E099001695B685C5CAC261069D81479B92F196F0535F20BB155
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ThUbzwp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1373718
                            Entropy (8bit):7.18441666941392
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRaK:knw9oUUEEDl37jcmWH/IM2h
                            MD5:076A1BAFE744EB4549CA3BD8D7D5B700
                            SHA1:ED36F6AE347737448CE528BAA920DE206BC20D96
                            SHA-256:8F69CF0B399DE6EF1641A53EB031C4ECB41B366F9903A5C83EE187A7DE0FCA16
                            SHA-512:BB0D7C389B36124461F796FC36F24A2C555686748E2F2F6859BB47EA6CA1ED5B4F90605AC87018B85D833D2D37B39CD5ABCD82873073F6C9655192C003F99155
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TiJXIOW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1398512
                            Entropy (8bit):7.167688905663441
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRIj:knw9oUUEEDl37jcmWH/IM2e
                            MD5:75F442E124E5B477142C877681B98C3F
                            SHA1:51AD28239A693E9F0379DE241D14562570495666
                            SHA-256:22194E9464BF467CA8CB2A30038A0E99FE844DBF7E2C3C70F1A8419680C2E245
                            SHA-512:9C1D640575DA3DB9777735DEEA18CA071270D771852250A7CEAD8B124E5351D2A4F3E78632CB19D3C83B3A7E8865645115A8CF545FE250EA29B52BC28A0D8774
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TsvTSDe.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1409897
                            Entropy (8bit):7.160136870929897
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRoZgM:knw9oUUEEDl37jcmWH/IM2M
                            MD5:0A487253A6411028D391FE36BD42216A
                            SHA1:51B177D8B47CFD7DD7BDAA331D9CE97AA8174424
                            SHA-256:E42059902D91D7E6AE29A6F1192BE1DC04622B40950C95150B5835C2A7B0F75B
                            SHA-512:508BAF8E74F9462CD22481A6F9387CCB78F2F04062BEF546B984A79ED32869E0E2461955A0B01379FD5BB033ABF2519FEC1E92B9AE3707BA2D95D84727AAA8AE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\TzFLQWr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1416475
                            Entropy (8bit):7.155818367699003
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4SBdj:knw9oUUEEDl37jcmWH/IM29j
                            MD5:A66EDAF033A42B0DAA7B1E14784B3854
                            SHA1:41997E6395C2E312E44090F02CD2FDFF847C8707
                            SHA-256:2B3BC900B2F644105A004174284B1AA74509309B6329F99A0DFADFA717B1D4BA
                            SHA-512:E8B344D361CE7EA6E5A739CF10C0EF0597A94D9602A3BFC645D6E5A1600B8EB6F76610D3B0C0531B9122D8BAF983FC4B2A0655F6418A9E1F94CA03370AA7611E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\UKSFPqC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1385356
                            Entropy (8bit):7.1765117164210475
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4Cb:knw9oUUEEDl37jcmWH/IM248
                            MD5:AE4CB1091C2D93271D53BB1B5A63E35C
                            SHA1:B687FA42C073A6C83ECD57D20D075973E042C5F1
                            SHA-256:268C0A19523B0D1722A30B12D04F8D28D3462BC91A89910A9235632176395F2D
                            SHA-512:EF1F2C7832A5200CB6D315C473EDA8D1B2C309D3638CDFFC44F19C4E3A7292E95CD05FF276C9868E770438CCAB32C4D5ED84877FEBBE7A5A49FC126064BFE5AE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\USJJelL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1376248
                            Entropy (8bit):7.182713557864696
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:0A7608A9866196FF6BB5475F83067AF9
                            SHA1:0DFCEF8794F366A518EDF6683628C7DA0EE96C92
                            SHA-256:56C2FFEFB39741C1E453822806BEEE3EEDB5CFFCADAF4F6153A34F3E2186A6A7
                            SHA-512:01CBEECDAD95705AED837728ADEEBBA2FCB91DFAB5E42D8AE799EA5ADE6A183EE07C2BF2F5F8F25BBEB59C4015368B5E5E38D44BB3E5D51EC8EEF048D19BEB91
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\VKffrdq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1365116
                            Entropy (8bit):7.190325417735242
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR9Te:knw9oUUEEDl37jcmWH/IM29Te
                            MD5:DAF7CEDC9FBBE8B00C8C14E778EF9C4D
                            SHA1:C14D329B1357861D566EA5EE49B965B0D35BAC39
                            SHA-256:3042778B63446162EA32777AF915DA3E75C221865F8E8E1BE1151F21C05E84B6
                            SHA-512:B8929D75BD6D77ADC1C20AC649B2D01FF190B5677882416806D3CCAB18CB1C08BEEF6A526D678DF6F16488D53F124C787B6C8DC5D1F2523BC679610EB2342B1B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\VWmArRG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1382320
                            Entropy (8bit):7.178569645767097
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRzoGWN:knw9oUUEEDl37jcmWH/IM2cD
                            MD5:0D79DC8E60D4149A58288E75AEA14840
                            SHA1:5A1BCD9188A8CB8E1FDE759DD6817636CC142E8A
                            SHA-256:F79B88E11FC4F9436905F70A0C9445C36DA656D315275B3BBC44E3CFEA313A84
                            SHA-512:C4B4579860FCFD9D46E8AA56D7F25D71046D1ACC9B94D11C7AAF58BE8409B9BFEAD55C733AD923D2859A965CE99E77CE328CB458B3AB44EE5B38B731DBB43A1F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\VYQDcrW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1364610
                            Entropy (8bit):7.190668087634244
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRCIWD:knw9oUUEEDl37jcmWH/IM2CIWD
                            MD5:9736A1BA57D97572EBFEB5E36804F72D
                            SHA1:F6577AC39648134D1DAAFD8218B09C168625FB13
                            SHA-256:F2841D3A4004DDA5BE10C105866D275F8C861EFB2D55D282F7BD3E8FCF8C409E
                            SHA-512:A40ED5028152ED1D4B10D62FFD30B4FD80A4A48E95B0876904B28EE407CFD0FE3D1EF9C5035EA5D32890B15AE87E96EB13057F404A498C466437B688B50ECB72
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\VnYfUNA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1319576
                            Entropy (8bit):7.2223539531646885
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRd:knw9oUUEEDl37jcmWH/IM2d
                            MD5:3FFF535448E56B713501BEBB76F00F8B
                            SHA1:267F598B0A14D6396CD9383A36DB4CE15504CCCD
                            SHA-256:9A609D73065473DDDBE33AE5B4CB571C6F13844211814391B731E7C1F688C1B8
                            SHA-512:7C886F47DAFBE068FAF0955C8108124325645F269866FDFF3BD720859F47AA9005DEFA9F99914C40E8A4BE727DE62750A0667845FFA4EFC2235AA3F515B6A931
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\VpreOML.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1405090
                            Entropy (8bit):7.163320859874741
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRYHEw:knw9oUUEEDl37jcmWH/IM2YHb
                            MD5:EBEE55E79C58284B5291A70B16B9B686
                            SHA1:936FC754CEC7F33F8FC23B63BFC650FF91477EB7
                            SHA-256:BF3832E182BBA1A4966AF4B454B29B6449F5EBCCAC52DDDB93B7F9A93D4AEDA2
                            SHA-512:B5BD6304AEDD1B784E3195977B0CD2E6496296FB1461C51A19CA118C1158C127A84DADADD2F90D35234965F759CE7FC46D6C224ED1B5F99C5392F3D42058ED65
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WAadpRI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1381561
                            Entropy (8bit):7.179084336008409
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRRBuy7:knw9oUUEEDl37jcmWH/IM2/
                            MD5:934BE81071ADB4C3D9D78B6588DB11B3
                            SHA1:34C6BDE638334AA8C4AE10B5589C40F826365BF1
                            SHA-256:F7875438922F2890950B24B582EF7D37DDD432585B64BA7408168CF2BBDE629D
                            SHA-512:9056B26B5121D896FAB2C57CB28692411F274EADF3B366F81EFCFCD13838ABCC265A4C50A131C91811964A1CFB76201B3F0F55E7E9101C1271B33C4BB3EACBC2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WCxbejU.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1392187
                            Entropy (8bit):7.171925865761055
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRm:knw9oUUEEDl37jcmWH/IM2m
                            MD5:1028FC1BF9A88229F487B311DEA858D0
                            SHA1:25308212C8546DB46E6D9D9BC5378B50832119A3
                            SHA-256:0A35B5B8A34A13CB95D5AF7C556B70E9E666A3BDDE1801EDC2675951AFC47D55
                            SHA-512:AD365BC212AD1827CD1C6887A2BBCD9C57FF795817239E2368B59BCA41DF94BD447DE58A1BE5D1DBDAE40D7891502139DE893F0C4B7B4E2D802438D60F70B346
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WFQtidM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1322106
                            Entropy (8bit):7.220538425954169
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRf/:knw9oUUEEDl37jcmWH/IM23
                            MD5:580C8A7235B807E754917179AA31B03D
                            SHA1:2F22166A43B8AD9E26DFE2568DE687EBDF278EF3
                            SHA-256:79C98122E6B464D8D403FE09509495B235C8CC40CBAB98E81B4ECE0854A80C64
                            SHA-512:94EC031CE41BD122FF37C48B537A895B0974C737741051A86D7525096C9B53D82AB7876690D71BE2B3D6C55032F78451F87086B194E29F26F67643F760048BA5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WQfkGca.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1375742
                            Entropy (8bit):7.183055422530401
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR+GYc:knw9oUUEEDl37jcmWH/IM2vv
                            MD5:AA5B4EFDF95464FA11073955F1272DD0
                            SHA1:9F7CB868DFB83E10BEE3EE948613C6CC227BFF02
                            SHA-256:8A51DF3C230FBF1D11947D7B75BBA8656CF9FF4B914D7F329C81AE0E6B0DDB6D
                            SHA-512:F9DADD963CD823011DE57141DA2A1E62590185BE58DB29875AB3F2704344BDE33AB800AD1D958F062FC581CA1A2723B48EA6EC82C1DE121C9CDE908556F1D985
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WUTESmb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1332985
                            Entropy (8bit):7.212781889429905
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRM:knw9oUUEEDl37jcmWH/IM2M
                            MD5:BD88682979E3BF6E22668AADC2D29373
                            SHA1:3B1125D6FFB26935688671EA39138C7626B90128
                            SHA-256:426F6D42AFB895737380B01FD0423B5A380B64F0881C4766A23132B898D34F5D
                            SHA-512:2A1F6B313EC5FEC875271B17A4A2766156B9237CEE81FDC50C67133653A3A5FA21C22CC489FBB7C36C379CEE1A59658500F8288E55AA97D3C19437866FE8AAAD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WUYZgKx.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1339816
                            Entropy (8bit):7.207940289461161
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRCu:knw9oUUEEDl37jcmWH/IM2N
                            MD5:737CC209E59605D610AE03C407E67618
                            SHA1:B4E531A01BCB28987A305CC54D4394C4E5B8761F
                            SHA-256:1A7BC0553CB1085ADCACDACD0ACEE9F7935A23617F85E7AF6240B58CD5034EDD
                            SHA-512:20833403D154BE26D555EC2D5E17ADC857EB897DC6D3958F0F6B8F61893CEB47846D68F762ACCF9C25A909C1D5F3755581CE212166EB1295B91FB041604DD21B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WXYWrDV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1348418
                            Entropy (8bit):7.201908644693923
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRd+:knw9oUUEEDl37jcmWH/IM2A
                            MD5:3E4EE95174833A98E393E88258922FBC
                            SHA1:76D9F46738181F8C56A3B3B225800F12176C97E9
                            SHA-256:6C740EF165E6F9E66DFE71FF4484B64AA2310713897F21C77849B875C750C649
                            SHA-512:7B3423C55AF613105246EE63DED62EBC4D8708230F22BDF0FE66F241A354F13956AFBDE278FDBC10F46BB3FDC5EEF9D4CFE518995BCAA956FC2C6FB242CE8DE7
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WlFpFEG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1344876
                            Entropy (8bit):7.204384055566695
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRK:knw9oUUEEDl37jcmWH/IM2K
                            MD5:EF7E943EF4D66553BE21105E5ED92EF7
                            SHA1:3B1FC293EFB5560AA99D78D454E3C0781FBF472F
                            SHA-256:63E8BD641982335B227C3B42CBE3FCA97F5DB0ADF11233C2458DD2B127FDE025
                            SHA-512:8C7338208B29246033C59797339F21E2549BE3FAF7B8EDDE559AEF723DD43CBB9BDF43CE91F03D8CABE7E5E2809A961BC2C99D179F0B75FE0BBE04FCA5FE29BD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WqXimyX.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1358285
                            Entropy (8bit):7.195044188018598
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxe:knw9oUUEEDl37jcmWH/IM2xe
                            MD5:B4E6E7B4CCCF70F0734261A8592CE906
                            SHA1:A7E250DCED5164DCD0198F439C652105CEC6C0E2
                            SHA-256:F69AB6CE044A52CCD654EF57C7C8D572965B9E7EE2AF92E389B6C23E3613E561
                            SHA-512:A34A624F80271319CE8B970C910DEEF1934AA0867A4635B78A724F42AC13EF3142EEFE568C63C30C20616B242B11E5C00111A404E79DD352CE1510D7A8399EB2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\WzZvjXk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1357779
                            Entropy (8bit):7.195392900978115
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRY:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:69625FC5A74F0A85F8F2A5ED203B0AF9
                            SHA1:6ABB166609F138C87880568E2C4AFDB5D59E0725
                            SHA-256:9C61B5AA41FA7492F681BDFA0305077806E615699C70E7D4D467A4E510B2A7AE
                            SHA-512:2E77EEF81453462349A63CAF0C34E0DE1B996BC6719DC93382708B58B204CAAF19EAA90908302F9AF29CF2122DB25EED625125CA4347BC4048AB77C65E6309F3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\XNKaYQF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1406102
                            Entropy (8bit):7.1626530860482
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRk5IPAOM9:knw9oUUEEDl37jcmWH/IM22N
                            MD5:93BEFD83A79827E02C89DB7D610CF060
                            SHA1:6B2170011FF389CFECECA29C2B11B77A9EB0013E
                            SHA-256:22021768CD65D97E8472A29C81F65426328075907E34BADB8F1B5F03ED5131BC
                            SHA-512:8AC784DAEE5DDDA490A245BF4062726F59F3BDF7BD74C18F430566147843C8955A940B1E115907F5DB39DB24109DD64F99D1F0FD5E17ECC74C5DC2C19EAA9680
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\XODUUPe.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1354237
                            Entropy (8bit):7.1978403678137495
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6M:knw9oUUEEDl37jcmWH/IM27
                            MD5:070EB75FBC9647D6CBD6C9A1B0C60EA8
                            SHA1:837DEE65FD262A75E06BC691CB9D257A90B91EFA
                            SHA-256:5153725FB1CEC2CDBCB0CC05E68C70809FE935003C5D13FC085128E0C860049D
                            SHA-512:B62117A2FF97DCE69DBCCBBC6CC942F1DD55C95B886B5CB15342D9D39250187F062C666D6E6B61077C0C6E71896B0F32C620AEA3EE47E331F90957701DB76EFF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\XbREdEh.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1397247
                            Entropy (8bit):7.168534994323053
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPmrEW:knw9oUUEEDl37jcmWH/IM2m
                            MD5:BBA0DAECB810D5954F0C77F9987994B4
                            SHA1:E4111F2BB7C247B7D96F4156411E4FB79AB4E48C
                            SHA-256:1B0E6C7ED572EFDC89CAF330F430651D3F901FFA349278983FDCA8EE6F8A48C2
                            SHA-512:F66AEF989B7F689DED241D47C08CC08F6B3CA1E7789030CB8A9FFAD88A1FAF63F14C129541FAB2EFC737883A97DC6DC4737A0DD13D18079B066694C9DBA0B1F1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\XdPyZTm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1360815
                            Entropy (8bit):7.1932900171580805
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRUK+N:knw9oUUEEDl37jcmWH/IM2U9
                            MD5:5D23CB5F360F1861887E23025FAF83E8
                            SHA1:31473AD58817B74769F4C812D7FE054D3284DF99
                            SHA-256:88072DA88CF947A3EE3AAF744BF615DEC18E4DD7CC467F24584A0EA573C574EF
                            SHA-512:C48C21EF4255091A1D3B18F36D7ADA555FE2B250096F6921051A4E814B631FBBF443D1B22EA9A7D760C3799A398988A2E4FEF23BAA81B4F0C14F39EF71CBAFFC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\XtYrgrE.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1390669
                            Entropy (8bit):7.172945790979587
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRmmz:knw9oUUEEDl37jcmWH/IM2/
                            MD5:E989483046F3EE0E6847E31B5E940B39
                            SHA1:F7920B20C954C1E943932F6511E21B85954BCA9A
                            SHA-256:9FE59CAFA926A8E9DC85F02AD2EE0DCBF4DB4AF57DB8967BBE75EAB6982B5F1F
                            SHA-512:FE69CE0591C8E1A748D56BC1CFB3F4A5C12C2E19D49FEE0FDAA44198719E7F003FAAB6545BE61AF447062D6AF548B1395B7AA69DE4C5A96775B74A2D842463DD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YCtLpfR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1385862
                            Entropy (8bit):7.176185399340817
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRpzPj:knw9oUUEEDl37jcmWH/IM2l
                            MD5:9876BB9B85D477D269B8F5AEE34B54CA
                            SHA1:735DE2EFF5BFBBCD15948B675158BD47291A9BC8
                            SHA-256:103506211519ABB281F89D11430A950E6D089EF941E7EF6044A54D9AAB7BF8AE
                            SHA-512:1698701B1CB1AB3052F70C15DE5F8D0401E4A6FA9762A722AE0B348EE23A628CA89180D7C6647EC89FC1582BB08C4A889B0005CA153BCF67CE985ABCF70FEDAB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YGfIDfV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1363851
                            Entropy (8bit):7.191192369568932
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRFMy:knw9oUUEEDl37jcmWH/IM21
                            MD5:9D01EA25F39D10D84C14206B81AEA175
                            SHA1:23963C2C3C424F9CE2654834A54943930B3141EE
                            SHA-256:2F224E47113FD11868B04E65BE6FF467DA6F1F3717C35B382CF34A503CEA7151
                            SHA-512:595F46A7160DBBD447682D47BF1FB1E318B22C8507E42D7AE55C7F4CDAA16CBD09847A67278B96E1F24C86965CA01F0C24575FAF9571DE6A6725C4BF5A7F9BD4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YPwRGWN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1345635
                            Entropy (8bit):7.203856344751111
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRcxQ:knw9oUUEEDl37jcmWH/IM2SQ
                            MD5:49CE85068E6125E58A90456DF0DF51F6
                            SHA1:9B703DA7F7301A5FF5343A20DCC81F91F6186498
                            SHA-256:097535178DFD0798BF836BDFFDB485A9CD18D3C73FCDCD9019B65E2F306DA5E4
                            SHA-512:075FB1AE165147CDD5A6733E10CF84670553C0D37F1F8ACB0566B002F7984983C49E80630C422A21F2E395A30921AA00FE1E43298A8677A9B1A727813D2A13BF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YQVsEch.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1349430
                            Entropy (8bit):7.201202198645941
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1:knw9oUUEEDl37jcmWH/IM21
                            MD5:1A6885107EF0CBB1D362C6DFDF837478
                            SHA1:C959D8CDCFBBEC5C568D510C024FCC21C677044D
                            SHA-256:0E64B299DB3D1A7E73E2D9A558979FBF598E8B6A48EF8110BF4078BCAF061A47
                            SHA-512:C25B60BE261C5957C7F1A4348BD7AD1C2109B85B5D1FDCBB7D62BD38B6D7E2381396173E11700BFBF3959C5A0F2C58E25B445378F7B2BAD70471042FE5364E35
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YSdFoTl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1375995
                            Entropy (8bit):7.182871675782565
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRE:knw9oUUEEDl37jcmWH/IM2E
                            MD5:1F47CA4C0BCC5AFCDC58FA4D603EB8D9
                            SHA1:B21720F47C650120B77C5EA6E665BDC254B71A1F
                            SHA-256:DFD5A08704FBB2180920A73C4642028D3190A869BF64838BDBAB51919069A20D
                            SHA-512:09451FC84B4FD5A6862402DEEE4D97E71384C7DE217C6DB0C237F2FC061392DEAE4DE694EEE687CA17A5BA32F63F5D561EE6D1E426A5FE9BBA4D5E15B145B124
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YbGAwak.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1341840
                            Entropy (8bit):7.206528802282684
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRq:knw9oUUEEDl37jcmWH/IM2q
                            MD5:B6BFE0853A1715DDE955BF9685F536BA
                            SHA1:46DB121A31F245F3B17360F4134E416B4FFA68A9
                            SHA-256:8BD7EB6555437C6BDD3F583159FB4DA6530977FE9B4B8A6C5A1CBC68C9731CC7
                            SHA-512:58FAB15AA51872C79A999A723045536E125185AD2BF87AFFDDB10E5BD8192588410E0D6770C4A784A8E4C0E008C41F0CA74AE783C40C1637BFF11CF20DD09F4D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YfQtiGn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1343611
                            Entropy (8bit):7.205277450462017
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRY:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:D021588182EC8689DF8DCA891027FC59
                            SHA1:966A00564B2799EFAD0B2D78ACCE9F61B1DD577C
                            SHA-256:037D709A2AF376EE9B6D3C4369523910F21397103446A9ECFA7DDC7F60D7B453
                            SHA-512:F12BB88A333531FBB6C1D362DE502B95263D2F494F2EBC92FB36946E461B9D137877E73E1632D6E721C19231B1FDF6E3F81C969C9C54669009C106394FD8B477
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YfdxMIy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1327925
                            Entropy (8bit):7.216376636179768
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4y:knw9oUUEEDl37jcmWH/IM2R
                            MD5:78C1BD2238C2BEF6362DB0C713D52B92
                            SHA1:6F197E4C44AB6B3402DFBB9951D6E138247DA80B
                            SHA-256:ED7E950B8CFDF1DD2D6FAB524C47A5ADA83DA43EF5A3EC814BE5CC38A3DCCB47
                            SHA-512:ED2BE8327212161B090671EB71A61A5BD982ED9B7AB33F0DF05FD0385F071CCC323B7BA521F0DAD2F09B9B29C1C7CAA5CAD82D4AB458FABCA3FFF60373765555
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YiUcCIC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1406608
                            Entropy (8bit):7.162305310923906
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lROn:knw9oUUEEDl37jcmWH/IM2S
                            MD5:3F47996BC1EB2CC88F657D5D7C0B1498
                            SHA1:758CE991ECA2BE44A552A2DBEA4C9A8AC5EBAAF4
                            SHA-256:A4857A6D55A1A5ECB36BB73A07816B6A1193E577021BF38B8DC0017215843A51
                            SHA-512:B6FEEF40579AEB0D662DE8936E5BF06EA2229481A839339940CEB8FC6A1D336B40135BD82313B28C1B5A274639F21F0E9C4B06FA7852A60B130D6FA2AB2B851F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YlGorhY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1349177
                            Entropy (8bit):7.201381268932994
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRE:knw9oUUEEDl37jcmWH/IM2E
                            MD5:FB408EC37506374BDC25B2D9D38767FD
                            SHA1:73A11440255C05A891CD2CFFD3A60EBF2F4485BA
                            SHA-256:47294D620FF959E90F9126CB93BA28201FE02F5F945315238C8EDF49C8FD8D36
                            SHA-512:037BCA73FFE7993A7AF21744B05033FD21421ADA0EB4A6579B817DB88DF87BC30F62D4780DC1E55372E4B4C29D1C9EADA5F23A3E7DAD8458F6299940D381DDE3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YqZAYCh.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1332479
                            Entropy (8bit):7.213137586499678
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXP:knw9oUUEEDl37jcmWH/IM2f
                            MD5:A0557F139D60D674CA013A41D9380E53
                            SHA1:196749F56D8A5D974F6B664EECDD09D0E2F6899D
                            SHA-256:35D472CF448FCF91F6AECA2EA95137E8D1492DF93F01174346936BDE3993B979
                            SHA-512:FB534BD0629E0EA191D19FE9398608DB122A201CF166121DB3B656170A701CAB5E5F976281B613477B58E2C71DB984EAA8C2242D6387A93A8A8F93F367F51833
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YrgSOdx.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1323877
                            Entropy (8bit):7.21926992255561
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRu:knw9oUUEEDl37jcmWH/IM2u
                            MD5:D4536C54CE755CFDE2B091812A6E1D82
                            SHA1:E2275D6FFABFBDB528907684CDDFE9C96B176378
                            SHA-256:79E639B688321ED23C7893F193FE5F7297AE84474034152A0A1C345230150784
                            SHA-512:639B2E044FD0B1C797787FC8D398D25610C6CCAA67467919AD3B1AED5DFD284DE3115D62F82F3D717C10F08E50F0A71CA2D06B21745A0C8A8A5FD5B6258E10C5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\YuukKJw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1362839
                            Entropy (8bit):7.1918976345989805
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtLnd:knw9oUUEEDl37jcmWH/IM2j
                            MD5:D996090C1BBC4F2E76CD079A14078E51
                            SHA1:357EE48A8F18D84B5914D09A805CE0FB85D6FDA2
                            SHA-256:A6905E2D6067E3B612E719FC547488E3FA594E90ABEFA1491A3E5654ADD33CBC
                            SHA-512:6738D822133C11D4C71038F9248EDC4E048C9C3908EE092D97292CED1A58198821B476E4A76BDE242732D6FD7FF45E792FB5B9E1650F949BCF989133D2EC123F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZDInXvu.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1383332
                            Entropy (8bit):7.177880993063042
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8c9wV:knw9oUUEEDl37jcmWH/IM2GV
                            MD5:05889CB876814BF48D896CE296555371
                            SHA1:81AF88B325812FCD1EACB87B61B259079E43BCB3
                            SHA-256:CE1204585D728718F223ED8CC3293629FA7274CDBB47A041C72F4B357FBF0B42
                            SHA-512:15DCF17D1ED91E5FC5B933CF4C49E8642974C9B937FE1A540955B418FE0960C8C826F8D2DDE72EEF99D951AC15A67AD446967A674BC815AC87CD1C740866B754
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZGJJqgk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1341334
                            Entropy (8bit):7.206877551258402
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8VKD:knw9oUUEEDl37jcmWH/IM26S
                            MD5:E19B148295D2AA13E75CA485E693C1ED
                            SHA1:9AEF812D4767BC584DE53E70F8A7FCC83EAFE20F
                            SHA-256:E8F35F7C9024E2D2C5939953440846F643DDEC09041738BD7EF612A3F606624F
                            SHA-512:DC5E63E9637B2F92A16EEC1CCD00F025D4336E2B387E77A4F46FD9345E6BD8ACF464FDF91BE34C892CCC275B853C9F389002D886887F1BB20B77916BDFAB61B8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZHbbuyV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1381308
                            Entropy (8bit):7.179265883901058
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRYp:knw9oUUEEDl37jcmWH/IM2K
                            MD5:786B8EE2A51E2510062CB0D75B126DEE
                            SHA1:761FC8963C50E2F9CEAD7AAE1FD515C8B45EE31D
                            SHA-256:98BAF9898B4D09362DBFA12BCDC18BC93E7D8C39357A8B7FB807B43745F77E3A
                            SHA-512:BC0205EEB68C11C1CA0622B2DFAD86BDEBA965CF46468F19809096E778CB365969E3BFA11C5EF6F559AD3B876798BDFD7F955745B020550DDEF0009F7886BE1F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZNTnROi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1365622
                            Entropy (8bit):7.189978462455696
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRRm:knw9oUUEEDl37jcmWH/IM2Rm
                            MD5:3215AC9074EDC6754C255E0F5F432B14
                            SHA1:4F1FDF75957DE3BB4B9F68D4F225C50F0807FBE5
                            SHA-256:81BCB88D3D1186E37AEC34666681EF3FA92BE8075161D0849A6E502205C65616
                            SHA-512:17B4965B2532E8E847518449AEF5D939DCBEE8C177CFEFEE9A52747D9D83E6A2F178070D892CC4BFE6917A099DC7E2BAC9E58BCF68C0A3A60E1C12B3B1873A4A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZPbxJBg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1382067
                            Entropy (8bit):7.178735246337321
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDP2:knw9oUUEEDl37jcmWH/IM2Du
                            MD5:7865BED1F4ECCAA5F6A71E3FD7DD7D46
                            SHA1:5CE2F45E13B66CC1DACBB6F41A6D4A336E07BF66
                            SHA-256:24CF154A69DA4670D1127DBC5C8CF9598F7F034FEF7DE621856C6F66F40448E8
                            SHA-512:75B8F852B1E5206DC21B95FE1FB620648C66860373AA7F7EC5DD7398125FB3F0A1D8FE7B3580D265C2F584823F5D7DEB3DC310E5FD33E84747C1996FB09A7838
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZQREVkQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1402813
                            Entropy (8bit):7.164836732276111
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRSP:knw9oUUEEDl37jcmWH/IM2SP
                            MD5:FD5934BA2F22A8A8778ADE27B7F1D7AD
                            SHA1:22387F874B9690E4C6244A326FCC1B4C1ADECF21
                            SHA-256:642DF44333C881180A14925BB88D27671A468240767C4FC9924FE42D4D14B04D
                            SHA-512:C3B2FE7053D1580BC25C71BD44157214C1ED5A591F94BBE636CD8B8A8412F386F415E8FC00709A36C57CBD7BCA51418F3D31DCDCAA9270B66D187BC4B7E793A2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZXpXprY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1331214
                            Entropy (8bit):7.214040334731238
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQ:knw9oUUEEDl37jcmWH/IM2Q
                            MD5:E79F9E25A0C33251F6B5D8C3CE24BC93
                            SHA1:3950EB11B123B273EC7D50065807D07C3216D8FA
                            SHA-256:59F07723E8545C9717BA459FA70EF9EB502BD159E1F24C03B1AC1C8F0BE16147
                            SHA-512:67BD96EB86AF410D5AE4FAE279C40935AD7F7EC3ED03BD679C4394BF22D05753237AB72AC85399FEAD2EB25E764A2A0D3BF6AC67165EAE1BD75625E033FD28E2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZbhesDT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1350189
                            Entropy (8bit):7.200667952659238
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:7083C1200B48A1255E63B39A9BAA9955
                            SHA1:D58B0ABB49A05108A07B00A47D875CB90F3E708F
                            SHA-256:4881D42008ADDBC1C25D956E12173681AE642F2CC0C733A45542FE56CE734E17
                            SHA-512:5684DD67DEA5A4434FFCD3554A6B0793159C68D1605DF63792AACF0080E59719789D3F1497BCBED35A2DCF8BCE2DF065445BF1F7935CFE4820C2F2F28C7A9214
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ZozZouR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1402307
                            Entropy (8bit):7.165169566930636
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRrs173:knw9oUUEEDl37jcmWH/IM2YN
                            MD5:6677B21997750F4825950CBBA1225D50
                            SHA1:85E54DE61CD77210F33F79BFA76DC00CCA9843EC
                            SHA-256:21BF83E89AA954802B42799D3A5E43AF0A18DE27382EEEC7B08BC791FA801FA3
                            SHA-512:81CAF3084C7E0340528D7171AACDDE58C8B2DFFA018EFB42423B3954C4F30F7DFDE86C64B0860D40C8543CE1F77B00868E624558578248AE26A9FC523966CC73
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\aBFaHyB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1380043
                            Entropy (8bit):7.180120776003152
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3r:knw9oUUEEDl37jcmWH/IM23r
                            MD5:92BD8B949B929E98AEE71EFDE821BFC0
                            SHA1:249ADD7CE45B61847AD5BD9E1164D5F0C05367AF
                            SHA-256:3B972712AE3082FE50A842F67EA0DBEC508684C40386241AC603B6122DBBD92E
                            SHA-512:45C5D2AA09726480C3AC009A18AD764964BCAD6E2EAA53885D5FB07226B8CE9E58529FE5DF95E070C1E1802D4F4F20B097767040494D362B5B9698CF653FFBE0
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\aCNewAK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1413439
                            Entropy (8bit):7.157798056156779
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRytq:knw9oUUEEDl37jcmWH/IM2l
                            MD5:617B083FB0515112C25B789792C30584
                            SHA1:EAD0B13C7666D84D57E18155195529A23CB7770E
                            SHA-256:FC820BF56D28833DFDD38013F01DA13B93BD8F67A7241819855307AC8257F9DE
                            SHA-512:63ED444B98AC3239976E1EE6D9FCF1A4D1B8EADF392A9FDF16AB07793A251939557A671138CDBA400D684F083712029238747DB5E72BD64FC4EB21B5609FF4F9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\aGskKzf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1404584
                            Entropy (8bit):7.163664016454374
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJIP/eEi:knw9oUUEEDl37jcmWH/IM2JB7
                            MD5:DE51BC911F106BDE6300E850A5779A4F
                            SHA1:32D97FB04C82DDC2F25B5EA4FB3EE69923466C54
                            SHA-256:7C9D2B73CDC9C403C9E6159B0820613CED50767FD7179B5C96EE79A8C0C82DC3
                            SHA-512:1BC181768070EF4765027B193F940EF889D4FFCBE3BFE33FB1E9889F5D74BEAAB2B9AC722DD64458937AD12665D04F63B2847178DCC749BCF86D874C66099185
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\aTbWXFt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1381055
                            Entropy (8bit):7.179436443507475
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4+p:knw9oUUEEDl37jcmWH/IM2H
                            MD5:4CAD7A835AEB206A9F8FB1F22278563F
                            SHA1:0D9470B6709128968D0BFEC9565C87BEB045548C
                            SHA-256:5A0E2D7C9A4B5B28886737F6FAF8D26159E4CAE1E35EBA1E2C5DCA5E678EFD92
                            SHA-512:87E4F22FEDA1E71704372E9D153B284FDCCD9D6DC3D250D778EA23BEC3522103B7253E9C7374F9F5E1AE694E74162AFFF426C2930530C7C650714FFDA0E24C19
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\arGCgTC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1391681
                            Entropy (8bit):7.17227182158217
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRruiBH:knw9oUUEEDl37jcmWH/IM2rL
                            MD5:225FA2CF6A33DF414D0DE1FB35AE8F26
                            SHA1:5FCE373197071573DC4DC8E8623F1698304FD940
                            SHA-256:B8213C273196D3ADCDFC97C19024819097C9C2C1DAABC2438E8CDB1572BFA906
                            SHA-512:B80DDC0E03621763089150BE92E6170F4D8E9CB075E84E5FF786F5336D51C1A4A546265190BB8BB9C318D2271C7E22BACFD3FA7A92B0D6278DDF1EF9F3764877
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\auNdheo.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1372706
                            Entropy (8bit):7.185120977773405
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRFrw:knw9oUUEEDl37jcmWH/IM2Jw
                            MD5:31D4B63389CFCE162D4F021BF4350994
                            SHA1:F7569903AE4BE91391BE3AA92CAADD851BDBB436
                            SHA-256:F3D1602A62EC28FF42E101ECEDF87F6F48FF3F6EB4A4DA9A4FB0F52B2319189E
                            SHA-512:7933B7EFA04F16F974E3243F30BE1B134BE598D5A69F15B0E50F0AD118FC07D21B70063A999DA19EFA99209427C0DCCF754575698C7A44ED005AB056FE43B3A5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\avakYZH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1346394
                            Entropy (8bit):7.203318172746793
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRh:knw9oUUEEDl37jcmWH/IM2h
                            MD5:6AE2BF3082BFBEDC578A8734D684E67A
                            SHA1:FE885A081FEFBD58EB433ADD30519B91370F3EA3
                            SHA-256:A1E2242689089C5230330FA298DD742CAB74BC170AB7C065532AA766E9F1F157
                            SHA-512:CF3D3B2DF12563CF6F6770C2A7D353079EF38BE034C2BF475C4F9528D94A16A6CEEB31D27D7BBF75FE39546902B61F8FDF264289BCD67506AA032E0BA68AE126
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bIkaAuF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1319829
                            Entropy (8bit):7.222172315059652
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRI:knw9oUUEEDl37jcmWH/IM2I
                            MD5:066472B8E84ECAA9199CCB57CBCBD21D
                            SHA1:DEF2E176D5BF245F606F6F959782B3F478E0852C
                            SHA-256:297C3BA4F32826222478A4D724EFC595CCC7912FB8D9574C678700A5C2208F9F
                            SHA-512:CD41B985BB3773F05C3908EA5FA9A51129304DAD28914FB37F7BE9946EBED80C4900C62EB4C72A52531A66C05931E4B405004A73DBB0D1525B238C1DD62679C0
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bRMguRb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1320588
                            Entropy (8bit):7.221628301369826
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRO:knw9oUUEEDl37jcmWH/IM2O
                            MD5:F92C06BFBC0A4D85CCD7831D64DC8034
                            SHA1:2B7FCDCBFBDC731E7B112CAF2A6A5B96D4802D88
                            SHA-256:00849A31D09F23F6E8D853EEAA34C73F41C198AEAEEA12E08D2B4ED3625FB1A6
                            SHA-512:1FCA91A5219460AE747CFB74E1F0FC28354B3B117118FF21FEC228BEE846F13BD21E3F4302D4FCD6D9073D233AA7E5F536E43DBDB2C236C1F2750C59EC32FFBB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bUGCwZs.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1396488
                            Entropy (8bit):7.169054305064573
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqlnmfr:knw9oUUEEDl37jcmWH/IM2mmD
                            MD5:90260C27ECB414D630D4CEDD16AE82EF
                            SHA1:BC51F58BA10FBA16F08440AF783B0FB9FB2BB411
                            SHA-256:CA443A9B4E82D16719D183FFE029B49E2401CD17136EBD803C391E4E0194A615
                            SHA-512:DD16B3200AD8FE490B86783F9DA8B2AA3A06843C352A62D7522C15B1D8746E93CE63EDA546A5FC4368E1D28557FEECFFFB0DB00FB02DFD810D4BCCB2B997E988
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bUzrJhf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1387886
                            Entropy (8bit):7.1748170701004215
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRg2vZA:knw9oUUEEDl37jcmWH/IM2LA
                            MD5:8AE627F1DB1B2779731A17C1B6AE08A8
                            SHA1:2749ABA0371924896C731668AD7DE1D279B11056
                            SHA-256:ADC9ECC2BC747EFA32887954CDE29E2114CD8BD03849EB1002109AE1E8453E76
                            SHA-512:FA501649ABA1FB9DCCB4176A918BB6A8C71AC8352AFD5B6BCB42B372E3C0C0E36B366F1DFCCC7CC7DBF9C49FF79FC9F809370A1EB17732DF20F262E832BD99DD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bXuGBXO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1337033
                            Entropy (8bit):7.209912475816102
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRvya:knw9oUUEEDl37jcmWH/IM2H
                            MD5:AF33F894EFE656547D5BDD92757D0DDE
                            SHA1:7827528ED02CC5AD014F04263D24273E117F20E8
                            SHA-256:AFFF2543E399713568B81B9D09439ECBAE02C06F0F71C43ADCC4412FAEF77C59
                            SHA-512:37232C9F4EC962C27A4376D30F2CF177E5A60E3C7216A550A8F11C49A9F1771CD1936FC377C490544E9E07526FB8DF79FED3859D89E91A0783962C9976847346
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\biRfUfo.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1336527
                            Entropy (8bit):7.21027609224751
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR+:knw9oUUEEDl37jcmWH/IM2+
                            MD5:D5FC0336CC3D090948BE34257C02024F
                            SHA1:DE8EA1AB48AFB5AC877CF190B4DCF3B13FF2092A
                            SHA-256:30A7F875903D67FFC58D1A467689790A35CDD836C8E2BBEA3FBEC37F700F6359
                            SHA-512:6F9E332324BF5B2D13623DB2FE7571AF80DD6C43A36FBC209CF1DE9307D87170D05772C24EE6295C0153929D4667DBB1ADDFEB509F8845898A41F79F2BF4CDFE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bosjKmA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1388392
                            Entropy (8bit):7.1744763625573515
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRh:knw9oUUEEDl37jcmWH/IM2h
                            MD5:529EF91E19313DF8869F648A0F5851E0
                            SHA1:0BC7D55699FC3B868141DA86F202CEC42A9CF515
                            SHA-256:AB1F0403651168AE9885754B5FFA9F4BB868C44B6512F86301126B269AC5BFEE
                            SHA-512:7D981510B9E2FBFB78AA680F08AA4873B809EEBBD299F94703762A43DF4D2F1F7DC2C407C16A22AD8701960258ABEBE7388F2C67C2D83AE935A19004D42EA574
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\bpKoOax.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1325395
                            Entropy (8bit):7.218182721444673
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRq:knw9oUUEEDl37jcmWH/IM2q
                            MD5:D6510545F21CF2343AF1F03BDDC23C6C
                            SHA1:AC57439EC03D902FA9709447063CCA78BB38B335
                            SHA-256:BF8D9480001845C8A4BD9E5525DC435409CBBAA4500A332A38D4D30B85A8E3DA
                            SHA-512:CC733EE4E4177CEBB0691D4A42EC19AF0EC9BF740A31CD8202D44F35D6B8C53B8BE2FD76E2F806050AB5E413491B0C0CF660826B3257780507C416E4088C9292
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\buTLxRn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1381814
                            Entropy (8bit):7.1789192760634295
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRj+ZCEm/:knw9oUUEEDl37jcmWH/IM2jq4
                            MD5:360493E24C81A56FDD1AF7CA478F4524
                            SHA1:E743FDF11BC1926C21FAB2BE124F04D19C06DE84
                            SHA-256:5BA1B0134630103B96366E95D08377DAF1EF04C01F818E1E2E834E97A4846E5A
                            SHA-512:D598D76B186685EE802D67D85430D16AE63EE615F7BA51807BD153EAE073095552408D614B18D331E77204BFA9DBB7C8297FDD2D49BE9020B84473156B60F93B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\caCYhXO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1387127
                            Entropy (8bit):7.175315167175449
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRc0B:knw9oUUEEDl37jcmWH/IM29B
                            MD5:7D6213A7B9BEEB3BD66A34179FA6A2D6
                            SHA1:E98475A27DD2D58F5440AE705BA6DF2ECF15FCAA
                            SHA-256:A41F5F46A196809DE05A4600C90C26AC8FE09A119D39B71B27D9C4DD6A4110BA
                            SHA-512:122BCC8879BA53AD86331BB6B9B058862D8FB8049486D27999D1FB359CC15BE815671DE62214C65AAC47BA0539A350D438227DA6345AB9C65FAD853D390E5D14
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\cfnMrSt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1368405
                            Entropy (8bit):7.188057721888336
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRn:knw9oUUEEDl37jcmWH/IM2n
                            MD5:611824F50774C449B243CAF96CE20A03
                            SHA1:1E7DC6F918412FC415C89592CCBCAE2662708798
                            SHA-256:B22BBFBE91F766A2F6DF1ACA3ADC2C930A3835965551A8C6FA78BE177CD2C901
                            SHA-512:0646D27B0E115EF6A4CAD76B70D63B79AFCAF72456B5C65DF596268004408A8B1C55305D0E85BADB3892C861E40543F5140C826CD96C5677E14227B6FEE1855F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\cpzBcQW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1365369
                            Entropy (8bit):7.190151393788869
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3gys:knw9oUUEEDl37jcmWH/IM2ls
                            MD5:E8625F90A1F2E73F85866D828C5D52A6
                            SHA1:2F868A7A37BE91C2BBF115E90548B001D94CFDF4
                            SHA-256:8CE2DAEC7CB2BFEEBDECA7FE70BA5B02E0C56E5366327B6AAB3AA353D0A6A8FC
                            SHA-512:F7CC5667873A43E49CCBFCF096CC794285FAFBFD280DB403F8FC7F4ABBFA3179EB690482AAA6D76385491DF43B4CA72FCCA6B7AF6317D9A74D9BD9B8DFA2CD73
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dDtDLHD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1353225
                            Entropy (8bit):7.1985600018099705
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6VT:knw9oUUEEDl37jcmWH/IM2y
                            MD5:E4B2311FF485698A6A118BFF078E0AF5
                            SHA1:3475B54249AFB4F82AFB4023E055C139869AC6AF
                            SHA-256:07FE005B1B5C54EDA1876F667C342990D82C78453F5236781357271FE0B1726C
                            SHA-512:622E4EED02E129F52EA74026261CABC7BA07EF8CA9342277C42180A5E60A8FC706A4E4C630D67AA80794F4D59823057289B17382F0F5B1D07163608307F13073
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dFVXJJP.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1378019
                            Entropy (8bit):7.18149235900824
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0PeSk:knw9oUUEEDl37jcmWH/IM26Lk
                            MD5:DB3A3303F8092EF0396F316E8D6B73E2
                            SHA1:C64409B3848D34DEAA5D5B36492A69F5BC4D1D2D
                            SHA-256:1DFF91C111C7FEE926F5078C06905289C2667AC27155B91064CF930FFB5D34FE
                            SHA-512:1191B4300D9584DB31AF1E39B2096C248F272DECCC002E04FD7A6061DF2DA82FF7584CB989AB0CB166AB6B2A8A71F90600447967C49CC959CDF22CDF5046E0E2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dGceAQD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1355502
                            Entropy (8bit):7.196972221081005
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRhn:knw9oUUEEDl37jcmWH/IM2l
                            MD5:BCD76928B244ED4E5CA43379E520CF10
                            SHA1:5ABD2955681C57D5C599527909D767C27891C82F
                            SHA-256:E1273896C0755BCEF3089939D81ED98D5581B4AE09D9D02A0698DBFE485EBB9C
                            SHA-512:09708B2240F95B377F85D882C019D723DE262CDBBA6A6EAADE740A206213A638E58F4EEE8BEC9371F805CD1469A8D1CE326CD909122330C4A8D14701DBDC0196
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dNcZNsO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1323118
                            Entropy (8bit):7.219811183552575
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRy:knw9oUUEEDl37jcmWH/IM2y
                            MD5:07414CD6932DC946A9895DF146E7EE7B
                            SHA1:A7416213D29833AB32A3A72D578C7443BBDD9908
                            SHA-256:D0A698FC786B16FC79B37C707B2A8BDED3732BF47EA3D7797692C9FA09DDDE4E
                            SHA-512:F4F6735C0CC47446D3450755CDF381C9A981984F20555BD35732B52B900146CFC09DFCB29496220C57E3DAC45DF9F204ACE15A487611E803DF7B167F9DB381D4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dTtlbMT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1333491
                            Entropy (8bit):7.212420115019708
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRn:knw9oUUEEDl37jcmWH/IM2n
                            MD5:194C8AD055BC2AD8BF0D523DA37A5ADB
                            SHA1:9E3DC0C5D87DB2972219C205F80F66D27F944C49
                            SHA-256:5007177DB9376FCC3920E2164AE5EA12370292C51CA22D619A541A5ACF9581FE
                            SHA-512:2424FD1D641DEDC3DE37A6DFDC63DBAABB66326652E2E7519DB84831A4EE238FF5541FEBA370390F43EC397FB3F832656C7CB474286F7098028C141EF8AF9E14
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dgZNHyj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1328178
                            Entropy (8bit):7.2161951453303095
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRAc:knw9oUUEEDl37jcmWH/IM2/
                            MD5:8E2175D462688C40877D4D3D1126B74A
                            SHA1:D14F6555F681A60D2EFFA6DA444547FE9689FE41
                            SHA-256:4EA5A82B4746E5E1530641028F886F1765033C8B8CC230B62E5B1AA35AE7E028
                            SHA-512:E609E3EF26814D0CDCC73B67751F884FC48EDBF90C57C9BCC962AA9D3D343CA86563E51BAE959C92B1444AE49E2B71C47BDE6AC13A388760387DC57A05F65720
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dhauwZm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1367899
                            Entropy (8bit):7.1884142042437755
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0C:knw9oUUEEDl37jcmWH/IM20C
                            MD5:625AF6C848CC4F87D841B48B3A453519
                            SHA1:C27B9953B2EA451B9A84D14F1CD7D40C50DA1E19
                            SHA-256:8178C7D88CC8DFE9CF812AD3F947B77A4041B884A7E06C0F9C32D2D4C12A6097
                            SHA-512:E054EE84481624D2B0F0F247432A1CCE8184CDDF2920BD06DD940B45C0EF619CE9B09A8737D88E979AAD46AACC2A2B6A8631CD3C11BA775DE508925F8D2BCB13
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dmaafTQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1342093
                            Entropy (8bit):7.2063437978373965
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRy:knw9oUUEEDl37jcmWH/IM2y
                            MD5:6021050B96D6D1CDC822B57BAF7C3189
                            SHA1:CD4E7905446C9FCE68DB2D8835FC5B43E68634B8
                            SHA-256:EF3A738EADD4A698BA52930C260661F53F115FE5D040AEE4A71D89EA9D78EDE3
                            SHA-512:C36453B837D3E46296629F9D2077125BEB81B40E408C1B996C32335E3D38AD45504B325B4EF3F85FB71F2CA41C1DB3D319881B56EE8757FED8DFC2C27F7D75ED
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dnULvmA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1327166
                            Entropy (8bit):7.216913207871686
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRB:knw9oUUEEDl37jcmWH/IM2B
                            MD5:F3BFCFC5FD1749AC3ADF08153780B6F5
                            SHA1:1E9B7E6961E950506792B6FA2F09C420688A45F3
                            SHA-256:298737446015DEDB1D4D9DB54A40C6D31D3177B5B6BE825E6376048FF0C2AEA3
                            SHA-512:CBCBF2EE898DD5F1E39F69F1CF45872B34852D1001768E439F9EBEA2E1DE308043012AB46E15BD7180AA3737209B78A02556083578CD00B22B923B9726A6D447
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\dyGPlqF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1337286
                            Entropy (8bit):7.209733684781025
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRLjqU:knw9oUUEEDl37jcmWH/IM2/qU
                            MD5:6EDA95DE1BE4B11EB12470228263DE43
                            SHA1:C0259D6CF57DB1561EF1F290BBAB1EB42CEF884F
                            SHA-256:82AA921416CF591A812B990CE565FA4890BD4C1E9C1F64C106AE090FB86F2450
                            SHA-512:9BE4C4A22DAA213AF257310358E3EC8A36B2835D50D39FA552DEDC88EDFB09C065563305140723B7EB00CFD86128175D741283EB10B641505A72DDA1C64F0BE7
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eHQNumx.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1391175
                            Entropy (8bit):7.172614277305173
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRwtv:knw9oUUEEDl37jcmWH/IM2uv
                            MD5:7EE0E00DD7A2910B878B444B84023452
                            SHA1:E4EAA9F155E30C7B395ACF8DA7E10D7309DEC56D
                            SHA-256:2F7B21118FD81DE2B47C04F8450721E7F10CEC4363FA2BD9570AD11045A2BBD6
                            SHA-512:0C803C2FBBA2E789D907B9165F882EEA91C228DC2F674394BD34657DC94C712879216A4D716B0D1753F5FFA08ABC6FCA1F3775662C9E9B4CAC30BFD4C3024C5B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eIXVBZJ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1394464
                            Entropy (8bit):7.170403686521656
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXEx:knw9oUUEEDl37jcmWH/IM2q
                            MD5:7CFB5E565340C27180DA3FC6572AA66C
                            SHA1:C0439706325E1CF6DE9E12CFA08D8A6A8004C83C
                            SHA-256:2557CE75F53665A213A72EDAD30BD0CA988BD665701AA8C5BD347669DA570B3F
                            SHA-512:2E163260F3BDEFC59F4A4DB136CDCC82DC06003CE665AD6F16FDB2D1D30F0B730DD8C4E50F93CFA00778BDF7061F7CC0784D8452C4725FE3BF490EE33B790DD9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eLGbTft.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1415969
                            Entropy (8bit):7.156143330194946
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRmUD8:knw9oUUEEDl37jcmWH/IM2mu8
                            MD5:4A2612366791602E27A7C46281E9DB25
                            SHA1:84534DC0CF9773347CB256474D6FAE25731E0B97
                            SHA-256:BC7F73F3B2552A444CB6CACCA2F8DAA9E578796738913BA088449C3A917398E1
                            SHA-512:3364590806378D852A63E3BE6EBA2706CB92859788F13D4A6E19F8846A2B38DBE4FADDD5AEB01A342CACA26F68BBE8999E0EFE5600AA8E0A7636F0938E96336B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eURhaaq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1358791
                            Entropy (8bit):7.1947000141543755
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRx:knw9oUUEEDl37jcmWH/IM2x
                            MD5:579665EEA19AEAEFA8C530827B5FDD90
                            SHA1:CE36139F9527AF6F400E661FCCB36195D0261432
                            SHA-256:132D8F60B8A7595C4CD34B17CAF96099F723A5944D6C19B02919A65EE02597C9
                            SHA-512:9288F09430C5BF542A2140BFCC81842D292B6E461F011BC4E778E876A116402CED74B3C495E3B4C25EA61DB6779E66D19172A20E1600D8D54A91DFE737222DC8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eaIIdzi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1391428
                            Entropy (8bit):7.172414591967176
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRZ8Nr:knw9oUUEEDl37jcmWH/IM2iN
                            MD5:12EB026E0C21BCECCE272B116D114CA7
                            SHA1:D35515F5694E75A2D4C05EE346F100FAAC442738
                            SHA-256:AFB716AE822963EBE42EF83D6D33225B53735D05A7FA9FF269DDBFB55A09E212
                            SHA-512:8A9CA2BB1A1031EA39999B98E0A364D39BAD7589586AEB1FF577C07A91E15112A39E1335F167E3D0F38C5C68ABCC3CE69103738B4FF27F9CBD7A3574B3614153
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\eysETzm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1364863
                            Entropy (8bit):7.190497319432493
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtI:knw9oUUEEDl37jcmWH/IM2m
                            MD5:5655E243ECDE0E0DC9BEBE97A9580E55
                            SHA1:39A94E8F8569F71AFCBFE985A7FFD4E1A70C0FC3
                            SHA-256:021927FF11DA7B3C802F9B11AED7C65409BC30325624AA66EB30E4B87DAC454A
                            SHA-512:2A932A85AB2730037956B551D58BF5F64BCC81B95555D6727A71A13A20337E0CD4E5A24687CF0E8A8712E15BAD82ED3156C50A786C7D2CF0A800742A1E007B06
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fEoaLTP.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1349936
                            Entropy (8bit):7.200846949929075
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRtIW:knw9oUUEEDl37jcmWH/IM2N
                            MD5:328F8A0D9D22A6A615F404A7F3BBA0F2
                            SHA1:B5BFF3014B9FCF46D2452B1DBB6AE6E08ACB1AC2
                            SHA-256:321856A127EA0685472AED8BFC4546A110AF9E9D3F23EF1ED26B742D89732D6D
                            SHA-512:A849A2A3968EA03EB768BCA3EF652DB213A5CC2B144F8CEB979D14FC045CFDF743BBE04DE36BBF8D7526ED065AB20AFC91AF6EDD93A166EDF62746A31E88D888
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fEsjqCF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1359297
                            Entropy (8bit):7.194335183479764
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8:knw9oUUEEDl37jcmWH/IM28
                            MD5:F7EFC32AA97A26E8B8FE980D339CBD36
                            SHA1:74B98A81690F6FEE16AB71760F0A453D3FC1E829
                            SHA-256:775865991FBEEBFB66B808FF415FD0C00080F08DA463CC82709631C24B093C37
                            SHA-512:12D9D5B0FB1BE3C63542F4BB1391A2D81619B4C3C816C8B71310F03E8B8258680A541935664044FADBA50BDDEB019765F7513BEFB0E767FB24AD3EE81B9973C9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fTvMnGo.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1409138
                            Entropy (8bit):7.1606377882904875
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRss6:knw9oUUEEDl37jcmWH/IM2k
                            MD5:1971B29B23779157604696343C8BC4AE
                            SHA1:CFD6CE7F63584DCA5E6F9870D15CAE9663B34BC4
                            SHA-256:4AE837003937D5C337122CAA62BA3AC433F3C38A31C8960129D8FB40D467C214
                            SHA-512:C6F892B9FAA845CD618DD1F1412631A1A243C9B33D51B9C4BA18B00E1CBCE50FF6E951346FB5696E0D420E372C67A11CF1AB353A11675C538322444DA7BBE4F9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fbsOELi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1351454
                            Entropy (8bit):7.199787406069077
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRLXBNuM:knw9oUUEEDl37jcmWH/IM2KM
                            MD5:FFD7F72892999765CBE709AD876A2405
                            SHA1:0016257B7028F446F223F1541BD1348947FC1053
                            SHA-256:BFBB45C8D148511A877205632E427DD8F810A1D5684E63DAAE8FB61B7E138BDD
                            SHA-512:5C8B39CE69714EEE9DDD869BFB6A97461F92B73A78F86AC3842B1937672D1C5BCA2FA210864F947442E1CB70D066F80FCB3AA4E0CF927A14C3CECB780CA9F976
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fcTuRbs.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1359803
                            Entropy (8bit):7.193979881986106
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQ:knw9oUUEEDl37jcmWH/IM2Q
                            MD5:B45D486ED5E047C0A85E0A4FE4D3C4A6
                            SHA1:B3C50854DF47A937BB60AE74856F5B469FD1AB65
                            SHA-256:3D9DE819A6DC16A7F0157B26AB484000EC14A8010D6C4E872BF44523029B3905
                            SHA-512:7A3DAFEF30C2776B879EA6BDE661D9A146927D65396A9CF828B8FFE9CABCB6BDED7959A426C7AC7009B3F87A181491F1F451DBDEB19EEB7ED06202CF094E8FF2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fcuxjwf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1371694
                            Entropy (8bit):7.185814233420464
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxr:knw9oUUEEDl37jcmWH/IM2F
                            MD5:614BB47C3ABA86D2DC0BB45A7C21EEBF
                            SHA1:9941DF79A4630F8FA02B25D509E1CFCA3C0823F9
                            SHA-256:44343A0BC75F945394995A0A99023533AD498C4D332D9114ED138200A28C5A96
                            SHA-512:CA7A4065DC5CE7993F75133E0D4F9E395F7A0659F11E5DE58EF5E2237758307FD76A46FA16064EAE505D6A574670A15482FDB571DB001A6668883EDC780BAFA3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fggtuAI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1410403
                            Entropy (8bit):7.159796570194159
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjV4EjNb/:knw9oUUEEDl37jcmWH/IM2jpJ
                            MD5:5C6A161B23390135B0B48D9F58C39D6E
                            SHA1:5B986F45AC940F3684BC513A4ECCA644C5B1B897
                            SHA-256:14999925724C682E6BE454AD5C11AD837595F4EACFCFB9F15C7AF663228BC178
                            SHA-512:BF413D26232A7889D409D849789B53EABF2CA8EF3026B9A2C6D9FBF68E851609CB670F8802479346DE62F3823DB015AC084E70EA0F10861091DC56E64219C6B5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fiQoDpS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1364104
                            Entropy (8bit):7.191010209520255
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR5:knw9oUUEEDl37jcmWH/IM25
                            MD5:88E6CDC2561838FBE913D055D5D555B6
                            SHA1:D5B5A5E7A904AFBB037D8F019B19460F4FF9EB3A
                            SHA-256:670049A43F9954C736F6D7DBF17E2714610F0D8E8DDD0CEA74345892720FFE33
                            SHA-512:8248C636D87C391A44D896FA7D455020735CE3A538AC3CCCB1C5B3F1A10885899C341DE9E52E04A71854BA9D99FD0BC5D41A6AB15C2B4CEA180494508765613A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fwrTqiM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1334756
                            Entropy (8bit):7.21151645549965
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRV:knw9oUUEEDl37jcmWH/IM2V
                            MD5:E03DCC32ADE5278EE5BD7EC611D1924B
                            SHA1:32F4C7E1D39B8A7ED0F65EA03F1D1D4D47B0B0DF
                            SHA-256:3D38F46737806BA6B86A0481EAF3AE7F986044DAC03068AB8D028F8C9D451C62
                            SHA-512:49F0271E5265D85B4DBC875576DC89598180826BD6C74B305A78881D3669BCB45B4B7540B13323705482C7E98416D17F77A5B4B851FA2EA918CA7E9564160027
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\fwzttYD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1412933
                            Entropy (8bit):7.158128845793468
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRIeV9xoZ:knw9oUUEEDl37jcmWH/IM2IeVS
                            MD5:3205ED0A1EFE8A432695D5BC57FA7346
                            SHA1:96DFF63E6FD06479D0338F4C25E6BADE567284D2
                            SHA-256:664277EDAAE09AF01183737D3D60DB92D0CABFDE113AD86FF64B277BEC29B230
                            SHA-512:DF14D199C16F06280159CDB53E0C5C9FDFB59AF8307D3CE178C54BF3121752101A898CE65A427CABCF0B266700091193D1B08D7A5D24FB544B1B20342B798725
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gCwOtYl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1375489
                            Entropy (8bit):7.183211040414301
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRTvY:knw9oUUEEDl37jcmWH/IM2c
                            MD5:4A992F318858DB42088BF1ED68DE1DCE
                            SHA1:1D7221EAC54C8CF5EBA3116DF64EDA56550FA9B6
                            SHA-256:F42849DA600277927180578F5BFE5269CD25395277BEE4409C1FD2C1414B7AA6
                            SHA-512:7F20481CC2422A689F2A00332B338F8E1C51414D73E2E000D52314E6DF09B2482023BD1911385E52F4B764B2CB3D34EC09ED25CCBD16D7016F85C4FB6A4E13E3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gIkBMuV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1395729
                            Entropy (8bit):7.169559523804119
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRb:knw9oUUEEDl37jcmWH/IM2b
                            MD5:93DA40798EDB3D662F86114759CE9FA8
                            SHA1:30F745F72125204A26D5223FE34EFE3753CBA3AD
                            SHA-256:1B2EB2E5AB3BEB7936F2348B7C290ECB01F012DBA586BB62702DE83D804BC58F
                            SHA-512:84689BCADC4F13E202ED3E88773F1984CC8E08FEFA99301390F5685B35FB48962934624917F1858DC84ABAF8C6E04AE0A71F39C6F86DF674C689E6CFDF96C130
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gJfLIkn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1358538
                            Entropy (8bit):7.194869775574959
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRj6:knw9oUUEEDl37jcmWH/IM2O
                            MD5:1DCBF70CE7D136528176686046D7DC79
                            SHA1:79F25F606FB70ED148B411B7CCE5CB5ACE100005
                            SHA-256:509AEE66352796F278B8E623E96BA347E8B54D3BD488E1DD16CFE1D2FC473AAD
                            SHA-512:9318517CA22C0953358A221E4E5CF711E90EA6250F0CAB021C79AFAECC70F92F1E4E28CD626D53159358D282DED53247D6B6A86576C06599453E92EA1BA7EAF2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gKWutyC.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1403066
                            Entropy (8bit):7.164654178306088
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjiXx:knw9oUUEEDl37jcmWH/IM2q
                            MD5:7F0ED6C4D545D70E9B42636C8DF67D9A
                            SHA1:89F1B673CA5A49F85F64C129A9704CC94157E19E
                            SHA-256:1E72C598D00B6711D65F159B999FF577AF00FE1351D2B1FC6BB17E4762778D2E
                            SHA-512:AB078EBF6C747B84C6750AC9D374C92BE9290D38A407BF8E36B91C02C975A136967DE7CEA0D1B7DA6FC86BB3A97E4DB22DE4286E4920AABCB0BEBE000290CF99
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gVpsUlM.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1334250
                            Entropy (8bit):7.211880496315752
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRNi:knw9oUUEEDl37jcmWH/IM2Ni
                            MD5:25AB7EAD0B4BFC9A3BBD6C68E6F6A3C6
                            SHA1:42B9D38BBC038BCC6E7753DF658ED0AE18355D47
                            SHA-256:DC7BA52F1CD48696F104ED80749DE5061F9D46E0E1A98D10CEAED9E86971018E
                            SHA-512:71FB9AF9D40B3001BF85F8DA44F08737867DBC0E4E05C50841C17BB8F2AEEF219B793CB26D0B845992C4F9E12D34E95F019022570002F7C6ECD86D44BF3EAC39
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gXRpWMk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1400283
                            Entropy (8bit):7.166518486724454
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR7THqS:knw9oUUEEDl37jcmWH/IM2nJ
                            MD5:4B39E9A17F2F7FBDF537ADAAD638E45F
                            SHA1:C0BFD58AD727DFFBCFDA553425213B74CF6246DC
                            SHA-256:1DC78075540ECF45E281BED8437E4C6618562E27B3D8DF2BCD9246B6A282CC71
                            SHA-512:486853165EBBB833149FB4360FDF1D31A1147EDCA99E1C2813BCE8734F3ED7CF70739FC812B1EF4954F35BE376142E230D51311A3750BC1C7681E1F3833BD30C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gnGUQzq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1336780
                            Entropy (8bit):7.210089801936939
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRU:knw9oUUEEDl37jcmWH/IM2U
                            MD5:B36299387D1738874F86B1555D6FA418
                            SHA1:B744B8EF85067E37EC2203BAAE3CA0176245908B
                            SHA-256:943C5BCF80EDE40CFEEF96DACEB63B91AA943CAED702886E01347DF17DFDE0B9
                            SHA-512:55028D528244318861CD71C71554D3CD37C3C08F9FA7C347FF38BE4D41A327AD726F4EE390E13C192631AF572AFDFAC94ACDBD7F29B7CEF85AEC56D3F1F3CCF6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gnfhVHJ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1393705
                            Entropy (8bit):7.170906150102146
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRcz4Vd:knw9oUUEEDl37jcmWH/IM2ci
                            MD5:792D84C7CAA0C6C1D23BFEA017A31676
                            SHA1:DD68752FB8642E22A513B0716838C5A6F1EA53B3
                            SHA-256:536B4BF932B25C4EB99F0113019B8BAB5276C6FF8EE393DC11DEC713259BA2A8
                            SHA-512:0ED7C643215EDC3485A13FC0165B8A9853C61E5E79F5B184D4628B00A2FF1DE124C2BEB2D7CC06A67648340562E580C6B26506D35C29AD5F6B5AC22B5395B7CD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\gryDQnK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1331973
                            Entropy (8bit):7.21349220024487
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRR:knw9oUUEEDl37jcmWH/IM2R
                            MD5:772BE46CC90397F4CF3DC4B2CE2C00B8
                            SHA1:44D697E9FD2E78CA3BDC3FBF000665F7915B4115
                            SHA-256:5B2DB8DBC599A83456B148773B4DC0EB1E93818A1B1373C310D744736FE25078
                            SHA-512:DD0C1C57583B24F533ADB0131C166CF7D58453050F0503E7A008656B48A321761541DE8E01EE1148186EF6237870016DE2138541E507AD527F84DD8C3D9B655B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\hLZDZXQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1361321
                            Entropy (8bit):7.192945268359772
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRr:knw9oUUEEDl37jcmWH/IM2r
                            MD5:E5706CCCF87F00535EE5E442666EA399
                            SHA1:D532C42A85D7FDE551E4B76DC2D9B52467BF6DDA
                            SHA-256:DFE27D714CC267A6F2E0B8F5CA17954ABC86BC9451A5F5A6BF738371079AADB8
                            SHA-512:786C3BFE2AF71969DCE8263CF90A17CA5324169EC8D08350A2A54566F35FB9727B6EC56D112982D9E7F8E4F6D474BE55DE378611C570805922D6BDF99B363283
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\hOtQuIc.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1371947
                            Entropy (8bit):7.185650297000621
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRu+:knw9oUUEEDl37jcmWH/IM2u+
                            MD5:EB3F04D5AC5962BC0B103350116845AB
                            SHA1:41BC67206496027CD3828636495E703D3A7DF72D
                            SHA-256:9B77EEE464DDA065954C457ECE1DB10BBE6E1CEA61ABDC77669111C454BAE531
                            SHA-512:0FE1E61FC50C9926360933D96BFC96F8913BB3DFD6B63F5B19FE2135531CE5F3DDBB7242134430A9237C9861861E2ED2842FFC5C7C57C2D4473D620F6C13E3C7
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\hYxTNod.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1403572
                            Entropy (8bit):7.164332547653151
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRLPXu:knw9oUUEEDl37jcmWH/IM2bu
                            MD5:5200E2C8153B9DF3A9F5FBD0965305DF
                            SHA1:3BD52E7468C51CB068CB61641079F2C3D7442822
                            SHA-256:D83F5A5A94791C80B2528B303D8B0624823E4057FBC94CCFD0C07556BEBEDA75
                            SHA-512:44F402ED948EF830AB8D503FD52253C70004446358FC0C587C1F41A1A1C1CF83D4706253B408F38811363EB7CB1FFA0B4AC7D663E3C0250B7A2F27BC438BC679
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\heSposr.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1389151
                            Entropy (8bit):7.173956783085685
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRShrC:knw9oUUEEDl37jcmWH/IM2n
                            MD5:ACC56E0ADAAC01CC967B4B33B25CA42F
                            SHA1:F3FDEFD9A064CA4F0662C84F94BC0BC0519FF71A
                            SHA-256:8ABAC0552B197FDDC6602FD116037DE0A7C9520601A5732DCD846BD125321616
                            SHA-512:B5552562C039D9310D871867044F27433B5226AD877352D21F110286C3ABBA796656F914BE16991765E129B3BFB5DBACAA21D9E645F06A35CD6245F5E4FFCB89
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\hlaiAXN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1354996
                            Entropy (8bit):7.197318372701538
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRO:knw9oUUEEDl37jcmWH/IM2O
                            MD5:B2656C33C179506A75E6BD54AD9B8665
                            SHA1:8E0EF4259894DF80B4FE3457CC5D71AFD37A9516
                            SHA-256:067E5D871F5BE00102F8DFCF231D38270A1B4B4B4FE94C4EC003F4840BA8D0E1
                            SHA-512:B90008F76F1A5F20DDD487B605F1CFBA204FF7D8E23474FE7ADE5324EF4FAA009EB8D54724356F61A71B7CC06C653065DDBD22AD07D5873C6C57A8A17C972680
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\huDYzjy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1361574
                            Entropy (8bit):7.1927619003815915
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRErol:knw9oUUEEDl37jcmWH/IM2tl
                            MD5:BF92AF3A8A6C13442F7B3650517CCB86
                            SHA1:8F060A7AE732B6A3F61EB220949630E81715ABB8
                            SHA-256:7AB4C8F976B6CF6E15FE0251AD55C46CF7A1A4CAA2FCF36102B47AA11563A9B6
                            SHA-512:DCBB25BAC91D1029B1A62F3797BDCC65EB9D476E5126C55D85F5B9D57DB714DE6400F121561B8CFE077AACB77B7E0D88BA2B2AB98DF3C7C46DFDDFF5DD7CB0BC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\iFNQXDN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1370682
                            Entropy (8bit):7.186499204570975
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRsgz:knw9oUUEEDl37jcmWH/IM2f
                            MD5:D2FDC36B678FBE5BA677CF2A0A7CD9C6
                            SHA1:38ABEB0392F691017CD7DF099B70559252C61B51
                            SHA-256:6849BB5CA643D0C5D59C49A8A8867D2F0145ED74ECDEE61C22E3FF5ACE5A2A4B
                            SHA-512:16D75064924C83F3E44ED6F24B7F9805B5EC45BCEDD22AC7C1E508321F0193CE981F687BE1E89C9690E9E25C62C7C4E15AE05607B4C36DAD02CC22CFE48002EE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\iSmQsnc.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1396741
                            Entropy (8bit):7.168868986602253
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRIxYfqW:knw9oUUEEDl37jcmWH/IM2IxY
                            MD5:2BD79A1638123BAA404B91FFCAEBAF99
                            SHA1:2F6C03A0EB18C2D961CB0E4860EB51662FD591B9
                            SHA-256:4DF3AD97AEA3B4767B52D338514A406A5C0308C011A236E0BD94111E55573A5A
                            SHA-512:113AD02FF3AFE2AC5D172DA3D40F5BA6202A779AF42C2E53F1CE685F8B1228A890DE39D62B7882BC6C22909B1F5892D78FB848511AD86E947D7D253B450F6826
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\iVbMnbu.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1347912
                            Entropy (8bit):7.202259357952303
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRUG8f:knw9oUUEEDl37jcmWH/IM2Y
                            MD5:F68BD0DD95AF953457E24B82CE2769C4
                            SHA1:26870D963FEB5CADBA19BA9C572AAAEAFE7C50FC
                            SHA-256:9CB1E64E4D470153953F32BD9CC737EDEB403EC6AFC3DEBA0505BE8A631C5DAC
                            SHA-512:6A8F75AA524E2341D14599F4BF19B11DDFAEA7C850B4FB3463FC9609C2C6C0A0E37BBB09B1324A5ACFC1F7559942D270BB2AB3B5AD2F6DE9EE8FF938B0706187
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\iXrmqoo.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1327419
                            Entropy (8bit):7.21673855673044
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4K:knw9oUUEEDl37jcmWH/IM2F
                            MD5:113BE3584286A043FDEB8C69E0DA3208
                            SHA1:C781BDE63B82E734A055380A886B6FC4465459A6
                            SHA-256:086A1AFD13984AECD8F4CDA123DE00AA641EB455EB71774C9183E977EE815425
                            SHA-512:B7E02647525765CE13304E0B9B4D4F5E82EAE6558EE1A22B8D453BDAFD8357E0A55C9C628FDE6B38A1022FCFA217FC954B99BB4F1E4642C46DCBC2CBAC13F00D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ibxPLHw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1405596
                            Entropy (8bit):7.162971729213068
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3zvKDO:knw9oUUEEDl37jcmWH/IM2n
                            MD5:2B3249580C81741E66EE78791BA6A0F0
                            SHA1:326BECB1432050FE9AA4F8C06AFF265DBC897AC3
                            SHA-256:CF38167FFBADCB8AFAFF241A5249DF51464778CD43E5C2F84326574554B37EBF
                            SHA-512:F539C33DE8C112990C2C031C4624243EFD178F61C150C3784F16A3786AAF04C42D64CB5CE403A9B293DCC160B5C41B35B50913F65A44D3ADC9CADD24347DB5CF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\igBUVJa.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1329443
                            Entropy (8bit):7.2152902632616644
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4:knw9oUUEEDl37jcmWH/IM24
                            MD5:24B2D1D6574DAAA321BE8B2672D1DBBF
                            SHA1:50044159BA8E205A124E270B3B1B9F5D81EAAE89
                            SHA-256:88013F6340F63C2FA6B8E2E8C04448F7A81E906EF9CF34B9CC52936120B90638
                            SHA-512:40EFAD7A4D38879BF6FD0918B627184592C6AE721A614CB6BD67D5D91E6A615BA09E840A0D54054E22E318A39FDC1D11E107930A2BCD4DEF718340923BFDA60C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ipKMruV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1401042
                            Entropy (8bit):7.166015930300832
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRRqkt:knw9oUUEEDl37jcmWH/IM2ft
                            MD5:EC14432215E3B83AB1A8ED3D9F3569E8
                            SHA1:8712855D85CE5C36CAC93BFB0A55FE6E9AEE30D1
                            SHA-256:44C06756716C7E724DD2824C1F15983F361A4AD8DB51350485CD78495127F080
                            SHA-512:0F8ACBC7733C631CE561E633A019C23FC793604DE8DC6072538065055EBC59F1960A0F89194E22660A8DBD2365DE936C3873D380E8B456047890FB93EFE8F399
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ipSPLpG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1390416
                            Entropy (8bit):7.173124265491888
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVk1:knw9oUUEEDl37jcmWH/IM2Vm
                            MD5:B92C5ADA26B92D4397181BC194511D8B
                            SHA1:811B28C246276279451169644B3C89B01E1C6844
                            SHA-256:D81CB7F5075F4B73F7603A85EF7FF85E70CA043D2C59C8845E8D154F90D3DFDF
                            SHA-512:2E83C42C23834403590301C69598C709E3632A3231F5D8201FFE8424E2D93708D0BBA78E87DCF8A8E53D1C7D6F443657764198F59FAEE5A7401D2157F48942C9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\iwtHoSn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1390922
                            Entropy (8bit):7.172763508881808
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRhYx40R:knw9oUUEEDl37jcmWH/IM2O
                            MD5:299256B5763067921D808A66A1116C28
                            SHA1:20C97513EF01297EBD0F76F0D23F843B557C2399
                            SHA-256:65CC13DE42DC81607E138F49B590BDC08D288795D7D87C7227345F466F5AF46B
                            SHA-512:5843DACABD6607B448309B247DF4F016D175470AE217041894BEF7A87651E89909691EDC18CE6F08EFE8DFC844BCAE02E44A978A56E84E5D5194475C90425662
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\jQvONnt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1411415
                            Entropy (8bit):7.159130738674127
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRw8p:knw9oUUEEDl37jcmWH/IM2wM
                            MD5:52406CA0B13CD7377C56278E817BED39
                            SHA1:7EE2CA7F0162A3D61B84695CAE3C68C64A9ACC87
                            SHA-256:296338FF3DD3C5A9C179C133E98449C747506CA5FDCE4517489D0B98AECD233F
                            SHA-512:61D2860F1949A01F108919076E8F47B3E76AAC919ED7BBC0C83BB30B99F4F4FD6F03C3CF5E69932C605AA70A40D8274FE3586D923589680B70AA4F04B3AF46D5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\jTZhWqf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1325901
                            Entropy (8bit):7.217818499504188
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRx0:knw9oUUEEDl37jcmWH/IM22
                            MD5:B2E9AC7EEE970239A5CC0517DC6C14F9
                            SHA1:1264380384015D8D01F90DC1A625A54FEA8D92C5
                            SHA-256:1C8612CEF389836A51C5E515C38B6F306686BEF7A02C3B38B69D769424C37D04
                            SHA-512:0E82BA1CCE7150AF947E32724B2A6A0B4E5C0BEF01925E92F2290CB4D192318439EF59DDDA24FF50298154771B6EA19E14DEDC488A7152F9F9E0501D392AC763
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\jcnyUWd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1320082
                            Entropy (8bit):7.221990507163742
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRC:knw9oUUEEDl37jcmWH/IM2C
                            MD5:F8FAF9FC5824C121988E4FD42C6F44A7
                            SHA1:381BAE4907818550FDF35BA063B2186F2FDA6F18
                            SHA-256:4E2486FD9046543F1A07199870C0262CF23A7531BB320CC6EF2A7A013A5074A2
                            SHA-512:826327A1E991C6C84F8CB051943952BC92112723FE8E703D33400FD7DEDC14C63E753F6182AA027B865304C8BC5D635F1A7651050CE95649EC011B680F6622B4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\jfozzXV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1373212
                            Entropy (8bit):7.184776478452055
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRX:knw9oUUEEDl37jcmWH/IM2X
                            MD5:FB6FC43BD14B27F19F25A844EB4F63FF
                            SHA1:9BADF9D35693AE1F1FAFC20AE34DF21D3B2E4E1F
                            SHA-256:9EE6A1D6C3A1EF1B20CE15BA11117C3876E22C6E166AA96AC39EE8167E3DBCAE
                            SHA-512:A30B6F8F73A570BBCD383DD2125C4907774E0AE756B4F6BE375D1196C68CF5E3413E2D3FA7B9B4CB5B7BA3BCD2EF930F20BF6F4277BAF72D644F5BAC37C61E23
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\juRRbWT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1366634
                            Entropy (8bit):7.189280422651299
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRu:knw9oUUEEDl37jcmWH/IM2u
                            MD5:3C9E8A280EF93A8FAAA96E65EDA95D9C
                            SHA1:A8AEF2B732941B3A179C0087FCE9DCB87247F9DC
                            SHA-256:E3A1023AEE34290703347316493FC7B762FFB543F4770ECBAF06251D313F7FB7
                            SHA-512:5B4289C1AC20317E6116C9A1BA825809ADF2034D2BC76E61A976C732CA667184DCF7AE5032A17A284E29D91D5C1E830C566C0A8EA15E31A62E04BF913081303A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kAvcvMe.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1408885
                            Entropy (8bit):7.160801303213609
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRb2d1sE:knw9oUUEEDl37jcmWH/IM2az
                            MD5:4F939FDA8F123939E15F9DFFC2DD7F76
                            SHA1:4F793929720D1AA4256B334E8E2A1A8F0B0B2676
                            SHA-256:5E8FE433EFC197DC01AA1B526F0518E3B99DE96D421484FAA502AE0434BCA68B
                            SHA-512:6D8C8D9818A27319494E234ED4BAAC75780F752237D99380CF3DF6F0534D5E4DB5364DE834D24D50084581673AF43BE0FF082519E27347CE73294E533E2ABBC9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kCmzHfG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1325648
                            Entropy (8bit):7.218004574355357
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRl5:knw9oUUEEDl37jcmWH/IM2l5
                            MD5:4E56E2D7DD6638118A23639F6E5BED34
                            SHA1:B65629E33ED8951044EF89BF6E9BC9E66CC50597
                            SHA-256:7E6EFCE33D1FCC108B2F0D79BF828E437E1B64BA69007BB6DFB3218984DAA151
                            SHA-512:FD453153C43EBC08DD17093404ED34460D3536C35CC8FDD2BB751D8DA46C3F3685976EC3DD245D75A00020753B86FCA2C5A40059D885DEC6A6E6A136D1DCE600
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kJKNrrq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1333238
                            Entropy (8bit):7.212598653934616
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRMj:knw9oUUEEDl37jcmWH/IM2I
                            MD5:3A74290DDFD38CB20478488B0921182A
                            SHA1:B7DD1B46249E4569D4A62713965304C148EE76CC
                            SHA-256:A6C4908D4BFC6B209D0B2B6FEE0CB6EFED7C3C345206FD09B8BF0F1556766451
                            SHA-512:A25A7D8381C2E11F74744A19D48ADBFEAD4DB26CFACDA3EBCFA419534930D4DCFF923068FCFC302D98FE028AA35B6083B5A018CF562C1C98F7F28DB53CF14B4D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kQWzsiZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1331467
                            Entropy (8bit):7.213851242898369
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR+y:knw9oUUEEDl37jcmWH/IM2+y
                            MD5:AC2842AE2998D8B75BC63646E5300D66
                            SHA1:5D1C0787DD3D109313C93ACFB57B7FCA33E4B9FF
                            SHA-256:25477B51BAE4C42C78E8167E1C6E67B22D6D2D0153D99CBBAD1778EE352CB9DB
                            SHA-512:5BEC876E1AFF661ECF4CE4EBAF32568EA64183FC05F04F8335B493FF890E4B154E8E9938C0AE2F82F9E8DC66E004E73E100BE8E0CA4C1C0575A943814B3ABB98
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kWmKVbB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1326407
                            Entropy (8bit):7.217461711954544
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:85EA65CEA1789724114641F94421E9AD
                            SHA1:8BC0DC6AC69D10591C9E1B6A45A08F0238531584
                            SHA-256:37A5FB05300409D9B19A9846416189629465B7CB257BC9C2693ADA98E307C2D2
                            SHA-512:C2D426795FA4D16C8D091114C7E1346E1DA45EB0D1CA70FB5B21D9867A29B3DBEB8A699B38AD983F36087AE587CF424BB59BA41E42CF385E69EC06A9AA0F1474
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\kcOtUgS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1322359
                            Entropy (8bit):7.220354098481433
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRt:knw9oUUEEDl37jcmWH/IM2t
                            MD5:DBBAE3A021BBBDD4289A0F770C7143F4
                            SHA1:B49E232E1517A3FA8CC276C9CC3FC1F29BDED056
                            SHA-256:89BB39B55FEE63D19EA71917B5378B3102CAE23AE58AFD354B3C180B3C503D6A
                            SHA-512:5DCB98AA6BC37A1BE7077ED40FBA2F28F416BF1705398FEE90685D679109D439F79837D926825D6624358482B66D51B573BB6959CBA3570861EF278DD994047D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\khzlYlB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1322865
                            Entropy (8bit):7.2199909655681225
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRg:knw9oUUEEDl37jcmWH/IM2g
                            MD5:697CB4F46875AD109B35AC692025126E
                            SHA1:4EA429A04E57D1111DE669B4C06D842E553C29C6
                            SHA-256:71381BC936C2554FC01A98E695645A677AE4D4A86A72BDF6E8BA403A5FF61E15
                            SHA-512:E590022A119DA67974C8159712F82A2658893D3F4050D0739717BECD572AA416099FA7F82965255837E63DFA3A35257C5E013B5C28560651DFD3726656DE858C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ktUKQGB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1342599
                            Entropy (8bit):7.2059885860113875
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRI:knw9oUUEEDl37jcmWH/IM2I
                            MD5:E544D29BAF1001102E40B2A55F8156B4
                            SHA1:6AD5203D5C5085039B0AA688C1108C08C1703FBB
                            SHA-256:8AC4AF7133B4889E6A8F206E84B9A03E7BABDA3C9A74A2B3369050BC035960C4
                            SHA-512:FA8F2B1CBE6331ECCACA1A865864F64A78EDE7BB3EFEA65E009ECF1B88170DF8795AC91E7F5EB6D0CD1592C3B5B124E2549FAA2113FC58D84D4A1660182F0DB5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lEZxRNn.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1373465
                            Entropy (8bit):7.184587376650938
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRG:knw9oUUEEDl37jcmWH/IM2G
                            MD5:F20F14C8757802314EA7C9C3B2738D17
                            SHA1:065C49741F2095CA018CEE9950B26DB73704307D
                            SHA-256:98516111B8246164737DBEEAC29CFC4353F044A1C1B880C1A621292D1FE909A0
                            SHA-512:2B5C67114EEA05A3171DDC509CBA6855C014CE928E21A5E3D99CDE806DEE6F1669A53A1CE6E36A5D9B8F681435762C431BE5C5D0DB00BDED74EEAB489FD572D2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lFCXyhy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1330708
                            Entropy (8bit):7.214392653988389
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRy:knw9oUUEEDl37jcmWH/IM2y
                            MD5:DCD2AFBD2081B7FE72F9DFC301D1E57A
                            SHA1:2E5F5A364860CFAD0D602D8BE324EFA521A3A356
                            SHA-256:F53C879EA3148A9E19C86A59239AA0EEC91C68738C05C2A180473CC5B770FCA7
                            SHA-512:90D9662807F10AB7C67D827C991398432BF3A96087AD0244DDAFD93495FDF8D18189E6B1463C5D4E821C782BC0DC15A74858DCD357F49C55D8F1EC3D94B2E2B6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lJCJVli.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1366128
                            Entropy (8bit):7.189640369116481
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxHu:knw9oUUEEDl37jcmWH/IM2Ru
                            MD5:93BCF262E910C57B3EDB25B87E2B4B15
                            SHA1:2070D882BAC3636907A1114A726F222C907F997C
                            SHA-256:6065E8CBB20FC028B6C5AA91D3739ADDDDAE34FAE7440A7F1D44D82181B17B9C
                            SHA-512:67D36662099F33B2524A1617B58893ED5450A0F6E28150400C9708344FDDB9D3815FDFA9D2884DE077F82EB25F128E0AE677C0642EB6749653E3AB81683BB9D2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lJqkWee.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1410656
                            Entropy (8bit):7.159647364787978
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRaY3M:knw9oUUEEDl37jcmWH/IM2u
                            MD5:F2A3F4D3609DC4C54D8A498A9229F472
                            SHA1:0770F8828370F14FC170CE9682794E04CAE71563
                            SHA-256:9E608A6C292225AC23033E46B83480E44CCADD942909825719A0D327006DCFD8
                            SHA-512:5A4EBBC00A30CA9E2D382FE76C1A72C497098AE49092DD361774A586207B3CC5936F7FA389864BACF78B02978C23037EA6842A14113BAB1CEA7F85028A913D21
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lZYCJzL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1414198
                            Entropy (8bit):7.157301236258499
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8F:knw9oUUEEDl37jcmWH/IM2s
                            MD5:8FDDEEB4C41CD79970F3489C64614D41
                            SHA1:CBE69906F404CFABA93A01590972319B3F7F23D0
                            SHA-256:BE5ADBFF95AA0F28EFFAC28848A1974AD2375CEEEB56A238FF3E6B3DA37C1686
                            SHA-512:FD55DE27C5230C67DF3C773B9CB364379726D033CA845D2226BAB9A38C5AB73CBFB92ED7784550E934BB6C9D5E4E243792F1C8368B9FF5D204AA3146360D0319
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lbvtdts.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1398765
                            Entropy (8bit):7.167532075201153
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQftR:knw9oUUEEDl37jcmWH/IM2QlR
                            MD5:191551473C01D9A9C753388CB429AAF7
                            SHA1:42CA2427B65C45DD168F8A3C1B66E91AE4B26DF9
                            SHA-256:C3FEE04100BAD66F292B7C918304A606E712216CEC036E6C73AE5A1AB275C492
                            SHA-512:BB70245056AD97026D4C79243EFC29E7C647CA37E1AA2ACB652851DFDF842C785A3B112F87B769614B399B3F1AACDADDA7E1B2804B3C920AFAA77D6DC6325950
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lcXqCuq.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1343864
                            Entropy (8bit):7.205100050210992
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRZNY:knw9oUUEEDl37jcmWH/IM2k
                            MD5:5FA36D5ACA162C12FEF4771F5EC2A1F4
                            SHA1:8BD0532037CE32B2EAA16C85A412271E75A1F918
                            SHA-256:1AA2F9DD7AAF7D57E9D37CAAF10519E88E9CC80E1DBA3FDE83021793C1D1963E
                            SHA-512:3A4EBEC230A24F31D9CA32307C698A8B8DFC4FA0F6396AD231431224F658EE5A5CC0FE41312017D57D3F0B0261E1604132F0C3733DA489EB0DF8DF11B4B603A3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\leQcUpZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1328431
                            Entropy (8bit):7.216009013272953
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVG:knw9oUUEEDl37jcmWH/IM2Q
                            MD5:2A016D42911E2572CE995391825D2A92
                            SHA1:21EB66D3D77E7F4FBAE35415C50DCBEF29E7194D
                            SHA-256:723B9B4DDCD91230DC88DB9BEFD578CDF98F1107245CF1B8DDC42AA2CB845458
                            SHA-512:0D1C18ECCFA4E032A1FB48273665A495D4D3670ABCD561CA8333CD145AAC65711A8D6146B21C1E942BFB3DACF0EAC622539C492BF499A8A49407F2FBA67D0938
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lhUuhgW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1356008
                            Entropy (8bit):7.196613242308133
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR8i:knw9oUUEEDl37jcmWH/IM2F
                            MD5:71613744B032A082F9AF866B967E27EE
                            SHA1:949B225F61CBE9425D51AED34EC0C56293CB66CF
                            SHA-256:C57971B5D2C187AD10D61EA5F719BFD992804190D89B508AE3768D6F7C8A2BC8
                            SHA-512:6F39E72BDBB2CB4F4C3E10F9BA8EB14EBD0D7A9FF7664A31ED7D4DBFECE4A3CF0291CBEB02A9D2E4C72D0429B1DA16C8989F0C0B176ED9968CD40C9322458E02
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ltytQGi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1375236
                            Entropy (8bit):7.183390522254493
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQd8:knw9oUUEEDl37jcmWH/IM2b
                            MD5:F6E8603D911FFE0985AF96C5EB26792F
                            SHA1:2C5FD4BA5484A1BBC43C0C465741517E30192D27
                            SHA-256:6950CF4610C779CC15CBEDC176453882DF5927FB20F6D58C3F44661025EFB622
                            SHA-512:E66CA28142BC2A653EB9F65C2B93FAC96645CB8068EB54CFB1EED4356C32FFD80E7BE68790D0340BA5105F5652F453AFDC465F5D964060EEC162DEBF5B287E49
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lxNZCSl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1386621
                            Entropy (8bit):7.17565979252734
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR2FD:knw9oUUEEDl37jcmWH/IM2+
                            MD5:19089A240B9B06D787E012478D14A744
                            SHA1:3BC45258648A4B8B3892E3130785D1C46ADF5FA5
                            SHA-256:95DB8ACCD69D53A17E192AD6BBC8FB7433D9C0269B5CD07532D382DD6914D16C
                            SHA-512:BF24C8351487EDB0A6EF2D800083B54CB70389518820EAAA18F1B12AD5905FF1750CFFB0B8F7449053CBD77DECBB099F191E27214805899B463FE9D4485850AD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\lzyiWde.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1379031
                            Entropy (8bit):7.180804681932883
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRRMl:knw9oUUEEDl37jcmWH/IM2R8
                            MD5:A32313C6C5346E739BCF226583CDA6BC
                            SHA1:4035EDC61C0A48506FDA0A55661B6FF1862E9E4D
                            SHA-256:BAF027993584434AA5218D3608DF9F117402D925E05F41BEB182A80C24D9FC9B
                            SHA-512:7A4018DC3EEC841398C54E281C7756AFD40FA06C1E3A35A36416E28B69D67876B088FEB45134C1468F56DB7D1C4F5DF47B6FDDEE2E568AA6B4A64E1F0423F50A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mNauFZd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1403825
                            Entropy (8bit):7.164158935569998
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRD9WN:knw9oUUEEDl37jcmWH/IM2Dm
                            MD5:6826F6BEF84E15B6375F35B96371921D
                            SHA1:2CE6B2BD695E181CCBACC3D577A20AFBA42866C2
                            SHA-256:EE6BAD03C2550C27115D109D537B1F3A778E22386E9A5CB1460E52761C14CE8C
                            SHA-512:15686AAB991015E6847C7708511CA9FA30FF27AC9B3F2EE7D5D49F9A60DC28ED7D51E52F0508E3C53FBDB3F64C8A0AFD26ADE6BEC68AEAD11C81A2B752F476D9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mVeLdBO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1372959
                            Entropy (8bit):7.1849369493511945
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRivgQ:knw9oUUEEDl37jcmWH/IM22
                            MD5:77051ED5C25DB644C494F4502F1A0B8C
                            SHA1:5ABEFD35D4E70666469D6051DA2E12A2602B3776
                            SHA-256:FC39487A4CD8FE071587C93AB9A0DBD2C353680C42D326CF20191B9183369031
                            SHA-512:DB8BC92AAB5E6A33FF45CC30789E3299F2DFDFF2BB2EC8CC1CC18724AD9BCDBE9FB104539883B3F75732B9E606E86EBBE68FBB536857A99A1F7839770495EAD9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mYmXotx.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1355249
                            Entropy (8bit):7.197154150316327
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQO:knw9oUUEEDl37jcmWH/IM2p
                            MD5:E31C6D7F4387EE4B4FFDB38FCE54E3A6
                            SHA1:95AE853D19057994C60A757F971B8911389005C1
                            SHA-256:CF682EFB811803753E3FA6906C933C3485E1A3FA51EA612A7365112E7773382C
                            SHA-512:575F7B834568D8D1F9F1D748B362C1C4F9D4340DA63A7D2C1C4EF016F55105048BE0E8D72C7033797D337FC80C866349C2AB88804D41F50F2A1B32C5BE8D57DC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mhFlPMp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1408632
                            Entropy (8bit):7.160975443473528
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRgRHr:knw9oUUEEDl37jcmWH/IM20
                            MD5:171AE5CF6F358AF253E372844A639042
                            SHA1:888A3B1A75F2CB6637616E98E3D4C18A89434EC1
                            SHA-256:61F6FB4AEBB751684DFA077214E22246C52BDAE337CE92CD01E6200F7A66E320
                            SHA-512:998357C517461E452904579CA55594369767D256DB5B8386A231603B1F6B42B591383C3C6473E65ABB6018671EAEE788D61269F22309334610C867611189EF1E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mmNbuQQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1340575
                            Entropy (8bit):7.2074176497898055
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6:knw9oUUEEDl37jcmWH/IM26
                            MD5:B7F623F9A9BDE6D1B8E9E7210C570494
                            SHA1:CB618B983861FAA38694D8FC8C0292F899475098
                            SHA-256:057ECB0DA89F9203ECB91E556531E5530F8883A0CF7C39156033C1D6C8EBFF3F
                            SHA-512:47D6309637B7F5DD429BC216985E7A6D8F6FD2D79E5BFDDDBB3543194E4C34DD4C44126B21B3D8D26B4F13F8DAA03040D2A558C9016343C374213661F8500AC8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\moNzgxD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1407114
                            Entropy (8bit):7.161968213860345
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lROo:knw9oUUEEDl37jcmWH/IM2Oo
                            MD5:F9CB1102197D0D0AB354F50C1CED2616
                            SHA1:D4A5696924934CCA0C953564FC02A8656C5C748D
                            SHA-256:8DF930FF79B1A2844C8E71B4A1D5F5D19E4C26CD9A2B382E6F5EC4165CCD2EC0
                            SHA-512:C193F85CA38677AE5DEE51045DB0A17F6E09469F039CD1DFE38FE2E766D163C5D987BB29E78692B6A4EACD64A743239DC3AAE23D47FCC35B917DC842AC79D96B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mrWQLEP.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1370935
                            Entropy (8bit):7.186334154429293
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRXd:knw9oUUEEDl37jcmWH/IM2t
                            MD5:69A825235584878FA85B6E9EB342FCE5
                            SHA1:7292C912D5167ABF96DCC5B3B72133700254D84A
                            SHA-256:F737F71EF25360126B3DB97E6EF3E520C619547BF6B1F851E7EF664DC42A4406
                            SHA-512:216BAB635C8C4E3BBC0FB5312DCE9F6548A015BC301206DA8084BEE5E687A839D9541C46EB2FF224D1F2BA2090E1C4B7E3A4F9CBAE1CD8201CE58391638B8394
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\mzTefuh.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1384850
                            Entropy (8bit):7.176865195610061
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRe6+:knw9oUUEEDl37jcmWH/IM2i
                            MD5:9ECE046BAC6F0EC13542CEF2D8E075BC
                            SHA1:861E150FFAF2D7228DBED277D38F839B64886C23
                            SHA-256:917C89CE06A20EA3DA3CBB3448FE93498FBC23A75A79F9E555623FF35FB9BDF1
                            SHA-512:C9E9C9C7AC0EE450187B9B8B2CDFB357B46CCE0F738A26C95E5C1C34458BB12D48B37A3571B7A18B747EABA07C9C2FA959D35EB0B5F7BD7788B5447189DE53DF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nDxtiiw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1373971
                            Entropy (8bit):7.18426061186885
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJrN:knw9oUUEEDl37jcmWH/IM2r
                            MD5:1AFAF98AF04A41D006C3E94B501307AC
                            SHA1:234FE48DE09E1176939F3B1E6DF11053FE4BA7FB
                            SHA-256:8E67429693CA8D637AA985D9E0E486260F767CC8EF708CF402121E4602BF6827
                            SHA-512:6A228F7B97B2E0D376BEF559153EF875BC1096CF6A65541D063D3EA6BAF2B3DC9BB36E21752CD3C4F800BD936A773BECCF603DFCD7FA02CB968E20EF5871F9FA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nJsAjeN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1403319
                            Entropy (8bit):7.164496210282849
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR5aI2H2:knw9oUUEEDl37jcmWH/IM242
                            MD5:BC702A8383F4E78CD879B2122D6DBA16
                            SHA1:A1ABBF8DFBBFA2AFFC816D9D818E5C92C34C0AB2
                            SHA-256:0DBA218803B5FE6D53885A69D109089B830DDE3C176678188BB45135064752F0
                            SHA-512:E16C012F79884EE7320A4EB89BA25ECEE7659EB9A11C75C173283AD38DF6AB941566A3DA8BAFFE452903662C7FDE3FABA361D94628165C1E83FAA55A0F187E1C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nOEJStF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1345382
                            Entropy (8bit):7.204028386169087
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRcq:knw9oUUEEDl37jcmWH/IM2D
                            MD5:0D2EEFFF62165DDD4A57C66388AB32D6
                            SHA1:AD2F5DC9B3654BEA6654F5BCD287F19D28B35713
                            SHA-256:588E7E13DDE792A09AE9FC64A9C2A3F46A5D1F31E3194F7F288E5CB25CE705C5
                            SHA-512:45AEA257B417972E9D15EF33561771399493273D5BC2F635B934C308A64D98C54EB862686F1D527AB98DE630690ECD0352278CED38D43E39C391C812AF9CCD8B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nklGrbU.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1385609
                            Entropy (8bit):7.176356149077489
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRs8aIB:knw9oUUEEDl37jcmWH/IM2s8F
                            MD5:743238965694B54831A28B28C6B518CB
                            SHA1:C3434E6AFE1B65CC57F43BE7125E5E9E565CEA7F
                            SHA-256:D0441A30DA8957AEA192BFA48C03CD700F304A71960A03E7E31A2252590DC866
                            SHA-512:1DCC7570E2EDA87FA45DCED64739E8B54DBE34DD19992586C4E2D281DFD2729A447DEC88C0131F979FFC5273260274467C59DF56EBEB8EB6974BEE27CECAFADC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\npKAqbE.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1392946
                            Entropy (8bit):7.171429617103449
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJjj:knw9oUUEEDl37jcmWH/IM2pj
                            MD5:F91543EAB973CBFC13457BD73551B68D
                            SHA1:2984FCB06C65635F68428C98BD678C3B550A9C2B
                            SHA-256:9EBA4BBB6EE5BF935362E5A5739ADF0C1796645DE6ABD3398EB9C853B5C79E43
                            SHA-512:1A607BC4617E6BC1493420977F6CBC32804953E2C9D80BF09870390ED15BB3C1A636E8324E42F3DD1B6DD39DC61E18B640EF86E77E9A0B092CCF898006611AFA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nrbVMPg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1407620
                            Entropy (8bit):7.161635095033617
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:DAC2C2B5B46CC15BBD9010C0FC3A3838
                            SHA1:02DD1B5AC83C266DB6A8952A96FDE88CEB2F1090
                            SHA-256:48B65DD842E6114223D470F7033C623CE118567BF35D7E060E5AB6956332E683
                            SHA-512:54FA6CFD6341344E87CF45D0595FB860C01303F4A22183E0528F4D6EE476D5765DFFFBF4C1A35BC6EB980A6496895262CA71BAD86328E1915706DBF630F9C0FE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nthnzIV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1346141
                            Entropy (8bit):7.203503786094384
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiB:knw9oUUEEDl37jcmWH/IM2Q
                            MD5:C7EBC8D12166E3291F884EF68CAB9786
                            SHA1:0858A68807EFB4DFA22AFF57D43AB3C8C3785EB7
                            SHA-256:E4DE7F2D4E827645F6021A73C4737225E2283B9E8D366BB402AEC58ED88C7CE6
                            SHA-512:3CE0491F4E687444BC94A41663B78B91FB0A639A60FC39EA37E87A26DB3E6723F40A6C1C467458C610648D5267DD8BD7058492F6B4C6D3D17EEEC3E1DC0F52EE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nyJnahZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1335009
                            Entropy (8bit):7.211348170070473
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW:knw9oUUEEDl37jcmWH/IM2W
                            MD5:5C5C2C68253C15A3841899CE80EA0B03
                            SHA1:6CF576C55B15DC850C365FD90A2E060F32B7D3E0
                            SHA-256:C0F5D32836057D1A3637541F37C0AC74C101051F2C06D338310448B77C23BEC4
                            SHA-512:3AA71A2174CE2DCEA0C9C60DEB9C5FE1CCA424F42EC84C47D313CBF956DB31603A8F2E3486EB77DCD5A5DACA4CF31F5EA8BA7F58FCE2D2DDE4516FFFF088456B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\nyzFIdo.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1347406
                            Entropy (8bit):7.2026158287187405
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJc:knw9oUUEEDl37jcmWH/IM2W
                            MD5:4C5186C2F8D49491B0FF0F9A6F7E3710
                            SHA1:C9A22E55DC0C31F6E4914A9C87BC0A238096F7FF
                            SHA-256:9B34511DA60B2AE5745A763B008DBAA4914F82F7FA1F50AAA248E6630B5386EF
                            SHA-512:F31648DEEAFB9D21F19601C3D15501BD155E1CE759F169430327E3B66CAD9CA2E555E1AAD9953C031A269CB5C4FDE84CAA77D0B96000BE24D0585E36E74C8C4C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\oFzAISt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1412427
                            Entropy (8bit):7.158472020798917
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRVRf1J:knw9oUUEEDl37jcmWH/IM2VRfH
                            MD5:EE6028305BB1D37DE0B4DF5DEDD59871
                            SHA1:7F02B42554F935AE1C29E09CCE20A3E552B763E8
                            SHA-256:6C86D82A244A3448675E06FB37524935F275DAFA1C81B078FE70FDD6425DE2EB
                            SHA-512:A2668A70F921070F6F5387DC8D1A0834C7AE126A5C146885AB9944A083F5ADFD9CCCB5A4424C61BC404A4C364F47568EC50D97DD3BD856143C5ECB87C87C7758
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\oNkODZX.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1352972
                            Entropy (8bit):7.198730580441219
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW:knw9oUUEEDl37jcmWH/IM2W
                            MD5:583AEA6C79DD10F44416BA0817C3D561
                            SHA1:91C2E82217FB7D37998C7A0913EFE5860482E9EB
                            SHA-256:8AC791B263291B554CBFE020AC7A93209F502D00BCF1284098A0FB93C9F3459B
                            SHA-512:9C9BE0E35BFB6BE42B1005EEE86BC380A75EE908D88730910AFD0EAEA7042896F5458F054B238B1DED62346E216E67EC648033057028EED0A4E3128AC9C06A62
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\onkloSd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1328937
                            Entropy (8bit):7.215654382297642
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3:knw9oUUEEDl37jcmWH/IM23
                            MD5:71251399E8C3773471EC83C1B35262BF
                            SHA1:51DEC101518BE3228DB4226196E1DF9F14FD0CCE
                            SHA-256:D733AF371DB30C4592B1057079CB395BE27B6302B409B2D4B03684E1847288B3
                            SHA-512:615047F251C0C535BA7236D1A3BB21456C921C56090A634AC721AB5949EF680A279BD218832351A3EC62804B7AC4D0B8B4BDACA1BF9CE09648A77F1553FE2177
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pBCoAZz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1380549
                            Entropy (8bit):7.1797944323788
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRzYZ:knw9oUUEEDl37jcmWH/IM2cZ
                            MD5:A80463A6D3DFFE7BE0BAFD97658A3935
                            SHA1:D53FA5065063E619BE544D472808AB307C60386F
                            SHA-256:D5D43F2DEEC796945C5FD59D85ADC6E9E5BD9028DD5249558DB6C91CFEC620A3
                            SHA-512:96BAE5E164C1598B48977CA5ACF7EDF63C4F1D2A5F10CB1F53A2B381558AFAC286209CAF9A1AC690F7AC646326DA2242E2B750E6DD464BF5CDB428147E4A451B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pQKRLhi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1409391
                            Entropy (8bit):7.160476659898783
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiVJ:knw9oUUEEDl37jcmWH/IM2iVJ
                            MD5:1BB27DE9F81ACD0CB36772DE056A2B13
                            SHA1:398027C683AB83F9B568C4F7B214A59236801579
                            SHA-256:FD40DF3EA1B14A76B35D44684FF17D86868B75AE350A3A66FCBF10F82FAE3E74
                            SHA-512:1D3669B8F37B689267DD0397704919733E077DAC6E648221045B285BD822BACB232B4BB327B59999F55B92E9F54409F24AB96D908AC08483A85B7FF6C0BB7E30
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pWpMupI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1384091
                            Entropy (8bit):7.1773820695301245
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR6bDR1M:knw9oUUEEDl37jcmWH/IM2eW
                            MD5:35AFA7497E774A05EF3084495AA1F273
                            SHA1:A6718A054A971D61CB33CACA34870B25EDFDEF81
                            SHA-256:D469E86D50C3F3A31A8EE33BE88869BFC31F2023C9DAB96439F4174B8AE98E9B
                            SHA-512:287BF5186AD025D64E629CE83BFCA6C6A6C4EA48913E6ED86D3E5791F64DD18DBAAB3CB481963BB21F090C9C7F9272760E469F01D0C581B615968FDF939FE410
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pbrsmwX.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1368152
                            Entropy (8bit):7.18823591876348
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRTSoKW:knw9oUUEEDl37jcmWH/IM2f
                            MD5:C93ED861586030CCC05972BAA037994C
                            SHA1:721906207C826B2D1DB23D4C4C2C09735F1C3977
                            SHA-256:595E09BA8CAEBE407BA9E0692CD0529389100B569733FF97E2C27AFC612455D2
                            SHA-512:CDB5D1C26FC9D80137424A54DE0F78118E775B267547D53A1AB590CBB1847556784EAE02AC8D5984A5D02F9C37C908419B5936E428EE26860C1CA40F040B4D57
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pdDIOxl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1367646
                            Entropy (8bit):7.188580087572031
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRls:knw9oUUEEDl37jcmWH/IM2ls
                            MD5:AE38A1CBE83C4B5C66710CBB36442DA6
                            SHA1:DCD313A1AB596B215DA3A3D991552551B90F03BB
                            SHA-256:3AC3C845680E04E7420F048F5B99754D651A3F7ACD9F958CEB69CA716FE05B57
                            SHA-512:A89D44D10CF25FD62DAA428CAE8F9D2A49D58C587A22DAE8728D9A6976AF5D69F324A3B109B1CAC7BEC92D71B3EEFFBBF9102F29EC22CB073BC766620DE00AA9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\phjebwL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1351707
                            Entropy (8bit):7.1996076259055295
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1:knw9oUUEEDl37jcmWH/IM21
                            MD5:695CDCA9239840D8E0385EDA9828C9F0
                            SHA1:4517FAEA1F1664B66F25636E27CDA1C876C26B10
                            SHA-256:1FA5FA2BBB011C74EB4339EDCEC03259419F3D3BAC3E2A7A8DBCB8E3EC999A7F
                            SHA-512:8D0293959D13D86BDB88BDEA65FA0A6F93303A5FD200B3A5C4D796BB915D78E3A0A3A054B988B18AEFB250EF5B163D0000CC182294B4C5A44A743FAC5E1CEDF5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ptxhrCA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1337539
                            Entropy (8bit):7.209560391334962
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRo:knw9oUUEEDl37jcmWH/IM2o
                            MD5:E1E11437D0F1D8FD1CBE27B30FE50267
                            SHA1:F610385414DAFE0D5BD4CA4D59D878C7BFB4F38E
                            SHA-256:E6359B6940DA34A073FAF7D5D488E38F17FC113582F443CEDC7DC1A13F19AE88
                            SHA-512:59A3A4A291738E992CA5C26785056210BB919291A2F8F30320A6BA2ECE404736C7771F71BAAE4EFA907FB68F6B8DC6DD5F45D09592C7400882F542A866E58979
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\purtHeQ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1323624
                            Entropy (8bit):7.219452706958759
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRw:knw9oUUEEDl37jcmWH/IM2w
                            MD5:EB02D786EDD3416EE862C2F991182502
                            SHA1:6FF27C838B26F6D8A526476E7B6D34DDEFDEC665
                            SHA-256:695DB080E120D1282B42F05932F2E931112C5633E91C574B934DD0690119846E
                            SHA-512:F68F0D40110D576CF9AE471608A23FE93C2D66F7B5530A03496738A6FD2EA75C6DF8474D8B61C959C8FA95274F0ED3EE524EA2B624158A0290A6C9EDAF69B207
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pxyqeBW.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1398259
                            Entropy (8bit):7.167866000831185
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRca2XW2:knw9oUUEEDl37jcmWH/IM2cv
                            MD5:C8A1C9FA7C4B35845133190E5BC25F4B
                            SHA1:6222E730657D0340730AF024152E9B1AAE929921
                            SHA-256:A211870344DC43F70252773C84CA5E11AA935F435F1ED3C791EF24E4E92379DA
                            SHA-512:707A62E9DF1192AE937DAA557B7DB0F747B81C824CE734C487A0F0FF4CFEC6CC5F9B619704DB6C90A913B639C1A78B3665038BC826C6243924C1D4E8088EFCF3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\pywYtWb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1336274
                            Entropy (8bit):7.210449029761003
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRbnX:knw9oUUEEDl37jcmWH/IM2LX
                            MD5:2EE4837073E8BFB5702823180D08812A
                            SHA1:9C064F2576BB3DA7390DAD41A92BA7CCF3680A6D
                            SHA-256:1FCA668857063C1150E0CD5F3F93E0AE65429298130DFC9D1763216246BD6608
                            SHA-512:D80E6A6CF732B4BB872B43A27066E01C94890D67F5756416851BA26D10A800D74E5E073D726FB9E9512A52D15E88AAC2943CCF75F63737DE873105C3958D2D87
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qJwMNFF.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1392693
                            Entropy (8bit):7.17159056128445
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR/N:knw9oUUEEDl37jcmWH/IM2V
                            MD5:C6D1FBFBF302BF7FDC2A286B0BBB6251
                            SHA1:3E4F5EC0421857EA7E43AD3F48AE5FCD1CC32120
                            SHA-256:2827822BB57D0CE1B3F5B842E34E969FE5DE6909B2F0F60E2276702A20AC8E90
                            SHA-512:3147B1B3ABCAA3E43EC3F2179E532A00AE12DFD1C0BD6A3955F7C0227FAF1831FF4BEA4239692F4445333A3C8A2C8AE6301C435FC0B6DE398E2D79328A46CFE9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qLFpkyL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1358032
                            Entropy (8bit):7.195212773174852
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRC:knw9oUUEEDl37jcmWH/IM2C
                            MD5:2C5D84C2322278C38DE03B31B57FFDAF
                            SHA1:3DB774E8A5A63BC2EAEECC959B5AB6AD0493AB4F
                            SHA-256:ECF1089076EEF2BB058FDFFA8AB4024EE5F0EB24C6940E809DA55EB4B06E2571
                            SHA-512:6F88B9ED158D5A0F489918FF0C78FDB4F2E7AE47BCF3B178A286EAF84D7A5C567E9125F2389DA7DC9FFE47474913168FA849205DC8C8760AA04B466D0027FEB8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qQQgXXK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1348165
                            Entropy (8bit):7.202082935209005
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqg3:knw9oUUEEDl37jcmWH/IM2H
                            MD5:8A6F3F53B497027FA4115D582050A447
                            SHA1:465C66B3B3002C000059DBFC0B6BC2E143488367
                            SHA-256:6DECA6A1DB6834C95454733C885FDD6ED32D959B2CC83F062979C47E040BC1F4
                            SHA-512:8D0EA8C226E69BC0CFB23C46C1F21654F6A3C54795148C2A315E6D1DDE4C014F5079135BD5350DAB2DE400961E3FC843B193CFC1F0821E7ED783E102BBBEF3B0
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qaosjzf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1382826
                            Entropy (8bit):7.17823273048591
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiYzj:knw9oUUEEDl37jcmWH/IM2tv
                            MD5:85EC5A3E33CDECC07D348D5061C8903C
                            SHA1:79968537DB572CB2A18D7CE8AD7D29CA99373DD9
                            SHA-256:741F48CB46132B37E71FD82DE0E737F9266EE7ECA997E74E4620F5D73C29E567
                            SHA-512:86B61C3246B1312237830A86398454A5878594A4BE261046E69A6C0A23498D98411C45DC76A4267614005DD2B0E80E3662A2563CCDAD098949B66EE40FE6C0E5
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qfZMSiS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1326660
                            Entropy (8bit):7.217278184130774
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRT:knw9oUUEEDl37jcmWH/IM2T
                            MD5:ED3339A9A713DB82D408833CDCB76D09
                            SHA1:E40F40404194AAB48FB2BC4714569EF18A7E38FF
                            SHA-256:04F4A61F03264625D643C3FBC47855A2CF6111837FA9F231253ED60907123C88
                            SHA-512:34357433803D01937C4A54FE9CB39B9570E8D389D8C8EE916F6C3A0CAC689AB51004A64F35218A557BF9B385FD7CC2568439582311293AEFDBCD7D207247D713
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qnwzIYG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1362333
                            Entropy (8bit):7.192241544255121
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRlqh:knw9oUUEEDl37jcmWH/IM24
                            MD5:519C15806AFEA706092AC77E0986FB01
                            SHA1:0B15B7BFAD02B37F57E572B228A25BBCA7F587F3
                            SHA-256:4CD059D9CF3AE297BAB6A5C4E23A33F3740EFA3072BC2EB61E676B96ADCB028E
                            SHA-512:88C98328F42A4BA742B2BD6FF10F97489DBEF42EE999EA4D20A9279E7F2ADD49B732638B12540608D6D45B80B77E6466089F90E4BA0EDF9DB0BCE0837CD4CDAC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\qrkVtmd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1338804
                            Entropy (8bit):7.2086642537613566
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRb:knw9oUUEEDl37jcmWH/IM2b
                            MD5:F5345A6132D4AB2FAD2BCB5CE96F70E8
                            SHA1:79DBED64C3F52E53CBF8522EF8A626C42C14705A
                            SHA-256:8916CB00360E06BD1A63565D68746DFEFAF7B5E190625AA15FF2ACE2C6D0DA57
                            SHA-512:93DC1F9A7717242EA30FB6EA0CA26CED02FE7EA0132D2010F9DDA01B8F50FC30DE5B84840335EC189D8A0810EE402C4E08AC470B2D3A042CE2C703D1581427DC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rHbibYS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1340069
                            Entropy (8bit):7.207760898289333
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRR:knw9oUUEEDl37jcmWH/IM2R
                            MD5:3725D8C7BE36979B8EEB94DB5641B896
                            SHA1:C61BF213FB0A089B19FF63CC9BA9BEC762523CE2
                            SHA-256:9A107FFF6BFCE6C41D7221EB13A585C5A462281AD93A5E6CCF9B071E4DB1914E
                            SHA-512:0E7CE38D66FFCFDFA05BC323999E2AD9D25ADD5BA6A54F7F327B64E472A87B74FB66B75092DAE785B186CB02DF67248F9D9BF423C98973D22880C54D2D4F6B1B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rKjUVqd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1401295
                            Entropy (8bit):7.165836203056114
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3n5:knw9oUUEEDl37jcmWH/IM2X5
                            MD5:DDEA5E6506D130C44D7A580B2BC4CE19
                            SHA1:B3A54A91456DDF5E46986E907B46096A6D99CFB7
                            SHA-256:DB944EE26932B5D7BE27977B78BC5D3511D0A8CCED68E25DB5E3C368707F139E
                            SHA-512:CA5E8309B9D4542BB23BA50C7180CB1AF7FF17FFEA33D25000CD1B858361B67139D9BED979F972293F9A77EE08EFA2428E5D54D72759106B8A56E90D593C4E67
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rSTdbqi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1363092
                            Entropy (8bit):7.191710113028159
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1:knw9oUUEEDl37jcmWH/IM21
                            MD5:41F4C87DAC4530898F8C5355A604637D
                            SHA1:FA965EEBC8A1AA530A08F0411162ED108C4CE6A1
                            SHA-256:E9689A6A0ED893B840E964BFD605A42F8DECA5A2F89E187C624A6713375CE379
                            SHA-512:28E61A878D155A58423CD0DB6610362E13E37056A9E49333F5E9C258A2CB72C369D9B65C9A7FBD5D5C55A6F25E398EE5EAAC36AE19EFB23D979EA66776F7B9BA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rZgavmv.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1415210
                            Entropy (8bit):7.15664612488839
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRm7j:knw9oUUEEDl37jcmWH/IM2m7j
                            MD5:2F9904FF5B06D75B50491DB6A035D102
                            SHA1:318639A0162F4DB0A9F4608508E0DC9F3D8344DA
                            SHA-256:257B691A21A423418BDC2E7E67814D4A9FDE73557630EFE706F054F57FC7375C
                            SHA-512:640901588FBE1BCB0292BE527B1577D7D481878BF4CC57D65FCB67DB9B934CD67AE81026D463703D864546D45396085E0DA3574AF95D2AC3B183E31440CDA6DD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\raQtysG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1363345
                            Entropy (8bit):7.191557178801544
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRj8:knw9oUUEEDl37jcmWH/IM2I
                            MD5:147E3BBAFC224C67E7B359D773F0E5CA
                            SHA1:DE32C59BB7BECB3CA1A024B74E24B0FD0C7024B8
                            SHA-256:37F0579414327ADD8EE35A2EF9CC57F29BCDB40AEC5FA81DB0CCC11FB71F736C
                            SHA-512:3663E2367194B3800DB361E218E601D43FD9CF60AA8B4548D90DD06A12F56D59E794D02C7A6455514F8A09B0C4CB6BDB7717EF361D49A8FEA546F1425CA177F7
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rjIteOz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1335262
                            Entropy (8bit):7.211164587276538
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRuy:knw9oUUEEDl37jcmWH/IM2uy
                            MD5:069B79EE48B06D33D8057BE332F51570
                            SHA1:D126C045871B17B0DCF68DD1958A194FC68008BE
                            SHA-256:6EDAA91E5B239420AA9A6E4764313D3F857BE67B4A733DC9C26724B525D52C02
                            SHA-512:DC3C161512A10615F72C8EB20231FD996EAFBF8F95BCC7415FC5D211B31510AE80B954BF069432D88BC490CD6C9617D8D76C1CE9F9505D1DF64D52BC0C1608A1
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rvjDyvL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1383585
                            Entropy (8bit):7.177721983098724
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqvulV6:knw9oUUEEDl37jcmWH/IM28u6
                            MD5:BE116206FA80204C0455E39A743CCFAE
                            SHA1:E00B99070C501C8982CCEDF81873D8D691F2B5CB
                            SHA-256:A8C0BF8319B5339E0E53FBD5B9F4D7331B124643A2FD3A4D7AD0D5170ABD90DF
                            SHA-512:AE11BCE9852006EBDF302D4653182D9263EE506A6B755AF7B7FB4CC81A6A0F3335FF385E39E071878BA6B03F16500D3BCFA646B3A6F338783F111B4DCC20E81B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rvtKXyI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1345129
                            Entropy (8bit):7.204216631412735
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRiKS:knw9oUUEEDl37jcmWH/IM2if
                            MD5:89106C352D689E0206C9933CB30E6604
                            SHA1:A21A42553C17B3246560B3E506FB559CCBBA5F33
                            SHA-256:AF7941CBA6E14DE5B61D50A686B2DDFBABE9549A787021AAC74DA3466EF7CFB9
                            SHA-512:F25E5D84E55FD7A24AD2CB1B2FDC34818B1C94FD23A98897C8C3CE5D49B015929A240BAAE7DC3A3F6FAA89019348F4712D9C417D877E637A22BABF74370A6570
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\rwdjFzY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1340828
                            Entropy (8bit):7.207234241906545
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRw:knw9oUUEEDl37jcmWH/IM2w
                            MD5:D5466D8FD183EB8B1819159C2DD41EC2
                            SHA1:809417A95B1ABCEDF3C31A4ABB59DFD16EA7F4AF
                            SHA-256:C8028BFB89A8A2C9E2CF4B3C56721EC767A7A24CB14FECE4061946BAEFFCB610
                            SHA-512:FC3F8F53E54596187AE0DCC4B2D4A4AC56E7EAE5B1C6297B7027F0262283DA9B0D1315F705D57514C6F5FB6BC8B4187355123063172D48A2807075B91D109796
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ryWIDGN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1349683
                            Entropy (8bit):7.201027715035726
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0aQ8:knw9oUUEEDl37jcmWH/IM20U
                            MD5:E07706D79F3436BF910A81772715BBB9
                            SHA1:72B4E4F573D46581FD45EF0A39F686DD25E54991
                            SHA-256:95096E411279E8BD14FE15522908660D3CA7DCDF0549BE881796AFBC98F4BE5D
                            SHA-512:25DC485B48286D2D350312FD65D4767DD2B022F38EBFF8DE721D9253B7B32AAC531FEA4B637EF0E8209279B1024AAB33663EFB91D50CC0E9CAB44DB0AB6EBFCB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\sAIFVZs.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1330455
                            Entropy (8bit):7.214572323740133
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJ:knw9oUUEEDl37jcmWH/IM2J
                            MD5:710601CF51C9847C040C187F6B934DFD
                            SHA1:EDB0BBB8577C27780738F6045A521FFE83BB8908
                            SHA-256:B151EE8AC845E64840A656B2235798C2FD94435659A1331DB2C2CCE59090983E
                            SHA-512:EE3915311D9DB537BF1CD0892C6CCB49CAD86EE0D0F15059A27077F6C0D16BBCA47745851FFDED3FCDC4F927C6B2D34447E6087973C4949DC11B1EE6E14F593E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\sFCsFSy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1393452
                            Entropy (8bit):7.171076466408682
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRhrHb:knw9oUUEEDl37jcmWH/IM2Z
                            MD5:F69E3DEC3A1609F4756056A13B6BAFB5
                            SHA1:CB088C37D8A5718C45BE50BEDA59ED18F59BC637
                            SHA-256:F4DD6949178AEFA49F7E462F5429948AD4B170D3B79181C4791F41674B870319
                            SHA-512:F3158C8D2EE35C812789277B75DD21AE391F0493F9FF432C6D0EB797A2581DCF325DCA4961CAC9DB8E9308B281FBBECBBDD3D59E949FF431E466F518B8103AE8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\sUyqMdO.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1338298
                            Entropy (8bit):7.209016373522767
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRl:knw9oUUEEDl37jcmWH/IM2l
                            MD5:303AB5152E337179DB104C5453113C51
                            SHA1:979E0A3ED6888EF0B574448123D26FB6BD00041B
                            SHA-256:237B2704C91E74CA7A8E76B0E60145D793747970D84A8FF362E294CD2231D8AE
                            SHA-512:64F9AAF2599841B30FF2D4F405E7FA4716838FF6D03D1BFB61A8B0202C8C681F6B361CEF11EAAE3C106102569890581B0E5306716C78E2D42B4A11A521768BCD
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\scdQUOw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1345888
                            Entropy (8bit):7.203666778291465
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRy:knw9oUUEEDl37jcmWH/IM2y
                            MD5:7ED71D77D61B905F76EECA6AAD9727B6
                            SHA1:117653D72AC00F2C8D07C66D0DFD17AD1B273C99
                            SHA-256:080D57EF564BA2031137C06618C964D41475C55685DF855F638CDE354D08C4A8
                            SHA-512:433C994AE32B44718E7153AA2EE4299728B6FE82939BF935945BD2C7C22725405CC31D77EC941AFDC079ECA377737C1D8682DADED5927F6F5A845EA9B1E0A95A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\sckivUs.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1332732
                            Entropy (8bit):7.21296366361972
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRx:knw9oUUEEDl37jcmWH/IM2x
                            MD5:8EA159BCF90C6BB63711E4D094601111
                            SHA1:8F5BFE05B6C0C7A90EF7A543DF27E0AE61AADB3D
                            SHA-256:092C1DDF650D0F4F560C9ED3F54A6672A3582849707D3E02CE50F61362E1C6C0
                            SHA-512:66069F34D4EC2AD9926EC1C025F126B268D164CFB35877FC18F336147996146E872D3D6CF09B7088C00850A5029AF4E63108082B006D8B5B4910EF2F6B2103EB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tEZdSza.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1416222
                            Entropy (8bit):7.155964820729923
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRbSlMZRNS0:knw9oUUEEDl37jcmWH/IM22eZRNS0
                            MD5:A6958E3B44D2F798D485764154054A0C
                            SHA1:9AF97C97F57E1B66792E494C1AEECEA5C51E693D
                            SHA-256:2645CC553D7352E1CC928E708ABFF25467C554B96560E983960DC8B4FF29E000
                            SHA-512:8B0789BE4A41F28835D481CF537FFE0EBD1DB6D424F72057A35AAA2F38541A1D4ADBCDCAEE66294E9F4D4F8C67FE21BE93A44EB9C7E5E5D12F3A45DF6B033E05
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tLZVeAL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1397753
                            Entropy (8bit):7.168198893358473
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR4cR1w:knw9oUUEEDl37jcmWH/IM24f
                            MD5:42C7E3B744969AAC344498FA57B562D6
                            SHA1:62EAF8D933364A48AE3302E7C331921C38E835B3
                            SHA-256:D3E4244C5D69686F404895B903125CA6BE5BA25ADCD8568F627BC9C16125A4D7
                            SHA-512:8E4B9B442BB26BB4BB40B9AD2567D7F85950592FD77F8FC6E38ECA83A01657CA6E9C147006D4841B57276A7BF43D59F047E59CAB18279725EC3653051AB3E6B6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tPjVJkZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1339563
                            Entropy (8bit):7.208126693900042
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQz/:knw9oUUEEDl37jcmWH/IM2M/
                            MD5:750DF47430DDDFA6A567174D7A205EC0
                            SHA1:C67C3FC6812FC31191262FFF755AEE714B4258F8
                            SHA-256:6EE9CE9269727ADF055AD6B123AA892D197040A4429EC6968F0C50A9E2DB61EE
                            SHA-512:B969279F2F0D7EC6B76D88FC57EBDA81DB74B4E668C84A1B6EA3443904893DBC2606754EE65DEEAA213F19F1B45AA794A55B90AA0233674F0B5562DBCC9A20B8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tawwJws.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1360562
                            Entropy (8bit):7.193458315319439
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRG9+WRv:knw9oUUEEDl37jcmWH/IM2GP9
                            MD5:E12DECE57B0FEA370CA6183894EBEE48
                            SHA1:55F1421E0576731F98BF623980DAD72FF33A4536
                            SHA-256:54714E010C410D273F45E98FD8622740FFFF0ADC84BC4780F565B89AA04FDD26
                            SHA-512:7AB6303111D70282E07816CEF5354CD8B1B0E5861211F23BE3584B636EE3240852891114C2AF59F3926B282B231387F439E6F9EDA7C70DB0F21FC24FB1199104
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tizhzLm.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1326154
                            Entropy (8bit):7.21764387365792
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRj:knw9oUUEEDl37jcmWH/IM2j
                            MD5:E8E20EEAD7A02FA868A2EB1365652CAE
                            SHA1:75A242D4F7D3A38A0D989F2E6D8C168F770E42BE
                            SHA-256:E050A1FF209164582745123F74B93256F4E1822C8EAB96BE8D506F9DC0273D3C
                            SHA-512:5F50665EDF422A671D6EBAF1CD9E60B6BC37E69831063D3D1802ACB7E1414D261B1F0735271E147F056C1ABC4BD4E169DBFB7A84FBFD094EBFE3090533666342
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\tlKeaSH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1323371
                            Entropy (8bit):7.219633463517724
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRx:knw9oUUEEDl37jcmWH/IM2x
                            MD5:6AA56D47DEDDACF6E201C525DB4A7068
                            SHA1:16F07333837A2616794B6D83C18A190FA81AE9F3
                            SHA-256:1A700FE34616E5D4C6E8D44D117E0ADB1184D442C71B503D0175B67684A96B92
                            SHA-512:9234BA42BF4AFB48D00FD92FFC5D306973E6E15943745C1F68A6997D03056C36B69A9D101B790E8C6FE359103A14DFA80F27DA6271DC543AF7257FCD831A45BB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\toxqCjT.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1341587
                            Entropy (8bit):7.2067072065827364
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR3:knw9oUUEEDl37jcmWH/IM23
                            MD5:3E98A3E12609CA5B6572845EBFBE3B2D
                            SHA1:7672BBE164C19A183C36E34CCD87898B3131BF15
                            SHA-256:1EA94CC6E61DF174BA931927FB97773D135E0A46558646B63AAECC00FD45EEFA
                            SHA-512:995A5C1ED4DD1E05FAC953B0AD5C8CD197D4B94DD5203D10FC056B22252B87779708C3EF03B1F1AEA7BF3FB02B8303228E78FFFB4A941B2D6F3FCDE479AF7E21
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\twdmntG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1354490
                            Entropy (8bit):7.197671980656759
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRQu:knw9oUUEEDl37jcmWH/IM2v
                            MD5:8ECC8602AA76173866CF2A8CC70DC505
                            SHA1:92D0173429B52B9F854EA0B71F91C29DB8B25606
                            SHA-256:CED1D89E5116D96EB868E0EF5DCA044BB1A49A54AFD363733D8CD47B2607E01C
                            SHA-512:A464032D4AD66D140EE3ED92E370015AD2446A1F5FD81FF59055BA138066300E500361599C3238F869E4F8C68696B89373D3CE002C5CFE2DDE8A08C86227C5F9
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uDxTgCB.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1400536
                            Entropy (8bit):7.1663435603646795
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRTFX:knw9oUUEEDl37jcmWH/IM2V
                            MD5:8AE629DCD72FA9EC4749C0B5DA26900C
                            SHA1:7224F52AF319B6DBA6AF08C3F44DDE7E371250F7
                            SHA-256:5FC84A046B7EB114CF78095B142D209E579B1543041C2D07539FE0550A67506B
                            SHA-512:2E3D12D07CB21B85AA6D7335C690608510A04A0B6C25B88E215063462E1C56D9015210C664CF2CB8DBBF220690559A6F5D6955E3021488246A775B6879E50F01
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uUCONsL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1411921
                            Entropy (8bit):7.158804260968247
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRc4hYLTq:knw9oUUEEDl37jcmWH/IM2bd
                            MD5:9ECF34EA14D85873B7139D27A20D6355
                            SHA1:D65F5F97016E52FE96CF66BBC014F2703409A851
                            SHA-256:506B58F2A766D1C5F994B65AE0C6FA822B5342846B0324DD19E682C9DEA9B083
                            SHA-512:1C0E8A70900075FABD35A97DC03827890082B1B2CB0E095883D8066C53D927C559CDD9C92201564FD64BDD4FA3A48987F605E05F681CBFFCC635885D6C945AFE
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uWhVEOL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1369923
                            Entropy (8bit):7.187023518234778
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRDqC:knw9oUUEEDl37jcmWH/IM2Dv
                            MD5:7A8A0177D5764EA3BBB9CDD26B368CBD
                            SHA1:CEA07DF1DEA59B85B780008AB32EF0CD76B5ABB8
                            SHA-256:C5474F355388F79FC8042848F195D7AC857E1BCAC2C83A77DEA6C62B00745E97
                            SHA-512:A75E63C9A07529D100938F252026C8FA82F2F881B8ED0B650B801599BC8F65B944FE2550484C643E7A82AEB46EACB1AD92302566DBFACC72063A8E1D2326D08F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uenbslS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1370176
                            Entropy (8bit):7.186848770692802
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRS:knw9oUUEEDl37jcmWH/IM2S
                            MD5:E8418A8D179C3695778F1B1B27F97287
                            SHA1:3EB75B721D9AA969EBAE4CBBAAC585C98BB234EE
                            SHA-256:527A4B5889E08311C7EE60E49FCE69D808ADDA79204C1A9EC421C7AF9D839B95
                            SHA-512:870E26CB9E9238C6B221A99C271972C5497639AFFE41432D6EAC0194E4F460D1C72904FA824553F78BECB98A70FC94763493209E5A4EC10A6BA8678C523421D6
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ufXvwcd.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1377007
                            Entropy (8bit):7.182177630388446
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRhn8:knw9oUUEEDl37jcmWH/IM2l8
                            MD5:692EFD88C001DB182DBD1A1812720033
                            SHA1:733152BCF0F52944847A49808F62CFE5D1A73EAC
                            SHA-256:58942B3059800AEB07ACD90D21EC124C90DAF4C59B7CCA71C0277DDEE574A04B
                            SHA-512:15529416890443E9384226D410A88545E782978F8B367D93113CECEBEAF768AB8EDDB2010A0E0B3B90153F1BD6DF36C11C212873C0C0C0D83C0FFEDCD06B0C2B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ulxEuWR.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1325142
                            Entropy (8bit):7.218361631063868
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRE:knw9oUUEEDl37jcmWH/IM2E
                            MD5:4276919ABBB3DA98E3301C3FF24C52BF
                            SHA1:8D1D44FDF866AF5B447EC6CE97AD6C6452CFB776
                            SHA-256:10A168A21AEA95F533C0A6DE983F2DF0252EDEB558E283D002787211E951A891
                            SHA-512:92673B3476B7D07FD41FAC5D15033F40365C609A13F61520AB57A74A07A5B92E547E61A7314ECCBF7EEFF74C5CAB68AD0149CDE4CEB7AA7EA7A06D8F8F34A0E7
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uolcsKh.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1353478
                            Entropy (8bit):7.198393154285879
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRsE:knw9oUUEEDl37jcmWH/IM2B
                            MD5:BC3B6E80535F46BBCE2690169AAD77E9
                            SHA1:22C2AC688CDA5F5874C94CCB655B759A7D3F799C
                            SHA-256:9A5C949C92A376EB0688807BAD5C49E912F2F9B610CA0127B7B942B28642476A
                            SHA-512:8D37601C5E6871B63087C217FDFD4F36B41F74C061C51F1F5CF7DABEC4D42182A7B2147A5536E12B48D1C6FF67668E9A6A2CE15C281B4C15E1AFCB34760A4285
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\urlTnoj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1376754
                            Entropy (8bit):7.182357519005655
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRgp:knw9oUUEEDl37jcmWH/IM2gp
                            MD5:BFD426F97992E670BBE12E942B725386
                            SHA1:E53985BA6CF446252A2BB7EE57FFEAC9A6173EA7
                            SHA-256:B9587E8D9F6257CCE974EB8E7F8030C2D952E13F88182C7E3E657E0425112DB0
                            SHA-512:4F94EEC35BF247E9E41DC7FCE660BFC91496465BFFEC7C08C7A28FBDAF55C413F1303725D81A633579111C49854FEBF9F2046A46DC53182EDD2D701CC05FB8B4
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\urnxCEN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1320841
                            Entropy (8bit):7.221445404567566
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRq:knw9oUUEEDl37jcmWH/IM2q
                            MD5:9B5462CBA101E0E9A9CC3B4E3FF0F42B
                            SHA1:854CE6EAEAC35CF5DE43630B6A1C6650E961FA4E
                            SHA-256:9499E333FF2D9D3867218A9D4F399D97B015D0F1BBFBE1E016DB61EF840C199F
                            SHA-512:715DAB3F150B50E758FBACA9357A53EB4DCE8F5FAF2C2AB13DB6ECF1848E7FDF56008F0491844573A1EC921650A3858E635B15058CCC6B5DBAF3AB1A56860CDB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uuEcvKg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1402054
                            Entropy (8bit):7.165332858992018
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRt8QCwnv:knw9oUUEEDl37jcmWH/IM2CQD
                            MD5:81EB9B9913CA6DF4D6AA5E189E1805D1
                            SHA1:C0D10EF3A059E2D81F320839757FE0FF15F8A007
                            SHA-256:29B5D8C7EC6D870885928E72C533DBD6CA22750ACFC2F893BE012B9EB90D04AF
                            SHA-512:B45A2C95C95000A740F749F4536D2ADF2C24E35965415ACB4E70FB10BCFCCEEF660B56440202CD3989CAADBC8333E8115EA57A3FF13F1551E27778D3C0553CD8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\uxEhkcb.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1380296
                            Entropy (8bit):7.179947709514485
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRoQsONp:knw9oUUEEDl37jcmWH/IM2Pv
                            MD5:3BBB5AC3EF80ED1D81C4044B19841BAA
                            SHA1:01D4C6B415F349C60586613C51D5A5C22E9975F9
                            SHA-256:09BD43F7D73644C05D95BE9F116CF4CABC1D39FA3B09E2F606DA7A4BB799F126
                            SHA-512:0D30F4CDED67A15A04E04DDDAF0255DC82736239BE42826115B3E503314C71A89432C70F8DF4F9B7CB90EF86C19AA878E96E5EF46BD14479AACF19748D1833EA
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\vVNNzfk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1344117
                            Entropy (8bit):7.204921677539377
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRUo:knw9oUUEEDl37jcmWH/IM2Z
                            MD5:24516FFBB66DCC4A064A4E98676493E2
                            SHA1:0AD83C460F0A1E6431767CA515858174587F816B
                            SHA-256:BA545066F2E0976C40A18C76C4EBF1D9B1A30F16BC37B401D1335FA92D48C8AF
                            SHA-512:ED9F7431358E8CA6A6C0A65B70DD00FD5C30B499B5D33C2F595E6D56A2F04D3B17C21DBD12D8C77B8E5246A567EDC5EB5495930C93BFFA86ADAFF821CDAC11EC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\vZKJapN.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1405849
                            Entropy (8bit):7.162816499563091
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRnqm4:knw9oUUEEDl37jcmWH/IM2nqm4
                            MD5:2AE583A135DD6540D40CEA518C044B4C
                            SHA1:6EBB9FF13ED74AC743DB81BEFD74E64343282A01
                            SHA-256:529AD95F8220B2E87A296D8ED1AD57C7A4222A242C518488E86BEE4A30405980
                            SHA-512:DE2D2C46CF379C0D8E3C9B93F8BBFC1ADDDF3F91C3D0DE87B0D50D0D56478A6A139E1E809E0295B271E1C8E5784A2EAACBA231467E6681B96A24E860DFB3A3CB
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\vcZfLey.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1392440
                            Entropy (8bit):7.171747999918051
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRto4T:knw9oUUEEDl37jcmWH/IM2T
                            MD5:B4C9B46435A94302E216CD0CC6AA6144
                            SHA1:7C38D9C9CF8BD21B4CFB8D1CAD2FCB274B9D2E02
                            SHA-256:4A8F10DFE19E706EFBE634A3BCD10ACB5830D1BB909B6CD1CB1351D51F9B2669
                            SHA-512:9A7F5E7E3425DC2772E0B3BAF77E858B47FCCCE3264F2DAB57E3882609FE2807D2C874F3BA3A922AA82AFC993FE287E26D4C0F8CECE2A6D20EF53DC40C672E84
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\vvYHGgY.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1344370
                            Entropy (8bit):7.204752646310759
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR2y:knw9oUUEEDl37jcmWH/IM2p
                            MD5:44FF1406DD999312417A76000C184391
                            SHA1:BA0C1DD2E94F137DD7B4E864A500C38852E9C596
                            SHA-256:05D24233BD060A6958CFF3E0A84529F6B62CB037E6DE892F84B81FF4A0B32CDA
                            SHA-512:406FF8E3B1DC3F8BA4F13BDEC248F07870C1EA564287B000CA0F8838855C348C58FF457B4304D18BAAAE24CEA59B591B8E4C8A2A67BC0BEAE67CF903EADB1967
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\vzQsfTD.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1386368
                            Entropy (8bit):7.175828265774988
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRBuUK:knw9oUUEEDl37jcmWH/IM2BK
                            MD5:5DA678077F9ED81C39C6638947954959
                            SHA1:FDF82AF79103CF2723227C5E305881140BD1A048
                            SHA-256:D1038A74DE5A3E49F77A46F48A62CF14708A79AA2E6EB53041C8E92863C26F7C
                            SHA-512:549F511A56742A00F7A2C3888375ED91D93948FC1ACB2EFD102D32D24EA86716EE2540EA87E73F5B6DB1549797CB72368808FA9D48AB17C6FD4727E344AF3828
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wBJLquS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1404837
                            Entropy (8bit):7.163482717637334
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR/FqfICq:knw9oUUEEDl37jcmWH/IM2/EA/
                            MD5:B9F2052AB8F1C27B641A986D279C2EF3
                            SHA1:DC7196034EB3568FC26FD54CEDA3CC950FC6B179
                            SHA-256:1851C62D2C3AFAECA3766C109F990D69604D2C0AF734F0EE1B3655F32DFF1B86
                            SHA-512:A2E6892C9360BC0F6890AE3AE543872EF36697C900214AACD28CF31A8406347B34127AF7B0205D6F0ACB74188F2141B1FE819A10F584CC801D907020CBE1BD0B
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wBTsLgc.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1377513
                            Entropy (8bit):7.181838236325061
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRxIc:knw9oUUEEDl37jcmWH/IM2R
                            MD5:342777C716298EBC6419AEC3F624A22F
                            SHA1:F10AF790723EF156954A1243B7C194438D5B498B
                            SHA-256:63C8A9B426B31E6E6875F941D1B14AD91921AEC6AB74F8B27ACF6DF25BA0C44D
                            SHA-512:96ABDEF32E8C8F8B5C70B60BFBDB0C4C403B541B79956E63B10C55C50F37B300BD8AF00CC85E394ED11C9D2ACA53E13C40FB041425459752C01000CCA20A5082
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wCvATWl.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1400789
                            Entropy (8bit):7.166182033025403
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRMi50:knw9oUUEEDl37jcmWH/IM2MP
                            MD5:9E83EC209A34787728242B741B6E99A2
                            SHA1:AF3E1615E09F65B1138057148D3F206929A319D7
                            SHA-256:EFA5C7159077311D44F7CCDE4326577C58DF170D9BF718678F778C59DB9E2969
                            SHA-512:E4225818C750825E3FF5A49C5FF1F77DFF48CCDCEB7DCD7F90FDEFB499000FF267BAA28AE4D00686C55016970D7E0F00D73585AB245D89D2CA798E1C351F3A36
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wDdVPes.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1407367
                            Entropy (8bit):7.161827641313198
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1aF:knw9oUUEEDl37jcmWH/IM2g
                            MD5:F24674EC90695F59767B1F4AD01FD505
                            SHA1:F0344F32492026C94A84FAE5BDA5A7D93B7BC205
                            SHA-256:D3F52B788ECA01597BD8AD9489530BC8DF662BB5B8770AD400FC5E6859175870
                            SHA-512:12F791A54133102E1C66B54B0E1DB2C977A29EF1A7BD824B96091A5FA1F582A59383F8F65CA2B7EF060979FB0A2BA41A5CB824726BFBEE591D4A67E4CE2F3514
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wFCiUxj.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1401548
                            Entropy (8bit):7.165676077491851
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRlkoD:knw9oUUEEDl37jcmWH/IM2TD
                            MD5:A56A0DB953FC37C12BD4ADEDEE62D6BB
                            SHA1:1429815061A41E745F0708DD1E52BF380A5B88BE
                            SHA-256:C3BE62F4935578E464C78503C7AAB347907F3D0709209B92C13DE1AD45205267
                            SHA-512:E3A680B432D7ADAE6F9F8CEB62D7BED1221EA56EEA2DE19DB1344A8A4E88E978CFB72E169C0100FCBBA417E0A19EAC141A12FCB7BDAF5F48661E4FA824C8484A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wLaokfk.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1370429
                            Entropy (8bit):7.186670407779783
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRgkmCt:knw9oUUEEDl37jcmWH/IM2v
                            MD5:826B08FB21CC1672FF9DADFA7AA65AC1
                            SHA1:6B0690898E116140BA21E54052309B9276E1DC08
                            SHA-256:3A99FAED2A0798A4007E5E02348D4D3EE0A485F0DF820C3FC56F48B110FA3D14
                            SHA-512:4E69B7A4C263025CCAE0E55128FFB70CC3507C937515669CB976162001BF2E0F5CE56F1F10EE9E5AC61420311E2894635D7D0D8D7CD4D551D41DBE25A4298A51
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wQLXnvy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1330961
                            Entropy (8bit):7.214215031633757
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR1+:knw9oUUEEDl37jcmWH/IM2o
                            MD5:ACB5C91D549BA5F6CD890B5F72E840CC
                            SHA1:C18288351FFA6BBB83B64EB4D555B95716AD8E6B
                            SHA-256:DA2B6D1FA5B16B24893DD7D449063AD6239547426A12A8061AFF6050B2277DF4
                            SHA-512:15064541484EC3891FAE40D978684561D8577260251C195FCDAAFC1AE91404656EB9C127B49929BA61EC0E7B45A331683792F409DE19FFD941641EE598EB689D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wVETfuw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1377766
                            Entropy (8bit):7.181671308959737
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRB+ZjDO:knw9oUUEEDl37jcmWH/IM2BWXO
                            MD5:BA6AA7BFE4DB50C7C2BECF684C311964
                            SHA1:7A0F89CE157A37955AF55566D2F3D756FF7DC7AB
                            SHA-256:53F697EA930CFECCA0BAAFB4B1FB93F6FCEEA032E3806E501A2ED708DBC40F8D
                            SHA-512:2957B1A80A974472A3C6352CB618080CD658372760207D3CCB4F47E2984473568671136B1A11841F305A906F64F9B3F80F2447B45E5F7BCB598EB2CE98F4200F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wVcAZEf.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1399271
                            Entropy (8bit):7.167194693458973
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR72E6:knw9oUUEEDl37jcmWH/IM26E6
                            MD5:97A235BC9EF3F3E1BCE75D87035EA55A
                            SHA1:386801FCC4E1CEBA73BF90A71D2D623DE9EB2EEA
                            SHA-256:FFEB5338ED2A9DF9E67CD5C2F76730D2C29F64D8693EAC3855091139CC5C363C
                            SHA-512:A9A510A8FD62AEA50A0A4B015760146348803D205A6DDC9326786A5262C244F8C95DBE9AC69CB2FD2D93DACCA820DEC370545841B30F7DB8A58639B95E874434
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wlFgCWZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1378778
                            Entropy (8bit):7.180978212190219
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRqxG:knw9oUUEEDl37jcmWH/IM2qxG
                            MD5:05703657222FFC8E77F4CED03324605B
                            SHA1:BF4E874CF0113C8A6F1946ECF4D8284E7E6F8510
                            SHA-256:88FB546CBDD1A05CE91C22B77A9AD3BB6A126EF17B74E845187D2C0D4081BF3F
                            SHA-512:5974E0B861FB72CB0C95BA3C34FA8765CB3C99FD30816164A269E857FF52033FBFC4A53F8DE049C24DC03830E0B77D8DCF1B5EE70A41577531F0725C0589C3E2
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wmqBXvH.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1338551
                            Entropy (8bit):7.208832529752143
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRP:knw9oUUEEDl37jcmWH/IM2P
                            MD5:B0B401EC2C164FE800AAB6B8E9FFAC96
                            SHA1:18048ECE91517BB6C76E5027B5C1B37E3242104D
                            SHA-256:1D56CBD953F87C799B806D2F96C0A31F7469F1CCBE726A5A35130070D143D2B8
                            SHA-512:231E20367DEB4E65356BD2D0462F0936132F841EBCB8A9B2C6E1F14EC6750BFF95C67E3FBCDCDC3FFCD5401D48D93FEBEE5126F2BEA5AD4B63AB9447801FB926
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wwYZKEK.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1367140
                            Entropy (8bit):7.18892629307075
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRt:knw9oUUEEDl37jcmWH/IM2t
                            MD5:EB9EC39C125AB27A1FEEF64FA8DD2361
                            SHA1:B4CDD45B0A504916AD1002EC7CD9C856EC6866DC
                            SHA-256:7DEFA9EAE53067307E8551463EBB0F15FC6303E3A0405E85704E357EFB2A1F24
                            SHA-512:82DC6364B3163FC7B92B5B75B8E2C94E24CCB3127651D14B77B4ED72EC55D3706FC9BADDF5D79EA1F3DDA75C2C7513DC7CF8852B61DF3AA936EC5081B9CEB71D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\wzMhfwL.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1337792
                            Entropy (8bit):7.209373368747273
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRw:knw9oUUEEDl37jcmWH/IM2w
                            MD5:19A4697688E0343611E8C0837BC0A014
                            SHA1:A94BC9A92A7F8EC18F427D2A9A86D14E8257633D
                            SHA-256:7A3283479BD5E0C41A6CC8AFAA19922A1AEBFF14060A09A6E0C4DDBC342E001E
                            SHA-512:2EAF57D4AFABB684BC87C05E26252EB54A8E855ABC331D6EA176DFE165450463D63B58A40ADB45BEBE5D144BAABAA4111F422A3944051DA6CDA303FA951F1305
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\xOFVnEt.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1391934
                            Entropy (8bit):7.17211063368164
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lR0juP:knw9oUUEEDl37jcmWH/IM2T
                            MD5:C0267266F6C3BC2CBF4AC0D2F3966751
                            SHA1:4CA3AF5C5BF722C188BF5614ED7B4874A76DD609
                            SHA-256:2819DB1BE1ACDE2D27E6FDFDAB9E4D677EBB7331D974D88014AC6C879535F750
                            SHA-512:8069C43EC2C6CD5F73DE563F39C313DB1BC2762F0D8A36A129A0808CFAA57D4DF906709D4A0C806865D403123F96E4C5DF38D19A9293E79A9310D1B8320DA91C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\xbNnfWz.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1393958
                            Entropy (8bit):7.17073535859722
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRjZO:knw9oUUEEDl37jcmWH/IM2jg
                            MD5:F47B692DDE254CC9383D43C45DAEF011
                            SHA1:A86EED66332252BC4950BA80E18FDA6554B27523
                            SHA-256:5FA7FAE8C719D90A1F9E94C50B44A82CD8BA7DC097ADCEB45A0DD5F486E2675D
                            SHA-512:4DFEFE4FCD9CD1DD2AA03628CBE9297C26FF3464B778C791976FCF65D628410C8772CC75359983AD3B234778344B7AF84F610EE1632E2D42E4F6967C1167250F
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\yOOmCzV.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1383079
                            Entropy (8bit):7.178059408067147
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRT1:knw9oUUEEDl37jcmWH/IM2B
                            MD5:927C10C177EE6B470166F10683EFC541
                            SHA1:A7A7103B74E2AEEE779E1DFA4C166C1868CD2863
                            SHA-256:E549CB2EF923B294FFB21C73F1EC838FDCB1E4CE60788A92459EB43304F1A380
                            SHA-512:35E76891F6CC3F8A49044665E359DCE17CF7D5412618C4E9C74BEECE9999199823A51B99F61F451F211880F8C349E8947FC4D2DA4C4C555B13C942280ABBEDBC
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ySISxgi.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1382573
                            Entropy (8bit):7.178401754407505
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRLgE:knw9oUUEEDl37jcmWH/IM2UE
                            MD5:8BB050658D430DDF0D7F9438F645EC40
                            SHA1:D5FD56D811EC7A6C7FFF21C81A09E351D5F2F11A
                            SHA-256:BD74D279FDCEFD71DC8D6565287DB77CB8332601460F2D26B2797ED0FB1875DD
                            SHA-512:B6F318DB9C09AA3EE382BDA035875EF9227EC9567229CF04F216BC180A9C6694F54DF7154AEDF5CCB8C58597A179F2019C8E823734B4F5A9C2387ACF581D54AF
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\yeTsgVg.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1330202
                            Entropy (8bit):7.214755471661285
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRx6E:knw9oUUEEDl37jcmWH/IM2xX
                            MD5:9D100675B8171DD9221101C760E603CA
                            SHA1:DF3FB53BA7E8728712396718B588A724BDDBA20A
                            SHA-256:AD6887F4E007D41F3CCEB94B6A4ECE89A00A1D3E918FC86489EAA66724224545
                            SHA-512:818E5291E1715EEA2A2075DB9D5E04D94D212CFE095E8ACF2008FED8DED237C1F3EECF3FFB0ACCD5D64463D94F97989C2C94BBFB4F4B6EC936B139A918C5B8C3
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\yfBRNjZ.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1354743
                            Entropy (8bit):7.197493456522813
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRBF:knw9oUUEEDl37jcmWH/IM2X
                            MD5:991CEE82FE2183C00A589EFDE4CDFEB0
                            SHA1:246C78DB5A167218090740990F79462C12F5C80B
                            SHA-256:CA4D272ECEF7701A8B0A13DAFC737A6E786A06DA9FC99037A924D95B6D7650AA
                            SHA-512:4031C4E61B9CABDCC8273488749DD5092B96A9EEC18092823222E26FC4FEB4F547B2529C3A842A5C5FA87DF8F66EF72867ED9B1CD2DDADA9AB4F82D63AFD112E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\yjwCZgI.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1321094
                            Entropy (8bit):7.221262071510656
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW:knw9oUUEEDl37jcmWH/IM2W
                            MD5:721695C3B474AFC4226E1D596741524A
                            SHA1:00B41878426FC4E32FDCC5528278B4CA48A3C3D0
                            SHA-256:AC59243467DDE6EF326390729FA248B9E7088D4136C4C1C109DA5DA70E5B3CE3
                            SHA-512:3BD1F7D649DEE4918F4AA296508C8F996647A9B44ACCE43E2ED7D03169949D40AA89E7AF1C215BD3F2A4150FF6086D37CE7C59AC7CC9112DA36DA85916AEF38D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ysATWub.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1331720
                            Entropy (8bit):7.213672088611709
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRPpn:knw9oUUEEDl37jcmWH/IM2hn
                            MD5:6513D26FDCFDBEA07EC64479A5F0496A
                            SHA1:1B09439B2A54317799EFB6A88166B775B4DC54AC
                            SHA-256:D2893577CD37FD6C7DDA09A63753B577AA550E96B4027CC19E6B4B8478E78FC3
                            SHA-512:B8DCB94EF16267B1303A407AE24A9F800E04214AE7E0A9B74EFB4AB78713E35C947C2C71EFC9BECCD55117D3D5EEEC82F6EB2210CAE2B677E198A96D6125256E
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ysGrSzS.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1394211
                            Entropy (8bit):7.170572320359706
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRz:knw9oUUEEDl37jcmWH/IM2z
                            MD5:910DB7318A1E9CACEF4029D69C72C904
                            SHA1:BA6BDEB3564DE291A68805460DA88CEBE1A9C4AD
                            SHA-256:DA940E75F003142308E56097E94D0E10A8986030AF1CB3BD2480B8040CB16252
                            SHA-512:20816309E09F22A9C5E376F220A32CDD704BDFDA7FA7BA72C2D5B8544CF91BA8D5353021DFE6EDD277E7BCB99FEDD931690AA64A0B30DF4F539F9690D422AC1A
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\zNwklTy.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1334503
                            Entropy (8bit):7.211706886840159
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRJN:knw9oUUEEDl37jcmWH/IM2JN
                            MD5:5DF67FD75DC0305983AA84B1DBEC3CAE
                            SHA1:815AFB8966B1FCA58EAB159F8BAABED79175D129
                            SHA-256:965CC72C6B2F7A684C2471AA2B93FE7166B297CE6523B03CA7DD03D4EE22EE05
                            SHA-512:447B9C2DFA204C090A9B97F7626AFD9C20054AD4EF57656AD6AA8DB620295087661AE4B8CE141739FB674B83402FD6878BB08C753AEFFA821ED54A90D6F68C19
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\zStyRhG.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1408379
                            Entropy (8bit):7.1611396592582315
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRn9zdqL:knw9oUUEEDl37jcmWH/IM2nY
                            MD5:C72F36577F99DB3418D8BAB254706F19
                            SHA1:7B91BA9754B0EB6F8D4A3F7F9914239E2692EAAA
                            SHA-256:70691ABCB70888FBB9593F001060544322B74FD2B75AE202B2C191018ACA900F
                            SHA-512:76A91F314FF13958BD7F59B9D2AA8C82277262E8AABA5C3DFB607959259A6BBF8D0ED3AF75E44BA2B1F9ED65DFE581D06019B7E98833DE420EE9DFC6B7900D85
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\zscTvPp.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1371441
                            Entropy (8bit):7.185986130128023
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRshDY:knw9oUUEEDl37jcmWH/IM28Y
                            MD5:6E7366B564C1EF2D2471CBC47D41190C
                            SHA1:58EB388EE0AD04660E77779CCC1BE86D920B6130
                            SHA-256:BE2A61F575EC18163C2538995E6DA262E97D655504852216668CB03ED570218F
                            SHA-512:7EAD9A0D07CBF418346F4086C1EDA2BB89FD6ACEC33AA5E52EF1686C075FB0DB4C356DAD49DEC748FCF0E31854E64935376566813583C4CA7BB2C3F560978055
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\ztldFeA.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1342346
                            Entropy (8bit):7.206172188948229
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRT:knw9oUUEEDl37jcmWH/IM2T
                            MD5:BF1413623304ECB291EDFE4C00643063
                            SHA1:4E32B4378DC17946234C95099137C011EACAD43B
                            SHA-256:10D7896A23E05C018E987D2DF59AE51405A85B907070A57C9E32DDC8B7514485
                            SHA-512:2372942F4E0206E2FDE107D0EC5DFCB048912399358D6A6FD7626E52BC9296B1DEC177D990D5D1216E090572BBFE0FD2D86AE7FFF4DCF46CC4938E051CA85E0C
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\zwUwyun.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1335768
                            Entropy (8bit):7.210811839369458
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRN:knw9oUUEEDl37jcmWH/IM2N
                            MD5:82D07D7D170411C92D7D68BB403BF789
                            SHA1:02BE9EBEC971D6FB1B9838C4B9F75B04E8E708CA
                            SHA-256:3CF10649D68734F870B910B68EA26BBB36D2BAD8264C3F61CFE01A883A09D458
                            SHA-512:F659C7EC67BDC49B0D1530F993AE0FE90CC148D798120CBC20FB0F46C00794DF213054547E52E4C4CFEBCBD002C2846D61E09AFBA9B918460C58B67DF970A3A8
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            C:\Windows\System32\zztfyNw.exe

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32+ executable (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1318912
                            Entropy (8bit):7.222825341584029
                            Encrypted:false
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRS:knw9oUUEEDl37jcmWH/IM2S
                            MD5:524A2A3BCA6E4895E6E46D9F2C5E90B2
                            SHA1:1DCD2253FFC30AE8FE8BEB0D35F971349CED2FDA
                            SHA-256:51DCFBCA4A76ED248844B2575800691925F0CA2B5C05721AC9BD492C332CBC6A
                            SHA-512:B7C7A9475E68D9DEB2ADAAB97F8F1595E75F040E83EF28D060585609D1638B8B11ED147856816E1ADD5AAEACD07FBC2BCB6A43782B43D05DF2AA8B395A54511D
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                            Static File Info

                            General

                            File type:PE32+ executable (console) x86-64, for MS Windows
                            Entropy (8bit):7.222354590305994
                            TrID:
                            • Win64 Executable Console (202006/5) 81.26%
                            • UPX compressed Win32 Executable (30571/9) 12.30%
                            • Win64 Executable (generic) (12005/4) 4.83%
                            • Generic Win/DOS Executable (2004/3) 0.81%
                            • DOS Executable Generic (2002/1) 0.81%
                            File name:file.exe
                            File size:1'319'576 bytes
                            MD5:02407819cc6ae6260f0f7e8e2a7114f6
                            SHA1:51a9dd65f885d60f14fe63e0a223959888ce4a8a
                            SHA256:1e17ccbc9b53289a0999d820132c9615ad6618a83ccd2b5b6f1ac48bddc9f6cc
                            SHA512:7345ad4debad0aa7c3dbc3aa126d49a658d52cfb826f4dee61908b9689bc4089a8ebd1c322c262b3eaf21565d88bd9bacc1b165fb7e65aefb15a5d9497f6d444
                            SSDEEP:24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8t2o4l4jp2lRW:knw9oUUEEDl37jcmWH/IM2W
                            TLSH:735523711A3EA8DAC378113C54951E008E5ECB99941CABB2E3E361D75FBA75E3C3901E
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............a...a...a.......a.......a......fa..>.&..a..(....a..(....a..(...0a.......a.......a...a...`.......a.......a.......a...av..a.

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x1403eeef0
                            Entrypoint Section:UPX1
                            Digitally signed:false
                            Imagebase:0x140000000
                            Subsystem:windows cui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Time Stamp:0x5D6712D5 [Wed Aug 28 23:48:37 2019 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:6
                            OS Version Minor:0
                            File Version Major:6
                            File Version Minor:0
                            Subsystem Version Major:6
                            Subsystem Version Minor:0
                            Import Hash:e4290fa6afc89d56616f34ebbd0b1f2c

                            Entrypoint Preview

                            Instruction
                            push ebx
                            push esi
                            push edi
                            push ebp
                            dec eax
                            lea esi, dword ptr [FFF7D105h]
                            dec eax
                            lea edi, dword ptr [esi-0036B000h]
                            push edi
                            xor ebx, ebx
                            xor ecx, ecx
                            dec eax
                            or ebp, FFFFFFFFh
                            call 00007F78F08C8025h
                            add ebx, ebx
                            je 00007F78F08C7FD4h
                            rep ret
                            mov ebx, dword ptr [esi]
                            dec eax
                            sub esi, FFFFFFFCh
                            adc ebx, ebx
                            mov dl, byte ptr [esi]
                            rep ret
                            dec eax
                            lea eax, dword ptr [edi+ebp]
                            cmp ecx, 05h
                            mov dl, byte ptr [eax]
                            jbe 00007F78F08C7FF3h
                            dec eax
                            cmp ebp, FFFFFFFCh
                            jnbe 00007F78F08C7FEDh
                            sub ecx, 04h
                            mov edx, dword ptr [eax]
                            dec eax
                            add eax, 04h
                            sub ecx, 04h
                            mov dword ptr [edi], edx
                            dec eax
                            lea edi, dword ptr [edi+04h]
                            jnc 00007F78F08C7FC1h
                            add ecx, 04h
                            mov dl, byte ptr [eax]
                            je 00007F78F08C7FE2h
                            dec eax
                            inc eax
                            mov byte ptr [edi], dl
                            sub ecx, 01h
                            mov dl, byte ptr [eax]
                            dec eax
                            lea edi, dword ptr [edi+01h]
                            jne 00007F78F08C7FC2h
                            rep ret
                            cld
                            inc ecx
                            pop ebx
                            jmp 00007F78F08C7FDAh
                            dec eax
                            inc esi
                            mov byte ptr [edi], dl
                            dec eax
                            inc edi
                            mov dl, byte ptr [esi]
                            add ebx, ebx
                            jne 00007F78F08C7FDCh
                            mov ebx, dword ptr [esi]
                            dec eax
                            sub esi, FFFFFFFCh
                            adc ebx, ebx
                            mov dl, byte ptr [esi]
                            jc 00007F78F08C7FB8h
                            lea eax, dword ptr [ecx+01h]
                            jmp 00007F78F08C7FD9h
                            dec eax
                            inc ecx
                            call ebx
                            adc eax, eax
                            inc ecx
                            call ebx
                            adc eax, eax
                            add ebx, ebx
                            jne 00007F78F08C7FDCh
                            mov ebx, dword ptr [esi]
                            dec eax
                            sub esi, FFFFFFFCh
                            adc ebx, ebx
                            mov dl, byte ptr [esi]
                            jnc 00007F78F08C7FB6h
                            sub eax, 03h
                            jc 00007F78F08C7FEBh
                            shl eax, 08h
                            movzx edx, dl
                            or eax, edx
                            dec eax
                            inc esi
                            xor eax, FFFFFFFFh
                            je 00007F78F08C802Ah
                            sar eax, 1

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3f01dc0x140.rsrc
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f00000x1dc.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3da0000x9cfcUPX1
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f031c0x14.rsrc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x3ef1780x28UPX1
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3ef1a80x108UPX1
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            UPX00x10000x36b0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            UPX10x36c0000x840000x834009d4e269c4bd3112a3debcf707f32a84fFalse0.9733221726190476data7.90463534391323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .rsrc0x3f00000x10000x40054c776f8ba5cbbb04c6778f32231ca83False0.44140625data4.198035031100888IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_MANIFEST0x3f005c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                            Imports

                            DLLImport
                            ADVAPI32.dllLsaClose
                            KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                            USER32.dllShowWindow
                            WS2_32.dllhtons

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States

                            Network Behavior

                            No network behavior found

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Users\user\Desktop\file.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\file.exe"
                            Imagebase:0x7ff63bc70000
                            File size:1'319'576 bytes
                            MD5 hash:02407819CC6AE6260F0F7E8E2A7114F6
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:2
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff70f010000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:3
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Windows\System32\VnYfUNA.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\VnYfUNA.exe
                            Imagebase:0x7ff66b700000
                            File size:1'319'576 bytes
                            MD5 hash:3FFF535448E56B713501BEBB76F00F8B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:4
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Windows\System32\bIkaAuF.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\bIkaAuF.exe
                            Imagebase:0x7ff79d830000
                            File size:1'319'829 bytes
                            MD5 hash:066472B8E84ECAA9199CCB57CBCBD21D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000004.00000002.1487464272.00007FF79D831000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:5
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Windows\System32\jcnyUWd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\jcnyUWd.exe
                            Imagebase:0x7ff738f40000
                            File size:1'320'082 bytes
                            MD5 hash:F8FAF9FC5824C121988E4FD42C6F44A7
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.1489087059.00007FF738F41000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:6
                            Start time:09:48:24
                            Start date:30/09/2024
                            Path:C:\Windows\System32\NyQTRVw.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\NyQTRVw.exe
                            Imagebase:0x7ff721130000
                            File size:1'320'335 bytes
                            MD5 hash:12E125FB6F7305BDF82D3821C85F46FE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000006.00000002.1489866046.00007FF721131000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:7
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\bRMguRb.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\bRMguRb.exe
                            Imagebase:0x7ff7130e0000
                            File size:1'320'588 bytes
                            MD5 hash:F92C06BFBC0A4D85CCD7831D64DC8034
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000007.00000002.1491009389.00007FF7130E1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:8
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\urnxCEN.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\urnxCEN.exe
                            Imagebase:0x7ff795c50000
                            File size:1'320'841 bytes
                            MD5 hash:9B5462CBA101E0E9A9CC3B4E3FF0F42B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.1493994329.00007FF795C51000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:9
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\yjwCZgI.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\yjwCZgI.exe
                            Imagebase:0x7ff7bb050000
                            File size:1'321'094 bytes
                            MD5 hash:721695C3B474AFC4226E1D596741524A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.1493458824.00007FF7BB051000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:10
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\ODcBTbU.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\ODcBTbU.exe
                            Imagebase:0x7ff6c1a50000
                            File size:1'321'347 bytes
                            MD5 hash:97CEF20B23DEE540F43EEB5A26712E57
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000A.00000002.1497070858.00007FF6C1A51000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:11
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\QsDlHSI.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\QsDlHSI.exe
                            Imagebase:0x7ff744930000
                            File size:1'321'600 bytes
                            MD5 hash:6440CA6B59386D338C2A36B13EB0A6F7
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000002.1500954717.00007FF744931000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:12
                            Start time:09:48:25
                            Start date:30/09/2024
                            Path:C:\Windows\System32\NUQghJW.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\NUQghJW.exe
                            Imagebase:0x7ff706e90000
                            File size:1'321'853 bytes
                            MD5 hash:D95F7A764C614A60B96EACFB55174C3D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.1502343200.00007FF706E91000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:13
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\WFQtidM.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\WFQtidM.exe
                            Imagebase:0x7ff6b6580000
                            File size:1'322'106 bytes
                            MD5 hash:580C8A7235B807E754917179AA31B03D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.1503261478.00007FF6B6581000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:14
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\kcOtUgS.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\kcOtUgS.exe
                            Imagebase:0x7ff7da520000
                            File size:1'322'359 bytes
                            MD5 hash:DBBAE3A021BBBDD4289A0F770C7143F4
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000E.00000002.1504643914.00007FF7DA521000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:15
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\CtGCMUU.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\CtGCMUU.exe
                            Imagebase:0x7ff780b90000
                            File size:1'322'612 bytes
                            MD5 hash:3F3C9FFFE8D7C20D64DF44DEA9737C3D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000F.00000002.1505239783.00007FF780B91000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:16
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\khzlYlB.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\khzlYlB.exe
                            Imagebase:0x7ff73f460000
                            File size:1'322'865 bytes
                            MD5 hash:697CB4F46875AD109B35AC692025126E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000010.00000002.1506564947.00007FF73F461000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:17
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\dNcZNsO.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\dNcZNsO.exe
                            Imagebase:0x7ff6af790000
                            File size:1'323'118 bytes
                            MD5 hash:07414CD6932DC946A9895DF146E7EE7B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.1507803340.00007FF6AF791000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:18
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\tlKeaSH.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\tlKeaSH.exe
                            Imagebase:0x7ff7d1f50000
                            File size:1'323'371 bytes
                            MD5 hash:6AA56D47DEDDACF6E201C525DB4A7068
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000012.00000002.1508262292.00007FF7D1F51000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:19
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\purtHeQ.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\purtHeQ.exe
                            Imagebase:0x7ff63f3f0000
                            File size:1'323'624 bytes
                            MD5 hash:EB02D786EDD3416EE862C2F991182502
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000013.00000002.1509555221.00007FF63F3F1000.00000040.00000001.01000000.00000014.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:20
                            Start time:09:48:26
                            Start date:30/09/2024
                            Path:C:\Windows\System32\YrgSOdx.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\YrgSOdx.exe
                            Imagebase:0x7ff6fc1c0000
                            File size:1'323'877 bytes
                            MD5 hash:D4536C54CE755CFDE2B091812A6E1D82
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000014.00000002.1510602848.00007FF6FC1C1000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:21
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\NaIzQZQ.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\NaIzQZQ.exe
                            Imagebase:0x7ff787350000
                            File size:1'324'130 bytes
                            MD5 hash:1133A34B13F4DABFDDF454C6F7FC7110
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.1512308219.00007FF787351000.00000040.00000001.01000000.00000016.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:22
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\BDQRaAY.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\BDQRaAY.exe
                            Imagebase:0x7ff6ce2b0000
                            File size:1'324'383 bytes
                            MD5 hash:14BE554073075A590E970B10FF2F1E78
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000016.00000002.1512588672.00007FF6CE2B1000.00000040.00000001.01000000.00000017.sdmp, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:23
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\EAmedTr.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\EAmedTr.exe
                            Imagebase:0x7ff7f63c0000
                            File size:1'324'636 bytes
                            MD5 hash:C72ADDC8E24253A63DB266F2F88EF08F
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000017.00000002.1514375763.00007FF7F63C1000.00000040.00000001.01000000.00000018.sdmp, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:24
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\OeidtHB.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\OeidtHB.exe
                            Imagebase:0x7ff732ec0000
                            File size:1'324'889 bytes
                            MD5 hash:3D178181445D102200E3FEF7332924A3
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000018.00000002.1514677050.00007FF732EC1000.00000040.00000001.01000000.00000019.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:25
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\ulxEuWR.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\ulxEuWR.exe
                            Imagebase:0x7ff73c120000
                            File size:1'325'142 bytes
                            MD5 hash:4276919ABBB3DA98E3301C3FF24C52BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000019.00000002.1516196193.00007FF73C121000.00000040.00000001.01000000.0000001A.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:26
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\bpKoOax.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\bpKoOax.exe
                            Imagebase:0x7ff6269f0000
                            File size:1'325'395 bytes
                            MD5 hash:D6510545F21CF2343AF1F03BDDC23C6C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001A.00000002.1516688558.00007FF6269F1000.00000040.00000001.01000000.0000001B.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:27
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\kCmzHfG.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\kCmzHfG.exe
                            Imagebase:0x7ff6c80b0000
                            File size:1'325'648 bytes
                            MD5 hash:4E56E2D7DD6638118A23639F6E5BED34
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.1518173894.00007FF6C80B1000.00000040.00000001.01000000.0000001C.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:28
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\jTZhWqf.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\jTZhWqf.exe
                            Imagebase:0x7ff7bd7f0000
                            File size:1'325'901 bytes
                            MD5 hash:B2E9AC7EEE970239A5CC0517DC6C14F9
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.1518939971.00007FF7BD7F1000.00000040.00000001.01000000.0000001D.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:29
                            Start time:09:48:27
                            Start date:30/09/2024
                            Path:C:\Windows\System32\tizhzLm.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\tizhzLm.exe
                            Imagebase:0x7ff7ab880000
                            File size:1'326'154 bytes
                            MD5 hash:E8E20EEAD7A02FA868A2EB1365652CAE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000002.1520206441.00007FF7AB881000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:30
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\kWmKVbB.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\kWmKVbB.exe
                            Imagebase:0x7ff72d920000
                            File size:1'326'407 bytes
                            MD5 hash:85EA65CEA1789724114641F94421E9AD
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.1520709853.00007FF72D921000.00000040.00000001.01000000.0000001F.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:31
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\qfZMSiS.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\qfZMSiS.exe
                            Imagebase:0x7ff6bfc90000
                            File size:1'326'660 bytes
                            MD5 hash:ED3339A9A713DB82D408833CDCB76D09
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001F.00000002.1521977087.00007FF6BFC91000.00000040.00000001.01000000.00000020.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:32
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\PerkPVz.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\PerkPVz.exe
                            Imagebase:0x7ff7f6520000
                            File size:1'326'913 bytes
                            MD5 hash:E2785C919A05874FE7FC5912059CB424
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000020.00000002.1523000811.00007FF7F6521000.00000040.00000001.01000000.00000021.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:33
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\dnULvmA.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\dnULvmA.exe
                            Imagebase:0x7ff6c8290000
                            File size:1'327'166 bytes
                            MD5 hash:F3BFCFC5FD1749AC3ADF08153780B6F5
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000021.00000002.1525011603.00007FF6C8291000.00000040.00000001.01000000.00000022.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:34
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\iXrmqoo.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\iXrmqoo.exe
                            Imagebase:0x7ff6547f0000
                            File size:1'327'419 bytes
                            MD5 hash:113BE3584286A043FDEB8C69E0DA3208
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000022.00000002.1528592393.00007FF6547F1000.00000040.00000001.01000000.00000023.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:35
                            Start time:09:48:28
                            Start date:30/09/2024
                            Path:C:\Windows\System32\EIuVwIR.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\EIuVwIR.exe
                            Imagebase:0x7ff6aae10000
                            File size:1'327'672 bytes
                            MD5 hash:9DC1188D68750D755199C7276275B8B1
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000023.00000002.1530111875.00007FF6AAE11000.00000040.00000001.01000000.00000024.sdmp, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:36
                            Start time:09:48:29
                            Start date:30/09/2024
                            Path:C:\Windows\System32\YfdxMIy.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\YfdxMIy.exe
                            Imagebase:0x7ff732fe0000
                            File size:1'327'925 bytes
                            MD5 hash:78C1BD2238C2BEF6362DB0C713D52B92
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000024.00000002.1530752170.00007FF732FE1000.00000040.00000001.01000000.00000025.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:37
                            Start time:09:48:29
                            Start date:30/09/2024
                            Path:C:\Windows\System32\dgZNHyj.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\dgZNHyj.exe
                            Imagebase:0x7ff6f31b0000
                            File size:1'328'178 bytes
                            MD5 hash:8E2175D462688C40877D4D3D1126B74A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000025.00000002.1531762604.00007FF6F31B1000.00000040.00000001.01000000.00000026.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:38
                            Start time:09:48:29
                            Start date:30/09/2024
                            Path:C:\Windows\System32\leQcUpZ.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\leQcUpZ.exe
                            Imagebase:0x7ff6ea6f0000
                            File size:1'328'431 bytes
                            MD5 hash:2A016D42911E2572CE995391825D2A92
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000026.00000002.1532732025.00007FF6EA6F1000.00000040.00000001.01000000.00000027.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:39
                            Start time:09:48:29
                            Start date:30/09/2024
                            Path:C:\Windows\System32\TVvGYeO.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\TVvGYeO.exe
                            Imagebase:0x7ff64f610000
                            File size:1'328'684 bytes
                            MD5 hash:703388D08E4170A239DD75DAA4A8BDF1
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.1534105233.00007FF64F611000.00000040.00000001.01000000.00000028.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:40
                            Start time:09:48:29
                            Start date:30/09/2024
                            Path:C:\Windows\System32\onkloSd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\onkloSd.exe
                            Imagebase:0x7ff63d530000
                            File size:1'328'937 bytes
                            MD5 hash:71251399E8C3773471EC83C1B35262BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000028.00000002.1535061619.00007FF63D531000.00000040.00000001.01000000.00000029.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:0.5%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:6.9%
                              Total number of Nodes:87
                              Total number of Limit Nodes:5
                              execution_graph 23820 7ff66b7630d4 closesocket 23824 7ff66b712ce0 68 API calls 5 library calls 23938 7ff66b714ee0 47 API calls 23940 7ff66b701680 HeapFree GetLastError 23941 7ff66b704680 RtlPcToFileHeader RaiseException HeapFree GetLastError 23827 7ff66b7c68e8 RtlReAllocateHeap std::locale::_Setgloballocale 23831 7ff66b704060 58 API calls 23839 7ff66b704446 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _handle_error 23843 7ff66b76303d 34 API calls 23954 7ff66b701310 RtlEncodePointer GetCurrentThread GetThreadTimes Concurrency::details::Security::InitializeCookie 23860 7ff66b7070f0 64 API calls 2 library calls 23960 7ff66b718680 56 API calls 23863 7ff66b78ac8c 6 API calls std::_Locinfo::_Locinfo_ctor 23962 7ff66b7022c1 RtlPcToFileHeader RaiseException HeapFree GetLastError RtlLeaveCriticalSection 23868 7ff66b7634b4 164 API calls 3 library calls 23869 7ff66b7654b0 6 API calls _handle_error 23966 7ff66b763eb0 12 API calls __crtLCMapStringA 23767 7ff66b7b4fc0 23780 7ff66b7cb628 23767->23780 23771 7ff66b7b500b std::locale::_Setgloballocale 23783 7ff66b7c7024 23771->23783 23772 7ff66b7b4fd8 std::locale::_Setgloballocale 23772->23771 23789 7ff66b7ad6d4 8 API calls 4 library calls 23772->23789 23774 7ff66b7b5039 23776 7ff66b7b509b 23774->23776 23790 7ff66b7c77c4 6 API calls try_get_function 23774->23790 23791 7ff66b7c6964 HeapFree GetLastError __free_lconv_mon 23776->23791 23778 7ff66b7b50a5 23792 7ff66b7cb5e0 23780->23792 23787 7ff66b7c7035 std::locale::_Setgloballocale 23783->23787 23784 7ff66b7c7084 23784->23774 23785 7ff66b7c706a RtlAllocateHeap 23785->23784 23785->23787 23787->23784 23787->23785 23797 7ff66b7c385c RtlLeaveCriticalSection std::_Facet_Register 23787->23797 23788 7ff66b7cb678 23 API calls 6 library calls 23788->23772 23789->23771 23790->23774 23791->23778 23793 7ff66b7cb5f9 23792->23793 23796 7ff66b7c02d8 RtlLeaveCriticalSection 23793->23796 23795 7ff66b7b4fc9 23795->23772 23795->23788 23797->23787 23968 7ff66b7459c0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __crtLCMapStringA _handle_error 23968->23968 23871 7ff66b70afc0 6 API calls _Init_thread_header 23872 7ff66b7157c0 50 API calls _handle_error 23970 7ff66b7151d0 4 API calls 2 library calls 23971 7ff66b70ddd0 86 API calls 5 library calls 23878 7ff66b7633d6 CloseHandle 23973 7ff66b705190 6 API calls 2 library calls 23974 7ff66b7125e0 60 API calls 23975 7ff66b711de0 VirtualFree HeapFree GetLastError _aligned_free 23976 7ff66b7651e0 8 API calls _handle_error 23978 7ff66b70c5f0 90 API calls 23979 7ff66b706d72 QueryPerformanceCounter QueryPerformanceFrequency 23984 7ff66b714618 8 API calls std::_Locinfo::_Locinfo_ctor 23894 7ff66b763016 6 API calls 23898 7ff66b765820 5 API calls _handle_error 23900 7ff66b763028 64 API calls 23902 7ff66b70d030 85 API calls 5 library calls 23990 7ff66b714e30 51 API calls 23991 7ff66b765a30 GetConsoleCursorInfo GetLastError SetConsoleCursorInfo 23798 7ff66b7c7140 23799 7ff66b7c71a1 23798->23799 23806 7ff66b7c719c try_get_function 23798->23806 23800 7ff66b7c7284 23800->23799 23803 7ff66b7c7292 GetProcAddress 23800->23803 23801 7ff66b7c71d0 LoadLibraryExW 23802 7ff66b7c71f1 GetLastError 23801->23802 23801->23806 23802->23806 23804 7ff66b7c72a3 23803->23804 23804->23799 23805 7ff66b7c7269 FreeLibrary 23805->23806 23806->23799 23806->23800 23806->23801 23806->23805 23807 7ff66b7c722b LoadLibraryExW 23806->23807 23807->23806 23993 7ff66b704e32 65 API calls 2 library calls 23906 7ff66b712340 59 API calls 23995 7ff66b715d40 49 API calls 23908 7ff66b701020 3 API calls 3 library calls 23909 7ff66b714750 28 API calls 3 library calls 23997 7ff66b765950 11 API calls _handle_error 23808 7ff66b701210 23809 7ff66b80cf80 memcpy_s 23808->23809 23810 7ff66b80cfb5 VirtualAlloc 23809->23810 23811 7ff66b80d968 23810->23811 23812 7ff66b80daa2 VirtualProtect 23811->23812 23815 7ff66b8130d8 23812->23815 23816 7ff66b8130df 23815->23816 23999 7ff66b715960 RtlLeaveCriticalSection 24000 7ff66b76315a 84 API calls _handle_error 23911 7ff66b76315a 59 API calls 23915 7ff66b705bf0 54 API calls 23916 7ff66b764b78 7 API calls 24003 7ff66b715980 RtlEnterCriticalSection 24004 7ff66b70cd80 27 API calls 23922 7ff66b715390 66 API calls 2 library calls

                              Executed Functions

                              Function 00007FF66B701210 Relevance: 5.0, APIs: 3, Instructions: 450memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Virtual$AllocCacheFlushInstructionProtect
                              • String ID:
                              • API String ID: 4198816981-0
                              • Opcode ID: a27710a087e021d71100340e478a37d3525e638f074b5790d0bef7ebd46abed9
                              • Instruction ID: 88e31c464ca682d7c17b7d7e8003f776988b121943c0306b63ca83eac483ed7e
                              • Opcode Fuzzy Hash: a27710a087e021d71100340e478a37d3525e638f074b5790d0bef7ebd46abed9
                              • Instruction Fuzzy Hash: D5622E35A1AF46E4E6418B11F8905A63BB8BF1D344F94023EC88D8B730EF7DA259C794
                              Function 00007FF66B7B4FC0 Relevance: 1.6, APIs: 1, Instructions: 69COMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessor
                              • String ID:
                              • API String ID: 2325560087-0
                              • Opcode ID: 63dab4b49085150a0e77ef710598a25f2e02e72a0be2e2b1020bbb497cb77495
                              • Instruction ID: 3b9160effb2479049b38e40db2d368e0d6ec9ae55e6b020ebee718aed29dbbda
                              • Opcode Fuzzy Hash: 63dab4b49085150a0e77ef710598a25f2e02e72a0be2e2b1020bbb497cb77495
                              • Instruction Fuzzy Hash: CB21D821B19686C6FB149B25E45027D2A60EF48790F584538E76E8B7F6CF3CF862C701
                              Function 00007FF66B7C7024 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 618f1bd8cd44eafb632dd0e6035994b2496eee1857f49d8c4d87ef885e8771e3
                              • Instruction ID: feb82c560a11a2d807471a474b18fa444582a7ef87105c0dae5e8cc4779db639
                              • Opcode Fuzzy Hash: 618f1bd8cd44eafb632dd0e6035994b2496eee1857f49d8c4d87ef885e8771e3
                              • Instruction Fuzzy Hash: 47F04944B0A603C9FEA55B6199516B85AB15F9DB80F0C543CC90ECE3B2EF2CE5C04320

                              Non-executed Functions

                              Function 00007FF66B76EBF0 Relevance: 77.1, APIs: 26, Strings: 18, Instructions: 140libraryloaderCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 106 7ff66b76ebf0-7ff66b76ec09 GetModuleHandleA 107 7ff66b76eda9-7ff66b76edbd GetLastError call 7ff66b76ee80 106->107 108 7ff66b76ec0f-7ff66b76ec39 GetProcAddress * 2 106->108 110 7ff66b76edbe-7ff66b76edd2 GetLastError call 7ff66b76ee80 107->110 108->110 111 7ff66b76ec3f-7ff66b76ec59 GetProcAddress 108->111 114 7ff66b76edd3-7ff66b76ede7 GetLastError call 7ff66b76ee80 110->114 111->114 115 7ff66b76ec5f-7ff66b76ec79 GetProcAddress 111->115 117 7ff66b76ede8-7ff66b76edfc GetLastError call 7ff66b76ee80 114->117 115->117 118 7ff66b76ec7f-7ff66b76ec99 GetProcAddress 115->118 120 7ff66b76edfd-7ff66b76ee11 GetLastError call 7ff66b76ee80 117->120 118->120 121 7ff66b76ec9f-7ff66b76ecb9 GetProcAddress 118->121 125 7ff66b76ee12-7ff66b76ee26 GetLastError call 7ff66b76ee80 120->125 121->125 126 7ff66b76ecbf-7ff66b76ecde GetProcAddress 121->126 130 7ff66b76ee27-7ff66b76ee3b GetLastError call 7ff66b76ee80 125->130 126->130 131 7ff66b76ece4-7ff66b76ecfe GetProcAddress 126->131 134 7ff66b76ee3c-7ff66b76ee50 GetLastError call 7ff66b76ee80 130->134 131->134 135 7ff66b76ed04-7ff66b76ed1e GetProcAddress 131->135 139 7ff66b76ee51-7ff66b76ee65 GetLastError call 7ff66b76ee80 134->139 138 7ff66b76ed24-7ff66b76ed34 GetModuleHandleA 135->138 135->139 142 7ff66b76ed3a-7ff66b76ed61 GetProcAddress LoadLibraryA 138->142 143 7ff66b76ee66-7ff66b76ee7a GetLastError call 7ff66b76ee80 138->143 139->143 144 7ff66b76ed7a-7ff66b76ed8a LoadLibraryA 142->144 145 7ff66b76ed63-7ff66b76ed73 GetProcAddress 142->145 149 7ff66b76ed8c-7ff66b76ed9c GetProcAddress 144->149 150 7ff66b76eda3-7ff66b76eda8 144->150 145->144 149->150
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: AddressProc$ErrorLast$HandleLibraryLoadModule
                              • String ID: GetModuleHandleA$GetProcAddress$GetQueuedCompletionStatusEx$NtDeviceIoControlFile$NtQueryDirectoryFile$NtQueryInformationFile$NtQueryInformationProcess$NtQuerySystemInformation$NtQueryVolumeInformationFile$NtSetInformationFile$PowerRegisterSuspendResumeNotification$RtlGetVersion$RtlNtStatusToDosError$SetWinEventHook$kernel32.dll$ntdll.dll$powrprof.dll$user32.dll
                              • API String ID: 988530940-437142567
                              • Opcode ID: ac7932858a578e43f2c3f26d81dce32a6cb2a8420338cca60a6fb014c41d81bb
                              • Instruction ID: 955fe2b02b068f110b62a0ae15951638f636a4316ba33f703ad011b5bd5d134e
                              • Opcode Fuzzy Hash: ac7932858a578e43f2c3f26d81dce32a6cb2a8420338cca60a6fb014c41d81bb
                              • Instruction Fuzzy Hash: FD61B364A1AB07E6FA259B95EC541B922B6AF0C741F480439D81E8F6B5FF7CAD08C350
                              Function 00007FF66B7634B4 Relevance: 56.5, APIs: 30, Strings: 2, Instructions: 536filesynchronizationCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 151 7ff66b7634b4-7ff66b763528 call 7ff66b76b760 call 7ff66b7b54c4 157 7ff66b76352a-7ff66b76352f 151->157 158 7ff66b763534-7ff66b763542 151->158 161 7ff66b763894-7ff66b7638ab call 7ff66b78c170 157->161 159 7ff66b763544-7ff66b763570 DuplicateHandle 158->159 160 7ff66b76358e-7ff66b7635a9 GetNumberOfConsoleInputEvents 158->160 162 7ff66b763572-7ff66b76357f GetLastError call 7ff66b76ef30 159->162 163 7ff66b763584-7ff66b763589 159->163 165 7ff66b76379a-7ff66b763823 160->165 166 7ff66b7635af-7ff66b7635c1 GetConsoleScreenBufferInfo 160->166 179 7ff66b76388c 162->179 163->160 169 7ff66b763865-7ff66b76387b 165->169 170 7ff66b763825-7ff66b763863 165->170 171 7ff66b7635c3-7ff66b7635d0 GetLastError call 7ff66b76ef30 166->171 172 7ff66b7635d5-7ff66b7635e9 WaitForSingleObject 166->172 174 7ff66b763882 169->174 170->174 180 7ff66b763884 171->180 176 7ff66b7638ac-7ff66b7638e4 call 7ff66b7b4fc0 172->176 177 7ff66b7635ef-7ff66b7635f6 172->177 174->180 192 7ff66b7638ea-7ff66b763901 176->192 193 7ff66b763a07 176->193 182 7ff66b76364d-7ff66b76365a 177->182 183 7ff66b7635f8-7ff66b76361a GetConsoleMode 177->183 179->161 180->179 185 7ff66b763721-7ff66b763749 182->185 186 7ff66b763660-7ff66b76366f 182->186 187 7ff66b76363b 183->187 188 7ff66b76361c-7ff66b763639 SetConsoleMode 183->188 190 7ff66b76374b-7ff66b763750 185->190 191 7ff66b763752-7ff66b76375d 185->191 194 7ff66b76367d-7ff66b763694 186->194 195 7ff66b763671-7ff66b763676 186->195 189 7ff66b763645 187->189 188->187 188->189 189->182 197 7ff66b763760-7ff66b76376c 190->197 191->197 198 7ff66b763907-7ff66b76390b 192->198 199 7ff66b763a03-7ff66b763a05 192->199 196 7ff66b763a0c-7ff66b763a24 193->196 200 7ff66b763696-7ff66b76369d 194->200 201 7ff66b7636a1-7ff66b7636a4 194->201 195->194 202 7ff66b763773-7ff66b763794 ReleaseSemaphore 197->202 203 7ff66b76376e-7ff66b763771 197->203 204 7ff66b76390d-7ff66b763910 198->204 205 7ff66b76392c 198->205 199->196 200->201 206 7ff66b7636a6-7ff66b7636a8 201->206 207 7ff66b7636ae-7ff66b7636b1 201->207 202->165 202->176 203->202 208 7ff66b763912-7ff66b763915 204->208 209 7ff66b763925-7ff66b76392a 204->209 210 7ff66b763931-7ff66b763935 205->210 206->207 211 7ff66b7636bb-7ff66b7636ce 207->211 212 7ff66b7636b3-7ff66b7636b5 207->212 208->193 213 7ff66b76391b-7ff66b763920 208->213 209->210 214 7ff66b76395a-7ff66b76395d 210->214 215 7ff66b763937-7ff66b76394c call 7ff66b764e30 210->215 216 7ff66b7636d8-7ff66b7636db 211->216 217 7ff66b7636d0-7ff66b7636d2 211->217 212->211 213->196 218 7ff66b763960-7ff66b763974 WaitForSingleObject 214->218 215->218 228 7ff66b76394e-7ff66b763955 call 7ff66b76ef30 215->228 220 7ff66b7636dd-7ff66b7636df 216->220 221 7ff66b7636e5-7ff66b76371b 216->221 217->216 222 7ff66b76397a-7ff66b76398b SetConsoleMode 218->222 223 7ff66b763a25-7ff66b763a77 call 7ff66b7b4fc0 UnregisterWait PostQueuedCompletionStatus 218->223 220->221 221->185 225 7ff66b76398d-7ff66b7639b2 GetLastError call 7ff66b76ef30 ReleaseSemaphore 222->225 226 7ff66b7639b8-7ff66b7639ce ReleaseSemaphore 222->226 234 7ff66b763a89-7ff66b763afd GetLastError call 7ff66b76ee80 call 7ff66b78cda0 223->234 235 7ff66b763a79-7ff66b763a88 223->235 225->223 238 7ff66b7639b4-7ff66b7639b6 225->238 226->223 231 7ff66b7639d0-7ff66b7639e6 226->231 228->196 231->199 236 7ff66b7639e8-7ff66b7639f8 call 7ff66b764d50 231->236 247 7ff66b763b26-7ff66b763b53 ReadConsoleW 234->247 248 7ff66b763aff-7ff66b763b1b PostQueuedCompletionStatus 234->248 236->199 244 7ff66b7639fa-7ff66b763a01 call 7ff66b76ef30 236->244 238->196 244->196 252 7ff66b763b55-7ff66b763b8f call 7ff66b8131e8 247->252 253 7ff66b763b91-7ff66b763b99 GetLastError 247->253 250 7ff66b763cc8-7ff66b763cdc GetLastError call 7ff66b76ee80 248->250 251 7ff66b763b21 248->251 265 7ff66b763cdd-7ff66b763ce2 call 7ff66b7b4fc0 250->265 257 7ff66b763c99-7ff66b763cc7 call 7ff66b78c170 251->257 263 7ff66b763bb3-7ff66b763bc5 252->263 254 7ff66b763b9b-7ff66b763ba1 GetLastError 253->254 255 7ff66b763ba3-7ff66b763bac GetLastError 253->255 261 7ff66b763bb1 254->261 255->261 261->263 266 7ff66b763bcb-7ff66b763bce 263->266 267 7ff66b763c82-7ff66b763c97 PostQueuedCompletionStatus 263->267 269 7ff66b763ce3-7ff66b763cf7 GetLastError call 7ff66b76ee80 265->269 270 7ff66b763c6a-7ff66b763c80 ReleaseSemaphore 266->270 271 7ff66b763bd4-7ff66b763bdb 266->271 267->257 267->269 270->265 270->267 273 7ff66b763be1-7ff66b763beb 271->273 273->273 275 7ff66b763bed-7ff66b763bef 273->275 275->270 277 7ff66b763bf1-7ff66b763c26 CreateFileA 275->277 277->270 278 7ff66b763c28-7ff66b763c48 277->278 279 7ff66b763c4a-7ff66b763c54 278->279 280 7ff66b763c58-7ff66b763c64 SetConsoleCursorPosition CloseHandle 278->280 279->280 280->270
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Error$Last$ConsoleCreateCriticalInitializeSection$CompletionPostQueuedSemaphoreStatus$FileHandleModeReleaseWait$ByteCharCloseCtrlCursorDuplicateEventFeatureFrequencyHandlerInfoItemMultiObjectPerformancePositionPresentProcessorQueryQueueReadSingleSystemUnregisterUserWideWork
                              • String ID: PostQueuedCompletionStatus$conout$
                              • API String ID: 3578229814-1875676862
                              • Opcode ID: 9b16a57174d3099a3aafc04fad8a86dea68d3e57e4c90114e81ca1bc634ade45
                              • Instruction ID: c6ff5c7c7044b4f3fa3d79c359f4b2b373e0de05e0e2c993c9646f5214acd6f8
                              • Opcode Fuzzy Hash: 9b16a57174d3099a3aafc04fad8a86dea68d3e57e4c90114e81ca1bc634ade45
                              • Instruction Fuzzy Hash: BC228332A09682C6E7608F2AA84067A7BB4FF4CB54F144639DA5DCB6B8EF3CD444C740
                              Function 00007FF66B763165 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 320networksynchronizationCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 281 7ff66b763165-7ff66b76316a 282 7ff66b76316c-7ff66b76e7bb 281->282 283 7ff66b763181-7ff66b763190 281->283 289 7ff66b76e7bd-7ff66b76e7c4 282->289 290 7ff66b76e7c8-7ff66b76e7db 282->290 285 7ff66b763199-7ff66b7631ac 283->285 286 7ff66b763192-7ff66b763195 283->286 287 7ff66b76315a-7ff66b763164 285->287 288 7ff66b7631ae-7ff66b7631b5 285->288 286->285 288->287 291 7ff66b7631b7 288->291 289->290 292 7ff66b76e7dd-7ff66b76e7e4 290->292 293 7ff66b76e815-7ff66b76e857 290->293 294 7ff66b763270-7ff66b763274 291->294 292->293 295 7ff66b76e7e6-7ff66b76e7ea 292->295 296 7ff66b76e85d-7ff66b76e875 CreateEventA 293->296 297 7ff66b76e8f1-7ff66b76e910 call 7ff66b770ca0 293->297 294->287 301 7ff66b76327a-7ff66b7632bc 294->301 299 7ff66b76e7ec-7ff66b76e7fc 295->299 300 7ff66b76e800-7ff66b76e814 call 7ff66b78c170 295->300 302 7ff66b76e87b-7ff66b76e889 296->302 303 7ff66b76e93e-7ff66b76e952 GetLastError call 7ff66b76ee80 296->303 311 7ff66b76e912-7ff66b76e91d WSAGetLastError 297->311 312 7ff66b76e91f 297->312 299->300 316 7ff66b76324f-7ff66b763257 301->316 317 7ff66b7632be-7ff66b7632c2 301->317 307 7ff66b76e8da-7ff66b76e8eb CloseHandle WaitForSingleObject 302->307 308 7ff66b76e88b-7ff66b76e8a1 CreateEventA 302->308 310 7ff66b76e953-7ff66b76e9a7 GetLastError call 7ff66b76ee80 303->310 307->297 309 7ff66b76e8a7-7ff66b76e8d8 SetEvent 308->309 308->310 309->297 326 7ff66b76e9b8 310->326 327 7ff66b76e9a9-7ff66b76e9b6 310->327 311->312 318 7ff66b76e921-7ff66b76e93d call 7ff66b78c170 311->318 312->318 323 7ff66b763259-7ff66b763260 316->323 324 7ff66b763264-7ff66b76326c 316->324 320 7ff66b7632cc-7ff66b7632d3 317->320 321 7ff66b7632c4-7ff66b7632c8 317->321 328 7ff66b76320a-7ff66b763211 320->328 329 7ff66b7632d9-7ff66b7632e4 320->329 321->320 323->324 324->294 331 7ff66b76e9bc-7ff66b76e9c3 326->331 327->331 332 7ff66b76321b-7ff66b763222 328->332 333 7ff66b763213-7ff66b763217 328->333 329->328 334 7ff66b76e9c5-7ff66b76e9df 331->334 335 7ff66b76e9e1-7ff66b76e9e5 331->335 336 7ff66b76322c-7ff66b763234 332->336 337 7ff66b763224-7ff66b763228 332->337 333->332 338 7ff66b76e9e9-7ff66b76ea18 select 334->338 335->338 336->316 339 7ff66b763236-7ff66b763242 336->339 337->336 340 7ff66b76ea1a-7ff66b76ea22 WSAGetLastError 338->340 341 7ff66b76ea60-7ff66b76ea64 338->341 339->316 342 7ff66b763244-7ff66b76324b 339->342 343 7ff66b76ea2c-7ff66b76ea35 WSAGetLastError 340->343 344 7ff66b76ea24-7ff66b76ea2a WSAGetLastError 340->344 345 7ff66b76ea66-7ff66b76ea74 341->345 346 7ff66b76ea7e-7ff66b76eaa2 PostQueuedCompletionStatus 341->346 342->316 349 7ff66b76ea3a-7ff66b76ea5c PostQueuedCompletionStatus 343->349 344->349 350 7ff66b76ea7c 345->350 351 7ff66b76ea76-7ff66b76ea7a 345->351 347 7ff66b76eaa4-7ff66b76eac8 call 7ff66b78c170 346->347 348 7ff66b76eade-7ff66b76eb10 GetLastError call 7ff66b76ee80 346->348 360 7ff66b76eb29-7ff66b76eb30 348->360 361 7ff66b76eb12-7ff66b76eb27 348->361 354 7ff66b76eac9-7ff66b76eadd GetLastError call 7ff66b76ee80 349->354 355 7ff66b76ea5e 349->355 350->346 351->346 351->350 354->348 355->347 363 7ff66b76ebdd-7ff66b76ebe2 360->363 364 7ff66b76eb36-7ff66b76eb45 360->364 362 7ff66b76eb4b-7ff66b76eb78 QueueUserWorkItem 361->362 365 7ff66b76eb7a-7ff66b76eb82 GetLastError 362->365 366 7ff66b76ebd8 362->366 364->362 367 7ff66b76eb8c-7ff66b76eb95 GetLastError 365->367 368 7ff66b76eb84-7ff66b76eb8a GetLastError 365->368 366->363 369 7ff66b76eb9a-7ff66b76ebaf 367->369 368->369 370 7ff66b76ebd0-7ff66b76ebd4 369->370 371 7ff66b76ebb1-7ff66b76ebcf 369->371 370->366
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast$Event$CompletionCreatePostQueuedStatus$CloseHandleItemObjectQueueSingleUserWaitWorkselect
                              • String ID: CreateEvent$PostQueuedCompletionStatus
                              • API String ID: 4248182287-725115575
                              • Opcode ID: 1c606d2906668a12fcb97fdbac070811e938530ef58a810bb3c20050f3ab9570
                              • Instruction ID: 534c82890af9c732fdd5bce13404a3165c6fa649d30db1a25bbb059be26f2930
                              • Opcode Fuzzy Hash: 1c606d2906668a12fcb97fdbac070811e938530ef58a810bb3c20050f3ab9570
                              • Instruction Fuzzy Hash: 94D1C672A18B86C6E7608B26E8403797BB1FB49B54F140139DA5D8BBB4DF3CD894C750
                              Function 00007FF66B74CFF0 Relevance: 17.6, Instructions: 17637COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 414e5aa9d30e7a3741b300f697656c792e4bc112451461f008accf2e068fc729
                              • Instruction ID: 4ea41a61f34d2fe48c378c21e80dbfaf5455b346f3b3a632f268b779a415b4ba
                              • Opcode Fuzzy Hash: 414e5aa9d30e7a3741b300f697656c792e4bc112451461f008accf2e068fc729
                              • Instruction Fuzzy Hash: BB84B573A24BC585EB12CB39D4516AAB760FBDA780F419326EF8963715EF38E191C340
                              Function 00007FF66B7070F0 Relevance: 8.1, Strings: 6, Instructions: 565COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: error$error$job$method$params$result
                              • API String ID: 0-4113728344
                              • Opcode ID: c1049390a219f9e591c8188d73760abd39a0d3d7c9298635fb4726ae8f4e8a0c
                              • Instruction ID: f3f4d513a8685438fe8e7cae63a1056ed8ad9b0c8dba22255ca9c90aaef552dc
                              • Opcode Fuzzy Hash: c1049390a219f9e591c8188d73760abd39a0d3d7c9298635fb4726ae8f4e8a0c
                              • Instruction Fuzzy Hash: 9132BC22F18642C6FB608B71A1003B96AB1AB58BE5F154235DE5E9FBF8DF3DE5418340
                              Function 00007FF66B7B6B44 Relevance: 7.8, APIs: 5, Instructions: 321fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorFileLastWrite$Console
                              • String ID:
                              • API String ID: 786612050-0
                              • Opcode ID: 77638cfe2a0151889c6fb1031f8a99b5bb066a6de73158d7596f6798f2d71abe
                              • Instruction ID: 83250f0b521c85caa308dbbd0ef5320513ea54da7927e3929d31858b7bf2ca0f
                              • Opcode Fuzzy Hash: 77638cfe2a0151889c6fb1031f8a99b5bb066a6de73158d7596f6798f2d71abe
                              • Instruction Fuzzy Hash: 00D1D172B08A81DAE711CF64D4501ADBBB1FB48798B544136DF4E8BBB9DE38D216CB40
                              Function 00007FF66B7DBD00 Relevance: 7.7, Strings: 6, Instructions: 214COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: IP Address currently banned$Unauthenticated$job$job$message$your IP is banned
                              • API String ID: 0-1524868794
                              • Opcode ID: ae4d8b2e23721ba325973145e22b0f1ce8f58fa40aee982beaf2b96fa0685587
                              • Instruction ID: 05640747b5e48819f980e53a1ecbc588488e5f19096391e0511d284e1aaa10e9
                              • Opcode Fuzzy Hash: ae4d8b2e23721ba325973145e22b0f1ce8f58fa40aee982beaf2b96fa0685587
                              • Instruction Fuzzy Hash: E8916962F14B42C5EA00CB61E9412B96770BB18BD8F409636DE1D9BBB5EF3CE195C344
                              Function 00007FF66B7C6D1C Relevance: 5.2, APIs: 4, Instructions: 172COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast
                              • String ID:
                              • API String ID: 1452528299-0
                              • Opcode ID: c394616e3f0e7a1b9ab4c15a9fdf2adf079157a9022117ce418793a827e3f53b
                              • Instruction ID: 7e35afec4dffc6a581dd6d7adba2f0c1a151375de06390ca1d88916de0f82ec1
                              • Opcode Fuzzy Hash: c394616e3f0e7a1b9ab4c15a9fdf2adf079157a9022117ce418793a827e3f53b
                              • Instruction Fuzzy Hash: 18614E20A0D242CDFA58AB35A9921795AB56F4C7A0F04573DE93E8F6F6DF2DF9015300
                              Function 00007FF66B7BAD30 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: memcpy_s
                              • String ID:
                              • API String ID: 1502251526-0
                              • Opcode ID: 233296a0f5906bd60a065a0cdbcf1dd5df12df26031465e9d7d9a4158470f016
                              • Instruction ID: c6fc5d05eacde5fd25cb52da19645d7991a1a09704dd20f0a427b7850c151c94
                              • Opcode Fuzzy Hash: 233296a0f5906bd60a065a0cdbcf1dd5df12df26031465e9d7d9a4158470f016
                              • Instruction Fuzzy Hash: ADC1A372A1868ACBDB24CF19E184669BBA1F798784F448135DB4A8B764DE3DF841CB40
                              Function 00007FF66B7E58C0 Relevance: 4.2, Strings: 3, Instructions: 408COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID: cpu$hw-aes$priority
                              • API String ID: 118556049-695868346
                              • Opcode ID: b0078514017242c53fa932130c85b8fb598e41f608bf6321594ec70a8e062d75
                              • Instruction ID: 695a7d94c5b9a92bb3665666627ac037faa85d364b5e5957b32ef7d32d5275a2
                              • Opcode Fuzzy Hash: b0078514017242c53fa932130c85b8fb598e41f608bf6321594ec70a8e062d75
                              • Instruction Fuzzy Hash: C7024D32B14B55C9E710CF64E8802AC37B4FB48B58F51422ADE5D5BBA4EF78E596C300
                              Function 00007FF66B80F340 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: %x:%x.%x$gfff$gfff
                              • API String ID: 0-2706413318
                              • Opcode ID: 69ebbe362fd0cf53e1fc1c88e85850168c67687152113341d95fb84493b55f08
                              • Instruction ID: 173056e126c5eac71a67b51df7703d947807dc10f011af699d15ed98c2ce247e
                              • Opcode Fuzzy Hash: 69ebbe362fd0cf53e1fc1c88e85850168c67687152113341d95fb84493b55f08
                              • Instruction Fuzzy Hash: 5ED1E677314F8885DB40CF69E89168A37A9F759F88F55A626DE8C8B318DF38D4A4C340
                              Function 00007FF66B7E4BB0 Relevance: 4.0, Strings: 3, Instructions: 248COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: affinity$intensity$threads
                              • API String ID: 0-2570081736
                              • Opcode ID: ac0a03c45e0cec9494ed1f07204dfa59701f73ae5f921430744c51cc04affedc
                              • Instruction ID: 4e099f74e725e6f16b22a1713c9da92f259a4262f7974b891cd55b23b181f9b5
                              • Opcode Fuzzy Hash: ac0a03c45e0cec9494ed1f07204dfa59701f73ae5f921430744c51cc04affedc
                              • Instruction Fuzzy Hash: BAA16962B04A92C6EB148B65D8412FC27B0FF48B68F544635DE6D9B7F8DF38E5829340
                              Function 00007FF66B7C9388 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: gfffffff
                              • API String ID: 3215553584-1523873471
                              • Opcode ID: 822f0bbede9d2db51b90fe2c846189a394625745df35cde09cd3d1524d770911
                              • Instruction ID: eff1728e7846acee84c250e04410ddace7bfee0c4215ca092bb4106f5d1c8a10
                              • Opcode Fuzzy Hash: 822f0bbede9d2db51b90fe2c846189a394625745df35cde09cd3d1524d770911
                              • Instruction Fuzzy Hash: 6C912A62B097C5CAEB52CB25A0143BD6BA5AB68788F058035CA4D8B7F6DF3DD506C701
                              Function 00007FF66B7C9C20 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMON
                              Download Yara Rule
                              APIs
                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF66B7C9C51
                                • Part of subcall function 00007FF66B7AD938: IsProcessorFeaturePresent.KERNEL32 ref: 00007FF66B7AD941
                                • Part of subcall function 00007FF66B7AD938: GetCurrentProcess.KERNEL32 ref: 00007FF66B7AD966
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                              • String ID: -
                              • API String ID: 4036615347-2547889144
                              • Opcode ID: a3a4e6763df70181e3a7774589a308210c2c6c02585a81931177cfbb49efa61a
                              • Instruction ID: 8e4ce00500413ae118109ab99fbbf5d08be0fd526fc8ed8c2af7143b3a3ef9fc
                              • Opcode Fuzzy Hash: a3a4e6763df70181e3a7774589a308210c2c6c02585a81931177cfbb49efa61a
                              • Instruction Fuzzy Hash: 5F81FA32A08785C9D7A58B259444779BAB1FBAD7D8F444239DA9D8BBFADF3CD4008700
                              Function 00007FF66B724410 Relevance: 3.7, Instructions: 3672COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bbeb5cecb1e9a0dc1d5fa4bcad2355e10e2125eef46ad5baad8a5624a2f76512
                              • Instruction ID: d1de98ff19f41ed80deb8a0b037a2750994e84e7b6937b2b41fff8622af8dc29
                              • Opcode Fuzzy Hash: bbeb5cecb1e9a0dc1d5fa4bcad2355e10e2125eef46ad5baad8a5624a2f76512
                              • Instruction Fuzzy Hash: 6373A673A24BC581EB12CB39D4516AAB360FBDA780F519326EF8963715EF38E191C740
                              Function 00007FF66B7CCB20 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionRaise_clrfp
                              • String ID:
                              • API String ID: 15204871-0
                              • Opcode ID: a0c5210aa52080534b476771829b37d96f251845d1f2a80f8bf3990da6f749ee
                              • Instruction ID: 663395256bfe7ecce5a463f636a7c2bfaceabb32f455e4f87e0d913893d689a9
                              • Opcode Fuzzy Hash: a0c5210aa52080534b476771829b37d96f251845d1f2a80f8bf3990da6f749ee
                              • Instruction Fuzzy Hash: BCB10777600B45CFEB15CF29C8862687BB0F748B89B198926DA5D8B7B8CF39D851C740
                              Function 00007FF66B803CE0 Relevance: 3.0, Strings: 2, Instructions: 483COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: cd255badf2d2b6a3b88b4e1f03ec988874d57fe1b564c0e5c5f89eaeacd773dd
                              • Instruction ID: 29bffe1e64e3ab6ac672187c3f60f3633bfb000cffcd04d498197f9b16b5b5f0
                              • Opcode Fuzzy Hash: cd255badf2d2b6a3b88b4e1f03ec988874d57fe1b564c0e5c5f89eaeacd773dd
                              • Instruction Fuzzy Hash: F432D272A197C0CEE321CF25D8407ED7BB1F799388F144229EA899BA68DB78D545CB40
                              Function 00007FF66B7F8C70 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: 62500af5f56c2fe7d5015565428c973e1c2eca6304322754c82ac54a755daf7c
                              • Instruction ID: a1e3a5e470d1688c6f32dfdd7a119cc757b12a579dea1982936b1b69ac8ee73f
                              • Opcode Fuzzy Hash: 62500af5f56c2fe7d5015565428c973e1c2eca6304322754c82ac54a755daf7c
                              • Instruction Fuzzy Hash: 4532C272A087C1CEE721CF25D8407ED7BB5F799348F104229EA899BBA9DB78D545CB00
                              Function 00007FF66B7FE4A0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: abb8d8d2a55f3f8e00d6ada00382a51ee9e49d9415b47fa843799f39c6e3c6d2
                              • Instruction ID: 9e6dbee1f62cf6c9f0bf0aff9c57fbfc403717258fad789894cb3b660574055c
                              • Opcode Fuzzy Hash: abb8d8d2a55f3f8e00d6ada00382a51ee9e49d9415b47fa843799f39c6e3c6d2
                              • Instruction Fuzzy Hash: 3632C172A187C4CEE721CF25D8407ED7BB5F799348F004229EA899BBA8DB78D545CB00
                              Function 00007FF66B805A60 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: 489b870cae5561419b372d2f45531df2621b4eae22bd712c06c6674425a6854f
                              • Instruction ID: d64d037d1bb7040b59987b9ed9da33ba0006811e91db4c91977cc674b4aa4977
                              • Opcode Fuzzy Hash: 489b870cae5561419b372d2f45531df2621b4eae22bd712c06c6674425a6854f
                              • Instruction Fuzzy Hash: 1D32C372A197C0CEE725CF25D4807ED7BB1F759388F004229EB899BA68DB78D585CB40
                              Function 00007FF66B7FA9D0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: 85257a6787fb6080f93ff3b0b3c6fd79044a62bd5acd8d60689c27f895e95432
                              • Instruction ID: 0e5ee61ac9023a582f4b18dafbdc14cc924a21974c7d6c2395b5c2a6db2b13fb
                              • Opcode Fuzzy Hash: 85257a6787fb6080f93ff3b0b3c6fd79044a62bd5acd8d60689c27f895e95432
                              • Instruction Fuzzy Hash: 7232D372A187C0CEE721CF29D8407ED7BB5F799348F104229EA899BB69DB78D545CB00
                              Function 00007FF66B800200 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: 8e24140326c873a3a403ece4a65a5e036c684f78545b5246e9a996e90f0ade6b
                              • Instruction ID: d1b821aef12e51f614a48b3f64565e4a3bcd9cfd67b7cd5c43514cbe397e53d6
                              • Opcode Fuzzy Hash: 8e24140326c873a3a403ece4a65a5e036c684f78545b5246e9a996e90f0ade6b
                              • Instruction Fuzzy Hash: D232E272A197C1CEE721CF25D8407ED7BB1F799388F004229EA899BB69DB78D544CB40
                              Function 00007FF66B80C190 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: 25b2ccb4599827e10e55a827c7ebb7e92966dedbe64e1d577d1b2a945107946d
                              • Instruction ID: 6d2a2f859910821fbdf21cbd41556b0c6479fbc0365056bd02b0f552511280d1
                              • Opcode Fuzzy Hash: 25b2ccb4599827e10e55a827c7ebb7e92966dedbe64e1d577d1b2a945107946d
                              • Instruction Fuzzy Hash: 8F32C172A187C1CEE721CF29D8407ED7BB0F799388F104229EA499BB69DB78D545CB40
                              Function 00007FF66B7F5190 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: c7af9c3ca5478d8fd622f85f1cf1fd9e6758002fa69982e03d6c2070837bf825
                              • Instruction ID: abc247f8d36aba4fc9f9f14e8323f81c1a53506dd3649e095620169ddb26e07a
                              • Opcode Fuzzy Hash: c7af9c3ca5478d8fd622f85f1cf1fd9e6758002fa69982e03d6c2070837bf825
                              • Instruction Fuzzy Hash: 8C32B272A187C0CEE721CF25E8407ED7BB5F799348F508229EB499BA68DB78D545CB00
                              Function 00007FF66B8077C0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: VUUU$gj
                              • API String ID: 0-4043792639
                              • Opcode ID: f1f490112418749fd7372edcb295d6d7ec4dc54b1e93074b89361b8bb2ce6c3a
                              • Instruction ID: a608e3172dacbb90a39f5e72a259aabc75def12443539b2605216c868d88c38f
                              • Opcode Fuzzy Hash: f1f490112418749fd7372edcb295d6d7ec4dc54b1e93074b89361b8bb2ce6c3a
                              • Instruction Fuzzy Hash: 6D32D372A197C0CEE721CF25D8407ED7BB1FB59388F104229EA899BB68DB78D545CB40
                              Function 00007FF66B7092E0 Relevance: 1.7, Strings: 1, Instructions: 478COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: gfff
                              • API String ID: 0-1553575800
                              • Opcode ID: ec9c8680fe913ba38bc405bd4cb512db4c8260cd84c410b3cb4e43d97803d635
                              • Instruction ID: d86c392fe5bc83638a16dd71556eda7f4d883b5c69cd27e8792bc977ddbdd8a7
                              • Opcode Fuzzy Hash: ec9c8680fe913ba38bc405bd4cb512db4c8260cd84c410b3cb4e43d97803d635
                              • Instruction Fuzzy Hash: E3124AA3A08AD5C9E7118B3D84502BD7FB5AB69780F444233DE499B3B2DF3EA545C380
                              Function 00007FF66B702F80 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: gfff
                              • API String ID: 0-1553575800
                              • Opcode ID: 2fe20347009a9669ccb387e5a071770843a7d734c6c4407c2b534074148a66d6
                              • Instruction ID: 2478716f2b5a9fbc1b26f58a274ef5caa685f844945ae49ee602a5e544a2b0a7
                              • Opcode Fuzzy Hash: 2fe20347009a9669ccb387e5a071770843a7d734c6c4407c2b534074148a66d6
                              • Instruction Fuzzy Hash: 12021BA290CAC5C5E7328B398050AB97FB5AF5D780F564233DA598B3B1CF6EA545C380
                              Function 00007FF66B719BE0 Relevance: 1.7, Instructions: 1651COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 83f74dbe62eb343cc461e410bb81ff3e6ee4017303c50fe1ee24b245654634d8
                              • Instruction ID: 17521da9dd321f46e7fdd3a1b0ba0adae0520d74ee93e2265f979d8bb49ae95e
                              • Opcode Fuzzy Hash: 83f74dbe62eb343cc461e410bb81ff3e6ee4017303c50fe1ee24b245654634d8
                              • Instruction Fuzzy Hash: B8F2E373A24B8485EB52CB39D4055AA77A4FFDA780F419326EF89A3B15DF38E191C700
                              Function 00007FF66B722C80 Relevance: 1.3, Instructions: 1270COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 230ceda557af1ab0c57b3090b2edb4674d67acf905bdc1e08f7a911a752ca2bb
                              • Instruction ID: f863a5e3f897a3a5f0121065f1cc3758fbb80d5d795428c7bef9e94e67c949b4
                              • Opcode Fuzzy Hash: 230ceda557af1ab0c57b3090b2edb4674d67acf905bdc1e08f7a911a752ca2bb
                              • Instruction Fuzzy Hash: 30C2C3A3A24BC485EB12CB3DD4516A9B760FBDA7C0F419326EE8963B15DF38E191C340
                              Function 00007FF66B748A20 Relevance: 1.1, Instructions: 1101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessorcapture_previous_context
                              • String ID:
                              • API String ID: 3936158736-0
                              • Opcode ID: 98d16c9b521386b2259f0843824372fa278e1c9022ca4071cb905e18300bd552
                              • Instruction ID: 71ec05ae1199f22b5198129c1bd4d557fad31cfafbc3fb61fc63d31297e7f4b6
                              • Opcode Fuzzy Hash: 98d16c9b521386b2259f0843824372fa278e1c9022ca4071cb905e18300bd552
                              • Instruction Fuzzy Hash: 1FB20773A24BC585DB52CB39D4056A973B4FBEA780F419326EF89A3715EB38E195C300
                              Function 00007FF66B738B10 Relevance: 1.1, Instructions: 1088COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessorcapture_previous_context
                              • String ID:
                              • API String ID: 3936158736-0
                              • Opcode ID: e76c40cfd511001eaa19ebb246e2c01bc840fa4ecc23c096ac3032cde4274a82
                              • Instruction ID: f251fb86d0cd0ae429c62f9b35e5fd74ff44e702903eace6769963fa1817b471
                              • Opcode Fuzzy Hash: e76c40cfd511001eaa19ebb246e2c01bc840fa4ecc23c096ac3032cde4274a82
                              • Instruction Fuzzy Hash: 42A21873A24BC585DB12CB29E4056A973B0FBEA780F415326EF89A3B15DF39E195C300
                              Function 00007FF66B7459C0 Relevance: 1.0, Instructions: 995COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 257fad1a32ad2c5b32685c2132ece70adbaac5d5c8eeaae160c1317491dba1f5
                              • Instruction ID: 8e3e64cfec4c21aa2230d6b1b2719748d5b2b26c568f9b650eb0c5be9215074d
                              • Opcode Fuzzy Hash: 257fad1a32ad2c5b32685c2132ece70adbaac5d5c8eeaae160c1317491dba1f5
                              • Instruction Fuzzy Hash: 3792D573E24BC885DB52CB39E4055AA77A4FF9A780F429326EF8963B15DB38E151C700
                              Function 00007FF66B737120 Relevance: .9, Instructions: 912COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessorcapture_previous_context
                              • String ID:
                              • API String ID: 3936158736-0
                              • Opcode ID: 94a67b91e5efce7a8a302758520de1e92137ffd2f30f782280169de5c4777a70
                              • Instruction ID: a5c0940c3a26b65a3ecd94d1b3f19408345451b914a657d40f1be512a23cc410
                              • Opcode Fuzzy Hash: 94a67b91e5efce7a8a302758520de1e92137ffd2f30f782280169de5c4777a70
                              • Instruction Fuzzy Hash: 1C82F273A24BC586EB119F25E4002AA77B0FB99BC4F419326EE8D67B15DF38E195C300
                              Function 00007FF66B721C50 Relevance: .9, Instructions: 898COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78fae09360e4050c85d906c07632171f75affdd26c575836ed5a63bd659cca8b
                              • Instruction ID: ddd15eaaf382b6026948128f2e08055db479f377e41ab67b8f228e73507653dd
                              • Opcode Fuzzy Hash: 78fae09360e4050c85d906c07632171f75affdd26c575836ed5a63bd659cca8b
                              • Instruction Fuzzy Hash: 7C82DFB3A24BC485EB12CB3994116EAB760FBD9BC4F419326EE8967715DF38D192C340
                              Function 00007FF66B72D860 Relevance: .9, Instructions: 873COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a9efa5dee6b137f20959250c14a8e4373b73822ab24fc0cb8cc973cf6049c66e
                              • Instruction ID: 4ec1f069523bc2d62d1c2270a6fd00dfd975b5d3939fd824cc394064a06ff2ca
                              • Opcode Fuzzy Hash: a9efa5dee6b137f20959250c14a8e4373b73822ab24fc0cb8cc973cf6049c66e
                              • Instruction Fuzzy Hash: D6926E73A14BC586EB21CF39D4525E9B760FBDA784F10A316EF89A6B15DB34D281C340
                              Function 00007FF66B73A870 Relevance: .8, Instructions: 818COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a9702984a5443350786de6518e57cfa550e7e1157ba38772fc705c67126d4ed7
                              • Instruction ID: 172b370cb26bad437a997b606f6bab0a70c21914c6e5fabe54535f6e2ce1f767
                              • Opcode Fuzzy Hash: a9702984a5443350786de6518e57cfa550e7e1157ba38772fc705c67126d4ed7
                              • Instruction Fuzzy Hash: 2E722873E24B8885DB52CF29E4056AA77A4FFDA780F825316EF8963B15DB38E151C700
                              Function 00007FF66B720460 Relevance: .8, Instructions: 816COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f75f832d9d61f11e642261aead1e2600973e007531e54802796424f7d2dba5df
                              • Instruction ID: 2b32fdda75706296a8f36a11ec083d53bf27e677882000f216589c9f7087b868
                              • Opcode Fuzzy Hash: f75f832d9d61f11e642261aead1e2600973e007531e54802796424f7d2dba5df
                              • Instruction Fuzzy Hash: 3D721873E24B8885DB52CF29E4056AA77B4FFDA780F825316EE8963B15DB38E151C700
                              Function 00007FF66B72A810 Relevance: .8, Instructions: 812COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 140e8e607d1596446eb3d7eba0d6ae99a94ac1bb2210093d35c71fdee9258149
                              • Instruction ID: c3bdcf9f1286159bd3c66729539ac5301c29bdfa5f31863d55a151e08c9c4b77
                              • Opcode Fuzzy Hash: 140e8e607d1596446eb3d7eba0d6ae99a94ac1bb2210093d35c71fdee9258149
                              • Instruction Fuzzy Hash: 0A82A273A24B848AE711CF39D4415AAB7B0FBDA784F40A316EF8967B15DB38E191C740
                              Function 00007FF66B7473A0 Relevance: .7, Instructions: 689COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessorcapture_previous_context
                              • String ID:
                              • API String ID: 3936158736-0
                              • Opcode ID: 1afe2d521151158849974ea62489a0f4abbd6ac322ca9fa9395da705bc291ff4
                              • Instruction ID: de63f7d8b5fec6e11484690a4181f11f47f08cc29992164d61406f8bd67d0649
                              • Opcode Fuzzy Hash: 1afe2d521151158849974ea62489a0f4abbd6ac322ca9fa9395da705bc291ff4
                              • Instruction Fuzzy Hash: 4262D173A24BC586E711CF29E4106AA77A4FB99BC4F419326EE8D63B15DF38E191C700
                              Function 00007FF66B71D0A0 Relevance: .7, Instructions: 686COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessorcapture_previous_context
                              • String ID:
                              • API String ID: 3936158736-0
                              • Opcode ID: 3fcc8668b3944ef4a654d9aa6dcb42ef8ec0e07d59e8a4d26f16d8888e490a50
                              • Instruction ID: 859399c047d7a0f2de105e406b8065465f74fc1a103f202094da5204dc8dc135
                              • Opcode Fuzzy Hash: 3fcc8668b3944ef4a654d9aa6dcb42ef8ec0e07d59e8a4d26f16d8888e490a50
                              • Instruction Fuzzy Hash: 96520373A24BC586EB119F25E4106AA77B0FB99BC0F459326EE8D63B14DF38E191C700
                              Function 00007FF66B71BA40 Relevance: .7, Instructions: 679COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 905398d3b122b23a6da1e04b3ead6738e8ae70658c5caecc13cb87bcee5f2bc7
                              • Instruction ID: 0cf14f8a8ca7f946e40fe15275998a458564ac08a4837417fc6a1cead9a71efd
                              • Opcode Fuzzy Hash: 905398d3b122b23a6da1e04b3ead6738e8ae70658c5caecc13cb87bcee5f2bc7
                              • Instruction Fuzzy Hash: A162F873E20B8885D792CF29E41596A77A4FF9A7C1F825316EF8963B05DB38E161C700
                              Function 00007FF66B718CF0 Relevance: .6, Instructions: 645COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b325ce7ec80a8391b983811fe2b499f5be85328e03aa1366758769a733ad1cb5
                              • Instruction ID: 3b56c978045ef44370bcd1e16cb4d5838c64e67c09e4e628a8a69da85030fdd1
                              • Opcode Fuzzy Hash: b325ce7ec80a8391b983811fe2b499f5be85328e03aa1366758769a733ad1cb5
                              • Instruction Fuzzy Hash: 9B42E373A14A95CAE7518F25E8106AA77B0FB89BC4F414226EF8E67B14CF3CE156C740
                              Function 00007FF66B732AC0 Relevance: .6, Instructions: 621COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce3e0216b470758df95f35f3a338097ca59c532875c8e3a813de312fdcf92a0a
                              • Instruction ID: 1865005ee713abfda63209ee19d3ee0d8e25bf92f87af60c0f5f6bb9f4ce6794
                              • Opcode Fuzzy Hash: ce3e0216b470758df95f35f3a338097ca59c532875c8e3a813de312fdcf92a0a
                              • Instruction Fuzzy Hash: EF526D73A20BC585EB11CF3DC4425A9B370FB9A788B11A316EF89A7B16DB35E191C740
                              Function 00007FF66B7ED450 Relevance: .5, Instructions: 535COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 968b5d405900e6dbc41bbcdfcb83b6ba9fed1168ae3ae9f4cf072ab53662c39a
                              • Instruction ID: 13f41aaa7d3c4824ff62fa64a2f4997170a9f8e843fe2d038edc12d744aed5ad
                              • Opcode Fuzzy Hash: 968b5d405900e6dbc41bbcdfcb83b6ba9fed1168ae3ae9f4cf072ab53662c39a
                              • Instruction Fuzzy Hash: E0327B73A141E08FE3A0CF7EC440AAD3FF2E38D749B558126EA59D7A19D638D606CB50
                              Function 00007FF66B748020 Relevance: .5, Instructions: 528COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d155f7fbb6359bc51c6da99b4a6fd90faf9ffc2bb9dc0c8428c8c750349e2c99
                              • Instruction ID: 8f9914a8ef6a68b46efea44a2e7eb1d920e39b8e2b0972f573adbdc31a582893
                              • Opcode Fuzzy Hash: d155f7fbb6359bc51c6da99b4a6fd90faf9ffc2bb9dc0c8428c8c750349e2c99
                              • Instruction Fuzzy Hash: FA320773A20B8485E752CF29D4156AA77A4FF9A7C0F429327FE8963B15DB38E191C700
                              Function 00007FF66B80E1F0 Relevance: .5, Instructions: 527COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 01a75545c0a8850c92bb6629d570a55a1506892a8ae65f4a4dd220c1200896f5
                              • Instruction ID: fd9c174ed7f41b3725e5e3f24b8ad290f8f39be732be41e58a3214896a655c40
                              • Opcode Fuzzy Hash: 01a75545c0a8850c92bb6629d570a55a1506892a8ae65f4a4dd220c1200896f5
                              • Instruction Fuzzy Hash: AE329573E202604BD3969A16EC5CF6A37A8F7457CAF439316FF8123A40C638A915DB60
                              Function 00007FF66B71DD10 Relevance: .5, Instructions: 522COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8448cbb1b64b83b1f8addf648e298d4cc8ea6228ddbba9b46ec20e963300bc7c
                              • Instruction ID: 33eaf91cdd7496cac8eae3573ad500e2c926dd07007f93896b9ee02b529b3726
                              • Opcode Fuzzy Hash: 8448cbb1b64b83b1f8addf648e298d4cc8ea6228ddbba9b46ec20e963300bc7c
                              • Instruction Fuzzy Hash: 5E322A73A24BC486E7528F29D4155AA77A4FF9A7C0F825327FE4963B14DB38E191C700
                              Function 00007FF66B738120 Relevance: .5, Instructions: 522COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fc02691d2c166bd90d0cfb055d468540bf479562ebe676bff43234f2ebbbd723
                              • Instruction ID: 5b6b3cc93f48a60d97cd9918cd13730b404c2de08bc5529b818e359dd54a2206
                              • Opcode Fuzzy Hash: fc02691d2c166bd90d0cfb055d468540bf479562ebe676bff43234f2ebbbd723
                              • Instruction Fuzzy Hash: D7321973A24B8486E7528F29D4156AA77A4FF9A7C0F425327FF4963B14DB38E291C700
                              Function 00007FF66B730C40 Relevance: .5, Instructions: 481COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ab73aa79b11cd967c1185394dea81c949a6dabf06e7c47d8c60c780c09b85382
                              • Instruction ID: cece47667f40ccbb416aa963709f97d3949564e71faf959a0ca8d552ed7ae735
                              • Opcode Fuzzy Hash: ab73aa79b11cd967c1185394dea81c949a6dabf06e7c47d8c60c780c09b85382
                              • Instruction Fuzzy Hash: AB22E1B3A14B848AE711CF29D4016AA77B0FB89BC8F419326EF8967719DF38E551C740
                              Function 00007FF66B721420 Relevance: .5, Instructions: 479COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cc513ad19a1cb4f69cbc40da8a27ccd51c6a701a0f75f5b41960e5cd831a1531
                              • Instruction ID: 1b759dd7222e8787ba211f6da7e4e36a427326e7bec80d3e6f6b45e62323f584
                              • Opcode Fuzzy Hash: cc513ad19a1cb4f69cbc40da8a27ccd51c6a701a0f75f5b41960e5cd831a1531
                              • Instruction Fuzzy Hash: 1712F1A3A24B8485EB018F39D4116AAB370FF99B94F419326EF8967715EF39D192C340
                              Function 00007FF66B731500 Relevance: .5, Instructions: 475COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 28cee12d71f886e600b4119b2edc01b71a1d46abf96b7b39e8a8e8a514dc67a6
                              • Instruction ID: 4ba83842b2597b7f9e53c222dd686a1bb73c1950ad0ae9e9c07f0fcaab3b55a3
                              • Opcode Fuzzy Hash: 28cee12d71f886e600b4119b2edc01b71a1d46abf96b7b39e8a8e8a514dc67a6
                              • Instruction Fuzzy Hash: 71228C73E24B8486EB11CB3DD4525A9B370FB9A794B01A316EF89A7716DF35E181C340
                              Function 00007FF66B71FB80 Relevance: .5, Instructions: 471COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d43fdde1815a989b9b6bf9ea41e2e3dbb780a523d3f8c7acb840592ea586844
                              • Instruction ID: a737f70e8eb6de19a4b9757886bb3a3fa0026897870e499930fbc06a9673a4cb
                              • Opcode Fuzzy Hash: 6d43fdde1815a989b9b6bf9ea41e2e3dbb780a523d3f8c7acb840592ea586844
                              • Instruction Fuzzy Hash: C222BB63A24FC581DB21CB39D4466A9B370FBDA780F019316EE8DA3B15EF78E1918740
                              Function 00007FF66B730530 Relevance: .4, Instructions: 407COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02cf38f396628b738e90a7a767d2a73912552fd260eed526a1d7d0e5c61cd43e
                              • Instruction ID: 231b6122b6257c5646072fab83dd1f0440a229fe02c8d8fb2773a738e80df3db
                              • Opcode Fuzzy Hash: 02cf38f396628b738e90a7a767d2a73912552fd260eed526a1d7d0e5c61cd43e
                              • Instruction Fuzzy Hash: C2026972A14B8486EB11DB39D4416EA7370FB9A7C8F019326EF896B719DF38D581C740
                              Function 00007FF66B707350 Relevance: .4, Instructions: 369COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ff31b48562205eaab67610eea54d23f7b458280763c9b6392ffce827203bfbe3
                              • Instruction ID: a60d624c178f22e247229b7b655d48eda1f020cb9a05198f128a1d8862506490
                              • Opcode Fuzzy Hash: ff31b48562205eaab67610eea54d23f7b458280763c9b6392ffce827203bfbe3
                              • Instruction Fuzzy Hash: ADE1057250D6D08EC306CFBD90144A87FBAD369B8470AC373DB9687792D52BD618C761
                              Function 00007FF66B7FFC50 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: 336f14fd89fe7d68585e44f26db5cb52471c729087b9893b1a8292a53852cfec
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: AFC16056D28FC651E303573C9003665A720AFB75D4F00D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B8054A0 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: e73b31853748aa5aba79ede48aeccdb18b66c2c1665e04e17d5d8cc30b7919fa
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 3AC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B7F4BD0 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: c3814a59586efcd776a35b0b9a08f0bafe0e775860505d3c6d0fbe91b2a3cb04
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 8DC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B7FA420 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: 8c9c5d6550fd36da3675ce111a0a8ce9f4157ccf642fde4b82e178f9674265ba
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 23C16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B807210 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: b8937f8533ae4b4debbcb533bece50f73690170556e1818ea88900618187da30
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 63C16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A621
                              Function 00007FF66B7F6940 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: bde9161672d070034d31d13fce5dfbede84fc29e1257c3491fac9c8271be8c08
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 9AC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B7FC180 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: 0667120127cf0f186dc1b6acdba8e1ee8790f23d530f1880ea733d9448850c79
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 5FC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                              Function 00007FF66B8019B0 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction ID: 274f2a514926136110b1fd1f0e4ee778ea05c7a6d507d1a8b8f469614654f314
                              • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                              • Instruction Fuzzy Hash: 01C16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A621
                              Function 00007FF66B7F94D0 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: e9f2eb8f5cca88a25a25fe0c155f67a5d3b72de1dea1cee5c2051818c21695d8
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: EFA16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F4673DB127A85AA22
                              Function 00007FF66B7FED00 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: af4ea2d39f44aa31aaefed146889f82779622fe6f7f0faed831bcf2d1f3ff8b7
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 4DA16156D2CFCA51E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                              Function 00007FF66B8062C0 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: 8b1de409742b05c04d53208ba474cd5e3a5a7f5c88e3aadfdfb3d8340c7bd554
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: DEA16156D1CFC651E3035638A003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                              Function 00007FF66B800A60 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: ce4b5b2d53554a605bc86af92e15b8c4f8346cde77a266e9a827b51a05185815
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 92A16156D1CFCA51E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                              Function 00007FF66B80C9F0 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: 0e52f3b2927227acea98a80f195a677557cf0775a8cc8527f7f38aaa10ba1f86
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 72A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                              Function 00007FF66B7F59F0 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: eda1e784e965cea11fb65c4bb778dfbd0e4f4952c2ba3ca03b199a96d5e2d503
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 37A16156D1CFC651E3035638A003165A320AFB75D4E10D73BFED2F4673DB127A85AA22
                              Function 00007FF66B7FB230 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: 365fc1bf2274d0f30f6899ad44a8c71c4a52d73ee06cad29116ce2dcf8a2e1ab
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 70A16156D2CFC651E30356389003165A320AFB75D4E10D73BFED2F4673DB127A85AA22
                              Function 00007FF66B7197E0 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 233c94472ae64eac0dc36ce54578e65a46dfff1a28ef8d9c4fc7a2fdc7f98083
                              • Instruction ID: 3dc99a3f1fa61b1d020ea9b9ec763e4e42a1b2afa453482f8915edfc8fe51bfa
                              • Opcode Fuzzy Hash: 233c94472ae64eac0dc36ce54578e65a46dfff1a28ef8d9c4fc7a2fdc7f98083
                              • Instruction Fuzzy Hash: D8A17F63A24FC580DB12DB39D4011AAB360FF9AB94F059326EE8DA7B25DF35E1958340
                              Function 00007FF66B808020 Relevance: .2, Instructions: 226COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction ID: 30d99484a5affd1cb715d31fba204b0a580419416c434edf349e14833e16db0f
                              • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                              • Instruction Fuzzy Hash: 17A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                              Function 00007FF66B747010 Relevance: .2, Instructions: 216COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 237bddffa5d047de5b004f2f5dcfb8bac6f4de1ab6db49f837ab484293edc903
                              • Instruction ID: c04aa741ad0ccd4f68bca3f4d34e9bbde169da600ea700ded5643c3365a7299b
                              • Opcode Fuzzy Hash: 237bddffa5d047de5b004f2f5dcfb8bac6f4de1ab6db49f837ab484293edc903
                              • Instruction Fuzzy Hash: B391C373A24B85C1DB10DF25E41119E6760FB9ABC4F459326EE8E97B19DF3CE0868300
                              Function 00007FF66B71CD10 Relevance: .2, Instructions: 215COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bd65414849b9e12c1f790725c5c3a9273f2d6d3a085c959eec426e6c93e8cdd2
                              • Instruction ID: 9ec987ed3282e4542ab43aca553566a7d19d7ea74869e7b937974324b31bc7e1
                              • Opcode Fuzzy Hash: bd65414849b9e12c1f790725c5c3a9273f2d6d3a085c959eec426e6c93e8cdd2
                              • Instruction Fuzzy Hash: 4091C173A14B85C2DB209F26E41119E7760FB9ABC4F45932AEE8D97B19DF78E0858340
                              Function 00007FF66B728A70 Relevance: .2, Instructions: 195COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 051c55ad3cc3dc5380d97b2e6e99cfc1ee00bbda2322a277e640efe1714d0bba
                              • Instruction ID: b8a2e68cf310148b63fe61720bbafbfd204acce4937c01b7633b948b3322341b
                              • Opcode Fuzzy Hash: 051c55ad3cc3dc5380d97b2e6e99cfc1ee00bbda2322a277e640efe1714d0bba
                              • Instruction Fuzzy Hash: E0819163A24F8082E7119F39E4112AAB770FBDAB84F109326EF8967715DF38D581C740
                              Function 00007FF66B7D9D20 Relevance: .2, Instructions: 193COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-0
                              • Opcode ID: 5b8b7b861c0c623f90d3a1095cf849ab6577ae91c4db93b7d491fc4a4acef93c
                              • Instruction ID: 8662996f03507c0c15beca899c1cbd62bb4a614ae058eded3e6f0aa26ee42669
                              • Opcode Fuzzy Hash: 5b8b7b861c0c623f90d3a1095cf849ab6577ae91c4db93b7d491fc4a4acef93c
                              • Instruction Fuzzy Hash: 3A915F32A04B81C1E7059F25E8913AE67B0FB98B94F145639EF8D8BBB5DF78D4918340
                              Function 00007FF66B746C70 Relevance: .2, Instructions: 189COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dbf65506813e8a8266ea8017e2eddde827c9295cdd58f0bc307018baf71d1350
                              • Instruction ID: 090895befe1e203501f303130a5040f028b3b6193027060fdaf43b9a1c70d6cd
                              • Opcode Fuzzy Hash: dbf65506813e8a8266ea8017e2eddde827c9295cdd58f0bc307018baf71d1350
                              • Instruction Fuzzy Hash: 5181E072A14B95C5E7509F25E8106AA37B0FB89B84F828236DE8D57718DF3CE055CB40
                              Function 00007FF66B71C980 Relevance: .2, Instructions: 188COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b2e6e07617f18ded6bc3e3d9d248a318ed27d4f029b2735121e159b9c3873e78
                              • Instruction ID: d1044d13bc2bdbd3a0a0390ba61cd2357311e52d8882d975568521b1854b3925
                              • Opcode Fuzzy Hash: b2e6e07617f18ded6bc3e3d9d248a318ed27d4f029b2735121e159b9c3873e78
                              • Instruction Fuzzy Hash: A181F133A14B95C6E7619F25E8106AA77B0FB89B84F85823ADE8D57714DF3CE051CB40
                              Function 00007FF66B730230 Relevance: .2, Instructions: 179COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 538df35bac2b0b382e239122cddd70f161197cb0b932976ffb6624dade5687fc
                              • Instruction ID: 84415cd5bb9574718c02d03444489d74f0e770b5c9b900e257f656f0ad0fce17
                              • Opcode Fuzzy Hash: 538df35bac2b0b382e239122cddd70f161197cb0b932976ffb6624dade5687fc
                              • Instruction Fuzzy Hash: 4371C363A14F8481E711DF29D4012AAB370FB99B98F10A32AEF8D67719DF38D581C740
                              Function 00007FF66B7ED070 Relevance: .2, Instructions: 167COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0a2b31d825bc39900ddc7804d3f56794b80f4101aee30cac59ee29752e107e25
                              • Instruction ID: 661bb415ad28e33584cf83893f632dfe65451e7b56623959500a018fe2c88281
                              • Opcode Fuzzy Hash: 0a2b31d825bc39900ddc7804d3f56794b80f4101aee30cac59ee29752e107e25
                              • Instruction Fuzzy Hash: 6071632311D2D0CEC366CF79A4400AE7FB0D76A744B48815AEBD58BB57C62CD745CB61
                              Function 00007FF66B80F890 Relevance: .2, Instructions: 163COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 60235fe4dc57bf39b673ad26517e87185ac791301621a42a26dd550df1242b62
                              • Instruction ID: 7993fd6d75420131ea0f725c65d52e6ce57b524d304acc8dbc0c71be97b9dd5f
                              • Opcode Fuzzy Hash: 60235fe4dc57bf39b673ad26517e87185ac791301621a42a26dd550df1242b62
                              • Instruction Fuzzy Hash: 05818D23E18BC582E221CB38E5417F96760F7E9788F15E724DFC866A56EF28D285C740
                              Function 00007FF66B7F3410 Relevance: .1, Instructions: 145COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8eb8d0335b54d9b05304a1c7fe36590fc33a68fc2ff89287a318044e3e34a436
                              • Instruction ID: 79b690dea8c933617eeac32f5e5f5fc64a835c54523b4498c1622b6770d1802a
                              • Opcode Fuzzy Hash: 8eb8d0335b54d9b05304a1c7fe36590fc33a68fc2ff89287a318044e3e34a436
                              • Instruction Fuzzy Hash: B0412D92A34AF507D317013D28025799ED0CED3786780E32AF9F5BAB92D709D252A350
                              Function 00007FF66B7F3C20 Relevance: .1, Instructions: 145COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1e33040d17acf127ae18a379b7551e09cf88f318cad9050f93baa7f425ab3dfc
                              • Instruction ID: 5bb47973af2b10dce2c66e0743052cbd5e29d256de6e4804ea79fb2fac7a59bc
                              • Opcode Fuzzy Hash: 1e33040d17acf127ae18a379b7551e09cf88f318cad9050f93baa7f425ab3dfc
                              • Instruction Fuzzy Hash: 92412D92A34AF507D317013D28025799ED0CED3786780E32AFDF5BAB92D709E252A350
                              Function 00007FF66B7F3970 Relevance: .1, Instructions: 145COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 71bb2a3a8507f8c1bca5c44f9f3237c45aaa5d10e08b0740922e23203d516326
                              • Instruction ID: 0ab0b5f9033be276b134f6e58d1d4037cc4920a8e282317277fd1f7775e95f2f
                              • Opcode Fuzzy Hash: 71bb2a3a8507f8c1bca5c44f9f3237c45aaa5d10e08b0740922e23203d516326
                              • Instruction Fuzzy Hash: 68412DD2A34AF507D317013D28025799ED0CED3786780E32AF9F5BAB92D709D252A350
                              Function 00007FF66B736B80 Relevance: .1, Instructions: 117COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dca16760c16045323fb2a8147a8deaac5a83d9e0392267e522cfab10fc015eeb
                              • Instruction ID: 244983f904e094fc9abc9e196ea9ee6cb97be93c9176aa9d983d9cb9e67c792e
                              • Opcode Fuzzy Hash: dca16760c16045323fb2a8147a8deaac5a83d9e0392267e522cfab10fc015eeb
                              • Instruction Fuzzy Hash: 3441C223A24FC5C1EB20DF25E85129973A0FB9AB84F459236DE8D97719DF38D185C740
                              Function 00007FF66B7C7AC0 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 422 7ff66b7c7ac0-7ff66b7c7c11 call 7ff66b7c7140 * 10
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                              • API String ID: 3255926029-3252031757
                              • Opcode ID: 91240c9a3aa641d89153d2bf06212acd11137062757dc36d65217fd2db88123f
                              • Instruction ID: b4433e5779e8dd9a8555feb0cb747c355805a269fc14ef23c3cd748920e09a21
                              • Opcode Fuzzy Hash: 91240c9a3aa641d89153d2bf06212acd11137062757dc36d65217fd2db88123f
                              • Instruction Fuzzy Hash: E5316D60A18A8BE9E624DF54E8626F02731EF4C305FC0603BE50D9F1B59F7CAA49C381
                              Function 00007FF66B7E7420 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 94synchronizationCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: CriticalSection$EnterErrorLastLeave$BreakDebugFormatFreeLocalMessageObjectReleaseSemaphoreSingleWait
                              • String ID: ReleaseSemaphore$WaitForSingleObject
                              • API String ID: 1615886272-4124537571
                              • Opcode ID: e9cc749e60f475d9a44ed2d54b6e60c7d89acd2eb14e1c7f009ab47b21cadf54
                              • Instruction ID: 7e37304bcefd639c0ab93c723bb975000ff8191feb9e3a430ca0a2fc5913e7fe
                              • Opcode Fuzzy Hash: e9cc749e60f475d9a44ed2d54b6e60c7d89acd2eb14e1c7f009ab47b21cadf54
                              • Instruction Fuzzy Hash: 88415F72A08A82D2EB109F20E8402B97771FF48B64F484635DA6D8B6F9DF7CD846C750
                              Function 00007FF66B770CA0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94networksynchronizationCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1826 7ff66b770ca0-7ff66b770ccd 1827 7ff66b770cf9-7ff66b770d14 CreateEventA 1826->1827 1828 7ff66b770ccf-7ff66b770cf7 1826->1828 1830 7ff66b770d16-7ff66b770d18 1827->1830 1831 7ff66b770d91 1827->1831 1829 7ff66b770d1b-7ff66b770d5c 1828->1829 1834 7ff66b770dc2-7ff66b770dc4 1829->1834 1835 7ff66b770d5e-7ff66b770d63 1829->1835 1830->1829 1832 7ff66b770d96-7ff66b770db4 1831->1832 1838 7ff66b770dc6-7ff66b770dcc 1834->1838 1839 7ff66b770dde-7ff66b770de8 WSASetLastError 1834->1839 1836 7ff66b770db9-7ff66b770dbc CloseHandle 1835->1836 1837 7ff66b770d65-7ff66b770d76 WaitForSingleObject 1835->1837 1836->1834 1841 7ff66b770d78-7ff66b770d8b GetLastError CloseHandle WSASetLastError 1837->1841 1842 7ff66b770db5 1837->1842 1843 7ff66b770dd9 1838->1843 1844 7ff66b770dce-7ff66b770dd7 call 7ff66b770900 1838->1844 1839->1831 1840 7ff66b770dea-7ff66b770dec 1839->1840 1840->1832 1841->1831 1842->1836 1843->1839 1844->1839
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast$CloseHandle$CreateEventObjectSingleWait
                              • String ID: $
                              • API String ID: 1659421480-227171996
                              • Opcode ID: 814e11ab62e77d39b33319818ca8f5031c5b562b9c142cd7743e2281ea6eb97f
                              • Instruction ID: a0de04f141b2dabc88a3aa061d436a07a070e23247ce2cb64d3cb5fdcc697356
                              • Opcode Fuzzy Hash: 814e11ab62e77d39b33319818ca8f5031c5b562b9c142cd7743e2281ea6eb97f
                              • Instruction Fuzzy Hash: 5131E736B08752C6E7209F61A44492967B1FB5CBA0F180235EE6987BF4CF7DF8019700
                              Function 00007FF66B763D00 Relevance: 10.6, APIs: 7, Instructions: 94registryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast$ItemObjectQueueRegisterSingleUserWaitWork
                              • String ID:
                              • API String ID: 1560240253-0
                              • Opcode ID: eeb17fedcdb5142e3386fb1f08de7f2ba6d5cec0eaaf99e4a6ea21e014e94945
                              • Instruction ID: 4e139150f3e10a6ea6a474f2c85e15abd6f56b59ce0298b25bd120db77a15d0f
                              • Opcode Fuzzy Hash: eeb17fedcdb5142e3386fb1f08de7f2ba6d5cec0eaaf99e4a6ea21e014e94945
                              • Instruction Fuzzy Hash: B4414E32908B81D6E3648F26E5402A977B4FB4CB44F584239DB9D87A74EF38E4E4C700
                              Function 00007FF66B7D3A10 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                              • String ID: CONOUT$
                              • API String ID: 3230265001-3130406586
                              • Opcode ID: 15af370bf763f069f52876f87fad64a7a75a2c89b340c3f415ddd61936df9302
                              • Instruction ID: f141c368b894ac59b2cc2a121f06e5827f84a7a02246a408d3f8643997812d4b
                              • Opcode Fuzzy Hash: 15af370bf763f069f52876f87fad64a7a75a2c89b340c3f415ddd61936df9302
                              • Instruction Fuzzy Hash: 74115E22B18A42C6E7609B56F85432966B4FB9CBE4F044238EE6DCB7B4CF7CD9448744
                              Function 00007FF66B716A50 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                              • String ID:
                              • API String ID: 1102183713-0
                              • Opcode ID: 66dfc2bc74e36f4536d11ace84cb251e6dc4e5b29a4e980d63146d2e4b7f7949
                              • Instruction ID: a949e310ee3827c1a6b7030e6be1e398b1d30b5943a2a3ec873427f956625c12
                              • Opcode Fuzzy Hash: 66dfc2bc74e36f4536d11ace84cb251e6dc4e5b29a4e980d63146d2e4b7f7949
                              • Instruction Fuzzy Hash: 06416D22A09B42D0EB259B18E4503B96B75FB98B94F1C8135CA4D8B3F5DF3CE585C350
                              Function 00007FF66B7B7490 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 2210144848-0
                              • Opcode ID: 6f866d664af9e6b83447b2c36e61fab4267186273638c856a959148488b32ccc
                              • Instruction ID: d8bc3173698334863b9d1b0024b502c66d58f1db66aca53e682c42483d1b9d44
                              • Opcode Fuzzy Hash: 6f866d664af9e6b83447b2c36e61fab4267186273638c856a959148488b32ccc
                              • Instruction Fuzzy Hash: 7381AD22E18652D9FB549F69D8906BC2AB1BF4CB89F440139DA0E9B6B1DF3CA441CB10
                              Function 00007FF66B7651E0 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: BufferConsoleInfoScreen
                              • String ID:
                              • API String ID: 3437242342-0
                              • Opcode ID: b53ea00cebd40e770cc94a8e5450a1a270c52d8ba46037af354d465eaad8f65c
                              • Instruction ID: fbd335d83deaa4db0366e06803c934370c9ba6ff7ba070f15bc2a3b95ddbed88
                              • Opcode Fuzzy Hash: b53ea00cebd40e770cc94a8e5450a1a270c52d8ba46037af354d465eaad8f65c
                              • Instruction Fuzzy Hash: 97818632B1C656C6D7648B26B48077D7AB1FB98B45F500139DA4ACBBB5EF3CE4449B00
                              Function 00007FF66B765060 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast$Console$BufferCursorInfoPositionScreen
                              • String ID:
                              • API String ID: 2684649943-0
                              • Opcode ID: 15511788e1d330aedf4985c23f321499d275939ce5b360fa25c8879ee54c09e5
                              • Instruction ID: b5194236adcce3a0fc31cb9c1cbcbde6af92b5eee6799a7db561697a0135ac32
                              • Opcode Fuzzy Hash: 15511788e1d330aedf4985c23f321499d275939ce5b360fa25c8879ee54c09e5
                              • Instruction Fuzzy Hash: 48419122A08646C6E324CB25B85057E7BB5FB9C755F100238EA5DCA6B5FF3CE845DB00
                              Function 00007FF66B716BE0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                              • String ID:
                              • API String ID: 459529453-0
                              • Opcode ID: ccd45bfdc7f7fa5f318b369a14bf029eaa0acc61c784431ca12860f6dc1c6762
                              • Instruction ID: 4e4aa8c805fa348b4a264c852bc25a6ce80ecb5c4f69daa733701b18245f9a18
                              • Opcode Fuzzy Hash: ccd45bfdc7f7fa5f318b369a14bf029eaa0acc61c784431ca12860f6dc1c6762
                              • Instruction Fuzzy Hash: C0413832A09B42D0EA259F15E8603B96BB1EB9CB94F0C4135CA5D8B3F6EF3CE5458350
                              Function 00007FF66B76D1B0 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: CriticalSection$CancelEnterLeave
                              • String ID:
                              • API String ID: 4260397832-0
                              • Opcode ID: b631b3e411eb0ba31c5c9b68d27e687c3bd3e68f05547bb762fa21174a77f9da
                              • Instruction ID: 59641aad647cafeb0bf2b308ff2fed9c3d50ffdf81d8fd0930daaf757a9ad8aa
                              • Opcode Fuzzy Hash: b631b3e411eb0ba31c5c9b68d27e687c3bd3e68f05547bb762fa21174a77f9da
                              • Instruction Fuzzy Hash: 5D114231A25642D2EB548B25E4893B82361EB48B78F180334E93D8F2F4DF7CD9958314
                              Function 00007FF66B704840 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 208COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              • { "api": { "id": null, "worker-id": null }, "http": { "enabled": false, "host": "127.0.0.1", "port": 0, "access-token": null, "restricted": true }, "autosave": false, "version": 1, xrefs: 00007FF66B704A36
                              • string too long, xrefs: 00007FF66B704844
                              • config.json, xrefs: 00007FF66B70494A
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionThrowXinvalid_argumentstd::_
                              • String ID: { "api": { "id": null, "worker-id": null }, "http": { "enabled": false, "host": "127.0.0.1", "port": 0, "access-token": null, "restricted": true }, "autosave": false, "version": 1$config.json$string too long
                              • API String ID: 51951774-2348823907
                              • Opcode ID: e0baedd4f58731578ee2149a23ed377dede426c13bb8f47cd629061935baff3d
                              • Instruction ID: df73ceed55630749de70870d3eba90b9b7f1ad46649bf1078240f38a606128c4
                              • Opcode Fuzzy Hash: e0baedd4f58731578ee2149a23ed377dede426c13bb8f47cd629061935baff3d
                              • Instruction Fuzzy Hash: EC914B72A18B85C1EB00DB21E8802AD7770FB89B94F105236EA8D9BBB9DF7CD455C740
                              Function 00007FF66B714C80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionThrow
                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                              • API String ID: 432778473-1866435925
                              • Opcode ID: b3b7852f9c8b3f823a9b54919673e778e53c4232fe196ca441d960dbfd48c92a
                              • Instruction ID: f6bdf2b534d90548e51a6703012a524b900113b122003811eeaf15ce2d73bd26
                              • Opcode Fuzzy Hash: b3b7852f9c8b3f823a9b54919673e778e53c4232fe196ca441d960dbfd48c92a
                              • Instruction Fuzzy Hash: 8E419E72605B86D5DB10CF19E6912A87BB0FB88B88F588536CB1D8B3B0DF38D566C740
                              Function 00007FF66B716480 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 110COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                              • API String ID: 0-1866435925
                              • Opcode ID: af51aba71734f2234834fb7c9865e2f7269a77f704942f2437ee904e9977284d
                              • Instruction ID: bd827d278d93ee08707a920e4367fd150011d5a444055561ab215e2e7fdc8576
                              • Opcode Fuzzy Hash: af51aba71734f2234834fb7c9865e2f7269a77f704942f2437ee904e9977284d
                              • Instruction Fuzzy Hash: B8415B72605A45C2DB64CF19D4903697BB0FB88F94F58823ACA5E8B7B4DF38D946C700
                              Function 00007FF66B7169A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionThrow
                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                              • API String ID: 432778473-1866435925
                              • Opcode ID: b43d8aa3543ba4050381859482258e9b7a41e4f0adf89a989cb268dc93de194d
                              • Instruction ID: cc7bc1cad319a543fbb4424f991b215410b84f18e011327965fb7f632bb8b22e
                              • Opcode Fuzzy Hash: b43d8aa3543ba4050381859482258e9b7a41e4f0adf89a989cb268dc93de194d
                              • Instruction Fuzzy Hash: 35118462605949C1EF10DF18D4912796B70EF88BA4F5C4335DA6E8B2F5DF2CD586C740
                              Function 00007FF66B712CE0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 255COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Concurrency::cancel_current_taskMtx_unlockXinvalid_argumentstd::_
                              • String ID: list<T> too long
                              • API String ID: 769516727-4027344264
                              • Opcode ID: b6493fd9deeeae7f68379cfe2d0b7fe73c4a827ebd78f726660df5924ca12df8
                              • Instruction ID: 02df964a8714b6015cb05ab95695e1160120e07ec12ee133c777ed0f15018a52
                              • Opcode Fuzzy Hash: b6493fd9deeeae7f68379cfe2d0b7fe73c4a827ebd78f726660df5924ca12df8
                              • Instruction Fuzzy Hash: ABB12436A04B45D6E714DF61E4902AD37B5EB48B88F184236CF4D9B7AADF38E495C380
                              Function 00007FF66B7C97D4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: e+000$gfff
                              • API String ID: 3215553584-3030954782
                              • Opcode ID: 057e653fce0ef44d99c85066f72a6e4d23ab2676da1800e41d6b4f204fd62d8a
                              • Instruction ID: 6a3c5a3043cbbcfe525ce00f45891756bcc938387cff8bbc70246e60e17a1464
                              • Opcode Fuzzy Hash: 057e653fce0ef44d99c85066f72a6e4d23ab2676da1800e41d6b4f204fd62d8a
                              • Instruction Fuzzy Hash: E3511962B187C1CAE7A58F399841369AFA1E794B94F489235C79C8BBF6CF2CD444C701
                              Function 00007FF66B7B7234 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorFileLastWrite
                              • String ID: U
                              • API String ID: 442123175-4171548499
                              • Opcode ID: 5e4e9e54c1aa22bbb616cd923bef572ced648aea231344f0bb5886cbeb0cfb00
                              • Instruction ID: 49b34692178d145df53550599ad49494559c2cf19529976382ec4538aef2a643
                              • Opcode Fuzzy Hash: 5e4e9e54c1aa22bbb616cd923bef572ced648aea231344f0bb5886cbeb0cfb00
                              • Instruction Fuzzy Hash: 3141B162B18A85D6EB208F25E4443A97BB0FB88794F854035EE4ECB7A8DF3CD541CB40
                              Function 00007FF66B76C110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: CompletionPostQueuedStatus
                              • String ID: PostQueuedCompletionStatus
                              • API String ID: 2005739868-3446536168
                              • Opcode ID: 85a9d270cb790d5abed5892fce37c96ccd3802dbcba5f30a14b5f30ff797ad68
                              • Instruction ID: 4fefa96a243d71c3de43fa0dc87835d0868482ab1799fcaf775922ec8564e424
                              • Opcode Fuzzy Hash: 85a9d270cb790d5abed5892fce37c96ccd3802dbcba5f30a14b5f30ff797ad68
                              • Instruction Fuzzy Hash: F1316172A05685C6EE598B6AD4442BC37B1FB4CB45F584435DA2C8B370EF39D9968700
                              Function 00007FF66B7C78F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: Stringtry_get_function
                              • String ID: LCMapStringEx
                              • API String ID: 2588686239-3893581201
                              • Opcode ID: 3a25a87fb23d3b020f50f2a4456e4c839537dcb3ea42e7d36bfd0bc77db2e87b
                              • Instruction ID: af6ee48a359ff3a72881a348568a66c4a7859a964dd14ebf06eebca18bc71c6f
                              • Opcode Fuzzy Hash: 3a25a87fb23d3b020f50f2a4456e4c839537dcb3ea42e7d36bfd0bc77db2e87b
                              • Instruction Fuzzy Hash: 0E11FC36608B81CAD760CB56B4402AAB7B5F78DB90F54413AEE8D87B69DF3CD5448B40
                              Function 00007FF66B763367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: UnregisterWait
                              • String ID: UnregisterWaitEx
                              • API String ID: 2974071796-3194662728
                              • Opcode ID: 96736a56b12e9d5ec6cee067ab60e91e6458c612f9e026bf870b5747563a4665
                              • Instruction ID: f43af106347ebf090f38179dd48be10698331169ffc875fdf6139247adb6e859
                              • Opcode Fuzzy Hash: 96736a56b12e9d5ec6cee067ab60e91e6458c612f9e026bf870b5747563a4665
                              • Instruction Fuzzy Hash: 3E019E32A18582D6E7304F2E944027C3B71EB09B74F080334DA798B6F8EE28E895D750
                              Function 00007FF66B7C77C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF66B700000, based on PE: true
                              • Associated: 00000003.00000002.1486674943.00007FF66B700000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66B84A000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BADA000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1486696175.00007FF66BAEC000.00000040.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487100064.00007FF66BAEE000.00000080.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000003.00000002.1487121555.00007FF66BAF0000.00000004.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_7ff66b700000_VnYfUNA.jbxd
                              Yara matches
                              Similarity
                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                              • String ID: InitializeCriticalSectionEx
                              • API String ID: 539475747-3084827643
                              • Opcode ID: f0be8cbf3ad190b351ddd9c4fb8100e56dbbdb331066f4260019902eb9f3bce6
                              • Instruction ID: 8deac35f2932a0606c2e48819f94c33b8596766f8dd85fb382f463aebd040b9d
                              • Opcode Fuzzy Hash: f0be8cbf3ad190b351ddd9c4fb8100e56dbbdb331066f4260019902eb9f3bce6
                              • Instruction Fuzzy Hash: BAF0BE21A08642D2EA158B41E5400A52670EF4CB80F48903DDA6D9BB75CF3CD844C340