Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1522740
MD5:4178bac91df58826af26760d0519dc75
SHA1:19d7c2b17f2b7e58cfc2de9da425a106bd556bcd
SHA256:a7847a3df956c6ef6f88ba1386af47d9e974cd08285cb9fbd93c95dd5166c251
Tags:exex64user-jstrosch
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Drops executables to the windows directory (C:\Windows) and starts them
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4178BAC91DF58826AF26760D0519DC75)
    • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • JvuHRXO.exe (PID: 7360 cmdline: C:\Windows\System32\JvuHRXO.exe MD5: EFE5567C52CDCBC8690FD321EC00F4C6)
    • wkKSPgp.exe (PID: 7376 cmdline: C:\Windows\System32\wkKSPgp.exe MD5: 929C31014AA7306D984B55A172B50A05)
    • gaDJFNb.exe (PID: 7392 cmdline: C:\Windows\System32\gaDJFNb.exe MD5: 3C6F7F8151777308053B0A3D2289156A)
    • ehLRfQc.exe (PID: 7408 cmdline: C:\Windows\System32\ehLRfQc.exe MD5: 58618D756BB2B3A175CC8DFB65BE7F66)
    • OTQisvZ.exe (PID: 7428 cmdline: C:\Windows\System32\OTQisvZ.exe MD5: E83C60B58124A5275584D15BA2B3CF31)
    • AvKmyWx.exe (PID: 7444 cmdline: C:\Windows\System32\AvKmyWx.exe MD5: 841BEA0ABC6175B71CF54816D381E9A6)
    • XaZvEHG.exe (PID: 7460 cmdline: C:\Windows\System32\XaZvEHG.exe MD5: 1E79FAB138B52D40408396604E7A89D0)
    • oblCraV.exe (PID: 7476 cmdline: C:\Windows\System32\oblCraV.exe MD5: C06B94C5DAC30E49FDD09C6A2A7C8D19)
    • YuhEzpi.exe (PID: 7492 cmdline: C:\Windows\System32\YuhEzpi.exe MD5: A5D4B65C0F5E9766461FF2B0F4C815C6)
    • DYRnoDf.exe (PID: 7508 cmdline: C:\Windows\System32\DYRnoDf.exe MD5: A6403A65B8303085E94CE9310A448013)
    • biTFilm.exe (PID: 7524 cmdline: C:\Windows\System32\biTFilm.exe MD5: 79F501C63616597374F43B9FED4B1A93)
    • BXwYBdZ.exe (PID: 7540 cmdline: C:\Windows\System32\BXwYBdZ.exe MD5: 304FAB3A2BC6B94A463C737CF9711097)
    • AJbunRc.exe (PID: 7556 cmdline: C:\Windows\System32\AJbunRc.exe MD5: 9249C26A0C05508DC019A58EC0C1E2D6)
    • SUqdJFj.exe (PID: 7600 cmdline: C:\Windows\System32\SUqdJFj.exe MD5: 8D908ED8EF0402B5AB264EE4594F3A79)
    • TIHWeXa.exe (PID: 7620 cmdline: C:\Windows\System32\TIHWeXa.exe MD5: 54410A03DE36A3DD45485B857A5B3753)
    • PXvfCpI.exe (PID: 7636 cmdline: C:\Windows\System32\PXvfCpI.exe MD5: 533E23733BABCC29390780A5146B1CF4)
    • dhdvyXn.exe (PID: 7652 cmdline: C:\Windows\System32\dhdvyXn.exe MD5: 341B372A6E1B883CE92F64DAB373A2D1)
    • QMneGpM.exe (PID: 7668 cmdline: C:\Windows\System32\QMneGpM.exe MD5: 883E2DF487DD73EC9FF3EC7D55C33572)
    • ODEkuhr.exe (PID: 7684 cmdline: C:\Windows\System32\ODEkuhr.exe MD5: 66DBD24ABCD99942214566774EBEB69A)
    • VFmvQYa.exe (PID: 7700 cmdline: C:\Windows\System32\VFmvQYa.exe MD5: 61292ABF6BC248C5B46499F4CAC74B75)
    • FJbyTtP.exe (PID: 7716 cmdline: C:\Windows\System32\FJbyTtP.exe MD5: 50E70B08C468FC6A4CE90728D7D345A4)
    • FTsRyWe.exe (PID: 7732 cmdline: C:\Windows\System32\FTsRyWe.exe MD5: F6FA7545DFB588110D679B9B2D75CAE3)
    • uUnCnJC.exe (PID: 7748 cmdline: C:\Windows\System32\uUnCnJC.exe MD5: AA04864EAF71339517E97CB478B7A713)
    • NbSGhVM.exe (PID: 7764 cmdline: C:\Windows\System32\NbSGhVM.exe MD5: CE99976E2ACE058B821BA6C6FC97AAE6)
    • WJJOByy.exe (PID: 7780 cmdline: C:\Windows\System32\WJJOByy.exe MD5: 26627894C10B22509E23F1BA97445377)
    • DNWTLfi.exe (PID: 7796 cmdline: C:\Windows\System32\DNWTLfi.exe MD5: 72A3D455067D2ABD9D9606F78856FEAD)
    • JVLiIAQ.exe (PID: 7812 cmdline: C:\Windows\System32\JVLiIAQ.exe MD5: 60C427DC5B7212AE6F10165CC4848ACF)
    • eTlchBa.exe (PID: 7828 cmdline: C:\Windows\System32\eTlchBa.exe MD5: 1CE5A93FF2C2015A32FA3AD7FBB5A1B6)
    • FmDRJeq.exe (PID: 7844 cmdline: C:\Windows\System32\FmDRJeq.exe MD5: 60C73320719C5E50A9245FBB0A6BF53D)
    • JxXCqVa.exe (PID: 7860 cmdline: C:\Windows\System32\JxXCqVa.exe MD5: A662C82861FF6D4B5EC0D01658010347)
    • qulWMNK.exe (PID: 7876 cmdline: C:\Windows\System32\qulWMNK.exe MD5: B6CE0FBF5B338360494444FC268D4B8A)
    • KvrKIPQ.exe (PID: 7892 cmdline: C:\Windows\System32\KvrKIPQ.exe MD5: 2A193B3E90BD493310609819108D476C)
    • zgnppqX.exe (PID: 7908 cmdline: C:\Windows\System32\zgnppqX.exe MD5: D7D2CE8CDA6DB1CCE2F7BEEE3CAFB325)
    • VeDzKyt.exe (PID: 7924 cmdline: C:\Windows\System32\VeDzKyt.exe MD5: FC5C0E5903F220CB4693672BA774C9F0)
    • Emkynwd.exe (PID: 7940 cmdline: C:\Windows\System32\Emkynwd.exe MD5: 0434051E980CE3C204BB982D764E8003)
    • UTMWcnW.exe (PID: 7960 cmdline: C:\Windows\System32\UTMWcnW.exe MD5: 380180CF328326AE0989418E4BE15B19)
    • nUwvlEf.exe (PID: 7976 cmdline: C:\Windows\System32\nUwvlEf.exe MD5: 5F36D419216284460276CB13F11C34A5)
    • FSsBuPy.exe (PID: 7992 cmdline: C:\Windows\System32\FSsBuPy.exe MD5: B7662CD52112E08B2FD1CFCBDB637951)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000028.00000002.1405612196.00007FF6EC711000.00000040.00000001.01000000.00000029.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
    00000015.00000002.1383052956.00007FF7FA7C1000.00000040.00000001.01000000.00000016.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      0000000C.00000002.1375078736.00007FF6E0B31000.00000040.00000001.01000000.0000000D.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000022.00000002.1396382038.00007FF76A091000.00000040.00000001.01000000.00000023.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          0000001F.00000002.1392384745.00007FF6CC6E1000.00000040.00000001.01000000.00000020.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            Click to see the 33 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.OTQisvZ.exe.7ff63cce0000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              7.2.OTQisvZ.exe.7ff63cce0000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
              • 0x12d591:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
              4.2.wkKSPgp.exe.7ff7e2fb0000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                4.2.wkKSPgp.exe.7ff7e2fb0000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
                • 0x12d591:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
                31.2.FmDRJeq.exe.7ff6cc6e0000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                  Click to see the 71 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Windows\System32\ENNjqpn.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BZXlXZF.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AAFWtMo.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DYRnoDf.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\ENASfEY.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\EeTDKLH.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AvKmyWx.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CGHEajN.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AJbunRc.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DecYaAF.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BGEmobC.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CwZoVMx.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BQVZXof.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BlxXZNI.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DNWTLfi.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\EYQygjH.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BBTtOmS.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AoDqPum.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AeHKOUk.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CStEhbp.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DjFGkEO.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\DoYQIEQ.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BkMxlYA.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AmlHggH.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AINedvE.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AfwGLOC.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\ANovuUs.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AOxtNit.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\CgshOaM.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\BXwYBdZ.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Source: C:\Windows\System32\AARFjPz.exeAvira: detection malicious, Label: PUA/CoinMiner.Gen
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 84%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
                  Machine Learning detection for dropped file
                  Source: C:\Windows\System32\ENNjqpn.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BZXlXZF.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AAFWtMo.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DYRnoDf.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\ENASfEY.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\EeTDKLH.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AvKmyWx.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CGHEajN.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AJbunRc.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DecYaAF.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BGEmobC.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CwZoVMx.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BQVZXof.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BlxXZNI.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DNWTLfi.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\EYQygjH.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BBTtOmS.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AoDqPum.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AeHKOUk.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CStEhbp.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DjFGkEO.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\DoYQIEQ.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BkMxlYA.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AmlHggH.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AINedvE.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AfwGLOC.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\ANovuUs.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AOxtNit.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\CgshOaM.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\BXwYBdZ.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\AARFjPz.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: 7.2.OTQisvZ.exe.7ff63cce0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.wkKSPgp.exe.7ff7e2fb0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.FmDRJeq.exe.7ff6cc6e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 26.2.NbSGhVM.exe.7ff6b47a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 37.2.Emkynwd.exe.7ff7750c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.JxXCqVa.exe.7ff601720000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.2.WJJOByy.exe.7ff77f320000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.AJbunRc.exe.7ff695c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.DNWTLfi.exe.7ff6f3450000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.XaZvEHG.exe.7ff61d670000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.YuhEzpi.exe.7ff740490000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 40.2.FSsBuPy.exe.7ff6ec710000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.PXvfCpI.exe.7ff63fd90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 38.2.UTMWcnW.exe.7ff74e920000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.DYRnoDf.exe.7ff6e0b30000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.2.FJbyTtP.exe.7ff72c9d0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.biTFilm.exe.7ff650c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.qulWMNK.exe.7ff75ce90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.eTlchBa.exe.7ff781b70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.SUqdJFj.exe.7ff6abe50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 35.2.zgnppqX.exe.7ff7fb250000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.dhdvyXn.exe.7ff741710000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 39.2.nUwvlEf.exe.7ff602d90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.VFmvQYa.exe.7ff7bf040000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.TIHWeXa.exe.7ff78ccd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 24.2.FTsRyWe.exe.7ff69f8a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.AvKmyWx.exe.7ff610230000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 34.2.KvrKIPQ.exe.7ff76a090000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.JVLiIAQ.exe.7ff7f0e60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.ODEkuhr.exe.7ff7fa7c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.JvuHRXO.exe.7ff6e1ed0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.gaDJFNb.exe.7ff6273a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.oblCraV.exe.7ff6a9e60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.uUnCnJC.exe.7ff6c4430000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.ehLRfQc.exe.7ff647cc0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.QMneGpM.exe.7ff765d80000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.VeDzKyt.exe.7ff6be0a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.BXwYBdZ.exe.7ff7f5f90000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000028.00000002.1405612196.00007FF6EC711000.00000040.00000001.01000000.00000029.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.1383052956.00007FF7FA7C1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.1375078736.00007FF6E0B31000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.1396382038.00007FF76A091000.00000040.00000001.01000000.00000023.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.1392384745.00007FF6CC6E1000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.1363257135.00007FF647CC1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000023.00000002.1398206646.00007FF7FB251000.00000040.00000001.01000000.00000024.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.1375345435.00007FF650C61000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.1366048511.00007FF6A9E61000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1362497526.00007FF6273A1000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000026.00000002.1403867031.00007FF74E921000.00000040.00000001.01000000.00000027.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000027.00000002.1404780984.00007FF602D91000.00000040.00000001.01000000.00000028.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.1383923541.00007FF7BF041000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.1395070392.00007FF75CE91000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.1388605319.00007FF77F321000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1361257869.00007FF7E2FB1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.1367675145.00007FF740491000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.1386427447.00007FF6C4431000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.1364920698.00007FF61D671000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.1390364369.00007FF7F0E61000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.1375169466.00007FF7F5F91000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.1393342592.00007FF601721000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.1380687334.00007FF63FD91000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.1385460441.00007FF69F8A1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000025.00000002.1402533725.00007FF7750C1000.00000040.00000001.01000000.00000026.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.1389033820.00007FF6F3451000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1364414958.00007FF610231000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.1381609239.00007FF741711000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.1382041502.00007FF765D81000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000002.1385081519.00007FF72C9D1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001A.00000002.1387497734.00007FF6B47A1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.1379338394.00007FF78CCD1000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.1376970168.00007FF695C61000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.1391714498.00007FF781B71000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.1378219320.00007FF6ABE51000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.1400934255.00007FF6BE0A1000.00000040.00000001.01000000.00000025.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.1363885220.00007FF63CCE1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                  Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF6E1F3EBF0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E301EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,4_2_00007FF7E301EBF0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62740EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,5_2_00007FF62740EBF0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D2EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,6_2_00007FF647D2EBF0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD4EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,7_2_00007FF63CD4EBF0
                  Source: C:\Windows\System32\AvKmyWx.exeCode function: 8_2_00007FF61029EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,8_2_00007FF61029EBF0
                  Source: C:\Windows\System32\XaZvEHG.exeCode function: 9_2_00007FF61D6DEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,9_2_00007FF61D6DEBF0
                  Found strings related to Crypto-Mining
                  Source: JvuHRXO.exeString found in binary or memory: stratum+tcp://
                  Source: JvuHRXO.exeString found in binary or memory: cryptonight/double
                  Source: JvuHRXO.exeString found in binary or memory: stratum+tcp://
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drString found in binary or memory: https://gettodaveriviedt0.com/secur3-appleld-verlfy1/?16shop)
                  Source: file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drString found in binary or memory: https://pdfcrowd.com/?ref=pdf)
                  Source: file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drString found in binary or memory: https://pdfcrowd.com/doc/api/?ref=pdf)

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 7.2.OTQisvZ.exe.7ff63cce0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 4.2.wkKSPgp.exe.7ff7e2fb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.FmDRJeq.exe.7ff6cc6e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 26.2.NbSGhVM.exe.7ff6b47a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 37.2.Emkynwd.exe.7ff7750c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 32.2.JxXCqVa.exe.7ff601720000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.2.WJJOByy.exe.7ff77f320000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 15.2.AJbunRc.exe.7ff695c60000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.2.DNWTLfi.exe.7ff6f3450000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 9.2.XaZvEHG.exe.7ff61d670000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 11.2.YuhEzpi.exe.7ff740490000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 40.2.FSsBuPy.exe.7ff6ec710000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 18.2.PXvfCpI.exe.7ff63fd90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 38.2.UTMWcnW.exe.7ff74e920000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 12.2.DYRnoDf.exe.7ff6e0b30000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 23.2.FJbyTtP.exe.7ff72c9d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 13.2.biTFilm.exe.7ff650c60000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 33.2.qulWMNK.exe.7ff75ce90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 30.2.eTlchBa.exe.7ff781b70000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 16.2.SUqdJFj.exe.7ff6abe50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 35.2.zgnppqX.exe.7ff7fb250000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 19.2.dhdvyXn.exe.7ff741710000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 39.2.nUwvlEf.exe.7ff602d90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 22.2.VFmvQYa.exe.7ff7bf040000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.TIHWeXa.exe.7ff78ccd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 24.2.FTsRyWe.exe.7ff69f8a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 8.2.AvKmyWx.exe.7ff610230000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 34.2.KvrKIPQ.exe.7ff76a090000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 29.2.JVLiIAQ.exe.7ff7f0e60000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.ODEkuhr.exe.7ff7fa7c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 3.2.JvuHRXO.exe.7ff6e1ed0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 5.2.gaDJFNb.exe.7ff6273a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 10.2.oblCraV.exe.7ff6a9e60000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 25.2.uUnCnJC.exe.7ff6c4430000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 6.2.ehLRfQc.exe.7ff647cc0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 20.2.QMneGpM.exe.7ff765d80000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 36.2.VeDzKyt.exe.7ff6be0a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 14.2.BXwYBdZ.exe.7ff7f5f90000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JvuHRXO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wkKSPgp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gaDJFNb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ehLRfQc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OTQisvZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AvKmyWx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XaZvEHG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oblCraV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuhEzpi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DYRnoDf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biTFilm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BXwYBdZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AJbunRc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUqdJFj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TIHWeXa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXvfCpI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhdvyXn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QMneGpM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODEkuhr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VFmvQYa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FJbyTtP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTsRyWe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUnCnJC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbSGhVM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WJJOByy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DNWTLfi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVLiIAQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eTlchBa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FmDRJeq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JxXCqVa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qulWMNK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KvrKIPQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zgnppqX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VeDzKyt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Emkynwd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UTMWcnW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUwvlEf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FSsBuPy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbmxgAo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xZCsQFU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oLIMGEG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LmLfObb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xosmhFY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YHzfIbf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vUMVWef.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YeogayJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cWFXjGb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jlhXoDU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QQrJtgR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoWRHKm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DecYaAF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RkBIliC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIWIAoR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HHkrdhY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OakHRVh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VcsXjEN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kiaPNWp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\koSIwBF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rECIoeF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\niuNHza.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YDNKKav.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nEqlptY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AINedvE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XiEDOUw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIUOcyg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FCGGaTu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOxtNit.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uwpSJTY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LKIvikl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEjShaj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BBTtOmS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\waRaTny.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbwonFl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QafCaUC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aaQPPko.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CwZoVMx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vsZRZPn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\asMPLRF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxZFvtG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XAMlAeL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wncnOga.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mUtoiRj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dbOMNtK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNvuQDu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TRDwKtF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zAqphYy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZjfUfPp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZxDRWfb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvKiHlY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzOVEdp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tRrgCEd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVxVuPE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dznqpDP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uJLpuAT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JlwJpiQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LlVYLfY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HfVKjfu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pONZxkY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PATRbwz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XvmplkI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OkcQGeE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iNyWjdh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\edsunAc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqDEnug.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHyzwMR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aRcunFP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hEUdUZb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FPbzJmC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mZbuFep.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EpJmKCP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xsPUYnY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hiRRhNA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JyTylDG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FOKqTNk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dkvzZbr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNMttQk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\atCrJKj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gZXMDli.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BkMxlYA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pnHAApr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bWqzsZL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AeHKOUk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wMaaxvk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NHtBCxU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Pyjxeub.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cMZjysl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BlxXZNI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FddCmld.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qYfJmBx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AAFWtMo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SDuWpap.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LsxWNuU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\suHCBrv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hImJGCQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGbJixm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bZAgvbx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OmReOVb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\spwZxbD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzBuUNn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DoYQIEQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xjXpcqI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HqzYgND.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dXYoCLq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HuQzjRH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOUmNRd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hcWXimc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ugXtQTT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KPSoDjq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jOLYVDQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KXPXHqw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tYuJBKo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pCYFbPY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DjFGkEO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dcvcJux.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oheGeDM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vtyxvBq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vQWABTG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wIBrJnT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLBrJuN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yQykaWi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gsJfIAI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TuPZZgO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VGaYkjy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\agvrwBm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UsvbkSz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nZqSwkk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UhaWIvI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KEckQhl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nVRFUMU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UYpGIpx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sRxYPzo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\byMqxSp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rWLJMFs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hPbLcyI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iDjoCba.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hkdrylp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeQSiTm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kwBHINw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pmqeloX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gFItvpO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MVyvCVk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pVAAkNS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NkJqpeK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IfWXppj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KNQeCYU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gvzqmaV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AARFjPz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QeMlQoi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dxwuaZx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qBNFibO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\boujFkb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lvuSoVX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OCQPeNZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CStEhbp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sHrvKbH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPSGLBU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nySppDL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oeyXpah.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFFZxBK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MZzfLEZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZcPsbVC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vINSkcN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zcRTKcl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZZceFPb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BGEmobC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sOMtwdY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NoVBMWR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MwQiyKB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qPOzufP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UcDbkWX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uoUnoPV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OjDKkKR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FfHFdUV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BQVZXof.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KsaexJr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoNaMRv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PtyEDzX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JSWAmsK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KdtqCrx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrMFKUE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENNjqpn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CgshOaM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sDUxUOz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rfvRxbV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ezbfIqP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGIRuaN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ihRMBvK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SYhASaz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cQSYuAP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AoDqPum.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IbzihzQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdtKVFg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaSCrgW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wHmEWnE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSlZAbq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHHgQhg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TrOUMxR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aqHHhqZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\htpHIjf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AmlHggH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YNbNjyr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KisuSgd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ANovuUs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaZAbif.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TKmEpby.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUPTwuz.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OLgSbZB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pydLviI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CGHEajN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VJGuWtg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vwIpBIp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcGcYyc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NppXEik.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hdrmJmm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hldtrer.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EeTDKLH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SuSRVcd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQrbmYX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EYQygjH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUxFpBv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqBemCY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UthEkPV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKQIXhJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoRPgID.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oTTZHtv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JPNUgrl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eJQEoBU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PVSsNXl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFlkVvC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BZXlXZF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OaEKhAc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZOsbaqw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bHOUpYN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZksIGgD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\thYWpNp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVxWAhp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OoXXuCQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lYsCKDB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qyjihXJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmNtbmf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zxkWcfH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IwiJsNl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yNciWyL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SgRYHnh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MfIrnxp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JnWFmyo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBUJBbD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zafOJaW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUGNSrJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AfwGLOC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lkHmjCB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iWlgDsI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fsYNdIS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HhuUNgU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cbxEAHb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ifdEeMJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZYpXsUH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSfKwnk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VDAzIym.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UWoSVBa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgkhtMM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kDIeJiO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sklRMsM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUhIqEX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LRwQOeC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SJbiQtA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ecTFjpe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENASfEY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WvCPwWV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FwDCyKX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIYZzMn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\daTQGhs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFUZlia.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTKMSLw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQiWMAE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oXhzTJB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IkKuNGZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cvviXVl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIerfNx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVEeonp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoWFHEB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmfLAK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SxUWiRQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTlWhsy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sGHQnMX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kPIwtDx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zZluDpQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ycvgKWP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNFZeRV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dGuPBcu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vycObZI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\inRRvXn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CwhXtVv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gBfjURW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zbghAjn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cQjoPzl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MtQYYan.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgEDYIt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GeITmSX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nipGDpr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KxuObHx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mdZCEdX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\whSZjGj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ubpUeIJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kPIyRaw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eWlDXse.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FJaEnfD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yyfpoGS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KcCxmHR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pwERttL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LWVlprA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OZElmzI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cbDTXVG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mfhRMhg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bPBkhXh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AyyQOKl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gYSrEOC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VAruRnG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZtwOljK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UBRkEpD.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BRJWUZY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sBLKXCX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TUveOGT.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PjSaBpk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qyfmWZU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zXnlfSn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vyGiaJM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zeIWZHV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KYyOXBi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xzRvPAx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nnhkwcP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IbtPNdR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nhsLjwP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sXNrjna.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VzqgCXA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bahuBDs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nfHZHOa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dacrbjB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RoAEEuh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\otygJwy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mfKSgnw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QvBxzJt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YixMfbM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lwoZXhA.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcAITno.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdkEtpr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rGYkBRf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FcbbbYp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bytvdvw.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ePaPAAc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Mzjbyhv.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YwlXteM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ERwQLOW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QFZnnAt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XrXGDOi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KjKFtzd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uEpDLsK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bothfGK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dCKgClx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KuKfsnM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NYbMFYE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fNkqHSN.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qzksQwK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FoXxMJm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xmBCROr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zNsdkgR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OrPfHRc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\whhxFJt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VDmWQeI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fJESXJh.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OFgjJeB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HnSeaEn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DmYjEUn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pDcAvMO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZokzIkU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nIodAWM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QQpMfDH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vctZvNQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XKzINOS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZghmMLZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cYUvoSX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NlVjUSL.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iiBjZzs.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NrgFLNf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iIDZrtt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EwiGDqy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ldWOsZq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DKuuvBy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SHkpggW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KkwagnX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jeofPto.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WYnuJvZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eBSmkld.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fWrJahI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\miWQvCJ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YDnDFrB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PmrPbEd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vLBMXgO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MUGlQGy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JWypZjb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RaMhjBC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rQTCpBp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MEOwgiH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tEswRTe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iHiwTyI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QVcgtsY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MthZsiG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QkPKnBV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KrbTqff.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TzqeQtq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\brrSsjj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hrHPxkr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UWrzTUG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fdFKnNk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uaXULVF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XYSKwJX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MytGnLr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JZdUYhq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RgdXPiG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zGtxQbe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FjVBhmf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CMwKKCe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TjxybYr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WMxLixE.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nmQuMCR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sxcvDqa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wsTfvdH.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bNOSUVo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OALjLLG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZqZHfLm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tHyISZt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hLkOyIS.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HSZhlFr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qvmXfwZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CxafMzo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UlXOAcP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zDObYyC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KQKxHwR.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LJRpRxc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MzXqePW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UEJgVFQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DwIGaIq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PZwZAjF.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oJaUxFB.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DBVTZBq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hYJPxIk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kIYfQzW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UlvXHCl.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DZDXASu.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fXpIDNg.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MXYgmhn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AjUVgdX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wZeBLtV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GsKfcYn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIxCbmU.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PrRulyG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQYKOZo.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vEYUCUY.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QZvVGFk.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kUvXUxh.exeJump to behavior
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FDF3403_2_00007FF6E1FDF340
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F86B443_2_00007FF6E1F86B44
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1ED92E03_2_00007FF6E1ED92E0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F993883_2_00007FF6E1F99388
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F173A03_2_00007FF6E1F173A0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FB4BB03_2_00007FF6E1FB4BB0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F02AC03_2_00007FF6E1F02AC0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC4BD03_2_00007FF6E1FC4BD0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF8A703_2_00007FF6E1EF8A70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC34103_2_00007FF6E1FC3410
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC3C203_2_00007FF6E1FC3C20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F99C203_2_00007FF6E1F99C20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCA4203_2_00007FF6E1FCA420
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEBA403_2_00007FF6E1EEBA40
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F002303_2_00007FF6E1F00230
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FBD4503_2_00007FF6E1FBD450
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCFC503_2_00007FF6E1FCFC50
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC8C703_2_00007FF6E1FC8C70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F16C703_2_00007FF6E1F16C70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD54A03_2_00007FF6E1FD54A0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCE4A03_2_00007FF6E1FCE4A0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC94D03_2_00007FF6E1FC94D0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD3CE03_2_00007FF6E1FD3CE0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F334B43_2_00007FF6E1F334B4
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEC9803_2_00007FF6E1EEC980
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FABD003_2_00007FF6E1FABD00
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCED003_2_00007FF6E1FCED00
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FA9D203_2_00007FF6E1FA9D20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F8AD303_2_00007FF6E1F8AD30
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC69403_2_00007FF6E1FC6940
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F005303_2_00007FF6E1F00530
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EECD103_2_00007FF6E1EECD10
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEDD103_2_00007FF6E1EEDD10
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F331653_2_00007FF6E1F33165
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC39703_2_00007FF6E1FC3970
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F015003_2_00007FF6E1F01500
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE8CF03_2_00007FF6E1EE8CF0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCC1803_2_00007FF6E1FCC180
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC51903_2_00007FF6E1FC5190
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FDC1903_2_00007FF6E1FDC190
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD19B03_2_00007FF6E1FD19B0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F159C03_2_00007FF6E1F159C0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCA9D03_2_00007FF6E1FCA9D0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC59F03_2_00007FF6E1FC59F0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF2C803_2_00007FF6E1EF2C80
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FDC9F03_2_00007FF6E1FDC9F0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FDE1F03_2_00007FF6E1FDE1F0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD02003_2_00007FF6E1FD0200
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F941F83_2_00007FF6E1F941F8
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF04603_2_00007FF6E1EF0460
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD72103_2_00007FF6E1FD7210
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF1C503_2_00007FF6E1EF1C50
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F18A203_2_00007FF6E1F18A20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F00C403_2_00007FF6E1F00C40
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCB2303_2_00007FF6E1FCB230
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF14203_2_00007FF6E1EF1420
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF44103_2_00007FF6E1EF4410
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD5A603_2_00007FF6E1FD5A60
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD0A603_2_00007FF6E1FD0A60
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE9BE03_2_00007FF6E1EE9BE0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD62C03_2_00007FF6E1FD62C0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEFB803_2_00007FF6E1EEFB80
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F06B803_2_00007FF6E1F06B80
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F08B103_2_00007FF6E1F08B10
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F9CB203_2_00007FF6E1F9CB20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1ED73503_2_00007FF6E1ED7350
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EFB7303_2_00007FF6E1EFB730
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC77603_2_00007FF6E1FC7760
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEE7003_2_00007FF6E1EEE700
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD1F703_2_00007FF6E1FD1F70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD8F703_2_00007FF6E1FD8F70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCCF903_2_00007FF6E1FCCF90
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F09F903_2_00007FF6E1F09F90
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F1B7903_2_00007FF6E1F1B790
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD27B03_2_00007FF6E1FD27B0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F1A7B03_2_00007FF6E1F1A7B0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF8EB03_2_00007FF6E1EF8EB0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD77C03_2_00007FF6E1FD77C0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F1CFF03_2_00007FF6E1F1CFF0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF9E703_2_00007FF6E1EF9E70
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F170103_2_00007FF6E1F17010
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD80203_2_00007FF6E1FD8020
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F180203_2_00007FF6E1F18020
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEEE403_2_00007FF6E1EEEE40
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F0B8303_2_00007FF6E1F0B830
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F036103_2_00007FF6E1F03610
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FBD0703_2_00007FF6E1FBD070
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F0A8703_2_00007FF6E1F0A870
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FDF8903_2_00007FF6E1FDF890
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FB58C03_2_00007FF6E1FB58C0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F01DA03_2_00007FF6E1F01DA0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F06D903_2_00007FF6E1F06D90
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EDED903_2_00007FF6E1EDED90
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE0D903_2_00007FF6E1EE0D90
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EF95403_2_00007FF6E1EF9540
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F071203_2_00007FF6E1F07120
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F081203_2_00007FF6E1F08120
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD45503_2_00007FF6E1FD4550
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1ED70F03_2_00007FF6E1ED70F0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EED0A03_2_00007FF6E1EED0A0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F7FDEC3_2_00007FF6E1F7FDEC
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FA1DF43_2_00007FF6E1FA1DF4
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FB2E103_2_00007FF6E1FB2E10
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EFD8603_2_00007FF6E1EFD860
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F31E203_2_00007FF6E1F31E20
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EDD0303_2_00007FF6E1EDD030
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EFA8103_2_00007FF6E1EFA810
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE97E03_2_00007FF6E1EE97E0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC86B03_2_00007FF6E1FC86B0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F19EB03_2_00007FF6E1F19EB0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC36C03_2_00007FF6E1FC36C0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCDEE03_2_00007FF6E1FCDEE0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1ED2F803_2_00007FF6E1ED2F80
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FC6F003_2_00007FF6E1FC6F00
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EEC7703_2_00007FF6E1EEC770
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FD37003_2_00007FF6E1FD3700
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F047403_2_00007FF6E1F04740
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1FCC7303_2_00007FF6E1FCC730
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD14204_2_00007FF7E2FD1420
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A3C204_2_00007FF7E30A3C20
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AA4204_2_00007FF7E30AA420
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E309D4504_2_00007FF7E309D450
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AFC504_2_00007FF7E30AFC50
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE0C404_2_00007FF7E2FE0C40
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD1C504_2_00007FF7E2FD1C50
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A8C704_2_00007FF7E30A8C70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD04604_2_00007FF7E2FD0460
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF6C704_2_00007FF7E2FF6C70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD2C804_2_00007FF7E2FD2C80
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B54A04_2_00007FF7E30B54A0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AE4A04_2_00007FF7E30AE4A0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A94D04_2_00007FF7E30A94D0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30134B44_2_00007FF7E30134B4
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B3CE04_2_00007FF7E30B3CE0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC8CF04_2_00007FF7E2FC8CF0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE15004_2_00007FF7E2FE1500
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E308BD004_2_00007FF7E308BD00
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AED004_2_00007FF7E30AED00
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCCD104_2_00007FF7E2FCCD10
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCDD104_2_00007FF7E2FCDD10
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30BF3404_2_00007FF7E30BF340
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FB73504_2_00007FF7E2FB7350
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE6B804_2_00007FF7E2FE6B80
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCFB804_2_00007FF7E2FCFB80
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E3094BB04_2_00007FF7E3094BB0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF73A04_2_00007FF7E2FF73A0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A4BD04_2_00007FF7E30A4BD0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC9BE04_2_00007FF7E2FC9BE0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A34104_2_00007FF7E30A3410
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD44104_2_00007FF7E2FD4410
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AB2304_2_00007FF7E30AB230
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF8A204_2_00007FF7E2FF8A20
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE02304_2_00007FF7E2FE0230
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCBA404_2_00007FF7E2FCBA40
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B5A604_2_00007FF7E30B5A60
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B0A604_2_00007FF7E30B0A60
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD8A704_2_00007FF7E2FD8A70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE2AC04_2_00007FF7E2FE2AC0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B62C04_2_00007FF7E30B62C0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FB92E04_2_00007FF7E2FB92E0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE8B104_2_00007FF7E2FE8B10
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE71204_2_00007FF7E2FE7120
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE81204_2_00007FF7E2FE8120
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A69404_2_00007FF7E30A6940
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A39704_2_00007FF7E30A3970
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30131654_2_00007FF7E3013165
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A51904_2_00007FF7E30A5190
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30BC1904_2_00007FF7E30BC190
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCC9804_2_00007FF7E2FCC980
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AC1804_2_00007FF7E30AC180
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B19B04_2_00007FF7E30B19B0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AA9D04_2_00007FF7E30AA9D0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF59C04_2_00007FF7E2FF59C0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A59F04_2_00007FF7E30A59F0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30BC9F04_2_00007FF7E30BC9F0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30BE1F04_2_00007FF7E30BE1F0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B72104_2_00007FF7E30B7210
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B02004_2_00007FF7E30B0200
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30741F84_2_00007FF7E30741F8
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF80204_2_00007FF7E2FF8020
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FBD0304_2_00007FF7E2FBD030
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B80204_2_00007FF7E30B8020
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FEB8304_2_00007FF7E2FEB830
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E309D0704_2_00007FF7E309D070
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FDD8604_2_00007FF7E2FDD860
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FEA8704_2_00007FF7E2FEA870
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30BF8904_2_00007FF7E30BF890
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCD0A04_2_00007FF7E2FCD0A0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30958C04_2_00007FF7E30958C0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FB70F04_2_00007FF7E2FB70F0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30AC7304_2_00007FF7E30AC730
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FDB7304_2_00007FF7E2FDB730
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE47404_2_00007FF7E2FE4740
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B8F704_2_00007FF7E30B8F70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B1F704_2_00007FF7E30B1F70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A77604_2_00007FF7E30A7760
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCC7704_2_00007FF7E2FCC770
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FB2F804_2_00007FF7E2FB2F80
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30ACF904_2_00007FF7E30ACF90
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FFB7904_2_00007FF7E2FFB790
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE9F904_2_00007FF7E2FE9F90
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B27B04_2_00007FF7E30B27B0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FFA7B04_2_00007FF7E2FFA7B0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B77C04_2_00007FF7E30B77C0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC97E04_2_00007FF7E2FC97E0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FFCFF04_2_00007FF7E2FFCFF0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FDA8104_2_00007FF7E2FDA810
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF70104_2_00007FF7E2FF7010
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E3011E204_2_00007FF7E3011E20
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCEE404_2_00007FF7E2FCEE40
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD9E704_2_00007FF7E2FD9E70
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A86B04_2_00007FF7E30A86B0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD8EB04_2_00007FF7E2FD8EB0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FF9EB04_2_00007FF7E2FF9EB0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A36C04_2_00007FF7E30A36C0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30ADEE04_2_00007FF7E30ADEE0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FCE7004_2_00007FF7E2FCE700
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30A6F004_2_00007FF7E30A6F00
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B37004_2_00007FF7E30B3700
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E3089D204_2_00007FF7E3089D20
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE05304_2_00007FF7E2FE0530
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E30B45504_2_00007FF7E30B4550
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FD95404_2_00007FF7E2FD9540
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FBED904_2_00007FF7E2FBED90
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC0D904_2_00007FF7E2FC0D90
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE6D904_2_00007FF7E2FE6D90
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE1DA04_2_00007FF7E2FE1DA0
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E3092E104_2_00007FF7E3092E10
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FE36104_2_00007FF7E2FE3610
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274AF8905_2_00007FF6274AF890
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BD0A05_2_00007FF6273BD0A0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62748D0705_2_00007FF62748D070
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273CD8605_2_00007FF6273CD860
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273DA8705_2_00007FF6273DA870
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D71205_2_00007FF6273D7120
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D81205_2_00007FF6273D8120
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274858C05_2_00007FF6274858C0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273A70F05_2_00007FF6273A70F0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273A2F805_2_00007FF6273A2F80
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749CF905_2_00007FF62749CF90
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273EB7905_2_00007FF6273EB790
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D9F905_2_00007FF6273D9F90
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A27B05_2_00007FF6274A27B0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273EA7B05_2_00007FF6273EA7B0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D47405_2_00007FF6273D4740
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A8F705_2_00007FF6274A8F70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A1F705_2_00007FF6274A1F70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BC7705_2_00007FF6273BC770
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274977605_2_00007FF627497760
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273CA8105_2_00007FF6273CA810
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E70105_2_00007FF6273E7010
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E80205_2_00007FF6273E8020
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273AD0305_2_00007FF6273AD030
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A80205_2_00007FF6274A8020
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273DB8305_2_00007FF6273DB830
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A77C05_2_00007FF6274A77C0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B97E05_2_00007FF6273B97E0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273ECFF05_2_00007FF6273ECFF0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274986B05_2_00007FF6274986B0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E9EB05_2_00007FF6273E9EB0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C8EB05_2_00007FF6273C8EB0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BEE405_2_00007FF6273BEE40
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C9E705_2_00007FF6273C9E70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BE7005_2_00007FF6273BE700
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627496F005_2_00007FF627496F00
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A37005_2_00007FF6274A3700
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749C7305_2_00007FF62749C730
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273CB7305_2_00007FF6273CB730
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274936C05_2_00007FF6274936C0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749DEE05_2_00007FF62749DEE0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273AED905_2_00007FF6273AED90
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B0D905_2_00007FF6273B0D90
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D6D905_2_00007FF6273D6D90
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D1DA05_2_00007FF6273D1DA0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A45505_2_00007FF6274A4550
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C95405_2_00007FF6273C9540
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627482E105_2_00007FF627482E10
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D36105_2_00007FF6273D3610
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627401E205_2_00007FF627401E20
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C2C805_2_00007FF6273C2C80
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A54A05_2_00007FF6274A54A0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749E4A05_2_00007FF62749E4A0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62748D4505_2_00007FF62748D450
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749FC505_2_00007FF62749FC50
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D0C405_2_00007FF6273D0C40
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C1C505_2_00007FF6273C1C50
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C04605_2_00007FF6273C0460
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627498C705_2_00007FF627498C70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E6C705_2_00007FF6273E6C70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D15005_2_00007FF6273D1500
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BCD105_2_00007FF6273BCD10
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BDD105_2_00007FF6273BDD10
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749ED005_2_00007FF62749ED00
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62747BD005_2_00007FF62747BD00
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D05305_2_00007FF6273D0530
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627479D205_2_00007FF627479D20
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274994D05_2_00007FF6274994D0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B8CF05_2_00007FF6273B8CF0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A3CE05_2_00007FF6274A3CE0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274034B45_2_00007FF6274034B4
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BFB805_2_00007FF6273BFB80
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D6B805_2_00007FF6273D6B80
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E73A05_2_00007FF6273E73A0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627484BB05_2_00007FF627484BB0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274AF3405_2_00007FF6274AF340
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273A73505_2_00007FF6273A7350
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274934105_2_00007FF627493410
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C44105_2_00007FF6273C4410
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C14205_2_00007FF6273C1420
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627493C205_2_00007FF627493C20
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749A4205_2_00007FF62749A420
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF627494BD05_2_00007FF627494BD0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B9BE05_2_00007FF6273B9BE0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BBA405_2_00007FF6273BBA40
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A5A605_2_00007FF6274A5A60
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A0A605_2_00007FF6274A0A60
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273C8A705_2_00007FF6273C8A70
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D8B105_2_00007FF6273D8B10
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D2AC05_2_00007FF6273D2AC0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A62C05_2_00007FF6274A62C0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273A92E05_2_00007FF6273A92E0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274AC1905_2_00007FF6274AC190
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273BC9805_2_00007FF6273BC980
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274951905_2_00007FF627495190
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749C1805_2_00007FF62749C180
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A19B05_2_00007FF6274A19B0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274969405_2_00007FF627496940
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274031655_2_00007FF627403165
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274939705_2_00007FF627493970
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A72105_2_00007FF6274A7210
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274A02005_2_00007FF6274A0200
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274641F85_2_00007FF6274641F8
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749B2305_2_00007FF62749B230
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E8A205_2_00007FF6273E8A20
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273D02305_2_00007FF6273D0230
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62749A9D05_2_00007FF62749A9D0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273E59C05_2_00007FF6273E59C0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274AC9F05_2_00007FF6274AC9F0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274AE1F05_2_00007FF6274AE1F0
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6274959F05_2_00007FF6274959F0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF71206_2_00007FF647CF7120
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF81206_2_00007FF647CF8120
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CC70F06_2_00007FF647CC70F0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DA58C06_2_00007FF647DA58C0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DCF8906_2_00007FF647DCF890
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDD0A06_2_00007FF647CDD0A0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DAD0706_2_00007FF647DAD070
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CFA8706_2_00007FF647CFA870
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CED8606_2_00007FF647CED860
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC80206_2_00007FF647DC8020
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CEA8106_2_00007FF647CEA810
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D070106_2_00007FF647D07010
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CFB8306_2_00007FF647CFB830
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CCD0306_2_00007FF647CCD030
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D080206_2_00007FF647D08020
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D0CFF06_2_00007FF647D0CFF0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC77C06_2_00007FF647DC77C0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD97E06_2_00007FF647CD97E0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF9F906_2_00007FF647CF9F90
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CC2F806_2_00007FF647CC2F80
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC27B06_2_00007FF647DC27B0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D0A7B06_2_00007FF647D0A7B0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBCF906_2_00007FF647DBCF90
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D0B7906_2_00007FF647D0B790
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB77606_2_00007FF647DB7760
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC1F706_2_00007FF647DC1F70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF47406_2_00007FF647CF4740
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC8F706_2_00007FF647DC8F70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDC7706_2_00007FF647CDC770
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBC7306_2_00007FF647DBC730
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDE7006_2_00007FF647CDE700
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB6F006_2_00007FF647DB6F00
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC37006_2_00007FF647DC3700
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CEB7306_2_00007FF647CEB730
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBDEE06_2_00007FF647DBDEE0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB36C06_2_00007FF647DB36C0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB86B06_2_00007FF647DB86B0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D09EB06_2_00007FF647D09EB0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE8EB06_2_00007FF647CE8EB0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDEE406_2_00007FF647CDEE40
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE9E706_2_00007FF647CE9E70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF36106_2_00007FF647CF3610
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D21E206_2_00007FF647D21E20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DA2E106_2_00007FF647DA2E10
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D6FDEC6_2_00007FF647D6FDEC
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D91DF46_2_00007FF647D91DF4
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF6D906_2_00007FF647CF6D90
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CCED906_2_00007FF647CCED90
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD0D906_2_00007FF647CD0D90
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF1DA06_2_00007FF647CF1DA0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE95406_2_00007FF647CE9540
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC45506_2_00007FF647DC4550
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D99D206_2_00007FF647D99D20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDCD106_2_00007FF647CDCD10
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDDD106_2_00007FF647CDDD10
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF15006_2_00007FF647CF1500
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D7AD306_2_00007FF647D7AD30
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBED006_2_00007FF647DBED00
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D9BD006_2_00007FF647D9BD00
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF05306_2_00007FF647CF0530
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC3CE06_2_00007FF647DC3CE0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D234B46_2_00007FF647D234B4
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD8CF06_2_00007FF647CD8CF0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB94D06_2_00007FF647DB94D0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC54A06_2_00007FF647DC54A0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBE4A06_2_00007FF647DBE4A0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE2C806_2_00007FF647CE2C80
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE1C506_2_00007FF647CE1C50
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB8C706_2_00007FF647DB8C70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF0C406_2_00007FF647CF0C40
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D06C706_2_00007FF647D06C70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DAD4506_2_00007FF647DAD450
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBFC506_2_00007FF647DBFC50
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE04606_2_00007FF647CE0460
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB3C206_2_00007FF647DB3C20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBA4206_2_00007FF647DBA420
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D89C206_2_00007FF647D89C20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE44106_2_00007FF647CE4410
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB34106_2_00007FF647DB3410
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE14206_2_00007FF647CE1420
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB4BD06_2_00007FF647DB4BD0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD9BE06_2_00007FF647CD9BE0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DA4BB06_2_00007FF647DA4BB0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF6B806_2_00007FF647CF6B80
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDFB806_2_00007FF647CDFB80
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D073A06_2_00007FF647D073A0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D893886_2_00007FF647D89388
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CC73506_2_00007FF647CC7350
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DCF3406_2_00007FF647DCF340
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D76B446_2_00007FF647D76B44
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D8CB206_2_00007FF647D8CB20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF8B106_2_00007FF647CF8B10
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF2AC06_2_00007FF647CF2AC0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC62C06_2_00007FF647DC62C0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CC92E06_2_00007FF647CC92E0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC5A606_2_00007FF647DC5A60
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC0A606_2_00007FF647DC0A60
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDBA406_2_00007FF647CDBA40
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CE8A706_2_00007FF647CE8A70
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D08A206_2_00007FF647D08A20
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBB2306_2_00007FF647DBB230
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC02006_2_00007FF647DC0200
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CF02306_2_00007FF647CF0230
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D841F86_2_00007FF647D841F8
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC72106_2_00007FF647DC7210
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB59F06_2_00007FF647DB59F0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D059C06_2_00007FF647D059C0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DCC9F06_2_00007FF647DCC9F0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DCE1F06_2_00007FF647DCE1F0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBA9D06_2_00007FF647DBA9D0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DC19B06_2_00007FF647DC19B0
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CDC9806_2_00007FF647CDC980
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DBC1806_2_00007FF647DBC180
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB51906_2_00007FF647DB5190
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DCC1906_2_00007FF647DCC190
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D231656_2_00007FF647D23165
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB39706_2_00007FF647DB3970
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647DB69406_2_00007FF647DB6940
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD41E207_2_00007FF63CD41E20
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDC2E107_2_00007FF63CDC2E10
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD136107_2_00007FF63CD13610
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCEED907_2_00007FF63CCEED90
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCF0D907_2_00007FF63CCF0D90
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD11DA07_2_00007FF63CD11DA0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD16D907_2_00007FF63CD16D90
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD095407_2_00007FF63CD09540
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE45507_2_00007FF63CDE4550
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCFE7007_2_00007FF63CCFE700
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDDC7307_2_00007FF63CDDC730
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD0B7307_2_00007FF63CD0B730
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDD6F007_2_00007FF63CDD6F00
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE37007_2_00007FF63CDE3700
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDDDEE07_2_00007FF63CDDDEE0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDD36C07_2_00007FF63CDD36C0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDD86B07_2_00007FF63CDD86B0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD29EB07_2_00007FF63CD29EB0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD08EB07_2_00007FF63CD08EB0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCFEE407_2_00007FF63CCFEE40
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD09E707_2_00007FF63CD09E70
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE80207_2_00007FF63CDE8020
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD280207_2_00007FF63CD28020
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD1B8307_2_00007FF63CD1B830
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCED0307_2_00007FF63CCED030
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD0A8107_2_00007FF63CD0A810
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD270107_2_00007FF63CD27010
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD2CFF07_2_00007FF63CD2CFF0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE77C07_2_00007FF63CDE77C0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCF97E07_2_00007FF63CCF97E0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCE2F807_2_00007FF63CCE2F80
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE27B07_2_00007FF63CDE27B0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD2A7B07_2_00007FF63CD2A7B0
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDDCF907_2_00007FF63CDDCF90
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD2B7907_2_00007FF63CD2B790
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD19F907_2_00007FF63CD19F90
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDD77607_2_00007FF63CDD7760
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE8F707_2_00007FF63CDE8F70
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CDE1F707_2_00007FF63CDE1F70
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCFC7707_2_00007FF63CCFC770
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD147407_2_00007FF63CD14740
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD171207_2_00007FF63CD17120
                  Source: 7.2.OTQisvZ.exe.7ff63cce0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 4.2.wkKSPgp.exe.7ff7e2fb0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.FmDRJeq.exe.7ff6cc6e0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 26.2.NbSGhVM.exe.7ff6b47a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 37.2.Emkynwd.exe.7ff7750c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 32.2.JxXCqVa.exe.7ff601720000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 27.2.WJJOByy.exe.7ff77f320000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 15.2.AJbunRc.exe.7ff695c60000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 28.2.DNWTLfi.exe.7ff6f3450000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 9.2.XaZvEHG.exe.7ff61d670000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 11.2.YuhEzpi.exe.7ff740490000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 40.2.FSsBuPy.exe.7ff6ec710000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 18.2.PXvfCpI.exe.7ff63fd90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 38.2.UTMWcnW.exe.7ff74e920000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 12.2.DYRnoDf.exe.7ff6e0b30000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 23.2.FJbyTtP.exe.7ff72c9d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 13.2.biTFilm.exe.7ff650c60000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 33.2.qulWMNK.exe.7ff75ce90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 30.2.eTlchBa.exe.7ff781b70000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 16.2.SUqdJFj.exe.7ff6abe50000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 35.2.zgnppqX.exe.7ff7fb250000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 19.2.dhdvyXn.exe.7ff741710000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 39.2.nUwvlEf.exe.7ff602d90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 22.2.VFmvQYa.exe.7ff7bf040000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 17.2.TIHWeXa.exe.7ff78ccd0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 24.2.FTsRyWe.exe.7ff69f8a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 8.2.AvKmyWx.exe.7ff610230000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 34.2.KvrKIPQ.exe.7ff76a090000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 29.2.JVLiIAQ.exe.7ff7f0e60000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.ODEkuhr.exe.7ff7fa7c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 3.2.JvuHRXO.exe.7ff6e1ed0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 5.2.gaDJFNb.exe.7ff6273a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 10.2.oblCraV.exe.7ff6a9e60000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 25.2.uUnCnJC.exe.7ff6c4430000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 6.2.ehLRfQc.exe.7ff647cc0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 20.2.QMneGpM.exe.7ff765d80000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 36.2.VeDzKyt.exe.7ff6be0a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 14.2.BXwYBdZ.exe.7ff7f5f90000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: classification engineClassification label: mal100.evad.mine.winEXE@2488/330@0/0
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
                  Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjksd
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeReversingLabs: Detection: 84%
                  Source: JvuHRXO.exeString found in binary or memory: --help
                  Source: JvuHRXO.exeString found in binary or memory: --help
                  Source: wkKSPgp.exeString found in binary or memory: --help
                  Source: wkKSPgp.exeString found in binary or memory: --help
                  Source: gaDJFNb.exeString found in binary or memory: --help
                  Source: gaDJFNb.exeString found in binary or memory: --help
                  Source: ehLRfQc.exeString found in binary or memory: --help
                  Source: ehLRfQc.exeString found in binary or memory: --help
                  Source: OTQisvZ.exeString found in binary or memory: --help
                  Source: OTQisvZ.exeString found in binary or memory: --help
                  Source: AvKmyWx.exeString found in binary or memory: --help
                  Source: AvKmyWx.exeString found in binary or memory: --help
                  Source: XaZvEHG.exeString found in binary or memory: --help
                  Source: XaZvEHG.exeString found in binary or memory: --help
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JvuHRXO.exe C:\Windows\System32\JvuHRXO.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\wkKSPgp.exe C:\Windows\System32\wkKSPgp.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\gaDJFNb.exe C:\Windows\System32\gaDJFNb.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ehLRfQc.exe C:\Windows\System32\ehLRfQc.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\OTQisvZ.exe C:\Windows\System32\OTQisvZ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\AvKmyWx.exe C:\Windows\System32\AvKmyWx.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\XaZvEHG.exe C:\Windows\System32\XaZvEHG.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\oblCraV.exe C:\Windows\System32\oblCraV.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YuhEzpi.exe C:\Windows\System32\YuhEzpi.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\DYRnoDf.exe C:\Windows\System32\DYRnoDf.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\biTFilm.exe C:\Windows\System32\biTFilm.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\BXwYBdZ.exe C:\Windows\System32\BXwYBdZ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\AJbunRc.exe C:\Windows\System32\AJbunRc.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\SUqdJFj.exe C:\Windows\System32\SUqdJFj.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\TIHWeXa.exe C:\Windows\System32\TIHWeXa.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\PXvfCpI.exe C:\Windows\System32\PXvfCpI.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dhdvyXn.exe C:\Windows\System32\dhdvyXn.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\QMneGpM.exe C:\Windows\System32\QMneGpM.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ODEkuhr.exe C:\Windows\System32\ODEkuhr.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VFmvQYa.exe C:\Windows\System32\VFmvQYa.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FJbyTtP.exe C:\Windows\System32\FJbyTtP.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FTsRyWe.exe C:\Windows\System32\FTsRyWe.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\uUnCnJC.exe C:\Windows\System32\uUnCnJC.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NbSGhVM.exe C:\Windows\System32\NbSGhVM.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WJJOByy.exe C:\Windows\System32\WJJOByy.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\DNWTLfi.exe C:\Windows\System32\DNWTLfi.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JVLiIAQ.exe C:\Windows\System32\JVLiIAQ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\eTlchBa.exe C:\Windows\System32\eTlchBa.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FmDRJeq.exe C:\Windows\System32\FmDRJeq.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JxXCqVa.exe C:\Windows\System32\JxXCqVa.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\qulWMNK.exe C:\Windows\System32\qulWMNK.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\KvrKIPQ.exe C:\Windows\System32\KvrKIPQ.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\zgnppqX.exe C:\Windows\System32\zgnppqX.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VeDzKyt.exe C:\Windows\System32\VeDzKyt.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\Emkynwd.exe C:\Windows\System32\Emkynwd.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\UTMWcnW.exe C:\Windows\System32\UTMWcnW.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\nUwvlEf.exe C:\Windows\System32\nUwvlEf.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FSsBuPy.exe C:\Windows\System32\FSsBuPy.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JvuHRXO.exe C:\Windows\System32\JvuHRXO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\wkKSPgp.exe C:\Windows\System32\wkKSPgp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\gaDJFNb.exe C:\Windows\System32\gaDJFNb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ehLRfQc.exe C:\Windows\System32\ehLRfQc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\OTQisvZ.exe C:\Windows\System32\OTQisvZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\AvKmyWx.exe C:\Windows\System32\AvKmyWx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\XaZvEHG.exe C:\Windows\System32\XaZvEHG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\oblCraV.exe C:\Windows\System32\oblCraV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\YuhEzpi.exe C:\Windows\System32\YuhEzpi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\DYRnoDf.exe C:\Windows\System32\DYRnoDf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\biTFilm.exe C:\Windows\System32\biTFilm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\BXwYBdZ.exe C:\Windows\System32\BXwYBdZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\AJbunRc.exe C:\Windows\System32\AJbunRc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\SUqdJFj.exe C:\Windows\System32\SUqdJFj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\TIHWeXa.exe C:\Windows\System32\TIHWeXa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\PXvfCpI.exe C:\Windows\System32\PXvfCpI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\dhdvyXn.exe C:\Windows\System32\dhdvyXn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\QMneGpM.exe C:\Windows\System32\QMneGpM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\ODEkuhr.exe C:\Windows\System32\ODEkuhr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VFmvQYa.exe C:\Windows\System32\VFmvQYa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FJbyTtP.exe C:\Windows\System32\FJbyTtP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FTsRyWe.exe C:\Windows\System32\FTsRyWe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\uUnCnJC.exe C:\Windows\System32\uUnCnJC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\NbSGhVM.exe C:\Windows\System32\NbSGhVM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WJJOByy.exe C:\Windows\System32\WJJOByy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\DNWTLfi.exe C:\Windows\System32\DNWTLfi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JVLiIAQ.exe C:\Windows\System32\JVLiIAQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\eTlchBa.exe C:\Windows\System32\eTlchBa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FmDRJeq.exe C:\Windows\System32\FmDRJeq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\JxXCqVa.exe C:\Windows\System32\JxXCqVa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\qulWMNK.exe C:\Windows\System32\qulWMNK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\KvrKIPQ.exe C:\Windows\System32\KvrKIPQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\zgnppqX.exe C:\Windows\System32\zgnppqX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\VeDzKyt.exe C:\Windows\System32\VeDzKyt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\Emkynwd.exe C:\Windows\System32\Emkynwd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\UTMWcnW.exe C:\Windows\System32\UTMWcnW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\nUwvlEf.exe C:\Windows\System32\nUwvlEf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\FSsBuPy.exe C:\Windows\System32\FSsBuPy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\JvuHRXO.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\JvuHRXO.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wkKSPgp.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\wkKSPgp.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\gaDJFNb.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\gaDJFNb.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\ehLRfQc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\ehLRfQc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\OTQisvZ.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\OTQisvZ.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\AvKmyWx.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\AvKmyWx.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\XaZvEHG.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\XaZvEHG.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\oblCraV.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\oblCraV.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\YuhEzpi.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\YuhEzpi.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\DYRnoDf.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\DYRnoDf.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\biTFilm.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\biTFilm.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\BXwYBdZ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\BXwYBdZ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\AJbunRc.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\AJbunRc.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\SUqdJFj.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\SUqdJFj.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\TIHWeXa.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\TIHWeXa.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\PXvfCpI.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\PXvfCpI.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\dhdvyXn.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\dhdvyXn.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\QMneGpM.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\QMneGpM.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\ODEkuhr.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\ODEkuhr.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\VFmvQYa.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\VFmvQYa.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\FJbyTtP.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\FJbyTtP.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\FTsRyWe.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\FTsRyWe.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\uUnCnJC.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\uUnCnJC.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\NbSGhVM.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\NbSGhVM.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WJJOByy.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\WJJOByy.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\DNWTLfi.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\DNWTLfi.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\JVLiIAQ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\JVLiIAQ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\eTlchBa.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\eTlchBa.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\FmDRJeq.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\FmDRJeq.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\JxXCqVa.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\JxXCqVa.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\qulWMNK.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\qulWMNK.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\KvrKIPQ.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\KvrKIPQ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\zgnppqX.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\zgnppqX.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\VeDzKyt.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\VeDzKyt.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\Emkynwd.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\Emkynwd.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\UTMWcnW.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\UTMWcnW.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\nUwvlEf.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\nUwvlEf.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\FSsBuPy.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\FSsBuPy.exeSection loaded: kernel.appcore.dll
                  Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: file.exeStatic file information: File size 1552132 > 1048576
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF6E1F3EBF0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE8072 push qword ptr [00007FF66D36AAF7h]; retf 3_2_00007FF6E1EE8078
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1EE7FA3 push qword ptr [00007FF66D36AA28h]; retf 3_2_00007FF6E1EE7FA9
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC8072 push qword ptr [00007FF76E44AAF7h]; retf 4_2_00007FF7E2FC8078
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E2FC7FA3 push qword ptr [00007FF76E44AA28h]; retf 4_2_00007FF7E2FC7FA9
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B8072 push qword ptr [00007FF5B283AAF7h]; retf 5_2_00007FF6273B8078
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF6273B7FA3 push qword ptr [00007FF5B283AA28h]; retf 5_2_00007FF6273B7FA9
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD8072 push qword ptr [00007FF5D315AAF7h]; retf 6_2_00007FF647CD8078
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647CD7FA3 push qword ptr [00007FF5D315AA28h]; retf 6_2_00007FF647CD7FA9
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCF7FA3 push qword ptr [00007FF5C817AA28h]; retf 7_2_00007FF63CCF7FA9
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CCF8072 push qword ptr [00007FF5C817AAF7h]; retf 7_2_00007FF63CCF8078
                  Source: C:\Windows\System32\AvKmyWx.exeCode function: 8_2_00007FF610247FA3 push qword ptr [00007FF59B6CAA28h]; retf 8_2_00007FF610247FA9
                  Source: C:\Windows\System32\AvKmyWx.exeCode function: 8_2_00007FF610248072 push qword ptr [00007FF59B6CAAF7h]; retf 8_2_00007FF610248078
                  Source: C:\Windows\System32\XaZvEHG.exeCode function: 9_2_00007FF61D688072 push qword ptr [00007FF5A8B0AAF7h]; retf 9_2_00007FF61D688078
                  Source: C:\Windows\System32\XaZvEHG.exeCode function: 9_2_00007FF61D687FA3 push qword ptr [00007FF5A8B0AA28h]; retf 9_2_00007FF61D687FA9
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\FJbyTtP.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\DNWTLfi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\BXwYBdZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\UTMWcnW.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\AJbunRc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\QMneGpM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\dhdvyXn.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\JVLiIAQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\eTlchBa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\NbSGhVM.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\SUqdJFj.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\VFmvQYa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\AvKmyWx.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\DYRnoDf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\Emkynwd.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\wkKSPgp.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\FTsRyWe.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\JxXCqVa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\ODEkuhr.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\gaDJFNb.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\OTQisvZ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\biTFilm.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\YuhEzpi.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\PXvfCpI.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\FmDRJeq.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\uUnCnJC.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\WJJOByy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\ehLRfQc.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\oblCraV.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\FSsBuPy.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\nUwvlEf.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\KvrKIPQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\qulWMNK.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\VeDzKyt.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\TIHWeXa.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\zgnppqX.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\JvuHRXO.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\System32\XaZvEHG.exeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MZzfLEZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHHgQhg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lkHmjCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xjXpcqI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aqHHhqZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUnCnJC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sRxYPzo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\asMPLRF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nySppDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcGcYyc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WJJOByy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JyTylDG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LsxWNuU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OoXXuCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hcWXimc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SgRYHnh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrMFKUE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AmlHggH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\REoMUue.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENASfEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNMttQk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NppXEik.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoRPgID.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENNjqpn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FJbyTtP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVxVuPE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UthEkPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dkvzZbr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ehLRfQc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JlwJpiQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ifdEeMJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qYfJmBx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cvviXVl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoWRHKm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kwBHINw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XiEDOUw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yQykaWi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZksIGgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pmqeloX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uwpSJTY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Pyjxeub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmNtbmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TrOUMxR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vINSkcN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iNyWjdh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gFItvpO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUqdJFj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\atCrJKj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbmxgAo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FCGGaTu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oblCraV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vsZRZPn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKQIXhJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IfWXppj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wHmEWnE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cWFXjGb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UYpGIpx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vUMVWef.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUPTwuz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FOKqTNk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YHzfIbf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGbJixm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\edsunAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FSsBuPy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OTQisvZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUwvlEf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HHkrdhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NoVBMWR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nVRFUMU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OCQPeNZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UhaWIvI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oheGeDM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cbxEAHb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CGHEajN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AeHKOUk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aaQPPko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xZCsQFU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jlhXoDU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hldtrer.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RkBIliC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VJGuWtg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFFZxBK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HhuUNgU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oTTZHtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pnHAApr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gsJfIAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTlWhsy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oeyXpah.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pONZxkY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGIRuaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bWqzsZL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LRwQOeC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DNWTLfi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQiWMAE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VFmvQYa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nZqSwkk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIUOcyg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BXwYBdZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DecYaAF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hPbLcyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqDEnug.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIerfNx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\niuNHza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UWoSVBa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIYZzMn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SuSRVcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biTFilm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZOsbaqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oLIMGEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEjShaj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIWIAoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AARFjPz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BQVZXof.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cMZjysl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SJbiQtA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVxWAhp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SDuWpap.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sHrvKbH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuhEzpi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzOVEdp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaSCrgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rECIoeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BlxXZNI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zZluDpQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTKMSLw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZZceFPb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mUtoiRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VDAzIym.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AvKmyWx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pCYFbPY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FfHFdUV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qBNFibO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eJQEoBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\spwZxbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUGNSrJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rWLJMFs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qyjihXJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dXYoCLq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tYuJBKo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sklRMsM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVEeonp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DYRnoDf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sDUxUOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MwQiyKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ezbfIqP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dxwuaZx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wncnOga.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TRDwKtF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BkMxlYA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TKmEpby.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iDjoCba.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IwiJsNl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OaEKhAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PtyEDzX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IbzihzQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pVAAkNS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fsYNdIS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SxUWiRQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EeTDKLH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeQSiTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gvzqmaV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KPSoDjq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UTMWcnW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DoYQIEQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AINedvE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UsvbkSz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOUmNRd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Emkynwd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vQWABTG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qPOzufP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bZAgvbx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ycvgKWP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\htpHIjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lYsCKDB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ihRMBvK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BZXlXZF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HqzYgND.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdtKVFg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NHtBCxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BBTtOmS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kPIwtDx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wMaaxvk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZjfUfPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zcRTKcl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\byMqxSp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dcvcJux.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\agvrwBm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aRcunFP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iWlgDsI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ugXtQTT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kiaPNWp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KvrKIPQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KNQeCYU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSlZAbq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zxkWcfH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MVyvCVk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\boujFkb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CgshOaM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gZXMDli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oXhzTJB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TuPZZgO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FwDCyKX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OakHRVh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZxDRWfb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQrbmYX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OkcQGeE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wIBrJnT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ANovuUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OmReOVb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KsaexJr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bHOUpYN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uoUnoPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zAqphYy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wkKSPgp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\koSIwBF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSfKwnk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KEckQhl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HfVKjfu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUxFpBv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DjFGkEO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KXPXHqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hiRRhNA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SYhASaz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qulWMNK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PVSsNXl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VeDzKyt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoNaMRv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BGEmobC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KisuSgd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLBrJuN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OLgSbZB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PATRbwz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LmLfObb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPSGLBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTsRyWe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hdrmJmm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dbOMNtK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uJLpuAT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XAMlAeL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nEqlptY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AJbunRc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JxXCqVa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxZFvtG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LlVYLfY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZYpXsUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXvfCpI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VcsXjEN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IkKuNGZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hEUdUZb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TIHWeXa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QMneGpM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WvCPwWV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AfwGLOC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhdvyXn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vtyxvBq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgkhtMM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lvuSoVX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LKIvikl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AAFWtMo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVLiIAQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoWFHEB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OjDKkKR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JPNUgrl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqBemCY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YDNKKav.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvKiHlY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODEkuhr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XvmplkI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jOLYVDQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kDIeJiO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ecTFjpe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FPbzJmC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VGaYkjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MfIrnxp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QafCaUC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUhIqEX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eTlchBa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sGHQnMX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xosmhFY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaZAbif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QeMlQoi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rfvRxbV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tRrgCEd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mZbuFep.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFUZlia.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CStEhbp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xsPUYnY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EYQygjH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zgnppqX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YeogayJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\daTQGhs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHyzwMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FddCmld.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CwZoVMx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UcDbkWX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbwonFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOxtNit.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HuQzjRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YNbNjyr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\waRaTny.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNFZeRV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AoDqPum.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cQSYuAP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JSWAmsK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vwIpBIp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmfLAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbSGhVM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\suHCBrv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gaDJFNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hkdrylp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EpJmKCP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NkJqpeK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sOMtwdY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNvuQDu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zafOJaW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XaZvEHG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JvuHRXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FmDRJeq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBUJBbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzBuUNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\thYWpNp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yNciWyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pydLviI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hImJGCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QQrJtgR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dznqpDP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KdtqCrx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZcPsbVC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFlkVvC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JnWFmyo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MZzfLEZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHHgQhg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lkHmjCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xjXpcqI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aqHHhqZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uUnCnJC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sRxYPzo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\asMPLRF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nySppDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kcGcYyc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WJJOByy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JyTylDG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LsxWNuU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OoXXuCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hcWXimc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SgRYHnh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qrMFKUE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AmlHggH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\REoMUue.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENASfEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mNMttQk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NppXEik.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoRPgID.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ENNjqpn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FJbyTtP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gVxVuPE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UthEkPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dkvzZbr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ehLRfQc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JlwJpiQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ifdEeMJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qYfJmBx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cvviXVl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YoWRHKm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kwBHINw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XiEDOUw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yQykaWi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZksIGgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pmqeloX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uwpSJTY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Pyjxeub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HmNtbmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TrOUMxR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vINSkcN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iNyWjdh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gFItvpO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUqdJFj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\atCrJKj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XbmxgAo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FCGGaTu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oblCraV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vsZRZPn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HKQIXhJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IfWXppj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wHmEWnE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cWFXjGb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UYpGIpx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vUMVWef.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SUPTwuz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FOKqTNk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YHzfIbf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGbJixm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\edsunAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FSsBuPy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OTQisvZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUwvlEf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HHkrdhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NoVBMWR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nVRFUMU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OCQPeNZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UhaWIvI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oheGeDM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cbxEAHb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CGHEajN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AeHKOUk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aaQPPko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xZCsQFU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jlhXoDU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hldtrer.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RkBIliC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VJGuWtg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PFFZxBK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HhuUNgU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oTTZHtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pnHAApr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gsJfIAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dTlWhsy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oeyXpah.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pONZxkY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IGIRuaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bWqzsZL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LRwQOeC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DNWTLfi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pQiWMAE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VFmvQYa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nZqSwkk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIUOcyg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BXwYBdZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DecYaAF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hPbLcyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqDEnug.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIerfNx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\niuNHza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UWoSVBa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LIYZzMn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SuSRVcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\biTFilm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZOsbaqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oLIMGEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\GEjShaj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gIWIAoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AARFjPz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BQVZXof.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cMZjysl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SJbiQtA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iVxWAhp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SDuWpap.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sHrvKbH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YuhEzpi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzOVEdp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaSCrgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rECIoeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BlxXZNI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zZluDpQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KTKMSLw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZZceFPb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mUtoiRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VDAzIym.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AvKmyWx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pCYFbPY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FfHFdUV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qBNFibO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eJQEoBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\spwZxbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NUGNSrJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rWLJMFs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qyjihXJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dXYoCLq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tYuJBKo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sklRMsM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVEeonp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DYRnoDf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sDUxUOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MwQiyKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ezbfIqP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dxwuaZx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wncnOga.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TRDwKtF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BkMxlYA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TKmEpby.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iDjoCba.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IwiJsNl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OaEKhAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PtyEDzX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IbzihzQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pVAAkNS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\fsYNdIS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SxUWiRQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EeTDKLH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yeQSiTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gvzqmaV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KPSoDjq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UTMWcnW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DoYQIEQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AINedvE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UsvbkSz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nOUmNRd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\Emkynwd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vQWABTG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qPOzufP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bZAgvbx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ycvgKWP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\htpHIjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lYsCKDB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ihRMBvK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BZXlXZF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HqzYgND.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XdtKVFg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NHtBCxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BBTtOmS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kPIwtDx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wMaaxvk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZjfUfPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zcRTKcl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\byMqxSp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dcvcJux.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\agvrwBm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\aRcunFP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\iWlgDsI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ugXtQTT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kiaPNWp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KvrKIPQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KNQeCYU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\RSlZAbq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zxkWcfH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MVyvCVk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\boujFkb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CgshOaM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gZXMDli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oXhzTJB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TuPZZgO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FwDCyKX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OakHRVh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZxDRWfb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qQrbmYX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OkcQGeE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wIBrJnT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ANovuUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OmReOVb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KsaexJr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\bHOUpYN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uoUnoPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zAqphYy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wkKSPgp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\koSIwBF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rSfKwnk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KEckQhl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HfVKjfu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nUxFpBv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\DjFGkEO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KXPXHqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hiRRhNA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SYhASaz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\qulWMNK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PVSsNXl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VeDzKyt.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoNaMRv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\BGEmobC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KisuSgd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\wLBrJuN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OLgSbZB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PATRbwz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LmLfObb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YPSGLBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FTsRyWe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hdrmJmm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dbOMNtK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uJLpuAT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XAMlAeL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\nEqlptY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AJbunRc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JxXCqVa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\uxZFvtG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LlVYLfY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZYpXsUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\PXvfCpI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VcsXjEN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\IkKuNGZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hEUdUZb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\TIHWeXa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QMneGpM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WvCPwWV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AfwGLOC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dhdvyXn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vtyxvBq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FgkhtMM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\lvuSoVX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\LKIvikl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AAFWtMo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JVLiIAQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zoWFHEB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\OjDKkKR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JPNUgrl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MqBemCY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YDNKKav.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EvKiHlY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ODEkuhr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XvmplkI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jOLYVDQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\kDIeJiO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ecTFjpe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FPbzJmC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VGaYkjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\MfIrnxp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QafCaUC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WUhIqEX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\eTlchBa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sGHQnMX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xosmhFY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\WaZAbif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QeMlQoi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rfvRxbV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\tRrgCEd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\mZbuFep.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\SFUZlia.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CStEhbp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\xsPUYnY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EYQygjH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zgnppqX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YeogayJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\daTQGhs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hHyzwMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FddCmld.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\CwZoVMx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\UcDbkWX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbwonFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AOxtNit.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\HuQzjRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\YNbNjyr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\waRaTny.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNFZeRV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\AoDqPum.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\cQSYuAP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JSWAmsK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\vwIpBIp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\VWmfLAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NbSGhVM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\suHCBrv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\gaDJFNb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hkdrylp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\EpJmKCP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\NkJqpeK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\sOMtwdY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\jNvuQDu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\zafOJaW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\XaZvEHG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JvuHRXO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\FmDRJeq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pBUJBbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\rzBuUNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\thYWpNp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\yNciWyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\pydLviI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\hImJGCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\QQrJtgR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\dznqpDP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\KdtqCrx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\ZcPsbVC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\oFlkVvC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\System32\JnWFmyo.exeJump to dropped file
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF6E1F3EBF0
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MZzfLEZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hHHgQhg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lkHmjCB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xjXpcqI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aqHHhqZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sRxYPzo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\asMPLRF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nySppDL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kcGcYyc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JyTylDG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LsxWNuU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OoXXuCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SgRYHnh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hcWXimc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qrMFKUE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AmlHggH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\REoMUue.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ENASfEY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mNMttQk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YoRPgID.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NppXEik.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ENNjqpn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gVxVuPE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dkvzZbr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UthEkPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JlwJpiQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ifdEeMJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qYfJmBx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cvviXVl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YoWRHKm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kwBHINw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XiEDOUw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yQykaWi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pmqeloX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZksIGgD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uwpSJTY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\Pyjxeub.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HmNtbmf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vINSkcN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TrOUMxR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iNyWjdh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gFItvpO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\atCrJKj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XbmxgAo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FCGGaTu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vsZRZPn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HKQIXhJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IfWXppj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wHmEWnE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cWFXjGb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UYpGIpx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vUMVWef.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SUPTwuz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YHzfIbf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FOKqTNk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\edsunAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IGbJixm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HHkrdhY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NoVBMWR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nVRFUMU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OCQPeNZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UhaWIvI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oheGeDM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cbxEAHb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CGHEajN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AeHKOUk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aaQPPko.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xZCsQFU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jlhXoDU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RkBIliC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hldtrer.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VJGuWtg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PFFZxBK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HhuUNgU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oTTZHtv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pnHAApr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dTlWhsy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gsJfIAI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oeyXpah.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pONZxkY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IGIRuaN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LRwQOeC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bWqzsZL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pQiWMAE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nZqSwkk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LIUOcyg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DecYaAF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hPbLcyI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MqDEnug.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gIerfNx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\niuNHza.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UWoSVBa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LIYZzMn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SuSRVcd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZOsbaqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oLIMGEG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\GEjShaj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gIWIAoR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AARFjPz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BQVZXof.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cMZjysl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SJbiQtA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iVxWAhp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SDuWpap.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sHrvKbH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rzOVEdp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rECIoeF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WaSCrgW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BlxXZNI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zZluDpQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KTKMSLw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZZceFPb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mUtoiRj.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VDAzIym.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pCYFbPY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FfHFdUV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qBNFibO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\eJQEoBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\spwZxbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NUGNSrJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rWLJMFs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qyjihXJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tYuJBKo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dXYoCLq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sklRMsM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JVEeonp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sDUxUOz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MwQiyKB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ezbfIqP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dxwuaZx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wncnOga.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TRDwKtF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BkMxlYA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iDjoCba.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TKmEpby.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IwiJsNl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PtyEDzX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OaEKhAc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pVAAkNS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IbzihzQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\fsYNdIS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SxUWiRQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EeTDKLH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yeQSiTm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gvzqmaV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KPSoDjq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DoYQIEQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AINedvE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UsvbkSz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nOUmNRd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qPOzufP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vQWABTG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bZAgvbx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ycvgKWP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\htpHIjf.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lYsCKDB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ihRMBvK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BZXlXZF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HqzYgND.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NHtBCxU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XdtKVFg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BBTtOmS.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kPIwtDx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZjfUfPp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zcRTKcl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wMaaxvk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\byMqxSp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\agvrwBm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dcvcJux.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\aRcunFP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\iWlgDsI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ugXtQTT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kiaPNWp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KNQeCYU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\RSlZAbq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zxkWcfH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MVyvCVk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CgshOaM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\boujFkb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oXhzTJB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\gZXMDli.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\TuPZZgO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FwDCyKX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OakHRVh.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZxDRWfb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\qQrbmYX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OkcQGeE.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wIBrJnT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ANovuUs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OmReOVb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KsaexJr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\bHOUpYN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uoUnoPV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zAqphYy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\koSIwBF.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rSfKwnk.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HfVKjfu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KEckQhl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nUxFpBv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\DjFGkEO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KXPXHqw.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hiRRhNA.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SYhASaz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PVSsNXl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zoNaMRv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\BGEmobC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KisuSgd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\wLBrJuN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\PATRbwz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OLgSbZB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LmLfObb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YPSGLBU.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hdrmJmm.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dbOMNtK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uJLpuAT.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XAMlAeL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\nEqlptY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\uxZFvtG.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LlVYLfY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZYpXsUH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\IkKuNGZ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VcsXjEN.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hEUdUZb.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WvCPwWV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AfwGLOC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vtyxvBq.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FgkhtMM.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\lvuSoVX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\LKIvikl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AAFWtMo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\OjDKkKR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zoWFHEB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JPNUgrl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MqBemCY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YDNKKav.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EvKiHlY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\XvmplkI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ecTFjpe.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jOLYVDQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\kDIeJiO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FPbzJmC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\MfIrnxp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VGaYkjy.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QafCaUC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WUhIqEX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sGHQnMX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xosmhFY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\WaZAbif.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QeMlQoi.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rfvRxbV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\tRrgCEd.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\mZbuFep.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\SFUZlia.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CStEhbp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\xsPUYnY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EYQygjH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\daTQGhs.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YeogayJ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hHyzwMR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\FddCmld.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\UcDbkWX.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\CwZoVMx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NbwonFl.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AOxtNit.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\HuQzjRH.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\waRaTny.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\YNbNjyr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\AoDqPum.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jNFZeRV.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\cQSYuAP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JSWAmsK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\VWmfLAK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\vwIpBIp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\suHCBrv.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hkdrylp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\EpJmKCP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\NkJqpeK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\sOMtwdY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\jNvuQDu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\zafOJaW.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pBUJBbD.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\yNciWyL.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\rzBuUNn.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\thYWpNp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\hImJGCQ.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\pydLviI.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\QQrJtgR.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\KdtqCrx.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\dznqpDP.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\ZcPsbVC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\JnWFmyo.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Windows\System32\oFlkVvC.exeJump to dropped file
                  Source: C:\Windows\System32\JvuHRXO.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\wkKSPgp.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\gaDJFNb.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\ehLRfQc.exeAPI coverage: 1.6 %
                  Source: C:\Windows\System32\OTQisvZ.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\AvKmyWx.exeAPI coverage: 1.3 %
                  Source: C:\Windows\System32\XaZvEHG.exeAPI coverage: 1.6 %
                  Source: C:\Windows\System32\JvuHRXO.exe TID: 7364Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\wkKSPgp.exe TID: 7380Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\gaDJFNb.exe TID: 7396Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\ehLRfQc.exe TID: 7412Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\OTQisvZ.exe TID: 7432Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\AvKmyWx.exe TID: 7448Thread sleep time: -41000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\XaZvEHG.exe TID: 7464Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\oblCraV.exe TID: 7480Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\YuhEzpi.exe TID: 7496Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\DYRnoDf.exe TID: 7512Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\biTFilm.exe TID: 7528Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\BXwYBdZ.exe TID: 7544Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\AJbunRc.exe TID: 7560Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\SUqdJFj.exe TID: 7604Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\TIHWeXa.exe TID: 7624Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\PXvfCpI.exe TID: 7640Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\dhdvyXn.exe TID: 7656Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\QMneGpM.exe TID: 7672Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\ODEkuhr.exe TID: 7688Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\VFmvQYa.exe TID: 7704Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\FJbyTtP.exe TID: 7720Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\FTsRyWe.exe TID: 7736Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\uUnCnJC.exe TID: 7752Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\NbSGhVM.exe TID: 7768Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\WJJOByy.exe TID: 7784Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\DNWTLfi.exe TID: 7800Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\JVLiIAQ.exe TID: 7816Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\eTlchBa.exe TID: 7832Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\FmDRJeq.exe TID: 7848Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\JxXCqVa.exe TID: 7864Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\qulWMNK.exe TID: 7880Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\KvrKIPQ.exe TID: 7896Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\zgnppqX.exe TID: 7912Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\VeDzKyt.exe TID: 7928Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\Emkynwd.exe TID: 7944Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\UTMWcnW.exe TID: 7964Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\nUwvlEf.exe TID: 7980Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\FSsBuPy.exe TID: 7996Thread sleep time: -41000s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F3B760 CreateEventA,SetErrorMode,RtlInitializeCriticalSection,GetSystemInfo,RtlInitializeCriticalSection,RtlInitializeCriticalSection,SetConsoleCtrlHandler,CreateSemaphoreA,GetLastError,CreateFileW,QueueUserWorkItem,RtlInitializeCriticalSection,QueryPerformanceFrequency,SetEvent,CloseHandle,WaitForSingleObject,GetLastError,3_2_00007FF6E1F3B760
                  Source: C:\Windows\System32\JvuHRXO.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\wkKSPgp.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\gaDJFNb.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\ehLRfQc.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\OTQisvZ.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\AvKmyWx.exeThread delayed: delay time: 41000Jump to behavior
                  Source: C:\Windows\System32\XaZvEHG.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\oblCraV.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\YuhEzpi.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\DYRnoDf.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\biTFilm.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\BXwYBdZ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\AJbunRc.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\SUqdJFj.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\TIHWeXa.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\PXvfCpI.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\dhdvyXn.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\QMneGpM.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\ODEkuhr.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\VFmvQYa.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\FJbyTtP.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\FTsRyWe.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\uUnCnJC.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\NbSGhVM.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\WJJOByy.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\DNWTLfi.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\JVLiIAQ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\eTlchBa.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\FmDRJeq.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\JxXCqVa.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\qulWMNK.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\KvrKIPQ.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\zgnppqX.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\VeDzKyt.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\Emkynwd.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\UTMWcnW.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\nUwvlEf.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\FSsBuPy.exeThread delayed: delay time: 41000
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F7D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6E1F7D6D4
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00007FF6E1F3EBF0
                  Source: C:\Windows\System32\JvuHRXO.exeCode function: 3_2_00007FF6E1F7D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6E1F7D6D4
                  Source: C:\Windows\System32\wkKSPgp.exeCode function: 4_2_00007FF7E305D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7E305D6D4
                  Source: C:\Windows\System32\gaDJFNb.exeCode function: 5_2_00007FF62744D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF62744D6D4
                  Source: C:\Windows\System32\ehLRfQc.exeCode function: 6_2_00007FF647D6D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF647D6D6D4
                  Source: C:\Windows\System32\OTQisvZ.exeCode function: 7_2_00007FF63CD8D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF63CD8D6D4
                  Source: C:\Windows\System32\AvKmyWx.exeCode function: 8_2_00007FF6102DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF6102DD6D4
                  Source: C:\Windows\System32\XaZvEHG.exeCode function: 9_2_00007FF61D71D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF61D71D6D4

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  DLL Side-Loading                  		1
                  Process Injection                  		12
                  Masquerading                  		OS Credential Dumping1
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		11
                  Virtualization/Sandbox Evasion                  		LSASS Memory11
                  Virtualization/Sandbox Evasion                  		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                  Software Packing                  		Security Account Manager2
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Process Injection                  		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Obfuscated Files or Information                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe84%ReversingLabsWin64.Coinminer.XMRig
                  file.exe100%AviraPUA/CoinMiner.Gen
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Windows\System32\ENNjqpn.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BZXlXZF.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AAFWtMo.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DYRnoDf.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ENASfEY.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\EeTDKLH.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AvKmyWx.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CGHEajN.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AJbunRc.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DecYaAF.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BGEmobC.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CwZoVMx.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BQVZXof.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BlxXZNI.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DNWTLfi.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\EYQygjH.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BBTtOmS.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AoDqPum.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AeHKOUk.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CStEhbp.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DjFGkEO.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\DoYQIEQ.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BkMxlYA.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AmlHggH.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AINedvE.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AfwGLOC.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ANovuUs.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AOxtNit.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\CgshOaM.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\BXwYBdZ.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\AARFjPz.exe100%AviraPUA/CoinMiner.Gen
                  C:\Windows\System32\ENNjqpn.exe100%Joe Sandbox ML
                  C:\Windows\System32\BZXlXZF.exe100%Joe Sandbox ML
                  C:\Windows\System32\AAFWtMo.exe100%Joe Sandbox ML
                  C:\Windows\System32\DYRnoDf.exe100%Joe Sandbox ML
                  C:\Windows\System32\ENASfEY.exe100%Joe Sandbox ML
                  C:\Windows\System32\EeTDKLH.exe100%Joe Sandbox ML
                  C:\Windows\System32\AvKmyWx.exe100%Joe Sandbox ML
                  C:\Windows\System32\CGHEajN.exe100%Joe Sandbox ML
                  C:\Windows\System32\AJbunRc.exe100%Joe Sandbox ML
                  C:\Windows\System32\DecYaAF.exe100%Joe Sandbox ML
                  C:\Windows\System32\BGEmobC.exe100%Joe Sandbox ML
                  C:\Windows\System32\CwZoVMx.exe100%Joe Sandbox ML
                  C:\Windows\System32\BQVZXof.exe100%Joe Sandbox ML
                  C:\Windows\System32\BlxXZNI.exe100%Joe Sandbox ML
                  C:\Windows\System32\DNWTLfi.exe100%Joe Sandbox ML
                  C:\Windows\System32\EYQygjH.exe100%Joe Sandbox ML
                  C:\Windows\System32\BBTtOmS.exe100%Joe Sandbox ML
                  C:\Windows\System32\AoDqPum.exe100%Joe Sandbox ML
                  C:\Windows\System32\AeHKOUk.exe100%Joe Sandbox ML
                  C:\Windows\System32\CStEhbp.exe100%Joe Sandbox ML
                  C:\Windows\System32\DjFGkEO.exe100%Joe Sandbox ML
                  C:\Windows\System32\DoYQIEQ.exe100%Joe Sandbox ML
                  C:\Windows\System32\BkMxlYA.exe100%Joe Sandbox ML
                  C:\Windows\System32\AmlHggH.exe100%Joe Sandbox ML
                  C:\Windows\System32\AINedvE.exe100%Joe Sandbox ML
                  C:\Windows\System32\AfwGLOC.exe100%Joe Sandbox ML
                  C:\Windows\System32\ANovuUs.exe100%Joe Sandbox ML
                  C:\Windows\System32\AOxtNit.exe100%Joe Sandbox ML
                  C:\Windows\System32\CgshOaM.exe100%Joe Sandbox ML
                  C:\Windows\System32\BXwYBdZ.exe100%Joe Sandbox ML
                  C:\Windows\System32\AARFjPz.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://pdfcrowd.com/?ref=pdf)file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drfalse
                    		unknown
                    https://pdfcrowd.com/doc/api/?ref=pdf)file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drfalse
                      		unknown
                      https://gettodaveriviedt0.com/secur3-appleld-verlfy1/?16shop)file.exe, OTQisvZ.exe.0.dr, KNQeCYU.exe.0.dr, FTsRyWe.exe.0.dr, UYpGIpx.exe.0.dr, YuhEzpi.exe.0.dr, JyTylDG.exe.0.dr, rWLJMFs.exe.0.dr, MVyvCVk.exe.0.dr, UsvbkSz.exe.0.dr, FCGGaTu.exe.0.dr, QeMlQoi.exe.0.dr, ZxDRWfb.exe.0.dr, boujFkb.exe.0.dr, ENNjqpn.exe.0.dr, LKIvikl.exe.0.dr, vINSkcN.exe.0.dr, gIWIAoR.exe.0.dr, vQWABTG.exe.0.dr, BZXlXZF.exe.0.dr, byMqxSp.exe.0.drfalse
                        		unknown

                        World Map of Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1522740
                        Start date and time:2024-09-30 16:19:10 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 11m 14s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:41
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:file.exe
                        Detection:MAL
                        Classification:mal100.evad.mine.winEXE@2488/330@0/0
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                        • Report size getting too big, too many NtCreateFile calls found.
                        • Report size getting too big, too many NtOpenKey calls found.
                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                        • Report size getting too big, too many NtWriteFile calls found.
                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                        • VT rate limit hit for: file.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        10:20:03API Interceptor1x Sleep call for process: DYRnoDf.exe modified
                        10:20:03API Interceptor1x Sleep call for process: YuhEzpi.exe modified
                        10:20:03API Interceptor1x Sleep call for process: JvuHRXO.exe modified
                        10:20:03API Interceptor1x Sleep call for process: gaDJFNb.exe modified
                        10:20:03API Interceptor1x Sleep call for process: BXwYBdZ.exe modified
                        10:20:03API Interceptor1x Sleep call for process: ehLRfQc.exe modified
                        10:20:03API Interceptor1x Sleep call for process: XaZvEHG.exe modified
                        10:20:03API Interceptor1x Sleep call for process: OTQisvZ.exe modified
                        10:20:03API Interceptor1x Sleep call for process: wkKSPgp.exe modified
                        10:20:03API Interceptor1x Sleep call for process: biTFilm.exe modified
                        10:20:03API Interceptor1x Sleep call for process: AvKmyWx.exe modified
                        10:20:03API Interceptor1x Sleep call for process: oblCraV.exe modified
                        10:20:04API Interceptor1x Sleep call for process: TIHWeXa.exe modified
                        10:20:04API Interceptor1x Sleep call for process: AJbunRc.exe modified
                        10:20:04API Interceptor1x Sleep call for process: SUqdJFj.exe modified
                        10:20:05API Interceptor1x Sleep call for process: VFmvQYa.exe modified
                        10:20:05API Interceptor1x Sleep call for process: PXvfCpI.exe modified
                        10:20:05API Interceptor1x Sleep call for process: ODEkuhr.exe modified
                        10:20:05API Interceptor1x Sleep call for process: FJbyTtP.exe modified
                        10:20:05API Interceptor1x Sleep call for process: DNWTLfi.exe modified
                        10:20:05API Interceptor1x Sleep call for process: uUnCnJC.exe modified
                        10:20:05API Interceptor1x Sleep call for process: FTsRyWe.exe modified
                        10:20:05API Interceptor1x Sleep call for process: NbSGhVM.exe modified
                        10:20:05API Interceptor1x Sleep call for process: dhdvyXn.exe modified
                        10:20:05API Interceptor1x Sleep call for process: WJJOByy.exe modified
                        10:20:05API Interceptor1x Sleep call for process: QMneGpM.exe modified
                        10:20:06API Interceptor1x Sleep call for process: FmDRJeq.exe modified
                        10:20:06API Interceptor1x Sleep call for process: VeDzKyt.exe modified
                        10:20:06API Interceptor1x Sleep call for process: KvrKIPQ.exe modified
                        10:20:06API Interceptor1x Sleep call for process: eTlchBa.exe modified
                        10:20:06API Interceptor1x Sleep call for process: zgnppqX.exe modified
                        10:20:06API Interceptor1x Sleep call for process: JxXCqVa.exe modified
                        10:20:06API Interceptor1x Sleep call for process: qulWMNK.exe modified
                        10:20:06API Interceptor1x Sleep call for process: JVLiIAQ.exe modified
                        10:20:07API Interceptor1x Sleep call for process: UTMWcnW.exe modified
                        10:20:07API Interceptor1x Sleep call for process: Emkynwd.exe modified
                        10:20:07API Interceptor1x Sleep call for process: nUwvlEf.exe modified
                        10:20:07API Interceptor1x Sleep call for process: FSsBuPy.exe modified

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Windows\System32\AAFWtMo.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1584769
                        Entropy (8bit):7.3583209411904695
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QA3v5aKD:knw9oUUEEDlGUJ8Y9c87MeLHD
                        MD5:BEC75323CACB4E351F4F0AFC55FC780A
                        SHA1:9888906FB719005BE34DD187B037124A7DB018C3
                        SHA-256:9334E33457461ADF454C20C4E852AA4C297CB5A9B3FCF40F0A7E3A7C94A8A830
                        SHA-512:8E7C546C06CA0C3B543D2B5C58CCF2BA3D17D95EF31BAFCAED0799BA99E4183D75160AE0FBCA9FC6FEAE62B71F16390572AF9A467186BC8237A50FAB6D6F6FB3
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AARFjPz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1599190
                        Entropy (8bit):7.349469329128081
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QBue4:knw9oUUEEDlGUJ8Y9c87MeXD
                        MD5:880C56164D343E83FA1E1265A8DE3726
                        SHA1:C55478DB56D54A2FF26FDD7D2D4693F4DD8F2722
                        SHA-256:8B59ACBFB099ED37C475781816760A0FCCE16A4B57AAEEC9148C2F9771A74C4F
                        SHA-512:9FC588EB07B7FDE333940FF111B628099A1AB0185C6DA89C9E72CBE97AE7EC47255C81285D89820DC3461D874D0B2055E5D4BE19B66EC6402391604CEA9601D3
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AINedvE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1567818
                        Entropy (8bit):7.368838854457112
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QxZ:knw9oUUEEDlGUJ8Y9c87MeKZ
                        MD5:3A3FA8024509876CBA94AAE1C84789C3
                        SHA1:175F076B5043A9931B8E1496A2487399839782F2
                        SHA-256:047BAAD2893EAD234E628EBE0CE6BD8F906C54DC4815B8002B11FD4FB8DF553F
                        SHA-512:3B0EEADF42419D088FB61B5C3A21BF4099EFA2687A8142161826AB5243A84E8D597ED577E2A4A2157AC1808312BCC674DCF5E59EFAFAEF9A131B74B32AD5F190
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AJbunRc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1555168
                        Entropy (8bit):7.376767888747513
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qw:knw9oUUEEDlGUJ8Y9c87Med
                        MD5:9249C26A0C05508DC019A58EC0C1E2D6
                        SHA1:C9DEF6D1A44948945D2948F6784141A16DC91F94
                        SHA-256:B00AB798C1BD86CF8F2D4467A1185571F2B318A737245A08B8E2BD24CDE28513
                        SHA-512:13B7795BF8C93C4C324A0852CE38A4C538126728872BF62792D17B2BB1D0029F05CF7413C4E955E8CD766C0B5C61A20C015F0836C801F06DE2300D5F45EDC093
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ANovuUs.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1613358
                        Entropy (8bit):7.340848123695503
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qkf1:knw9oUUEEDlGUJ8Y9c87Mezd
                        MD5:BC0E20188FD096C13BC03148B6C90CB1
                        SHA1:270A6B4906A629A7EECF33D9E7E56273EF43FA95
                        SHA-256:E58544C02FB0E71BCA309D115AEE30C2F4F1FD8439F004A6764C18DDBAC7B200
                        SHA-512:BA809F2F7EF749E97D1F5C15AA002B746BEE39AE571B343E1D2E116F5C9A20F00E2F5336D78F097BB94EDE5475EC603FAFB922746C8F0D8471F2F765603689A6
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AOxtNit.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1568830
                        Entropy (8bit):7.368201618485821
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QetH:knw9oUUEEDlGUJ8Y9c87Me5l
                        MD5:E89A2FF350647006908F1F84B4FF350C
                        SHA1:1CC725A1767AC9AC2A68BE1D15DEFCC97920929C
                        SHA-256:92207B50293426656AC5E41556D1147B2775531F5EADFFE88E410865C7903CFE
                        SHA-512:7EE5A0399AB93439E2DB44962ACCAAC2B0FA3EFFE4BA247CC8F4776DAC66C7499F7F05D8CB8896D61517CB5865745FFCB44DC4BF47846ADD9BDBA489F17B04F8
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AeHKOUk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1582745
                        Entropy (8bit):7.35956287380925
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QTUr:knw9oUUEEDlGUJ8Y9c87MewUr
                        MD5:92DA2FC0D89C41D5FB7A2D5DF5949D38
                        SHA1:1EBD5010401EE0194C049C2EBBD8BFF78D2DBD5D
                        SHA-256:CCE857B282FB819529AF4B5B555213DAC6D7A19880010E41D8C897425474D1D2
                        SHA-512:97AADBAD273ECEE401495D723376C8DB3F8D35EBB6F2FF5CF1B146639EBF7F339FC8A392B4FD7288A3BC8FD2ACE5D4C2ADEA35AAE090273A69294ED66592A913
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AfwGLOC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1625249
                        Entropy (8bit):7.3336976345909655
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QPL/Y7:knw9oUUEEDlGUJ8Y9c87MeK0
                        MD5:0A0728122C215CDAE9262DFDEAA3A0F1
                        SHA1:529B2A9CAA552DBFC2CB36F5D18ACD59EE3D9A7A
                        SHA-256:E6A66C3E146FA8B132A0CB7413A564965962923CA878F4161840D669B12D44D9
                        SHA-512:FE7CE1BB84AD2A43E175C97F922429B68E57FCB5C4039D7F3670C17C64C855F55A1B55B9A0B37F5DFD6ED8E8E6AB8023FA97C4B077B797A365E1F2FAEAE370E5
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AmlHggH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1612599
                        Entropy (8bit):7.341313872537032
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QHdc:knw9oUUEEDlGUJ8Y9c87MeKe
                        MD5:118056205926E4C078935A14FFD2CA28
                        SHA1:E93E64EF31C465DAAD30D4E1DBDF8E31599D122D
                        SHA-256:DBC2B64664879FB35B9331632162F44F07703D1E71A29E2BD2E7D4F7574368EE
                        SHA-512:7BAD52BE08B89C996998653F056F7EBE8280E9098CFF9C5344FBFC2F857E38EACDAB04AE9381001983BC27471104851117E34B3CE31A90655F1E6AA73AF7DA59
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AoDqPum.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1610069
                        Entropy (8bit):7.3428427772972835
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QmaWl:knw9oUUEEDlGUJ8Y9c87Mez
                        MD5:A0AB3AEA5D5B926D0270AF0AC410FA70
                        SHA1:E1642244D75B72F0F440D734DD52F87793490C80
                        SHA-256:BD5F24D49D80AB430635406E3DB851B3104515113D782D8314593524BCCBADF0
                        SHA-512:FCDFB7E61E160D4A4DD6C3A038685A5A9F918F2DC18A9888D6F9AE16E477B59BAAD8F35C4CA78A2034D61A180297C30DBAFA55F33EC164E1854AB171FD5EAC6D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\AvKmyWx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1553397
                        Entropy (8bit):7.377883664901707
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qg:knw9oUUEEDlGUJ8Y9c87Me3
                        MD5:841BEA0ABC6175B71CF54816D381E9A6
                        SHA1:AEF2D98681BEE68CB1CCCBFABEA7EA83106498E7
                        SHA-256:CF999A57CF7385AF49BBCB4AA32227CFD8B2792527E1156F9D489FDB9D900310
                        SHA-512:167A899F401E489042F2284CDA0EDA17975F27CF3B35FC0DC328821C9C7AE4F5638E09A336A0977192B22C1046DECE8A703B5BC6D9A641AE05314DA234A47F05
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BBTtOmS.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1569842
                        Entropy (8bit):7.367572220416682
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QI:knw9oUUEEDlGUJ8Y9c87Mex
                        MD5:FA64797D2277C39727DFC8C86B7D6134
                        SHA1:1692AADC591DC4C40D199D31B3385A214CC9B406
                        SHA-256:FE67ACAF0A02806B22FD8DC3E538BF26CD493651F05D8F2E6E4E973B73F36F74
                        SHA-512:56D66C6B806FC7AB95E2894B14A04CC1E3B3BCD5F8A6E1A820E7E52BB33532AE1EDED065B1A81187385C0D0E0FFBDE6EF3F3423C6FF484742504ADA4DB189BEB
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BGEmobC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1603744
                        Entropy (8bit):7.34667645269983
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QQDm:knw9oUUEEDlGUJ8Y9c87Me9Dm
                        MD5:412CD6DF79D84BFE1759917E8491540B
                        SHA1:4BC0FEDDCD8BE47593E2B709F59698851A5B0B02
                        SHA-256:849CAB5636B6D12BB0627AE0C19F29F3E90361E7B739B349D407D977AB1B4490
                        SHA-512:06F63CBE2B78400F596C85F95D977787942E99CC3692D2996D3429E1061A4D52D8BB25E1AF8F40E348B2AB133435099D3F05E7A501110DBBDB3C4BE332423A6D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BQVZXof.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1606021
                        Entropy (8bit):7.345297134813306
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QxDYp:knw9oUUEEDlGUJ8Y9c87Me4Yp
                        MD5:EAFE54A6841075304E633C3DC855D417
                        SHA1:3CBCE785A64F56765C6993D3B4A3516F8CCFD9B2
                        SHA-256:BE109A2294A268DD1B99EAC9675C620CBF1ABDDCBA0B707690C83ACEBB51BC3E
                        SHA-512:7112F7205391477564DE9093719EBBF865AB8D383D1F74E37852A956D23B241C53D6FBE36433E96CE01CE84AB3410B8E4608ADD897A8759DFD6FEE1DF4C53A77
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BXwYBdZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1554915
                        Entropy (8bit):7.376926840654237
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QT:knw9oUUEEDlGUJ8Y9c87Meg
                        MD5:304FAB3A2BC6B94A463C737CF9711097
                        SHA1:02EC106A6063A7326D2F18653C8C8FBB6C01BED8
                        SHA-256:B4C8E7EEF6ACA27D3CB009F0AA88EE6C43E37A10B055B136D282FD4369EDDB1E
                        SHA-512:12D823EB7152FAC38EB85EA939E376AD569BB210C4E06473ABC1C1517BDAA283FD0AB4406D1EB8532FFB62AB16FF48B71ADB8D384657816E2C44CB730EEDEAE7
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BZXlXZF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1620189
                        Entropy (8bit):7.336731566715058
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QBzu:knw9oUUEEDlGUJ8Y9c87MeX
                        MD5:2D9258C95372B92198855A048E8DEF57
                        SHA1:6C2C8D7DF0FF890011F101090AAA4D4DD2D00E95
                        SHA-256:59B0DE021A74377CFB021AE59F08CD7A2D5DC71084165DD42F4F9E146E6C27DB
                        SHA-512:BC0B20A5F052BC7472930D62DDE848AA4529D3FCCEF6BD815DBA485B8FC7E343DB4F05536269BDB2F794F3F3D8FF24789F653155A95AF76932F61FBC37A46A22
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BkMxlYA.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1581986
                        Entropy (8bit):7.360032126165933
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QGz:knw9oUUEEDlGUJ8Y9c87MeH
                        MD5:41AF59CB2B3F853A5DF2798B0AD43E50
                        SHA1:D82EC56E1912688F5F3ED9B423CC24B49264BB72
                        SHA-256:E94FEB4A58E9CB0E56D69F33431A2F0F5B2BD88B6720B91945B573F8C23B8C58
                        SHA-512:DFD134DD9136C1E76DACE7F4B9A0F8C14AD411F31744A52C791EBA158BF624225EB2E7043042874482D7256B1293596274EC31C57435C2791A20146BF41F35C6
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\BlxXZNI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1584010
                        Entropy (8bit):7.358779620624127
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QI:knw9oUUEEDlGUJ8Y9c87Me5
                        MD5:E6E1D554A20392D6C8B54DC8188B37BE
                        SHA1:6469857BC711AE4322712A094C4023B8A6A3CCEB
                        SHA-256:6D79C4886FF067F160B0A48FEBDFBD60A746E0DF4EB1AF638C33DFF27F6386CB
                        SHA-512:CC65B3AC67B7864C1883FDC30509D5DBB6FC4EE2A86D349469D5363F70D918ADB3FD3EE17EF3CBD00C6EAD1DFB739DB7764FDD9FD716724AF33DB9921C01DA2D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\CGHEajN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1614876
                        Entropy (8bit):7.339946328064743
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QY+Nh:knw9oUUEEDlGUJ8Y9c87MeO
                        MD5:66FBBF063E6C45A7C7355272FA5FC779
                        SHA1:B4AB32C9CBE3F7F966BDED815C65B0DF2F3A9AA9
                        SHA-256:76776F7CD51627B36DB3F2ABCB27D47D51630593F33597AF55D06A53D30BA5C6
                        SHA-512:EBBAA90EC3FD25232E57A88E0AC09FD61DF3DD016C30E695FD91322F0405186DB26D9342B6E36FE7CBBB33BA2335D9EB29D1EAAF306D13A9F1EF7EE0685E4209
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\CStEhbp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1600961
                        Entropy (8bit):7.348395819907871
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QKj:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:4A9C1BCAF0FC38B7C131EBD96FEA0FB7
                        SHA1:92834D84A03B0F8542770FB34223F5C9ECA6B693
                        SHA-256:AEFDE49B258607B7FC7740E68D07007D8B57544CC153A112399405F754CC09AB
                        SHA-512:52C28AD2F677046C71AE35B540D377D797FD429C697342F6B48116FC5195200A40EF4D45ED9CBAF09BC894FDC3402462D2C62FAF23DF170BD5101A6FA5609AA1
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\CgshOaM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1608045
                        Entropy (8bit):7.344065282929698
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJ:knw9oUUEEDlGUJ8Y9c87Me2
                        MD5:918677A24E1D8E59610F244B83EFF37A
                        SHA1:7D6ABD3F5D5D56B9DF4D5ECB883E1823194A07D3
                        SHA-256:F1748369A727310E208BA8B21595B2D1E9847B5AA89B74F8E914E3096B9B0FD9
                        SHA-512:E19991D9D03EBFCCA45AE5B0BD973709A5C67D7AF49E13AA579656CDBE8EA47D18663E4CA55F7EA5E8BAA7C19D38F19AB15486A88A0D43432A7C3A7B0E31A13F
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\CwZoVMx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1571107
                        Entropy (8bit):7.366789100055009
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QHi:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:07290A085AE17AF12B1F7924673711A7
                        SHA1:2421291098E3E788963170D96CA0DCD96DB86A37
                        SHA-256:8695AB8D83A77A65E691695024AE9FF48881EC8122A22FFEBEDC93185C269D5C
                        SHA-512:F4F4D533631FDEA2C3E5675155FB21908C48DF391AFAE7AFE4048D4088618CCF717C5C5BD0FA7AE95F610F5B6234CE708835594A8134B9F90DB0CE49BC75AE1E
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\DNWTLfi.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1558457
                        Entropy (8bit):7.374698934162115
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QYT:knw9oUUEEDlGUJ8Y9c87Mex
                        MD5:72A3D455067D2ABD9D9606F78856FEAD
                        SHA1:39B5294C9FA9A159E0CB6C9ED234DFEEA4C8D7BF
                        SHA-256:2AC0FC3177FCA8C3AAABF85A954D4E8C1FCEA9A9DB055F7EEB137ADD54944DE4
                        SHA-512:CF394C83FCB82B0574439E015B90D05C4392E38683B00C0FDE4DCD8C7FCDAB00BC1C87097006A5B70C2D451350CF765B015EB6D379A74B9A18964F4B91D40A4B
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\DYRnoDf.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1554409
                        Entropy (8bit):7.377246251128828
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qb:knw9oUUEEDlGUJ8Y9c87Mec
                        MD5:A6403A65B8303085E94CE9310A448013
                        SHA1:B0C946FA12A343564804A8DD31729065F096FD94
                        SHA-256:DACD2314D1D5F4EAE409D677BBA2E2A75DB2E0ACC7C0A3BDF8767553163396C3
                        SHA-512:658F7574E5CD2CF4BD82BEFECC3B0EB32BE907E517CFF143CADD0F2B6EFFE1DA48D7AD11D694084B5FD61989B4015A48B1656493FE0989FDA7C9703B3BA6F95D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\DecYaAF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1564782
                        Entropy (8bit):7.370732001839316
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q7:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:DD57A57A6BAE39C3BDA51BF9D9DDFF76
                        SHA1:CFCD23CBBE0FCAD2DEDA41F6166F64D45E604CDB
                        SHA-256:DF73162F61AE2B6EE3845BF08019DBFC07F07FCB2A6CC2A26C358E84F09562B2
                        SHA-512:27F482CE645323398234419C27F3E660E53CE94F82592373D4FFC6D0CCF9959FAC2831FD7E2C61A8FD4E67FD82D1E9ED87173B8E2DADB71E41F2963CAC20B4B7
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\DjFGkEO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1590588
                        Entropy (8bit):7.354729090478194
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QVsH:knw9oUUEEDlGUJ8Y9c87MeV
                        MD5:78B5D011643B3BCFFCD171ABE05F22CF
                        SHA1:3E8E4ABDEFC9D61AFC65C7B3308418B526604408
                        SHA-256:3773613416FC5A6500AE4FF9A4B1E7616E82948C06F75B8EB97332435951694F
                        SHA-512:4FE775250950EC46F7D61019781DBD92BE088F23848F5898F52F2CDE4403BCFA2A58AD6AC4E6B576E3119BB55248A3047C165EE1FA56096B2420E43837C38AEF
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\DoYQIEQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1587299
                        Entropy (8bit):7.356748513466184
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qw:knw9oUUEEDlGUJ8Y9c87Men
                        MD5:15A8C276BB307D7BBAB7200FF37E15CF
                        SHA1:479C785F2FBD52111F47B25983DAA90BF92D5AD3
                        SHA-256:BA88A31447CC244AC1D6265C5325922DC900EAFC58A1AD61FBFD64948A9C97FD
                        SHA-512:1B86247784EF687275F8E0F8603927ED6EDF9749C92F0D47A39AC6AAD42865EE27AA657F225AA76CD38035C04BD67F40DA5C96D7FEAE585F7A81FAE2968B228D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ENASfEY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1629803
                        Entropy (8bit):7.330984910216939
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q2RK:knw9oUUEEDlGUJ8Y9c87Mes
                        MD5:E469B6345AFE705A04FC23DB26F7FDD9
                        SHA1:F80E0ED24B65636AD00B1FE6A201552B504BB254
                        SHA-256:50B65CF31B75908EF87A741ED50145E0FF6CD99A9EAAF9805A47763A77969061
                        SHA-512:B36FFCD979B405544B0305F80C8B37F7AC711EBEA16AE191B1CC411F7D488989E4D86A45010A75BEBCB97946D95A2FD8BADA46A2CB8565C41BC17D6D3201F305
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ENNjqpn.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1607792
                        Entropy (8bit):7.344210877128808
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QRiu:knw9oUUEEDlGUJ8Y9c87MeQL
                        MD5:448FE1408494E990D8C32D2F3E05B309
                        SHA1:007EE549901359A864313CF215BA5856953AED70
                        SHA-256:6C5FD0873CA24E6FB93E5A501AD5BD4F40758515B76D4CD190CCC8BD6F0B7D18
                        SHA-512:6464D3EE5A7173171158739B2C4EDBC831096231C20F41B3ED5637C6020451C284559BEAB5FC89AEC60A771B615E6FAAC5BB0CC80AFE87D94CDFD7FB59C8DE0B
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\EYQygjH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1617406
                        Entropy (8bit):7.338408980694356
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXL:knw9oUUEEDlGUJ8Y9c87Me2
                        MD5:068B01B5497F0D376675F01F629B118C
                        SHA1:DA0CAF72C804832DCFFFD45F98F120ED0F86D9D1
                        SHA-256:CCD1AEDBACFBCD21853328F1B3137523C4041C1323B18094504278A0D30AEF93
                        SHA-512:46A3ECEFE3353D68FECEB5C4E652CF164C279DFF82457D9DA2FB08F0B7F129ECA6090F0309EC4FE8911DEA035C445A42E134C4EDB58BE3A3D98E80165AD94A16
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\EeTDKLH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1616647
                        Entropy (8bit):7.338879869023246
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXY:knw9oUUEEDlGUJ8Y9c87Mej
                        MD5:C5B24E9986C18F4797ED4EEF6BFD8AF1
                        SHA1:34F25484ACEE3B43779D0C1E87E687C769B5FB1B
                        SHA-256:E1B06A28AE62FBD7E00C9DBD75CCDD6E59AC5783C011A9E9674458C93D33DC4F
                        SHA-512:0B81D921B5D1D4C3793DEE4C2CF8B6B15D81E707381C427FA1F89DA816DF51864760EAEBFB2BCBB01C49E7021A0C34C503F5A99B45E848ED111DA090C029194E
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\Emkynwd.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1560734
                        Entropy (8bit):7.373267568216624
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q1M:knw9oUUEEDlGUJ8Y9c87MeT
                        MD5:0434051E980CE3C204BB982D764E8003
                        SHA1:4C4C725F685516C0E196217DE54D4DF7DADDB0EC
                        SHA-256:8955C80D50A97880008951D06E63802F45D7793816AC86B53E532468C592EA32
                        SHA-512:923DB308E2EE037A94E2F639C795A2EBD124A26C3429D4C9325F6C0ECD813A01E58B90764A2E000D6ECD9DC9C34A048C64470895C3BAF4EF717C280EFA8687F4
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\EpJmKCP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1579709
                        Entropy (8bit):7.361449019851181
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QH:knw9oUUEEDlGUJ8Y9c87MeA
                        MD5:406BEC5721D7BF73CCA92D57595CF591
                        SHA1:5991C438F55EE88E00891D8A31AFC66009087A8C
                        SHA-256:51FD0ABEF9423E7357C86FC5FB8942F76ACAE3132360FE9424D3E5610871764B
                        SHA-512:A258D41F06390A80E9ECE3A48CABD2B8B195E24B940AE5392475DC3E4BB4FFF275CAF038A2C61E00E52C8CF1A103D5E613E5FD5FEAD2A9FA719E6A0C4C1B4BCC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\EvKiHlY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1574396
                        Entropy (8bit):7.364747483367924
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0d:knw9oUUEEDlGUJ8Y9c87MeZ
                        MD5:E7A6AF9646054E6BE3BBDBC927CC4F6E
                        SHA1:EF7F932CDA9DDF5BDA3148E68587313ACE916C75
                        SHA-256:4726D58E34DE4403A676DB6A13835B85175993E69102E974F5CCD56EEA09439C
                        SHA-512:0761692720A311C3EABAD16EC22F9BB55D1B49D98BFD6A4E64B8AAE9C9A7E9A03BA51771E7BA50B39C56FFE6FA50C1AD2F32807FB3212C7B5E89E2921DC79215
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FCGGaTu.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1568577
                        Entropy (8bit):7.368364256928353
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qk:knw9oUUEEDlGUJ8Y9c87Me/
                        MD5:CC59368BA13E8B75900DD95B09ECB71A
                        SHA1:0FC519B559FDDCFEC47ECE4B0D19B8F825D56F7C
                        SHA-256:05FF3C8A7B8A00F0CA1DB090DC788DCB4292A315CDDF491CCBFEC75B99B9315A
                        SHA-512:F45F136933F4EA423DDFD382B4773446FB1B57A0E1054F5680D948B8AED168BF75B5D65E0BE492C54D599544B4E20C4126E8651405787B8A3A58F402E81C5D3C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FJbyTtP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1557192
                        Entropy (8bit):7.375490149557226
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QE:knw9oUUEEDlGUJ8Y9c87MeN
                        MD5:50E70B08C468FC6A4CE90728D7D345A4
                        SHA1:02062B19B2A0CB30BDAA1273074AB00620BCE72F
                        SHA-256:D5F25DA2D3B7384BBBDB1D3F0B6D4F5EB0ED6AD403156B1CA2A75125AB5C778C
                        SHA-512:6790F2E4C8F5A1540886D58643D44DF2EBA5070EA0F42A0C9C3EF4EC0EAA83A940324FAD6A2A25DED3D4FBA3F977282FFA3AA417303DDB3EFAD3ABE77A5BF2C3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FOKqTNk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1580721
                        Entropy (8bit):7.360816128116409
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Ql:knw9oUUEEDlGUJ8Y9c87Me+
                        MD5:9C06B523F290AEB282A826FDAA58BB90
                        SHA1:E414DACED062197A1A36B2AF3FC2AFB96D993D40
                        SHA-256:33242EA4CF9F05E46E23172555AAE2319D6193E3911077675318C69DD2118265
                        SHA-512:E1331FD4B1589216817BD0B7D5F5204F0F87F01FE13F8BBD6C5931DF04FD0089A4CA75BA13B26530B5C1DC310259795166F95423DF37385A7438A77C6101FE23
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FPbzJmC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1579203
                        Entropy (8bit):7.3617567988955
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qgn:knw9oUUEEDlGUJ8Y9c87Met
                        MD5:C26CBDD8619E27026B62DE840CB25CC1
                        SHA1:118F06E1D697A0C5866952554A6C0421FFEA81D6
                        SHA-256:EEB882923E0750E52D4AA8EDDE718D660E17ECC85A9DA45781339BED92CE0F6D
                        SHA-512:CBA20F421C13331B018619BACD350E6C1169DA23501915D67AFD3F08AE10C2E401486FF31A959E7DB0261D7FD2684854F83206965BC6783F640E9C9FAA3267D6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FSsBuPy.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1561493
                        Entropy (8bit):7.372793133882498
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qz:knw9oUUEEDlGUJ8Y9c87MeY
                        MD5:B7662CD52112E08B2FD1CFCBDB637951
                        SHA1:BB9A17853325031BDEE3CDE80EB0720746624A0A
                        SHA-256:30A53A61FFB5657284BC1E17C2B0D09AAC63691F0A91693273181F1CBC3C74DF
                        SHA-512:554007DF890BCFBEAF157F3042880B5BEF7CDF6A8A0940925F0A0EA7678ABCF6966B7B860A35722F435B2EBE6A0CA15C86F40D6360A4A19A4512913B29E4519C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FTsRyWe.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1557445
                        Entropy (8bit):7.375333459078662
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QF:knw9oUUEEDlGUJ8Y9c87Mey
                        MD5:F6FA7545DFB588110D679B9B2D75CAE3
                        SHA1:488DCAA9A83B83AAD9868A205122F4A395996621
                        SHA-256:3164C6C373DD3A9DF8E27313A5A4CC8D984979E71A637D351BA0D696FC0EB20C
                        SHA-512:AA6DFDCD38CFF9ABB8519CF8389A27F1C04A7ECB3586A436D4A88CF48B731434AC7F611CF1FAAD33D5655CAC75232CDC8DDD168B4361E80B5955071C1B9968DE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FddCmld.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1584263
                        Entropy (8bit):7.358632812442087
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qs:knw9oUUEEDlGUJ8Y9c87MeD
                        MD5:913C2EBE789114F01533B654C0DCDCD8
                        SHA1:E15816C558DF664745AECB366ED10B1481BB2216
                        SHA-256:90BB81F25D0B331F8028601B8BF9D6F1DA46B1C90584B4214CE583546F99925B
                        SHA-512:6F5204E31D73CA5C4F2460F9CAC1E4A737509AD26A72A521752DBF56B58F31D3003860745D6AE03400125A1368625A6033135FB84304C7312D268D9C53474591
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FfHFdUV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1605768
                        Entropy (8bit):7.345447727427052
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qh5V:knw9oUUEEDlGUJ8Y9c87Me05V
                        MD5:238BC50731FE6934B06ECFFD0EDB56E1
                        SHA1:5702D40A593F052402E469D16D87850E9B544719
                        SHA-256:946948088DF9DA59CB675FBE880DA4565437765CEC5508F466380D021DE6DFE7
                        SHA-512:FE5408C4C57AD6DEF8D856C0A4EDFA3DF731A8DD0FE6414131EE42E69E7130AFDB4DD54C2A0E8669B02DC3EF47F07315AA0219BA03C420AA3317FCC490D10078
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FgkhtMM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1628032
                        Entropy (8bit):7.332030769092735
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QAPj0Z:knw9oUUEEDlGUJ8Y9c87MehPju
                        MD5:695A8E8E5CED7AB1CE9B8866C1F2EBAA
                        SHA1:8BF6E537A2CE8DB08DD1AB9A3D0AF46C896352BC
                        SHA-256:9677BEDA4CBB6784D9816ADE2B9D5FFE427EACC7A71CD55A1C178967D6EC61E9
                        SHA-512:FFDB3B3C19E8487CB1C6CC4ED80469ED1C9FE948EEA670B6E206F6AD1F7B6E073EFA9164B6B6AD206E9483F7C848513375DEEB7F579BAD8227ED92062774561B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FmDRJeq.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1559216
                        Entropy (8bit):7.374218671674021
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QkDF:knw9oUUEEDlGUJ8Y9c87MehF
                        MD5:60C73320719C5E50A9245FBB0A6BF53D
                        SHA1:309577FB11BD34C773D6392D77AA68506AD14398
                        SHA-256:64A7EEAB43A62337FC384302B7AEB47E8C179C3FD982AF65C5B69BD3332C410F
                        SHA-512:D7D1160AC60BBB6B44CBCE35BFAEEBD83A8BC7272792E68BFAB4B8FCBDFB128315017D45FC44CB2792FB98A20F772726EA63F3C94476E5C141AEC8ECB58D3EC1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\FwDCyKX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1630309
                        Entropy (8bit):7.330670940237199
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3hDxDY:knw9oUUEEDlGUJ8Y9c87MeP
                        MD5:7F0A1EE5D7217D1E7E5043C855747461
                        SHA1:F060AAC4507550E886683CCE61028FDCEE1D95D4
                        SHA-256:38B5089EFDBBBD53A13E8152F39A2D8697FF653067694A2DDC626FCB7FD74E79
                        SHA-512:E61A97818759269602CF4AF7D8E15E04A2C85EF48CB9071721C7DBF56F52DAE2F2C6E0FFAD814783067CD960B3F527A7317A87597CD3472FAB6DFBC6DEBCB974
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\GEjShaj.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1569589
                        Entropy (8bit):7.367739150937809
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qm:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:EB870B80D9A0DCC0BD9013FF96BA11BE
                        SHA1:C8116A382BAB935DADE1032FE3FBD3E23826EE71
                        SHA-256:8980F10A173AAF2A8CB0FD3E2ED272421FB051DFF7AA0BB0357A3F377CDDDE8C
                        SHA-512:E9CB40A71FC301905FE4703F8CCF36FD27EE65A0046C76FFB6B9BB8F37C79E0882857A5B270C006CF149A7BA66F70261070EEDFC6AA258408A4C7F8CEADE06AA
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HHkrdhY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1565541
                        Entropy (8bit):7.370254949997313
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8P:knw9oUUEEDlGUJ8Y9c87Mer
                        MD5:CCD7740A27B89F7D996FC4029BD4541E
                        SHA1:6F90EB465EF66601D9CFCEA67B5EEC9B1E6A20DE
                        SHA-256:83AC11C9E371F4A63F0A9AB41723496DC8C1B70635AE551F38E2AB8C72168C3C
                        SHA-512:C25545B8C1D029EF9C9E7F6BE18D8FDF5A0BC995C3EA8410CB277E320DCF23DA88303FF828867D5395C0C47FBF7B7E7A7C43734A89B48F3A047503FCA6CCFF48
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HKQIXhJ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1618418
                        Entropy (8bit):7.337799296719532
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QCD:knw9oUUEEDlGUJ8Y9c87MeDD
                        MD5:BF4E3ABA12596699F3A61EBCC085F962
                        SHA1:4C4614A9A4FF81ABD32DEB6C85D68FA6E8B6F8CD
                        SHA-256:249966A12BBB3B19B342BF3C95DDB6F32B6B8D8579B3D3061E35BA86F6B957D6
                        SHA-512:D8623F419EAD801DCA4DAEBCE2524D71C5E9457D2DB5F28B287890C4977D18C24FF92BA929D9FCEB1F2D0BF164A340AC951FA54D1C5677631115FBB05F6FFB6F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HfVKjfu.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1576420
                        Entropy (8bit):7.363485716032139
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qcq:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:36D2C089FED01CE30E443027E4C11BEC
                        SHA1:8AB80719A47F344C730FA6CDE643389CD8055298
                        SHA-256:F2026C4191972E83C722B6D09434A0CC484432AEBEC7753BAB32C6DD094A2C61
                        SHA-512:3B9F73057001673342F6BF1D5AEACBFAD9A3717FA2E324778E6BF7AFC5032671902023EC931633E3D0653C56709537723C3816A8BEA1503E1EF55C04B1433D20
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HhuUNgU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1626261
                        Entropy (8bit):7.333087731418049
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDg9:knw9oUUEEDlGUJ8Y9c87MeyE
                        MD5:2C0495FF45CF30CDC67E187AA7A070BA
                        SHA1:94158EFACEB9D8266F0D604D1CAAA8E99C3CE339
                        SHA-256:58C7746CA3EE78E31475959A22D0EFD24FAE764D215590851DC7030C62FB4C72
                        SHA-512:FEE6A0D9A3F78CF61052293B1A4B2595604CDD37D678CEDFD98C80559715E462CA710B870A76D8FDC3BD010C54EFBB7870F77CD4084CBF7552F746C5FF4D3B4E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HmNtbmf.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1622719
                        Entropy (8bit):7.335206870781232
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q67:knw9oUUEEDlGUJ8Y9c87Med
                        MD5:B10807A915BD76599214F510A8374234
                        SHA1:FA68DD40985F52B96292076CDA31F99FBDEF8022
                        SHA-256:4B81BFA4EA6EA937AEAE7680864881F061CE98202BB4CA6D7E216E719C490F9E
                        SHA-512:2D471ABCC83060786559037D1748189DE61FF67BCEEB5A54EB5923E18CE10B820594B33F327C374000C8A259E3D281424DEB704A20FB2E447E553034E961A20E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HqzYgND.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1587805
                        Entropy (8bit):7.356449029322373
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QL:knw9oUUEEDlGUJ8Y9c87MeE
                        MD5:DFB789106224BA427F5B842E9A7ECD04
                        SHA1:ECBF9D0E2262546248D53DBB02F7B89F92BC6A20
                        SHA-256:45869DB0A5CAA4AEF08355760964510020D4ED40BEA435C886E787539AC24C2C
                        SHA-512:F37EE78D8506D29AC1918D50A28B2C5F5534A69FD6931496FE8E3FD5124E82F8D7BD290C3FCE77E848D2E83CC593335CB39D5CC229DE4307B52F1312ABE4A80D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\HuQzjRH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1588311
                        Entropy (8bit):7.356133003187939
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDY:knw9oUUEEDlGUJ8Y9c87MeWY
                        MD5:8E7AB10B3EDCA6B29AED6EA3D906E60D
                        SHA1:5B1CAA93E5EEF23E2B9EE3B6513BF16B79FAE5B7
                        SHA-256:45CB70AB5D5AC09390EAC698682E671AB29853AA5AD8C14E9EAEB9B5E86249D3
                        SHA-512:EF97619D9C02D66D7876961B7AB9C60A226D0BE3E95D2B7EC86E0FC44EDB869FF229A140E2A7716BEE3C8FBBEAEB38F112FC45971534F0B02B88DAFB7BB2BBA1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IGIRuaN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1609057
                        Entropy (8bit):7.343462983638916
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qt:knw9oUUEEDlGUJ8Y9c87Me+
                        MD5:1E3236765A35693E2CCBF39E5A514CDF
                        SHA1:9B55EAAF1B2FE9E7708A6EE4F5666A4B9D3F21E4
                        SHA-256:9E724C26130E19BB826729675F49EBF576CC153D82A7165D90D388635C7CCCBF
                        SHA-512:B91F82C6D072FDE4453F62DC0BA485194B14E76F43DAAAC0ED53AD265D47D0972B488B1240D7C72BB9DB11DE955EB65AA12C013FD64140D2141B9A52BB8490B1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IGbJixm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1586034
                        Entropy (8bit):7.35754080628883
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QS:knw9oUUEEDlGUJ8Y9c87MeT
                        MD5:2E5E232D9A66AD90A6C7031D39085AE9
                        SHA1:F141D5CAD0C288285E8F539B4676ADF0FC86BF17
                        SHA-256:AD4269EB8287F8F218E7528B44D3D4D11BAF91D322445A7A20A189B29FF95600
                        SHA-512:C1AAF20720849880D267512B09C42A9E05831AC018B46EC6FF622EF8B0BC2468F388E74EA3B6B68FCEC0421A00D491915C92CAA0BB399A875DE07B65A6F5DE45
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IbzihzQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1610322
                        Entropy (8bit):7.3426967895837825
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qgeo:knw9oUUEEDlGUJ8Y9c87Me2o
                        MD5:77D5EE20D5A7E2C7F4D7EEF3A1300EC2
                        SHA1:DFF5A2CE23363C1B6A3DE4029E6C976BB566AF4A
                        SHA-256:FDCC0A2F3C1D8E1D0660824E734B68CD384D86E64AB8F1A1A8A5CDE28BF0D60E
                        SHA-512:FD13A604507F4FF6BB41EE4B04FF2F37B77FD6DE276FBD8CCE9D0883B9E4EA130312C990BAE2AF2C3920B27A6ACF320A9F8D2728A96E7EADC4B713A22DC51426
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IfWXppj.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1598431
                        Entropy (8bit):7.349931343820866
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QHa:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:FB01E5247B8BE370FA4B44B79F00AD1D
                        SHA1:2CDF68D50F37337417A7C17E4514FF16237F5FE9
                        SHA-256:37008BE4F2168C74134521068A1A254646584E7E9B3C01B0655070B107F3EC30
                        SHA-512:73C989FEB986AFA42BCCD694FB36A0ABE466A1038E6B95339838CA8C4DBB9D89236322542D538E136A8F8D0D7775B6FC1D6AFC284BCB24AF9103973F2C733F7B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IkKuNGZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1632080
                        Entropy (8bit):7.3296067427542555
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QxYw:knw9oUUEEDlGUJ8Y9c87MesT
                        MD5:AB369639FF7A12A1B7D7E6A5E9A36F2A
                        SHA1:054120A7E605848EC53C481EAE88DF73B44A5184
                        SHA-256:91657C55913736C1F48A6431B3DA3B0899390F2984C74A5BA3D9FE83DD18230F
                        SHA-512:8048A3F5843378EED572D6B46696447DBF618A30D2CF7598D82661BF37631E5C8D696326D8CB08EDBA270836211952D96BFC6E362C963FC2B0F7A86D8792E274
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\IwiJsNl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1623225
                        Entropy (8bit):7.334902492336612
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QUFQ:knw9oUUEEDlGUJ8Y9c87Mey
                        MD5:11A2B5FCBFE200D7AF9224A2E46B4170
                        SHA1:F917B276B23FDBB856332F242FF25F048556A7B6
                        SHA-256:8B99AB9D4C0A0544224A267EAF62897CE8B06F8F454ABD8575BC43A3C0CDC23B
                        SHA-512:92C23463A5A39EBCC7601821C43719D20107D2E10363A767C12542FA6074ED41933B383851C8F20C984F8DCAE8B5BB1BAA262D1A14097DBB385AA2AF57E341A0
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JPNUgrl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1619177
                        Entropy (8bit):7.337348186455518
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qtx02:knw9oUUEEDlGUJ8Y9c87Me6W2
                        MD5:A9A6441CBD1360A46771976BD9EA4E16
                        SHA1:ACFDC5A7F57B88748729B15B373B5F2A763EC8AC
                        SHA-256:43ECD310435FE81841029D164CADE051CF9DB80DF3554A98550B01014EA28AB9
                        SHA-512:BD89E341E726063D929D94161C4C1E00A98B779AF69483264EE6DE0E77C391C55BD6DA054652093869DCCDC8F97481C6C1A1CC090AA4D751DBFE78D56153CBCF
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JSWAmsK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1607033
                        Entropy (8bit):7.344688690214624
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q2M:knw9oUUEEDlGUJ8Y9c87MeA
                        MD5:962CE5961C49848E2B166648034EFB51
                        SHA1:90045B0224F8C5905E814BF4C8E239C44DDE6F11
                        SHA-256:FB70807DB3E183F3B35DE8B8B1FB9821D0DD310189776AE3A5DB6E7ACD2B067A
                        SHA-512:A48D37A5417DEE404EE48AF5965C51FE6BB8A77054D40DBE275AAB8F440804910475EAF804CE335F580E4C2C62F0C40C612D0615CF59FF6A9D5FC5164BDF2804
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JVEeonp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1632839
                        Entropy (8bit):7.329149772862475
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QkeCxKfS:knw9oUUEEDlGUJ8Y9c87MeOCxqS
                        MD5:687E2B448E40F5B73CC8F5EA44E6795B
                        SHA1:9ED06EFF4FC2B4D4428476C2DF7AEED30AFF9789
                        SHA-256:A3122CC911329A86A17F4A4015AFD16ABB090AECC34557C7FC9FBD678BCCD3E2
                        SHA-512:4281ED8277E6CB1AAA6B9CE4D7E10D7F895B83D0F68ADA1A51ECF1EF241EF9AB3E8791C843B9FCE2A74C42442EDE7D53EAD7F8AAFA1AB3D24F3F6C7DF3DC64AD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JVLiIAQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1558710
                        Entropy (8bit):7.374537603814648
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0:knw9oUUEEDlGUJ8Y9c87Me5
                        MD5:60C427DC5B7212AE6F10165CC4848ACF
                        SHA1:9AD2F7F034639792DC3BE4F51A9ACC55C88D1892
                        SHA-256:49EB6BB751E80FC7461462A98A4A86CA8618A26DF7E842F061FF47449D289929
                        SHA-512:FEFF501808263649F3BA93349B57CF8532F715D87AE3E68B3C576C208495EAB18FA64A6F183D41DA711397D70910FEF720AD8F051678B426348F19EC4815F6D8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JlwJpiQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1575914
                        Entropy (8bit):7.363799247475417
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9:knw9oUUEEDlGUJ8Y9c87MeU
                        MD5:DFFC5EC4518F844CF30FB7B440D924C6
                        SHA1:5D57AB45F8BA28A1D6144005153E81D7CD2EAB18
                        SHA-256:C4F751AE2F7ECFF3FA76CFF89A13305BBA2A787B3D59AF9C627A33E16225DFE0
                        SHA-512:D2C00FDD202C9ECE785AF5D9B84D2178A9CDEA272A6BA2B4E25D4D054EFAD9A3434BDB28CB8A93006428A480D45739DA2EE8F3DFA2A0A0CB72497087919433F5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JnWFmyo.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1624237
                        Entropy (8bit):7.334296602521128
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qhj7V/:knw9oUUEEDlGUJ8Y9c87MeQjZ
                        MD5:DE5B6D22BD7A6364D6EA45CBD37EB22A
                        SHA1:B74193F8B14311BA2750B99CFA5494D9AE9964E5
                        SHA-256:ECFDFDD68DF7F944902724DCF2C7BBCB9522038CE5C1E742E4B3A8FF0790F409
                        SHA-512:4C6570BEE1906024CC74E3D523491F38AEFE68C2A3BA1C70870A3D6130835CAFE5BCF49068D1376DAC8F62ACAFBC667CD12827D59085F7E0FC35519170C21927
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JvuHRXO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1552132
                        Entropy (8bit):7.378681663407412
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QC:knw9oUUEEDlGUJ8Y9c87Mef
                        MD5:EFE5567C52CDCBC8690FD321EC00F4C6
                        SHA1:B7980AB09A6BCE0631B11ADC0DA9700024A4ECD2
                        SHA-256:3D988A88260910D8F488D79163B0FD0944B4BA3FB39D8B79B50BD7BEE1A4ACDB
                        SHA-512:02392BD5A41BED772628A713AC4A704B754C1520FDCF6FB8BC46CABB794262DA3F64CADC595CBE0BB2CB55885596D369ECEF0F1D3572B3CC76AA065C5E2EEB3B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JxXCqVa.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1559469
                        Entropy (8bit):7.3740671962030895
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qy:knw9oUUEEDlGUJ8Y9c87MeN
                        MD5:A662C82861FF6D4B5EC0D01658010347
                        SHA1:BF86EEC65AB3001CDA2E9066EEB7552CA3C6C686
                        SHA-256:53E8CEF8C8EC139301690E2DCA4955D32B1B86D43B850EB17BB0C69C71F639D9
                        SHA-512:0BE766F7133A70473EFCF61AA66C1E0A610D68F13B7A1AFDE371BC7C9961F2D950350151C967E22639F901F0AFCE153E1E7FFD761BC2A6ECA60F7FBCC9A1A563
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\JyTylDG.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1580468
                        Entropy (8bit):7.360969537265934
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Quc:knw9oUUEEDlGUJ8Y9c87Me2
                        MD5:DBA0C1B80A7EC3D98479D812F05FF718
                        SHA1:F083420E448126415A943E385D5CD086E2515DB6
                        SHA-256:AE48420088051B3BACFFAF9BB5C0A54C4224B19307E9C03DEA6EDF47D4D15719
                        SHA-512:316224B500BE18B3039F5B7FB65F35CF68BB9407F8CA45044DC8DD279CC2649BAFCA36442E8B397C8DDEF90F1C8BC6C65273FF48EC92AA754338BAE96E9E5606
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KEckQhl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1594383
                        Entropy (8bit):7.352400342704926
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qh5up:knw9oUUEEDlGUJ8Y9c87MeA6
                        MD5:82949EB6858CDEE65B3AC635BE911A10
                        SHA1:9EDBBD8FB8B89D52C44CECA9DD2FB93638AD5CDA
                        SHA-256:7FB8B32EA8C410F465B81B8AB6C0CE840FF5C2D39FDEA17423F91F6CF96D8755
                        SHA-512:7D2282E07B6E3C483351D21FB3212F03E4D611940647A6400B79ED2DEF1845F4C201B3702483BEC41CE96A052734C17C11C8376A7C153F2EFFE3EE304C9A838B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KNQeCYU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1598684
                        Entropy (8bit):7.349778253594503
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9HAoF+:knw9oUUEEDlGUJ8Y9c87Me1oI
                        MD5:D9116160ADBC3D88670517BF97872797
                        SHA1:40F3D56F0F170F364D2D79BB08F05025E53C9715
                        SHA-256:FEEFD08542C824BDE593B30A8B7810E2C9B4D958D75ED3CE783CA9514384468A
                        SHA-512:19F22EDF7D84904AC58FFC35BA69CDEC6A72A70D577475706C33E056C4D338637EA35FCFCBB78D277ABBC0BD194FA6B7695D45FFA35F5CA88A75538B30EDD825
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KPSoDjq.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1589323
                        Entropy (8bit):7.355513990417839
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q6tbZY:knw9oUUEEDlGUJ8Y9c87MeXt6
                        MD5:008ED21B2600605A7E462322ECED4BE0
                        SHA1:45E01272447D8159D5FFB685EEE5F338489C8A8C
                        SHA-256:827890E3929A8559BE5A5C7486F1C9F29B0266E489BFE46EFBECD25737D8D102
                        SHA-512:AB13B06F37FC830AA6A9E8A5D132E2D7D80D4E06F22C60AA50E51FABF875346FE275F29BC7DE6359130E6BF182E828E6A43C04549B16A01B48D51C87CD30DAE1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KTKMSLw.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1631321
                        Entropy (8bit):7.330063414018816
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QyPGnDa:knw9oUUEEDlGUJ8Y9c87MefYW
                        MD5:45C3FECBAE9F7EAF37620086DBDC7A9A
                        SHA1:49838EBBDA1216C13278F843AC6795FD44FF7839
                        SHA-256:3D3FA8F9C89636B3E029129CDD6E3FAA8E2B3C08D69C5948BFA7AAE00931C744
                        SHA-512:A798D30B46E3ECB180358D7E783A692E685A4ED0609107E21D5F82562DB835B6B2628C1C61DE41D39BCDA022B44C24C17F65600F813CD540067969581275F82E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KXPXHqw.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1589829
                        Entropy (8bit):7.3552006956769205
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QH:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:5EA5870A86251316B93DAC1C50817792
                        SHA1:9CF87C06BCEF8E2B4014FD6208CA773EB4E61DCC
                        SHA-256:580C1E77B4D99E36B96CCDC757BDCB57AE9CD3EA20023E92CBF1E5ACEFF2C009
                        SHA-512:FD2D738EE85F156AFAD18E9057678D756A70AC489C3CBDC7BEE1DB05A24958C2B55C40535CB2CB9F11BBC7DCD98CB49F21186160FFC2CA499DDBEBBD4A098295
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KdtqCrx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1607286
                        Entropy (8bit):7.344541010721569
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSx:knw9oUUEEDlGUJ8Y9c87Me3
                        MD5:7450A3F6A363ECE14022BEB9D9039A8A
                        SHA1:0EED7A7FE5A951F499181E1AC7772F865A5EF8DD
                        SHA-256:342FC4EA79AAD7262E9DE7AB6014B7C761DB3B4DE9473AA5E5F416D6D889C7E1
                        SHA-512:309A655EE45D0A8B4A73B9E93F1377AD327C6F4CAFDC1CB9577D3A8B306505C047A95BAB0B00A65C84054EFA288BAD5659BD2006C097996FE16E4587BE1F92F3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KisuSgd.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1613105
                        Entropy (8bit):7.341009716079337
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QiHe:knw9oUUEEDlGUJ8Y9c87MeC
                        MD5:80E9CC69D69FF902D4FB983CC5397011
                        SHA1:91B92A0D35C692BDDCA43F3C00B9C80117C1B3EB
                        SHA-256:44B7C94682DDDB19535943EFF8F34367D4EF47FB3D9CD9D55E3E0FC3D234CB86
                        SHA-512:4D3D15F02AB821C71C058C3B509A1F4154EC1D5D4C49A57B82155611252F7F3F612975B684E91EA3D8D439E9C7431E0B0D2B540FB0984B4152519C1E42770EA2
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KsaexJr.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1606274
                        Entropy (8bit):7.345147268049678
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QreT:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:8AAA432B127A09D2619CACA92475D059
                        SHA1:824DBBF59C2CC476685752E14698B68D111C02D4
                        SHA-256:98CFF52C3608F29D864C2B9B7DE7126FC39158970808C65E34C7887A0CB21336
                        SHA-512:807ABF19595AC980BD6EF1AAE0820B358556EF2BA594EDD66B64536FED51BB2206AF2897E4F2FA0FB54C735725593CD4E63FE39C76A7AA19F043315E9F54A61A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\KvrKIPQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1559975
                        Entropy (8bit):7.373749960954764
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QIg:knw9oUUEEDlGUJ8Y9c87Mevg
                        MD5:2A193B3E90BD493310609819108D476C
                        SHA1:8D31CBA26EE7C7CA011BBB40F3815DFBEE90AAD0
                        SHA-256:F046FA9000F32D0222D57AECD07B79CFD3740E7993D5E820B748D22F501E55D8
                        SHA-512:E02F60CCDF495F9DC20082867E5A77AF54F432FF98D02AAA5583151099B3251797B2D668EBF2E4EBEBF0E078C2E042D2C10C6AD53839E151AFDFEDE29E4D1792
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LIUOcyg.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1568324
                        Entropy (8bit):7.368514589034928
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QY2:knw9oUUEEDlGUJ8Y9c87Me12
                        MD5:A156D0DDFD20C8B35D837BFE36CF82C4
                        SHA1:92663859FA92D2838A4305651284C3F6692028BF
                        SHA-256:7B91DDE3C02E92B9A4FCD3D3AB4977CFE3C57A43D63F555580B39110BAB9F3EE
                        SHA-512:FD8093DFF433BDA9536DB25F1B33F6B4D2F725B875A4F4B800BEA6B9CE8965BA579527D6F299CFF1DEF7E94DE72B5BF58581A940696A0565A0B79D389BD3597B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LIYZzMn.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1630562
                        Entropy (8bit):7.33050822982291
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q1zI:knw9oUUEEDlGUJ8Y9c87MeoI
                        MD5:715EAFF6168B28905CDC1A42761CFBE3
                        SHA1:A75F052DBE190DAC397BFBE8731CBC0283A039D9
                        SHA-256:AEC810176B5407467BC612299C692501AF51E2C391C016C6296F3CA2C46FB4EA
                        SHA-512:3C6C23BF5EB13EE8BEE2D80996104F782408DFF94130B427ADBC03B430FEBBA36EB5F251E35B6675C2A6D720E8139109E60F3AFEA2D5545826A61ADA7001D056
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LKIvikl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1569336
                        Entropy (8bit):7.367891851852065
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QWZ:knw9oUUEEDlGUJ8Y9c87MeP
                        MD5:7EFD0E1808CACF48AE006886086188C6
                        SHA1:EE1C0F6B2D3FA1D14B6CA2C2D85B85A47DCF7B43
                        SHA-256:9C7B501D3CD59BD5BE869D1FB3023AA94884552D21626158F5BAA31C812E7015
                        SHA-512:7FCE10E179DDCA2CBD82230602E747838679F5332AF6A33198463C6469D780BBA2758FF1088B832701EB05A3D94660BD7BDBBB814417EB3E75A89F2F1779FB47
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LRwQOeC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1629044
                        Entropy (8bit):7.331426068420397
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QMFQB:knw9oUUEEDlGUJ8Y9c87MeiB
                        MD5:ABEAE2506785EDB70AACFAD857D8861C
                        SHA1:362F9485A58147C9148395D325EC12D8130DAC12
                        SHA-256:08084889FA77BE685771621F59C21A5B11C1E54BD12043E562FB524DB3564DC7
                        SHA-512:F59EB0D5A8E432381E0D6E19824A434C9570F39C32E3AB9841BC361024B69638B9FB154D3AD32EB221798CB74F125FD3785F307F08D42C0814C7391DA09197E2
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LlVYLfY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1576167
                        Entropy (8bit):7.363642626084565
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXs:knw9oUUEEDlGUJ8Y9c87MeOs
                        MD5:E0595D2610DD58AF33647207B6D6A7C2
                        SHA1:9B4974806D064F38A29FBB8C53E929270757C313
                        SHA-256:0A1D9781C1966250F02F0BFDE5DF9D445CCE3B993BB9CAA664ECE2FCE8764CCA
                        SHA-512:9C7BC2A21312121C4E24587798D5AA9C05CC709B328CC30FA410DDAC907227C76AEB647F5FF26A777679C9CAE211616CA365A50EB35284DE21740F4A0FF31A09
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LmLfObb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1562505
                        Entropy (8bit):7.37215445705541
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QM:knw9oUUEEDlGUJ8Y9c87Me7
                        MD5:D2B294ACD0C5619F9D6C6E84F62D36AC
                        SHA1:8946721E7E5076EC64847F7455295F3D095E460E
                        SHA-256:2E0609B52C1138BA1705F72CDF26F8B6617FBC8007AD12570E1C5040B52E8B00
                        SHA-512:3AE1AA8F0BC3BE996B8FAC3C9BEB522BCD7E256D5E2D29AA0FFA9F1DB95CFC8D4709969847A877BF23E0A5F2E75557B5A2F1231D1E7200CA184E487DC0F63363
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\LsxWNuU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1585275
                        Entropy (8bit):7.357999197561418
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QuS:knw9oUUEEDlGUJ8Y9c87MeS
                        MD5:627A35EB4228A027ADD54ACD0664BB0B
                        SHA1:BEFEF63F025914F8521469AFCDC2865BC82565E0
                        SHA-256:06EAE1A502105C63F41FF7550013F0DA3D07C452D35A8A2A37F2985B833B6404
                        SHA-512:225DC233DB4637108EECD3D8EC1E71DE638A11D82DBC2708BD5B59F8D790424077099EC4C727963444C19E57815E349256BD7EE4778DCF3A6481F4982876A36B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MVyvCVk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1597672
                        Entropy (8bit):7.350396556270235
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QzR:knw9oUUEEDlGUJ8Y9c87MeI
                        MD5:9A227646EF4A69AC5C23AEA1DBA4DC7B
                        SHA1:CDF9085563256C07EB10A416DF02F73D73F88C25
                        SHA-256:CAB3A4968B45A9B828119F9D4F1B0ED8E8339A31CFE5C468BB67C040ED61F6AA
                        SHA-512:D35DE79AB474B59F226D59499323E0CD0E84ED3E2935F6809EB759147BA70B11C2780AF409D1CF91683F1B64DFFE92749D7F1A6E9A4EE611B1301B953AD90940
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MZzfLEZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1602479
                        Entropy (8bit):7.347457285434466
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q6:knw9oUUEEDlGUJ8Y9c87MeB
                        MD5:5D64CE03F925BB53AB2E574CA060D242
                        SHA1:F1C0CB92F69E0299FAC88DE9A923E96C593BED11
                        SHA-256:87901F6210BC37C07F96FF291DB461F96237FE80D7F3E42B561E98BA21BCD276
                        SHA-512:2CCC464EA4051F1A714EAA46A3541D13BEDF35B753FFECA04D5B4329336A72E4D8F2500FCE47BA83D765E47D0B66D4C1CC395A427FD63D89DAEC504C0E65AE18
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MfIrnxp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1623984
                        Entropy (8bit):7.3344506274242995
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qjg+:knw9oUUEEDlGUJ8Y9c87MeS
                        MD5:CACA8C9CE8B26DA1B190EFE36DB99302
                        SHA1:594C3A2E97A86A95709F6AABB169115779AF8800
                        SHA-256:D4594234BE7F46E866A55C599D0DFD75E136B5A4FB960E5FF52D0A3B2090141E
                        SHA-512:788E4DF67CA1F31F7BC09E20CBA0D8586525BE1BED01D8B823CE4C15B7AA2704DB2CDEC3B7761ECEF4094E500834782F7390C08D895A532514B56BC7A50BFBD1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MqBemCY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1617912
                        Entropy (8bit):7.33810919865073
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXV:knw9oUUEEDlGUJ8Y9c87Me0
                        MD5:1992E0C7C364DB32541A4860AD6FECA3
                        SHA1:28C667AB7F3361F31B31D00468AA639C6C535D27
                        SHA-256:6E1B804E35B2E8419C851079AB94DD64E145365A1C142AECC5BB1AFD1AEB213B
                        SHA-512:AFF455A9485C519B8245474CC883E465A956125295960B9BD815133AD027D07CD0ABD800BA35EE9C468E654585A99DBA595BDE185F4D2DA29656847D9A1F2A61
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MqDEnug.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1578191
                        Entropy (8bit):7.362374933328068
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qdj:knw9oUUEEDlGUJ8Y9c87MeQj
                        MD5:D15EE9B63707E1F73A87BEBE1164E308
                        SHA1:20550F97DC3942E573CB193D364CF2BC67405902
                        SHA-256:311A9E2F9D69541F2F066F72D3D33AA971D5A1942D18E1AE47C23F2136B875DD
                        SHA-512:6D7217B8FE6A8DE20A73CA4D86142F4DA172C223578F97C7F810B60ECB2066296CE0651BFBD9C02048DFF23347D46484F67E99CAC32FACBA08A3607DBC78A650
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\MwQiyKB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1604503
                        Entropy (8bit):7.346217725975035
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QU6i:knw9oUUEEDlGUJ8Y9c87Mel7
                        MD5:C2588AB21285F3DCFB9D12C9E84F72CA
                        SHA1:1E18B3EB285E410A65B0D444047942002CF1A2A6
                        SHA-256:B03D0CA41E0901DAD9649F9209693BD6552BA7F886BFFCFD40AAA5F75D26BAD0
                        SHA-512:3A2EEF61B6DA8F1688AA60F2CD13CB9E74D34491801726AB5BD7F84B9CFAF6775A71C28D640C997270E7DBB46E2A66F5F40A9CC55ACB2DABA2E0BF0BA2C24F31
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NHtBCxU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1583251
                        Entropy (8bit):7.3592480630184465
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QQnB7WY:knw9oUUEEDlGUJ8Y9c87MejB3
                        MD5:2BAC376C075C1CAA33B8118EB56409F3
                        SHA1:845A76D93E31DCBB83D5166D23790B09B2220E91
                        SHA-256:07034559B67F9D642FCB2DCE1C2B7F3211A3B7870DAF5569FD35ADE9AA94674C
                        SHA-512:F4352C6E200813BDEC7A1CEE3487CF632073511AB8D88109AE941356114B6CE65042592DC9B566822A63F1F85790F5A3C8A74B525CD4B74D459E93FEFBA38417
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NUGNSrJ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1624996
                        Entropy (8bit):7.333856132253268
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qn0:knw9oUUEEDlGUJ8Y9c87MeV
                        MD5:0037F3693472B6FC72898F9990C9E9BB
                        SHA1:B781693CF5F42A0712893876485B16166E4DBBD2
                        SHA-256:261A0780D084BD245F18DBEB9A503CCFB068806189A7DCC3BEDBDDA5842191DF
                        SHA-512:9986E5CEE468EF503CE2785A7F9A4D788665EC7EDD4EB8ACB09AE38DA6E11953F9CDE9038CFA912C8357BDB399811C436F0588D944F59ACFDD7E989D9028F881
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NbSGhVM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1557951
                        Entropy (8bit):7.375014994108857
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qh:knw9oUUEEDlGUJ8Y9c87MeS
                        MD5:CE99976E2ACE058B821BA6C6FC97AAE6
                        SHA1:38BB12F9973E27CDC1F4E4D04165B0663B12A22A
                        SHA-256:14CAB7B7E51E859C7314C666753C5D0D8F3B6DCE64A8ABB55E1343C135C44F6A
                        SHA-512:E6B221BC6AF684B253B95A414F76BED98AC4CFA6D98D689A38B5B36384E7A651D803094C6B1F15DCF4D19773AC4CA55205AD8FFA02CBA497B362A4F7D41F6B9B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NbwonFl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1570348
                        Entropy (8bit):7.367255398638736
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QiIf:knw9oUUEEDlGUJ8Y9c87Mec
                        MD5:540BFD69A5C716DFA029F51734DD9A1D
                        SHA1:4495E5B8A344E38F1A0DB6AE7D2E669989AC1E78
                        SHA-256:2DB585CF7B8A83D05BC6A5EF4E921A836FBB6B6DA1EF9D7A22CFA4CBDDE96EFD
                        SHA-512:2FA866589BD2A52061C0137952F37C9BF27447992C774B9175B40857768E0F92B68DE27AFB07EF67C91E631C507D87B35E24EDAFC6F1175FCE4AF5807569302A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NkJqpeK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1598178
                        Entropy (8bit):7.350081437671265
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QYpuu:knw9oUUEEDlGUJ8Y9c87MeHuu
                        MD5:760B8D2AAC673E7FEA6FCAB0B48A176F
                        SHA1:67CC87A5F6C6CCD6B7FCBEC2921DA01D73B4C33A
                        SHA-256:3C698769B430DA47A51EC50E47129008FA11B00E74CCD80D9DD0E2F08379C5F1
                        SHA-512:576F10A4F42941A866408B758F0476C71344E3A080FA67F0FB6D35FBB6C957271967EFCFAFF1131FDDC50484D64AF855639D613D864281ED74C075BF14153101
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NoVBMWR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1604250
                        Entropy (8bit):7.346386379935126
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qw5cH:knw9oUUEEDlGUJ8Y9c87MelcH
                        MD5:AB25DA709F079ABBE64E03560CE7E0EC
                        SHA1:E49F9974F3995C0595685954205620333440EC25
                        SHA-256:22FFCE871ACCB3136CB8C85313C64E57966268E3B5CAA67F0EFEDD8AD90E8CC1
                        SHA-512:6856E349589CBF909415A419C8441F3804944098CF2C62DB67DD8D32B5BB8945DB344A5B2B57869A310C37BD72D71E8AF01551236BDA319DE5EF93EF43F4E40E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\NppXEik.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1615888
                        Entropy (8bit):7.339321016603758
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qq/kD:knw9oUUEEDlGUJ8Y9c87MeHW
                        MD5:A8C351A9F733FEE7E95C21F9C59B1E75
                        SHA1:5C171E21373C3AFDD32C24A13744EA354D6E3989
                        SHA-256:D2AD3DA43D3606B4F1FACA183514ED3C37503F194F499DF7A96330CF3175D0F6
                        SHA-512:D5BCA7C4BEF0FEB6127C27ACABF1E3DC1C350C1441A8CB28B2CFA517F960BD86888D25D70FA3027D27B9B7FA3E32C9AFBF9F372EC20CCD87804331C2BD41F9EC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OCQPeNZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1600708
                        Entropy (8bit):7.348534449649073
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q7Fg:knw9oUUEEDlGUJ8Y9c87MewFg
                        MD5:7DE3073D834EAD772A106AC1E24E66F5
                        SHA1:33543C27BCBAFE9363B1525AE74143036E75F2E4
                        SHA-256:1EEAFC9C51FBE47422AD96267C830A7F43553321CA0C4272AE41870E520244F7
                        SHA-512:9BFECDC524F3ADFB9C007DC32D811FA23F1763DB82427DBB1CC29F7C728D071A27E489472D250E8EEF7282FC4AD5423817673EEDFC4BAC2CD28E3932F1734267
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ODEkuhr.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1556686
                        Entropy (8bit):7.375808211843141
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qv:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:66DBD24ABCD99942214566774EBEB69A
                        SHA1:71F39FDB162AD5A77BAD750085847616B427E823
                        SHA-256:3A657DE97AC1BA685D21B5492B0B70222578E15A8CA411ABBD5FE3FF46FD6AF7
                        SHA-512:CB1E56D643D51300A9766DE822132EB9F8D03823F32E319114EE86D6374AA8B5669CA3577048CE9567D0785B4D363282C01693DF35A3701F6FEC35E78F988446
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OLgSbZB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1614370
                        Entropy (8bit):7.340251238301426
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qq:knw9oUUEEDlGUJ8Y9c87MeL
                        MD5:18CCBAE2A621327BC74CEF57DBE89474
                        SHA1:84C116387A777EB843437FAAD155BB17332CBF5B
                        SHA-256:0B6530BFA2957C4710AE0DAF1E25B2C2E8A6E565362132A405D76D4E0F91277E
                        SHA-512:370BF40213EA181A97CE1E0C3CA9DA49F3E2525CC0042AF680E8899DDACA69795FA06248AB0B0E68EC84AD4F30A48D4714AE5AE89A146691C606160977E57893
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OTQisvZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1553144
                        Entropy (8bit):7.37804198230946
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q4:knw9oUUEEDlGUJ8Y9c87Me1
                        MD5:E83C60B58124A5275584D15BA2B3CF31
                        SHA1:4D8C944E0CEE4F0AE2646E496081136EE2B91A91
                        SHA-256:1D9F1E7A8820D8396CB4675CE816F1C7476E12B6D5532EF0D0AEB0C46A17C628
                        SHA-512:F4DE417C674B523A52E973E233C2C0F8D0ECEDAAA1476E9C50B2CB814A4F5212A11402BB8E6FEC2AABC077CA52F742FA04D07134FD4881BB8BD8A91B9808AA90
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OaEKhAc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1620442
                        Entropy (8bit):7.336595275608042
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q+ZOq:knw9oUUEEDlGUJ8Y9c87Me/ZOq
                        MD5:C9650808D80B92C9375AD6906D0112A9
                        SHA1:31400B71454156D3678E5F50BF81205BF86846E9
                        SHA-256:32CCD9774FC39D34B31E4A5A1C9E9DC5EAB5EA6EC2E672B0C45E0F323A1CCDF2
                        SHA-512:D35AE9901E4B0526D23B74D72E69F6B10DB1FCFEDC8ABDB433284EB3E4EA01B83525BB7F0EC0191CC2A89A3F2603CE41A2A9084552660CD258A2565BDC1AF0E0
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OakHRVh.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1565794
                        Entropy (8bit):7.370097516785041
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QRt:knw9oUUEEDlGUJ8Y9c87MeCt
                        MD5:3BB6BB1698B66D038878A859CE3B2531
                        SHA1:9E212B83BA0A3108359FEEE69DA371ADF76E75C7
                        SHA-256:FF8F4847CB2D0F956DBDA8462C653E101A2563FD76A58446DD5B90D9A9332951
                        SHA-512:C1A0CC91D41D25B88470200FF325EAE9920C0F16F2B41ECF33EE1E83CCD002E2424A2C990B8E252BCFDF49FA3248CB8FB12A8E6FEC4CB8C7A7FEEE24B84E8A67
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OjDKkKR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1605515
                        Entropy (8bit):7.345610918716617
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QWj7:knw9oUUEEDlGUJ8Y9c87MeT7
                        MD5:266AE75EB757FBD93426DB48753CE5A2
                        SHA1:F3F6B007B3799CA15DA72E5504C08FDF072F6709
                        SHA-256:03D7E15EF91CECFEBFB9EDC88F9644396204520ED8193EA0AC2C7783F713DCF3
                        SHA-512:668D257F8DFC74584EF452350EEB609815919C8E144CE602DFBCD7D63F439D694F77289F5A68AD71766592D71C3116115B1EFD2EC99DB35CE1E848AEC8F6530B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OkcQGeE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1577432
                        Entropy (8bit):7.362862539412229
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qv:knw9oUUEEDlGUJ8Y9c87MeG
                        MD5:140A2C8EDEE572EFB33B7C564DCED6A8
                        SHA1:E849A2584DC812C9A6544C46A28788EC614E54A2
                        SHA-256:15DA04B84BD71FE5916A061687E37F6689B99D539D6E8925BC760B8E8F6F6C35
                        SHA-512:C2C547FF167C75576BD8FB67BFF8ED4A97D9945F557A35DE0B434945D50AFDBED98F68D1E3B7B10E44D6136BA777BDF4FCAFE07E6697D70C6F26DE2CC4D07CB0
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OmReOVb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1586540
                        Entropy (8bit):7.3572257594855985
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q54:knw9oUUEEDlGUJ8Y9c87MeE4
                        MD5:E5D5EF61E3E7FF35E364ECCA0D43E7B8
                        SHA1:05F7A091CC82DAE441750315AB079D90DA629953
                        SHA-256:0A0B71CFB88DF0EB46D70024168727F32C31FFE7198317CB5389D98680F89E7A
                        SHA-512:C3A2810D78A8FEB857C56B947001968FB3DF88242EA053F3067B928B6339B0FDBA2F08586BA1AD05E21A24F85AF3DAD44F281FBB06AD3A664F068582EEC4DD24
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\OoXXuCQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1621960
                        Entropy (8bit):7.335672631597741
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qrie:knw9oUUEEDlGUJ8Y9c87MeKie
                        MD5:C19C8CA70A43522C75C17F8984E888DF
                        SHA1:B71E202FE6BC83007D98EAC2E7FA7D270E958943
                        SHA-256:EF7C0F495DFC306AF63CAB8B9964DFE8BBC72DEA2201E9AD0B0507569C35AD5B
                        SHA-512:72FBE47E0BDD7E7E78970B92D4A214FD456D6E4D419F6F2CD06A656C97EB1CDD75BFE991D0BB184D76A2D21E6ED6D7C844A667FA3F73EED26142686080A29012
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\PATRbwz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1576926
                        Entropy (8bit):7.3631622423442264
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QIa:knw9oUUEEDlGUJ8Y9c87MeU
                        MD5:DE43D5C5E867CCD85622383FAA61C8EA
                        SHA1:43B3707327BBE8156894674226A415CF52331B81
                        SHA-256:51C566F616CAD6EC910459A4289A8B4F5CFAD8A5CF82852325EAFE4857C7AD67
                        SHA-512:27B5471F1B5F9DAC118D0DB4F192F7415B896533AD9DCB4D755D153F0126D9BC02B91FD43AEC2B8238FCF2A7A9C21DF0E44C38AE98D0CE712D10FCC2F89270D8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\PFFZxBK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1602226
                        Entropy (8bit):7.347606218332659
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QMuZ:knw9oUUEEDlGUJ8Y9c87Me7+
                        MD5:37614B7D7233A73B0580BD58D2627BC9
                        SHA1:90A2F6268AD686F3280329F3A4E1BE964BC88DC9
                        SHA-256:7AD4D0BB007944D459A4AE366596269F84990EC7909854F7007EA949D805148B
                        SHA-512:1F82C10BBF55E43D8963CFD539F420741F2D80BE45521CB9F43BA9458EF293833C2589D2664BB354867E1CF5ECC15BAC28CCB2EFB32629F282BFB0D1173D389F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\PVSsNXl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1619683
                        Entropy (8bit):7.3370434948326775
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QGM:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:5561A66DEB0C63717690BF029BFC04C5
                        SHA1:F4BA4A49F8BF955E358272D0886D2CB335181C4E
                        SHA-256:D5EB5C70C9F6140845845871C814A832D1937B66F1CBBC53460A2829421A9A4D
                        SHA-512:159340945C7D18B249AF2742A564077ADB1C6C59E90CB29F4F9B3EBF63B9F6EA4B75E8ED7B5B0E08B9189762080757473D3AA50407160EB819FF28C8492D0D4D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\PXvfCpI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1555927
                        Entropy (8bit):7.3762886539749015
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qz:knw9oUUEEDlGUJ8Y9c87Meo
                        MD5:533E23733BABCC29390780A5146B1CF4
                        SHA1:C2BD5D685E95304C14A7273D8C3DF1F014AEDF6B
                        SHA-256:B577DF0AE97228016D47AA70E67AA8441C0C2A8CB53D0535A8C0174BF5AB75E3
                        SHA-512:58EACB3EF423D9F78F3A5EFE560639AD51A406F97E852B377CD4C30F3FDB45B51B33BD97C46D4CEA2FDB216559DD3FC421072ED50C704D51B854FFDE57B09454
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\PtyEDzX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1606780
                        Entropy (8bit):7.344835944438217
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qz:knw9oUUEEDlGUJ8Y9c87Mem
                        MD5:EF85B1FD64DBE3806B139CA5595A9B76
                        SHA1:3F026CD878752B1170F05FEADEC0A7CFF9A58963
                        SHA-256:5CB8A28313627F3FC4A09893CB12029E4898A6300E374058FB181F7AEC0E74D9
                        SHA-512:A084E9A35D53642CECA389EF964FEA88442DE925B7A4928F23F207532EB5A424DD05964E39527786EECF582A92BF7D6C9431EFCC9A64962980C285C9FF34B4FA
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\Pyjxeub.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1583504
                        Entropy (8bit):7.359094521493183
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qqb:knw9oUUEEDlGUJ8Y9c87MeL
                        MD5:73A8EA778229E0D74FBB6927EE3F22BE
                        SHA1:68FC69ABBAD45ED3C027F2C69DB4EAE1830CEAC9
                        SHA-256:FBDB23D45AB89D6B09B28C0AA4C37166C27F09EEE307AE06E60DBA57ABF100FB
                        SHA-512:A876526A4A61BDC8955D80BDE443BACC685A371E075DBB5BFA2CB26C83240ADA2F09BDA323B2EAF9BFD35DFD18D9051C998BDFE7CD261AA90B77874522457930
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\QMneGpM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1556433
                        Entropy (8bit):7.37596988802496
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qr:knw9oUUEEDlGUJ8Y9c87Mes
                        MD5:883E2DF487DD73EC9FF3EC7D55C33572
                        SHA1:A6FD4B2FCFB886CE1AA9FB897222039DB6B7A596
                        SHA-256:F825715BC0E4FDD0A75DF710ABCCE445C90AD889F47B87001548186541484BB6
                        SHA-512:126C2EDDA518E2669604A214108EDEB177D437E6FCDD1969633B84B3BD1328A7B20FE48DEEEF5F9DF844C74C5D8CE30C8D6A65D3F7E50063D94810C46CE019E7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\QQrJtgR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1564276
                        Entropy (8bit):7.371050114072678
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qg:knw9oUUEEDlGUJ8Y9c87Me9
                        MD5:CBE80AC029D889A80176959EAED16612
                        SHA1:FCBCB0BBF293570E6DA5D8268835F711DA1D825D
                        SHA-256:2EA1A06F47192493F18532B119D9719E4B8AA66EC2DE2266A01B045439CDC887
                        SHA-512:290774691181C19E5506A108E71CAF16DE5685C51ADAC294BF1BB3DD164FA45358CA96E203B99C7092E2443D3A8E0EEFD5E6BBFE3E7035D66D145BAE8D7B0052
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\QafCaUC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1570601
                        Entropy (8bit):7.367101430559432
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qc2:knw9oUUEEDlGUJ8Y9c87Meq
                        MD5:3397E9A572F26D06569315FA3F9284DB
                        SHA1:9467FBE1AFECCAFF828E1E34121A48D2EB3EBB2E
                        SHA-256:5A39FDCC5A0C0E776E0E77B3C70FB72A52F37ECE61676A721C6BC71442DC4402
                        SHA-512:3B86BCE2426379D499BEFBA9D57D0A762E409A7D5ADA07D673C1DA279054DE87950086DC6DFC93795ADB6FFF49E714B049E17A420F1C704EFC0DFCA18B31890B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\QeMlQoi.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1599443
                        Entropy (8bit):7.349310402572967
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSM:knw9oUUEEDlGUJ8Y9c87Mec
                        MD5:84F34DC2D28144E57183BBF0EFF8932D
                        SHA1:D678A98063D98844A4AFA88161C35F7ADC7A0C94
                        SHA-256:322C55FBBDA9962733FC1EEA0CF018646EEDD13E6E108875754031D7090792D7
                        SHA-512:7457FA197A5B49DF7E8DB5E6FCAC4C5C6EF59AF18E2A6B2670F3CF9F2CD2F56859C35F6E15FC9EDD83242C6A4A89DE4514B742316A28B171EFC565EB0EF3511E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\REoMUue.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1548288
                        Entropy (8bit):7.381102778868618
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qn:knw9oUUEEDlGUJ8Y9c87MeO
                        MD5:99ED57CB9F8A06C079CC62FBACE7C104
                        SHA1:21BCA9F6657F7919E958F90D207FAE1DD16C1EF0
                        SHA-256:C239052F7E1B7F7161A67A9325486E9917C80F94774968B46C7576E37F2A504B
                        SHA-512:0FB1B83661909E185741118E7D28B0D7BF9424235BBD91D7085F062133C815698C5E2024DF7E760891B3968A5BC9DA4293382BCB9A7BB99664396926D26392F0
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\RSlZAbq.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1611334
                        Entropy (8bit):7.342082526650365
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q4:knw9oUUEEDlGUJ8Y9c87Med
                        MD5:9756FD7E83051E43CE72C991E9350A50
                        SHA1:13EA173119F9B348D5112AA74A53DB44ED249417
                        SHA-256:3301F7368676A2E5A84604306DB9D7F5B9C33316A43ABFF8F6949D0F728A7187
                        SHA-512:81DA68DB2ED363650B59EC3C0CC931B5A7B04358FC4F856CB19E17D06A38ED9EBAA9526E87C1B66539108634984264A53E3DE4B31D7BDAEDA992AC3FAC67F56B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\RkBIliC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1565035
                        Entropy (8bit):7.37057630622303
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qg:knw9oUUEEDlGUJ8Y9c87MeP
                        MD5:CFF353C5825BD3823481EC9D3692591B
                        SHA1:18368A33DF8A3218DFA760CE2C62530FAA84F649
                        SHA-256:D85C53DDF2A6887CFF39C95E71BEB4C45FC234EDBAC9478A91C3F7FD82A60AE7
                        SHA-512:404E3E2EC68C3EA8FD8893ABDBC0D11A22651A7D123C4167F216CBD305C2A19D54678EFE45D191ECC418202133FF7612448958E68393A2C6A43966E0B191FCF2
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SDuWpap.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1585022
                        Entropy (8bit):7.358157773021088
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qi:knw9oUUEEDlGUJ8Y9c87Me7
                        MD5:B55C836F9C8020B96CFE6C5013782671
                        SHA1:515DAFD00856E4F1328B068E58E822C918A350F0
                        SHA-256:34CA8E222F46F38E28117B2AC3F8116030C5D42F2772A8B271AC16AFA3356B66
                        SHA-512:059742EDFAC25B4EB81F5E0C267C4EACE4B50F3C5AEFFDA4AC6969EB0E000416A80D4E3B32940DF2E8414EA91F237DF53055F6EB687B64EDA0AD062FAEF2CD8B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SFUZlia.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1631068
                        Entropy (8bit):7.330217132706061
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QjDwvju:knw9oUUEEDlGUJ8Y9c87Melu
                        MD5:6A83E553415DAF24251E885E80886D5E
                        SHA1:4F19677ED866B0EDEF5BCA7C33FEF523A867BBF8
                        SHA-256:D142384FA1FBFA8856DC0F714C809B7441C2152670376F1E4D85303C207F1BBE
                        SHA-512:14794BE983A441B96501E5970F98A302050C3CE01A4F9B1AF5871975C95B7E0E1F32F5A6BDAFA7AF03F323EBA8BB8A4C8E9B2604835CF44DE108180D9E993A28
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SJbiQtA.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1629297
                        Entropy (8bit):7.331261496458465
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QxksC:knw9oUUEEDlGUJ8Y9c87MeT
                        MD5:82D6177F5C52A301760D6093494DB22B
                        SHA1:3E9C1344D4DB6B7DF2D679D233A898FA7EEFA210
                        SHA-256:59F4A9D1D99FE58EF594B4AF7A37BEC2553991916829F25D63EEDE7EE12DD8D6
                        SHA-512:299BC806CFD3664CD0220C44704F02E611FC3F6A2A21C20E49FB84A3C5444C2E8DEEE49146B0D296DEC6A53B2F46B78E17E9C8DC47C6891937CB6D57D7F6D24F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SUPTwuz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1614117
                        Entropy (8bit):7.340383689514301
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QyYOUk:knw9oUUEEDlGUJ8Y9c87MehlUk
                        MD5:A762E3D832BBC5DDD7D05104FE9523CB
                        SHA1:5EFDB49841B3F92DC4D5F5289E7E30E0D70D250A
                        SHA-256:6D6A9CA935600D75BB778DEB6B073E02D833D277DC488AF00040305BDD64AE65
                        SHA-512:C819FE20CCE2AE6EB2DB77AF14F807C9945FB6166B2C344FB61A69CF16868D6B25C35D1FFFE7BAF07E96C4383BB11F62238A5B185348B960A2E02B4442682694
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SUqdJFj.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1555421
                        Entropy (8bit):7.376609731921239
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3/:knw9oUUEEDlGUJ8Y9c87MeU
                        MD5:8D908ED8EF0402B5AB264EE4594F3A79
                        SHA1:A7DAE647F4486C4A89EB032E5574EEFA29854601
                        SHA-256:F8776544981EE7B4FB6A80A86C438D60441A7A11BA55BEAD604A98046C8536C2
                        SHA-512:9BDD59CA69D54500DD9887CD537BB7E6DBA449C972A012240B01DF507F782FFED9C42209B6462C8259FA404E181ABDBA8B83CADF981EDC1B46CF971A7302B9BD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SYhASaz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1609563
                        Entropy (8bit):7.3431595566628
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QqhqYd9:knw9oUUEEDlGUJ8Y9c87MeZN/
                        MD5:EA7EBCDD860B5752CEB0929FEB8DCBFC
                        SHA1:91D8042C4281B77A29E65805F6254A75CB44E49A
                        SHA-256:DB4CD170A4D72DE656197B5622DA7B1E55F271B07DBED6FB9F4BF7FA7A9B7CFB
                        SHA-512:21B720C6AC62C3EE5CF869AD6A69CD33119ED52B54CE5EAB4FE232B64D1DD4B7A75977C3E211FC0B8E46A225077773B8226A1102AE1F06A08B4384732CCB6395
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SgRYHnh.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1623731
                        Entropy (8bit):7.334610932733747
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QUY:knw9oUUEEDlGUJ8Y9c87MehY
                        MD5:1793536D136D7EA3C17C381CEAFD8212
                        SHA1:9A7FA930D3852F45DA3BD6EB73AF2792724997B9
                        SHA-256:9C92DABD3777A367478D54C49B816F88C0C0A9BF8D332BB16B1360FD313C3D48
                        SHA-512:433203AA67BD7B04AA73F50766E74F0C01FBA7FBFA9A70D7B37F037ACA795AF0AD56DD4C3CA71EFC9790A0C61313C7F40DB37A5FA8840420D82BE597D12D2C88
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SuSRVcd.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1616900
                        Entropy (8bit):7.338721230862955
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q36g:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:88FC9153497E45878BA5D9A9951B273C
                        SHA1:C9FF806C98EA9E326E7BB847D80277ED51168EF2
                        SHA-256:637F50D83642DDF0EE2C54B9BBC2A1A387BA362F99420C3B96142E69296D1A36
                        SHA-512:1FA45400ABCA908B0A215DF0D05D8CC07BC46F6CBDC3DBE5E10972330D2D96D92B9D3B9231C3252520BE7495A13BC89091659FB44D76263F57A6AE0EF641D45A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\SxUWiRQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1633598
                        Entropy (8bit):7.328716255575792
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q2z0C:knw9oUUEEDlGUJ8Y9c87MeEC
                        MD5:8224226EBEAC7D74C2B47D5E13E3D479
                        SHA1:D12DD999CCE823C4DFCFC420614064CC99A48D78
                        SHA-256:4C9B2FEAF7C523BD5E8D10E8BE66EA0F727F810896C7B5D43673C4F8A6836F2E
                        SHA-512:7417760AEE7AC34B3C1F5E936030380F623001FD5DE160E94CE08DB92D53124E7B4675B1796F36632C5DA4C343B514E0793AE9D7466563A89AA37DCC2DFC45DC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\TIHWeXa.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1555674
                        Entropy (8bit):7.376450520745308
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3:knw9oUUEEDlGUJ8Y9c87Me6
                        MD5:54410A03DE36A3DD45485B857A5B3753
                        SHA1:99492434DF004D311EDB61ACF372A8BBC171A07B
                        SHA-256:AE563DE641D08CB119D492C9AC0B7F21FF55CA26C4F32CA4D6413658F0F9FFE5
                        SHA-512:35368501FBAF94931B2559980CB9B2A65D0647E6D390F8B732AF4EAA5B039965A629C1E86AADBD7690CA9BB1D0BDDFC50043EDEC1F42147919B707711D353608
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\TKmEpby.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1613864
                        Entropy (8bit):7.340547541883714
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qqs+e:knw9oUUEEDlGUJ8Y9c87Mei
                        MD5:20F53DA0D99546D62C49F23FB90A7E71
                        SHA1:DE899FC06FD6AA2A8135C6E370BA9FFC45111845
                        SHA-256:C59760C054BC858697D7F00AD1B27A67BA1CF62DF604D220AF1ABE2C27F6E08C
                        SHA-512:34DCC65509B4022735155C4C2652884444D74DF7F46B7BD8A33C259CD32A727DBEA2D025C04B8FAE25488C6DEC89564AAC6692E92968B6CD21CAB5EE274EA163
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\TRDwKtF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1573384
                        Entropy (8bit):7.365364376101011
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qrf:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:64708AD3372786DF37643E0E47E618C6
                        SHA1:54BCB689F43B2873746804468A94B98580CAC18C
                        SHA-256:5F985E829BF2B72267A1CF58BAB5D23AED84348A85EE9C6B7894A5103129ECC0
                        SHA-512:B50EC414BC204948D68CB73E0E81BD37B150F4488BDDD11A97368BED0C2E8E2221AA2ED20D55C984AD5AAB50238A3F6D9837BCBB274F1B669F7E2793FDD11229
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\TrOUMxR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1611840
                        Entropy (8bit):7.341762673456395
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QfwUo:knw9oUUEEDlGUJ8Y9c87MeZP
                        MD5:E098A49FF12472D2CA7381F022F32095
                        SHA1:3F5C3BDB0F4DDC4278B37040BDD4C1A7101C335F
                        SHA-256:8C03C69BEDB4B6FE8E8A34F5C75E7A83F3136667DA3DD89C9117C5CBE328617A
                        SHA-512:E7B2254A8F7C497A2D467CF1DC0ED83383850AEB10AEBBC9300A069A1910C62B278BE0F3D3D2DF5701A03CB46C3203E10B018F9B48F1B4C926A44701FF18EECB
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\TuPZZgO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1592865
                        Entropy (8bit):7.353324192964245
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDd:knw9oUUEEDlGUJ8Y9c87Mey
                        MD5:FEF35D093B22BC4D257BE4AE47FE4BE4
                        SHA1:2A37D9B975753F2934986491FD314B5B6421BD71
                        SHA-256:9600D7AA34874F7EA4DCAAE5FEF34D6CA7C5716A1B5AA36BBE04B723A7AB6E1D
                        SHA-512:0FF4A75892533F228E7BAC4B4914F76E68908EACCA029DAF25822111204F5FC65BF82B51109B0DC7EB4C5079152E6AEBAF97A485319A46975F985028696AEAB9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UTMWcnW.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1560987
                        Entropy (8bit):7.3731074940992025
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QmI:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:380180CF328326AE0989418E4BE15B19
                        SHA1:25989DECD5AFCDFF575C71C43930875BC783F91A
                        SHA-256:A4B5FE53BAC16E289F0F0BE7E5378EE9DC2CD3E42AF0D5A01E38F36742E66807
                        SHA-512:DD2A04A080B6A14E05E55F3A8372B4E09A452F6AB2213E6A95005B57D550B03D70030B36501FC30D78CA1332093B5283F3AB832F08C9FE0B0E042D5E1727213D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UWoSVBa.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1627779
                        Entropy (8bit):7.332179817537948
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q51zW:knw9oUUEEDlGUJ8Y9c87Med
                        MD5:ADA8B6F951C56209883163142321278F
                        SHA1:A92085E20E0C809B7D63D7AA4B6AB2FD2F774A69
                        SHA-256:AE32CFFD9E82BDBE4E6687CC40A66B6A3BB70E0CFE8AC23910822B11570494B2
                        SHA-512:00B4FB8DC33F9FC4C0BF5D9FC4901D1EEC261273DAD94724A3AD403558D6BE8CBD22E74092D810F91C973838D8ED091C53AAE2889555A92E1316126C0D0860DF
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UYpGIpx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1594889
                        Entropy (8bit):7.352097848465313
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QBO:knw9oUUEEDlGUJ8Y9c87Me3
                        MD5:E14086380151F7251BEABF290B70106E
                        SHA1:FC0624AB98ADB79F7E68A46AAA0DF35DB3CA08C6
                        SHA-256:502C772FE83952A181A0D49E57742046D519B0B39039DD65B1BEB85DFBE71FDB
                        SHA-512:FA3E89568CE43EF6B1E8DDA7303E7BB7CB4AF9906485ED7D6AA09E26F82BAE9046FAF7BB640986D00609B6E0FBDDE7106B62B7C78BC6949DB2136538425C9153
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UcDbkWX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1605009
                        Entropy (8bit):7.345910955352788
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qt9O:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:3653F6FEB3406FB6278EE4A95852184D
                        SHA1:4C8EC017BEEEA7C0BB54D67991C7E416CDE8CF50
                        SHA-256:D99F4CD0B6E3726CABB0AA0D4F475B5DF3E3029AE522E3C8253AE3F53A5E9F0A
                        SHA-512:21B745A79045541A5E9F785B26A82911AF389CA1DAADCB90544562001EF83B87C340888EC753B68B691B5D6A7A9C3E862D32D95DC0AEC2CE1D1FC90C923C87D3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UhaWIvI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1594130
                        Entropy (8bit):7.352566626721395
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QVHNtU:knw9oUUEEDlGUJ8Y9c87Meb
                        MD5:DCBD5588A6DBEED37EB22555FE998B21
                        SHA1:98F2A80785FAB12CD4B7928ECDC2C4FF279494EC
                        SHA-256:47D31D43F85C1846A0558B74AAF009B8B7A7EC7102FF7C04252A4CAFB2DF9E1A
                        SHA-512:B2D36D764797A24B5C4324641A33F48BD4CE8BBDF841C622FDF0B2F15F82B367AC97DBCCC14386FDEACC3BF943AC8214D53ABFC4B9BA56432C3F652D907910EA
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UsvbkSz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1593624
                        Entropy (8bit):7.352849483035865
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qa:knw9oUUEEDlGUJ8Y9c87Me/
                        MD5:73E9ADFE4CE3159BCC16EBD9C63E09C4
                        SHA1:E0EF430A8DAB57224AEF733FFBC0CEA5C6AD2B4A
                        SHA-256:3944FA315DBA83A4DD4E7C23F081D1C5F13B7006F78301C0C4942A8564D2C840
                        SHA-512:1A74DF787DFC1887FE40B671698EFE3ECD3EC3C2635A3D786F5F34464B8772E36DDE8531447813BEE038F6EB159D1A6B47071E84CE09509E614DE6F496E1A46C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\UthEkPV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1618165
                        Entropy (8bit):7.337963853598425
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDbww:knw9oUUEEDlGUJ8Y9c87Megww
                        MD5:D2A4AD61F4B12F607656E71148861F66
                        SHA1:456C6F37BED9E10EF647DBACFD0DF9A186AC0341
                        SHA-256:82C8BED8F85C8C28B7083E8C0B9B11987D78AE7E7BE56A9A15188DE0D75BF0F4
                        SHA-512:E5947D51A94DEFB0BEA9386C9F6D90327CA7354887DC74720E968D973E02B8317402D0150A7317DB7657BE98C363F0A988B39D4AF0227EFB7867F211A385EE0E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VDAzIym.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1627526
                        Entropy (8bit):7.332346816948965
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QUR6UVH:knw9oUUEEDlGUJ8Y9c87MeFH
                        MD5:A157806F71B7EF722DEA1B503E44D181
                        SHA1:3C52C1495496EDE23F01E4D3F07F3C75301AD1B1
                        SHA-256:D8574C9FF32582D811EAB61B55001ACAF61A9BFA440A8FCFA3788B2BDA4D2052
                        SHA-512:4F8468021DAFDE4D85F9794A31CA239E6D4E924AD186AFB71BD6A43314F03361DB0772EB1B319FF22D1B769F41EB3C5F6E493DAA2468A8A274999245125438F6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VFmvQYa.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1556939
                        Entropy (8bit):7.375652193313423
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qo:knw9oUUEEDlGUJ8Y9c87MeX
                        MD5:61292ABF6BC248C5B46499F4CAC74B75
                        SHA1:EBA3F01C4ABDC8F5A355AB051991ECD7E069E96C
                        SHA-256:4960F6A9FBDB7BDC5A04869058C68D36044E3EA88BC70F4FAF07524D88B5F14E
                        SHA-512:E25E434A7D1134D51C53EB3C3829A652AE4919939006756D1C5B6DD1B1450EB3946D626001C0EAC2FFE781081045008554C4742C212A18EEC4E5DE0FBEB39F35
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VGaYkjy.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1593118
                        Entropy (8bit):7.35317531808663
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qn5:knw9oUUEEDlGUJ8Y9c87Me05
                        MD5:8AD8DA290200C0F0C226F3FFD82BD400
                        SHA1:3BD154CCCC6CEF40BB7E720F19B3A5D8A2D2D585
                        SHA-256:68A32D060BE8FDE98C62493032AA2F4891CADEEE1A9E5F28729436934865B761
                        SHA-512:549A322421209C9907F873195F13ABB3913F8E49F1595B1332FF20C0216203629A200B0853D0AA186A1445A2DC94A2AC15B30CCF05CBE4E3730CEB2B04060A96
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VJGuWtg.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1615129
                        Entropy (8bit):7.339790380138313
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q42zx:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:932232FDE88CB560418B2FCD62E5362D
                        SHA1:F0684AA68C9375CB445AB60D1EF9DFD0BA8CB4FF
                        SHA-256:DC8146860D11F8CAE37A3FDFCB575D09F476B038D349B4E01543A296E6B8E66D
                        SHA-512:260265257E67D3EEB2C1468E31CC0234749B6C3B39824A2BA806EA22F1997633FF53A8E400E24B350E168BDF5A71607BCFC1CFA319EA3270CF684C9C5EA4919E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VWmfLAK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1633345
                        Entropy (8bit):7.328852598401221
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q//n16:knw9oUUEEDlGUJ8Y9c87MeoY
                        MD5:D6D36D888B966B9405DA7E29F9C33566
                        SHA1:61727F7489BD4EFF89716F82D651260599D6E1DD
                        SHA-256:8B4AADC73DE4CF182477056B1AEBCB81A42B47C7388D2948718EB0C060369C12
                        SHA-512:D04B6388AEBFEFA8FD8F75830EC8743582877D6867807520511170F3BCC52921B89F9DDB69EE3AC7086ED95B539985BDB6DD38C5A40E114773C67C1E7BB3AEDE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VcsXjEN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1566047
                        Entropy (8bit):7.369935546709027
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QgC:knw9oUUEEDlGUJ8Y9c87MeY
                        MD5:AC818014402C55C3EBA451CADF6EC439
                        SHA1:AA1E5C64AF5B2DC44F29920F2573F3CD595EF5BD
                        SHA-256:8FD1712ABB82A6F626FCB7464298A8CC7F6C09F795FF80B4E0AC8AE83AB9A439
                        SHA-512:3DD0A063A6CB36A377EBAD589F99D6F5A6D0B8FAFBC57FA61D8D60F48610889492D31ED7D0C0280F5B3111B1B8F59E4D6CD840E94E46E0FD2F03341B92BAB510
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\VeDzKyt.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1560481
                        Entropy (8bit):7.373425116293614
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QZ:knw9oUUEEDlGUJ8Y9c87Me+
                        MD5:FC5C0E5903F220CB4693672BA774C9F0
                        SHA1:F751F6BAF7BD471E476F82693A5FB56D54F76C60
                        SHA-256:2C5A26BDFCDEB062F31C9081C67395577DA8F02813F6EEF3309467A5C9200831
                        SHA-512:2ACE951919EF5AE1D028AFE8381F8013FEC197AAEC88D48EAAF919F9CF194F416E4BFDBF184FEBB5B1C1112B5695120067B91887767C1CAB0B3695A620E03956
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\WJJOByy.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1558204
                        Entropy (8bit):7.374855561703051
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QI0:knw9oUUEEDlGUJ8Y9c87Mem
                        MD5:26627894C10B22509E23F1BA97445377
                        SHA1:DA795A04D869F591AD1A6A15C7B51A036D4720A8
                        SHA-256:76317110BDF450B6B094AA1DA081F0133614EA06104A0A59038AFDD71E09B973
                        SHA-512:536CA94BCABC7AF61F65C0AB528B9A4283B59BCB8825A66534CDC0B1AD35872A4B6A3D3BC0880B18DE23202A10570B5EB4FB4F728FA121393C46893EF3584166
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\WUhIqEX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1628791
                        Entropy (8bit):7.331584470697671
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QtN:knw9oUUEEDlGUJ8Y9c87MeGN
                        MD5:88A5E41D3F7A1879646EA1A00CE99C75
                        SHA1:3CF86E141651697D110C7E3974A6189E43C3A436
                        SHA-256:47330020EA596CBBDAB5E453CBC25A0F334230C73D29CFCD41E3348A9EBA57C0
                        SHA-512:4F4C99EFE82C646DF30725C3612B60A512B8CEA041E33AFAA61CFDC3A636404886E3A4C1E3E92D7821E51A43CA1C6782EFD9DED8ECAF3B9FF50861ED152F8AFE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\WaSCrgW.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1610828
                        Entropy (8bit):7.342392736317666
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qrp0:knw9oUUEEDlGUJ8Y9c87MeS6
                        MD5:EFD223B998C291FF913E9436B40046D8
                        SHA1:D113AC79E7FAD5ACCEF3A62A461C48771C54D108
                        SHA-256:06E3056F662184303B9724E76869056EC5B50E8FD6A9319B2BD0B186CB67F9DF
                        SHA-512:A67A2D275213CD9DAD48C260E3E358778D75C9AF99FFAF47B9B15A7707CB95AEAD11106D73A09A1CC88531FAB29D90A2F2CD2DEAADAC05C366BA0E469FF03E75
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\WaZAbif.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1613611
                        Entropy (8bit):7.340700181753469
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QvTQ:knw9oUUEEDlGUJ8Y9c87Mev
                        MD5:95FC013E2F60E51B7265200D522D5C8B
                        SHA1:C217254F8A9071656E4024B6144360910FE46AEE
                        SHA-256:45C83BB1E948A597E4B6130BDD92ACC50AC38F55B24B13CF17B54BAF8CE98940
                        SHA-512:04EB5EEAF276DD9AD78210C4E642174ACC26805C087FFF20B5DC1B90A2B57819E3539F05177D0152F2C35C75C7D785DB230F6304F19402C2FAFA3546B13A678C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\WvCPwWV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1630056
                        Entropy (8bit):7.330812721682725
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJ0c:knw9oUUEEDlGUJ8Y9c87Me8
                        MD5:84AE6C71A669C26EB69F37980A58B518
                        SHA1:8D0D085D76811BDC59D028DD12CCD4C9B22A8D35
                        SHA-256:DB2B0450AF8EC73C8EE4365AF535DAAD0C7DDDCC98D7C0FB1EAE9D43A01F24ED
                        SHA-512:DA89C85DFAEDC3E862D104EBA90F07D8412C5321DEB3205E1E2DA9CFA3F6F146AFD9A043A8FAC583A53DC37C0708F5FAE75E92A6F3C02679C63DBD5E7F397830
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XAMlAeL.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1572119
                        Entropy (8bit):7.3661495553703205
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QC:knw9oUUEEDlGUJ8Y9c87MeF
                        MD5:E19397FCD268DAF7AE4A2FD3BF3EE18E
                        SHA1:8E2CBCEA7C73324552ED2EF938B7609E08877D24
                        SHA-256:C577815870BE270DEFF118C52A8804EEAEDC6ADACE41495B08AD1927CAAE15D2
                        SHA-512:722C2824BB145968D68DAB154FA84C1FE1617DFDE8B24E04C711A70E2F463C4A0CEF1B8C7824277035C224D10DE1ECB27F601345FC9DEC582D3D87EBA4CFCCF3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XaZvEHG.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1553650
                        Entropy (8bit):7.37772327410483
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8:knw9oUUEEDlGUJ8Y9c87Mex
                        MD5:1E79FAB138B52D40408396604E7A89D0
                        SHA1:01DB2B0D5624228FB6A93EE9FD1150738580CE15
                        SHA-256:0732359FB3A311E0193522FEE6F261200FD77E7D1AB4786E9543664833CEB2FE
                        SHA-512:A8A5A6D8871C50665516D1A641207C4FDDAFA06F28521F334B15C9F9009628B6898180C90D14C5DD40B7CE08385BF4F4AD3CCB015AAC5AD29EC8680375ABE3F5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XbmxgAo.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1561746
                        Entropy (8bit):7.372639261767874
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Ql:knw9oUUEEDlGUJ8Y9c87Me8
                        MD5:CF24DA1FE67C3AE424338B3E180A977D
                        SHA1:35847A703B2809800C8DDB7BEDB9F63CB53C3137
                        SHA-256:D32FA6A4E75711E4F1145965F61E7455D8A7DC7132ECE2DA5FD0A58A4A9AE097
                        SHA-512:F09BB77C50850BDB32ECD9548EFC2B650839ADF13101FB05D6945748D066026B719D89363B09C887239F32A69EDCA94F95A75979D5E57CC06956A41184922FD2
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XdtKVFg.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1610575
                        Entropy (8bit):7.342526531815309
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QEOj:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:C79A7AE06BF1FCBB24B5E903958E23AA
                        SHA1:AC30B8D2CF6960C092A1747866F7D9FAE34FC6B3
                        SHA-256:25A351CDE087503CBEC9DE9C38E0B85E880C551DD767D292629AAEDE1CFB3ED2
                        SHA-512:D1B568FCF2FA4189ACF1EA7092A5189D505012CCCC5E66B36B3DB7AF48389526EE7E13A8119C26D98170375154E3EE024029A5A43FEFD9DE7E55042BDBF17335
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XiEDOUw.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1568071
                        Entropy (8bit):7.368674392117729
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q6:knw9oUUEEDlGUJ8Y9c87MeB
                        MD5:C0E9C3164E0B27A93A237342050D9C30
                        SHA1:D3392EB9CCCCB5BAAC98584F1D0D8C11891018BF
                        SHA-256:222C646E3A0A6DE5320408D38AD49B5AA1402DA608924684ECA23137D10648FB
                        SHA-512:700B4D4815E6F11667FCBCD4AE015CA8BB30283CDD78B6D14DCEC4508B72C0D4426588B7BC6E619E80286D8F0809A54A5E12B21407D608E590998B963C50BC4A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\XvmplkI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1577179
                        Entropy (8bit):7.36301471007155
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QK:knw9oUUEEDlGUJ8Y9c87Me5
                        MD5:1963F875522636366BE8CC2CEB8184B6
                        SHA1:00DCC3AFC4508079DF16EFCD141F283B4159AAA0
                        SHA-256:619FB58ED41D54B5F6C49E5F5E5F7DDCDB6F1219B946C9B6978781BA9A5AD3E4
                        SHA-512:6B161BE07EDEA597CFFD53D369E017FDEFA98CEB38F39624629FB74695792D748FF512927E235663C3759E3993A41CA97D9676F9C8AB4A6A143FF35CBAC1B5DC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YDNKKav.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1567312
                        Entropy (8bit):7.369157691284995
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q5:knw9oUUEEDlGUJ8Y9c87Meg
                        MD5:3FBE1A9529291756F9A2605741F80088
                        SHA1:3D3CF21B49ADC825DCD145BEA59247F1FA7E7322
                        SHA-256:A3024F931204BEDDA3C625D68B3D1B8018BA6BE4AAED957A96AC567BE319B32A
                        SHA-512:DCA0C8EC4436A2E2DD6503C3B7FB0867DC632981B5DA999A96A4C02219E97F689DE9BCF9BA10983B7FBCD4997EA18519583A16514BD6C27B194EEC13CB69E680
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YHzfIbf.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1563011
                        Entropy (8bit):7.371840415038792
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q2:knw9oUUEEDlGUJ8Y9c87Mex
                        MD5:5B57835C67542D1F98AB97FCEF5A365F
                        SHA1:B4495AFD51F4EE50E8F837CFF8D1F624DCA7837D
                        SHA-256:B953C65E55E49C698722FE3843E48D008D96E178951A3A10575AA251C35B6D6D
                        SHA-512:7DA121DB15659F116B0ABC640B6C165F4C5497E51F19B6413D3A931B61ED1A912EA655F2A2FE5669C1E61DFFB3533D9170D54CA4ADD35C04EE630F306C3A273A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YNbNjyr.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1612852
                        Entropy (8bit):7.341160151175331
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QM:knw9oUUEEDlGUJ8Y9c87MeF
                        MD5:6F05352B894709A777D7B69C638153DE
                        SHA1:06CCED8BF1CED5516EBE0FF93C46466D66644C87
                        SHA-256:34D58FE0D661FCB06BB45BC588BD192BB9CE971A9BA79E2C20844C6AF73C082C
                        SHA-512:3C755AC8282147C3B4EF481238A48DBE582603E6272A02DEF1C1E6BD8B37EE5F5865F44EB949EB8260B6B68B5B5954E1696F9484BEC8BB8D1938221E1B5AAF25
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YPSGLBU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1601467
                        Entropy (8bit):7.34807706945768
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qcl:knw9oUUEEDlGUJ8Y9c87MeV
                        MD5:3624B70E4C878D24F4CD939D6D19E58D
                        SHA1:D8AF6C805EFED7C1EDF0CDF1BB6559DB7B3D93FB
                        SHA-256:74F7932F2D0A8490C97DB6FC19F83233E748BEFFEA11CA1A4F203C2501A74EF3
                        SHA-512:7EFBF470A186667A9085DD0EC835ECECCFC1C7F2D280776E3EC0C4C1BF6262F6815F19F63B3B7E41678CFE16DF98586156BCF8A4FB2389A1D4F78FC691B0A04F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YeogayJ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1563517
                        Entropy (8bit):7.371523097126509
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qj:knw9oUUEEDlGUJ8Y9c87Meo
                        MD5:1CF8F16D6BB16EEB6B7E57A5CC51D542
                        SHA1:7CD9E617FE75BBEE88D35944739F2261AA5E60E1
                        SHA-256:284268306D45D2611B66C3D02A03C77887A5439B35399249BED279F9647CE654
                        SHA-512:0B23C9839308D7D12EEC7244BA7841918D33AE7918BBD3E55B1D88C0006237A3272DE2DCF1D04198FC6AE0DCB43A8C4081AF10C2B48C8DAA0965D8147AB94A85
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YoRPgID.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1618671
                        Entropy (8bit):7.337652155014781
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSQa:knw9oUUEEDlGUJ8Y9c87MeYa
                        MD5:AB8F0022BC6AEA3AA7311D231DC5806D
                        SHA1:4CE32067AF58FD11DF85B66DED14493B4DB7D28C
                        SHA-256:B5FAD97C96346348921CDF58D006D32705C3BCB9200A44EF2C015A94392AEEBD
                        SHA-512:442B023CAC8CF279E53B9C59F971F330380BC88389FF340C00F6F6D2489C1DC843CFA3F57D537C1F9228AC31B3BEA699BDC3B3957FB9D20EEFB9DB6871614F18
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YoWRHKm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1564529
                        Entropy (8bit):7.370888661001272
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QCp:knw9oUUEEDlGUJ8Y9c87Mez
                        MD5:FE68044C27900230EF43444D3501B736
                        SHA1:9341DB4F82DD8143DF7E4D20FB67BADF2D89C02A
                        SHA-256:93FE2F14A719B36CE3DAAFEA6D7A48BB7DA4990482E988F34A40A04228F0A9C2
                        SHA-512:4285DAFA0F61CC93A240F2E6658E0E5012FA45703FED295C52104BA9E03CF11689F1A0A10907EC7247B5CD224CC90626F636E59479237EA37BC3D59239238E44
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\YuhEzpi.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1554156
                        Entropy (8bit):7.3774044420614615
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QK:knw9oUUEEDlGUJ8Y9c87Me3
                        MD5:A5D4B65C0F5E9766461FF2B0F4C815C6
                        SHA1:365958B1E51570BF8A21D2565ACAD95266092246
                        SHA-256:4CEEEE13AA74C525B4F6B69FD03379F55FEA9CFBC0B4C218AEEA8A93C26D7BBB
                        SHA-512:7783618624BC539D320A5496DC0A8ABCB4E5E42657498CEA955712F0E501A179254A0B63B706F485EE4EF75D79C51FA6363F51DD702CE4596B7B54AAC8DE4B1C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZOsbaqw.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1620695
                        Entropy (8bit):7.336440162052522
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QRo:knw9oUUEEDlGUJ8Y9c87Meuo
                        MD5:0AB2FB5CDCB82BEBF08CCA608139F845
                        SHA1:E5D6237B549918DB851D48F990525E96DCC0ECCC
                        SHA-256:D32354C0670FB5A46422BD72BDB7A00860142662146F099C1D77D1033FC698F4
                        SHA-512:CA011838906BC8EB4DE149C038852B367487A0CF91FB8E9AD5F6E521C3601CD5ED0D81FE48369515A6084ADBC815CD748935A698F43E5EBF95E93B6E05CF89CE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZYpXsUH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1627020
                        Entropy (8bit):7.332633397359817
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QoUk:knw9oUUEEDlGUJ8Y9c87MeN
                        MD5:2D2007C80F240C17BE2FC2D281C4EBDA
                        SHA1:295FA0A2CF8196E41B5A53C0B87B18DEE7A718D7
                        SHA-256:E05371FD11AD6DE5CD4EC2FA9E3C4B192C72BE80DE83B32C711D80CF6E26AAE1
                        SHA-512:D79426689819A71201A5206EE854D1BA327837530B350A6244735C095B2FF359C6FA270CC159276D4FDC36D2AF6CC18E637BDF1DBDBCEF113C100A62D14D592E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZZceFPb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1603491
                        Entropy (8bit):7.346833369156429
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qktoz:knw9oUUEEDlGUJ8Y9c87MeDto
                        MD5:5AFB654D4CCB8533D9B5333DA681299A
                        SHA1:656BCC46EF098D4B3DD75F5BFBA3CC1F60022308
                        SHA-256:9066394C7C5B63099E5ED807D4477897BF23244A4A72DE832641E91DBFCC6592
                        SHA-512:B2DA8109729FAE15FBEC1D7F39C4E45578E18F4B19AECAFE8F06AF02FA14ED5EE7CE0A652E729649658A0A653D29080F8C73D0A3B9F7131FEF54FDC97D5FE346
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZcPsbVC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1602732
                        Entropy (8bit):7.347316527050564
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q+Z:knw9oUUEEDlGUJ8Y9c87MeDZ
                        MD5:FE1EAC7B2BCD0B52E105DA8CD75A5173
                        SHA1:556B4433153AF6AEB16E5909256A741A8A4973F6
                        SHA-256:55E45560C41B13C82C6C6AB4702A19A977E931FE1D5F58F8C8589885E50FE549
                        SHA-512:777F46D679794ACDD0434F1E06858F781EA46A61FE098327311EF1863F7C31267535CF9F1775D7754DE0086C453BBC698D00A49952B3942F93593F983B30B638
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZjfUfPp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1573890
                        Entropy (8bit):7.365058275812323
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QMy:knw9oUUEEDlGUJ8Y9c87Mei
                        MD5:44BE65C8E4C98FD8EBADC5DE4E49CDFB
                        SHA1:7075C370D843BA2BACCF7EE585966EF647E47DB9
                        SHA-256:744EE5A5D1DAAFDA565A2214CC88E79DA77A83C48B49C845EB4C7E81F0BFA543
                        SHA-512:38B1BF097EA722987DB01E3C659C70196ACA86DFBB1AA1EE80B44268ED604B415196CFF28BFBFDB7337A33082CB68D4C55D485341B5C06D5DC71479E18A72746
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZksIGgD.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1621201
                        Entropy (8bit):7.336116567735743
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8W:knw9oUUEEDlGUJ8Y9c87MeM
                        MD5:D0B4E71C1B75701682CB20283C172DBD
                        SHA1:7BE073C926A339F9B65BB20A05477589992A5A73
                        SHA-256:49F4A68F330EE2C0F1363683A493D8BEB79C9F644916F910AEB70B85B72DF07A
                        SHA-512:74FD2A31F95AB6A726266E28EB977C9ACE6F76B06A51E9AFA351341A613443D3E5DEDA388AB5B596DEA3173DD2D956D7603CF45FE2683039E02C7CCBDD790E48
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ZxDRWfb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1574143
                        Entropy (8bit):7.364898971548464
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QB:knw9oUUEEDlGUJ8Y9c87MeW
                        MD5:D4874CD71631759B698049CED464A352
                        SHA1:A19DA97CAB3F8D63AE33E2E0CCC648DB91141475
                        SHA-256:9DB073CCD52CF8D037228E66CAEDE585F6B6E84DE4D49622196752A0BC3F9BE5
                        SHA-512:FFD42B18A17DE7BFCC027CFB205635C73AF2328928439B427C2520F108403ABD8E5D282B821F428BDD2F6ADA69320EF89D8445A7AE8C2AF207A328E0D182CBB6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\aRcunFP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1578697
                        Entropy (8bit):7.362071849249715
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qi:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:690265C9B66A6D6BE4655C1ACE591BB7
                        SHA1:F42CAEC44D55A4CB4BBF91B9E55E43CEC72C6B4B
                        SHA-256:3D99EAD9ED90EB02B6D698240F26EF18F5CAB9F0E8AD2C64F4D3EE8424BAE7C6
                        SHA-512:4ED70D8C9D6896C9E6D482B00AC88B466D83100A28DCC059BECFBEBE82D8BA305C0F119E8E51A5C994AF705572F3EC125C9A8A2A1F464F30D9261FCAD1E38F5E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\aaQPPko.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1570854
                        Entropy (8bit):7.366942883514117
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qv:knw9oUUEEDlGUJ8Y9c87Mea
                        MD5:3986C8B10EF02A1EE4381470D6851926
                        SHA1:92FAFB134209B492FF6C33C35137ED091E3CD71B
                        SHA-256:218B1F0277AA9E791FC0B90BC7A0B0486748B263B88ABECE7D9E1B1A477C95C5
                        SHA-512:EF0FF79258B29EDEA684C89A12983FEE2CB8744BECB1769D682A93B093263D4B1ADCC518004607FEE653936776C570CB4B9931B251F562D0DF536A3C6EA08E95
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\agvrwBm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1593371
                        Entropy (8bit):7.353019481026467
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QzIYm:knw9oUUEEDlGUJ8Y9c87MeeIR
                        MD5:51FF33BE9937511E3707A85C0A7D52A2
                        SHA1:E5BCA761BF1E960C700358CAC01E5CA14FC32EE1
                        SHA-256:01997D6BC922FA7F92FA0B8206184FD5E9D80C7634AEBBE15162ED19323AAF9D
                        SHA-512:752228FE47BE759BEAC24E4A5AC64600A4FF0BF01A0B214ED206439439C0F530C49F20BC00EFCB03B39A08EAC81FC16545807EB002DA2D0581F4D9A4E749F9AA
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\aqHHhqZ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1612093
                        Entropy (8bit):7.341621845100881
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8LXl:knw9oUUEEDlGUJ8Y9c87MeDl
                        MD5:DEA2948A6695F28EE85B7B5659E3D116
                        SHA1:7C23EB7EB443437ABC45030426E3A90A8D220F51
                        SHA-256:DAF25DA8080FF4AA7BF086D40A474BB7C8BA9CFC421C543482EC1BC629377D33
                        SHA-512:1C23029C220F1F543A71C47DEC409E725815A02CA089380AB76425109F69FCD9B16FBBB00BFE3F1F40A6EB647BEFDE164C6412BDA8436A50B4E3C1366C53C4CC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\asMPLRF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1571613
                        Entropy (8bit):7.3664680374330525
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3:knw9oUUEEDlGUJ8Y9c87Me8
                        MD5:5698959A4090DD0B3450E7D126BDF4FE
                        SHA1:AC75AEE2399D8157477DF0E7353C840FA48661E5
                        SHA-256:7B46F7B388A4B6A058A1EBB750DFBD95991F3665920B000531108623347B0497
                        SHA-512:1E31414D4387057766A255C8354691BCF03EE1A0881047F687EF38F112C1AEBA8F0057C2AE500967BDD19C307960B0F097FD8D21D0FA7F2D0750D2C6F4BC30D3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\atCrJKj.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1581480
                        Entropy (8bit):7.3603501171116426
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QE:knw9oUUEEDlGUJ8Y9c87Me5
                        MD5:3D23C0882AABF4CDBD48021D6AFDB4AB
                        SHA1:35FB6359343E2B1ED7D330D50052CC8DDD77701F
                        SHA-256:ABC12B74335A5EF519C075F2EC2C4699081FECBD0AD6FC10564BD4DD57E6DA5B
                        SHA-512:DDBEDA5CB0A17CAC85C983AF3D92492ABA4274EB8A60630FF97634B11E0E731C4E03AA2AD245110409BBA7C060E7FDA4D89955CF20C81E58E7F60A6760C49426
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\bHOUpYN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1620948
                        Entropy (8bit):7.336267028713478
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QxRW4:knw9oUUEEDlGUJ8Y9c87Mem
                        MD5:62E0C0BE7BD9148D117BC956F30B5715
                        SHA1:03C6E7AD75C503EA3E0D6AE0AA496DA94B219405
                        SHA-256:4EE5C9C8DD12B2259251AADA005FA4E7D2B164E98FFEEA36F5C7288F480F0649
                        SHA-512:7C88DB5469E04D83383F0FAAAC47362D7377B6137B70B281F504A2A6B63F4BDAB41D0E0365530BA1EC8B653DCE62749A7122BE1855B3A606DDA3B19E22403307
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\bWqzsZL.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1582492
                        Entropy (8bit):7.3597181670810095
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QgMF:knw9oUUEEDlGUJ8Y9c87Me/G
                        MD5:D2DC752EDC325A36EBF965667F9F22D9
                        SHA1:391DEC6E5C9F414C1F34B94F5322AE646E9DEA8E
                        SHA-256:260DD4D9B809E16F7AD041105029EEDD18C0752118A6D6223C7936ACEF48EF66
                        SHA-512:440EC608063ACF62B82C37B524E3CF1AD91FDBE731F0AB9B882135BD787CFB1DA9FD38F684F86E3CFB32E1DFEB5F35331C09EDB23D9E9C395B5678EAD9146FBE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\bZAgvbx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1586287
                        Entropy (8bit):7.357389999551358
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/mtG:knw9oUUEEDlGUJ8Y9c87Me0
                        MD5:B7CD8E92C06CAAA2B00529A7ACD9CE97
                        SHA1:3F338C60FED64C84869AC820AA428E7F397C92BC
                        SHA-256:E641B59CBDF4DBEBC890CA4FAF79780F3E3F7CBDDB79A20FF61A59DF22CF040C
                        SHA-512:ECC1F6A2ADDF47EC99251EA3316FD30B18753524E93C02281353B2A941D2929ACE368FA820CF3FDB483DBA698D0336017219B928771A6D06CED7A2856E9ADD8B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\biTFilm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1554662
                        Entropy (8bit):7.37708564560673
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QG:knw9oUUEEDlGUJ8Y9c87MeP
                        MD5:79F501C63616597374F43B9FED4B1A93
                        SHA1:85012D2263A599875FC61426EF872C548022CBBD
                        SHA-256:8A7F130A89A299624D8BAD7DBF8C7FCDD4BE2EAD6C05DD672AAF1A5583968962
                        SHA-512:C9FE868E4969349B543E8D91514289CA9C0826517B896B3586B713BFA1F02B9767DDE95B42D8CD11928B376550F847B20DAC2259A1ABAB9258015B8BBFE59DFC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\boujFkb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1600202
                        Entropy (8bit):7.348849851541206
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJ2:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:DCBCC48AE26533F8EE85207DFB3CE01A
                        SHA1:7BC30C34812A01F299C2714C5827BA505F638B8A
                        SHA-256:E17C0641902613913ABE5914D10C7347E03652CA05D4EF87341147EA78CCF83E
                        SHA-512:C4683B5756FC87CE8CCE9DE89A0ABFD3E4AE593187692A3E99234016E313A073DA6E731703825DF4DED025B6F77616829174567411D1BD0EE295AB56C8667751
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\byMqxSp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1595395
                        Entropy (8bit):7.3517840781578245
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qhn:knw9oUUEEDlGUJ8Y9c87Meun
                        MD5:2D95703288F0E27B0C8723295A956D40
                        SHA1:CC3BFB031F01E0E007A62188BCD7FA0AF1C2EAC4
                        SHA-256:DE40661EEF44ECC846EC836B769828FAB967C037DC9163888854060D16F478DC
                        SHA-512:FAF55FC2BC1F65B031F1DEDC4BB85042CD776940D8574FDD21F37A04D79DB9C9DFF78F907D9A8B744627A845E53DADE59752FBA2F7B2F78E2E1E031DACBC023C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\cMZjysl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1583757
                        Entropy (8bit):7.358935695861298
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QUfkBe:knw9oUUEEDlGUJ8Y9c87Me18c
                        MD5:95FC14E137B7CBA3AA228C4564AA0DF2
                        SHA1:51EEDE43B0DB5522671F96A710A2A72BF567F476
                        SHA-256:E42724189D6B32D8D8A860278F5EB04955F6B125592C3FB616467C20F91BFD0F
                        SHA-512:C93CE8290453D9C0E15716BD4942E046366A1EDF1370799848FA2C2D61CC3B4CC23CC5358832E0A2534E872CEF9DC034EAADEAD74F3F56D78D3C0DF3ACF41A05
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\cQSYuAP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1609816
                        Entropy (8bit):7.343016608324445
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3sN9:knw9oUUEEDlGUJ8Y9c87Mez9
                        MD5:5C7C97D95C0A0BB978213B505FA3C37A
                        SHA1:537F869B127126DF7AF2B7EAECAF2716ADD3002B
                        SHA-256:A602028187E7D9B4752E92F0273FF02E666757C85A05B55DFFFB14150A5F79F7
                        SHA-512:76D333E74BA3B9A43068093E865C3E6E94ACBF9F31369D5CF5F4DE17F266EF9AAF84F006432E845EB1C7DE702C9BF1436089746E64C237F987770168A17405D4
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\cWFXjGb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1563770
                        Entropy (8bit):7.3713638705883735
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qp:knw9oUUEEDlGUJ8Y9c87MeY
                        MD5:E5F1F615E0891134658A8B1B54CE91F4
                        SHA1:F70DED2A59D9E4C7E00DE6555CB25C909E1CA427
                        SHA-256:E0D58C8A08A0450679035418658E30980454C2DE1DDDF01711761A0A289C24CE
                        SHA-512:A1094C0B6154819D5DDCAAF4038BF758AF12321EA81DB3D942856807B03E9A22D41D4D5FB6AFBCAA6D5F33C460D9449BDBF0360151B633164C53F78291B759CE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\cbxEAHb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1626514
                        Entropy (8bit):7.3329452905513
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QPUy+VbR:knw9oUUEEDlGUJ8Y9c87MeLy+VbR
                        MD5:03BDC104D4F4D1DE99CC61687501DC0E
                        SHA1:60E122A32285699CC7A1C6066097206B020DBCCA
                        SHA-256:40DA3FE45EFEFB1FE6B827A686E1290ABCA71F1402C30AA4C91677909058E7F5
                        SHA-512:79D38363515AFFE9EDA95BBFB33247D70DF4E2F8CCC5A0541691FC43512F710A520E4F09A0E2641495C1C838E082C16C4BABA731C8BA13D377F8CCE20A402709
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\cvviXVl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1632333
                        Entropy (8bit):7.329452056731808
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QGosI:knw9oUUEEDlGUJ8Y9c87Meq
                        MD5:CEA7A0ECC837F622341F2707556B70A8
                        SHA1:FCB25F75A2E55ACBF5658DC1FD26B15AADE1D8B3
                        SHA-256:C4EC2DB0E30470A3AC1DD5DAB3DF06807C19805C9D2831D2EA1D13AA0F3C6A51
                        SHA-512:90AFC226F61AB49FD640DC52486E126464247836806681A4B3E84DEC03DED63962BEF7B00FCB2705D2C41F2B4EFF4F7DEB27ADB90D86ACAF7422BA8858878111
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dTlWhsy.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1633851
                        Entropy (8bit):7.328553819797576
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qfrh3p1:knw9oUUEEDlGUJ8Y9c87MeM1
                        MD5:3C0DA7AABF0CE75AF858286CC04791D6
                        SHA1:8BB9481AD49937E105C6CEE25285BA33208A5A10
                        SHA-256:93823F19FAE6BCA4ABC0FB64A824189F11E36B26FA1BCFF346C9BFC114627EFF
                        SHA-512:7F823ABAB31BA37F2BD6A9F4469CED22A4A5F846F815269F13DD8DFEFD75692DE21AB0574F14231EA50DB14B15DF13292C95B7485D2D3683A59B477205FD3744
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dXYoCLq.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1588058
                        Entropy (8bit):7.356281908215291
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q6aw:knw9oUUEEDlGUJ8Y9c87Me5
                        MD5:7B81179A3942EFB1B2241103E0F7EF8E
                        SHA1:4E8ADFC16FA83DD7FE7254430903742CA004279D
                        SHA-256:D55329B7FF0523C56D8E8FD332FE67024D60CCAE4783BFBD8C3714AF443C781B
                        SHA-512:B1758DCC459862AEFC5AA19DDBE943BB5000BE69E34FC9EDF7D67F716FBF13BA50C7FCD277F2CE16D618C43F27DF26B56B2A658F4D2CCB41C28C643FAF72CFC6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\daTQGhs.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1630815
                        Entropy (8bit):7.3303702984953585
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXSZ2k:knw9oUUEEDlGUJ8Y9c87MeShk
                        MD5:348151BDBA4205DD41367A3827671FFC
                        SHA1:A85C65B6A9A6563684D510441536A6119F4F81D6
                        SHA-256:BE14320F752856268F949061DA10680503173EC6217EEAF6D769BCF2AF716E1F
                        SHA-512:9522AB601E78CD0DBBEB99FCE1CB4455E1F1B1220997C203E601A67A36076C99F7859B2DA235F5DADD4A78F0F595DA922207B8F269D0B94E9F3A1CE8C284B42F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dbOMNtK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1572878
                        Entropy (8bit):7.365686086209519
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0QP:knw9oUUEEDlGUJ8Y9c87Meu
                        MD5:410498E8BC700EBE335868B73E08B769
                        SHA1:977912C97F69D411081669D25E68922539649049
                        SHA-256:216A355BFC012D7E554594E6C79FAEA69EDAF11D5EDC434D3EC3E32A3C7A806A
                        SHA-512:6B1F0E59B64D52751BDB422F9AAA14056CD97DF2A3A79768070330CC6B881B4403CEA9BB430D6DD87ADC681EDB88FE00132B3281CA4135F4AE008E6CE695FCA7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dcvcJux.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1590841
                        Entropy (8bit):7.354579525692384
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QhqR:knw9oUUEEDlGUJ8Y9c87Me9R
                        MD5:0DF34818BB3FAC0BE2ECAE9B2467111E
                        SHA1:AC19A7292762925D4D92D0AFA9B22E38C1793593
                        SHA-256:E36444EDF28179E409230B0A9215164F1A2DAB4A8F07CCCDDC2045B647E98B79
                        SHA-512:0352B25EC102565388B7D88DC2C853CF63FD1E00BBAA0731F82684C4F38794712042C952A121F3156D3D5F3A2DD7E73C14F76338ECC000E202062AFF367B93DD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dhdvyXn.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1556180
                        Entropy (8bit):7.376130134425176
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qr:knw9oUUEEDlGUJ8Y9c87Me+
                        MD5:341B372A6E1B883CE92F64DAB373A2D1
                        SHA1:4C3642689A29EEB1CA7F279006CEC50D9DDB9C3C
                        SHA-256:5FDFA53D765A22E808889F31E76FA32306FA65B663383BE852ED0BF907E3783A
                        SHA-512:32AAFFB5EE9143DCF6ED453C52E8206609FC5A9D99889AB85D4C77314BBE447D69BACD42E20A48035A9ADEA2FFFA6103FFB4C66FBFDE33F995708916CDC1E516
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dkvzZbr.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1580974
                        Entropy (8bit):7.3606576485518325
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QrW3:knw9oUUEEDlGUJ8Y9c87Mej
                        MD5:41F763F8B7B2E7EAE239FA600AE29B10
                        SHA1:F8E0264D7ED3E8D0A2F3957A231E4F3DF6B0DB97
                        SHA-256:90C6FDCCB018D0D1835067AED89C5AE24EBF94DBFDBDB83C705B22DF22984929
                        SHA-512:2BB13FA0518AF38A12C1D14531473C95A55CC46969DF12ACA8846ECEA81C8E7A4024E6F1E95F037523A47D08F90375B1FFC1161E81290755E2A9B01A75695244
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dxwuaZx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1599696
                        Entropy (8bit):7.349154448958784
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QfC:knw9oUUEEDlGUJ8Y9c87Mev
                        MD5:1F17A5724736765154AF288207B8D91E
                        SHA1:2D69BBC49AE9AC7B6F07CD3F4B3C0DEA70B72265
                        SHA-256:0E3FB5455ADF143420128C02162CD8265DFDBA179D655B285534C3B74E8DC1F5
                        SHA-512:01C957F51B0ACED0A365BCDE83F68C2079013AAC665740A7BDFD6EBE670E57BC9B8CFA33746A4474ED336CB8F9B183B0D7281A5A702C0969996124C5CDC96BD9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\dznqpDP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1575408
                        Entropy (8bit):7.364108414490951
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QZ6:knw9oUUEEDlGUJ8Y9c87MeG6
                        MD5:677554D64ECA26069411276A07BEAD6B
                        SHA1:571A7DECF7C4AA24C11CAAC0E63E0CE50D18AAD8
                        SHA-256:4ACFAB720C33B3B42BE25D4639807B7B982002EBF03442548722DAB4899A4072
                        SHA-512:D111C9AEA9247BC91A55A9B9F24BF44F78B72BF5DE7E0A59A7995632CC7C6F56993A5D88147609FD94BF69904514BA79E281BF805AD5AA2C29D7CD1FD88E68C1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\eJQEoBU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1619430
                        Entropy (8bit):7.33718554607145
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QB:knw9oUUEEDlGUJ8Y9c87MeI
                        MD5:F1A1FD70CF87093BA207DE00417CCE30
                        SHA1:A64A1C7B39791CAD39DD1B4E450D853F89FF5FF5
                        SHA-256:6784551A5470C1AFE5D7B1F3710A8492FB5F6FEF67FA1872D7137B4EF335D947
                        SHA-512:0AF87C2F879593EB560C480FA7AB188175AC96D1F836782E3CB3BE674B16B99EEC875ED0F92C0230F468190CDD0FBD1729A0F055AC144DD54658A0172DC7F2CD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\eTlchBa.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1558963
                        Entropy (8bit):7.374383112873815
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QvH:knw9oUUEEDlGUJ8Y9c87MewH
                        MD5:1CE5A93FF2C2015A32FA3AD7FBB5A1B6
                        SHA1:A9E2189948B05C1B549B99B78E5ED0291E226044
                        SHA-256:C30A97CC60B7ABAC8FDB8F78C6550E61B69C8CA6C114109EB743E51E9DD146E2
                        SHA-512:7C67A96DB1A371C3AE066EAA1EDE5FD9BE0AD1F5ECFAA50D971429462EDF6D716A520260DBD5F8DEC546884DFF92AEDBA80E61C627998A87C15B97F03F630224
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ecTFjpe.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1629550
                        Entropy (8bit):7.331126807526492
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSS8O:knw9oUUEEDlGUJ8Y9c87MeFXO
                        MD5:A197122C0A97F65DF1C3876D71295490
                        SHA1:6D0EDAA6F99D17B27B5383689729551AB46AC452
                        SHA-256:090BC51C0B5A00BBD2D5BA4A9668426881801B174E93BE531893340E34DA61EA
                        SHA-512:FD1EC815F5400ADBE771E953999D737EE7D1329B022FC1456976B25F0FF9B9CCE12C9FD04BA8927EE73ECA4CC5C0C8D57AA2400ADE6CEE195D4E5964DBF0507A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\edsunAc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1577938
                        Entropy (8bit):7.362536806798224
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QEFf:knw9oUUEEDlGUJ8Y9c87MeFf
                        MD5:E7BEC2CD54A87F76AFBA1C67D6246260
                        SHA1:3C54FF111A095C889CE5F3C8574C147D137838FD
                        SHA-256:8F1ACB6D413C7310429964E1B25AEDA6B1804766E0EA4CCFBD2A12E6F0C13711
                        SHA-512:F07016DA52ED5168898BC45B163F36F56CA3CB019636D53E14C19EF060CD34F06A869D3FDE7461D87A9047B83FBA546CFB0FA9D4673CC653C8D368990DE59902
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ehLRfQc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1552891
                        Entropy (8bit):7.378201931413496
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qt:knw9oUUEEDlGUJ8Y9c87MeG
                        MD5:58618D756BB2B3A175CC8DFB65BE7F66
                        SHA1:6DE3A566776A691C7E160890523B41FAB3C0913B
                        SHA-256:0585244135B0460D5D36B241A9235E06FA0F0DED799E5C881E2B6D8D13154DDA
                        SHA-512:B7A5A5493693302D6FF687748827B4A54A41E0F7735391AB59D2DCDFD86B2E8F1CA9BE6E26338FABD0F4D846323A8D9499F6F7CA57AA13A002D937F1F085C3BC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ezbfIqP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1608804
                        Entropy (8bit):7.343618110639381
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QoN:knw9oUUEEDlGUJ8Y9c87Me7
                        MD5:34B34ACFAF9FAB3C9D16CFA1502988FB
                        SHA1:EF4EDCA98B5CAF0BB7E2183FC810D6478E7A737C
                        SHA-256:EFDB636697B47054A2F2292D161E57AF77C9F767DAC951479EB9B388C38A6D97
                        SHA-512:D7CCF662781225B7D159740323D94DEC3EAADFCC0568988114AB9281C8C2E76EC00B1BF8BE76249AC493F09E86125D42887CBAF06A4BC663D045904BE48E3BE9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\fsYNdIS.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1626008
                        Entropy (8bit):7.333238699392487
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3o:knw9oUUEEDlGUJ8Y9c87Meko
                        MD5:E91C234383B7F5F4779802C9CBCCA8E8
                        SHA1:B714E29AFF179A21C8495D27D3D5DC83D762CC3B
                        SHA-256:4DFEBA80766FE30D071442BF55B75DA3CC314B523DBF98317FF2FE82CDD1F24E
                        SHA-512:95C90CF5E96DA081C37ADF34018D9BF2137F9D76BD92EAC3718EA4D10D23222FFEF38E9AE1E94C362A56DC47EF871B41A25362AFD7478C2DC8AA42C69DAB29D7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gFItvpO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1597419
                        Entropy (8bit):7.350544610412338
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QEh:knw9oUUEEDlGUJ8Y9c87Meb
                        MD5:9AEB65F9A263D1A1B64F84877C533162
                        SHA1:DF209E9F5E1B59189BC835DBC0BE2BFED8B0739C
                        SHA-256:548738752BE54F63D6B0FA0C7D18B9FAA7D190ACDABE432521A9AED19E4E08DC
                        SHA-512:044AC3B8953F89609993D168FA61DC0D27DAD5E12A87D4D33E4C364108A85AEBCC0455141BB1B828DBD0CD77ED9EFF913A5C9720E673B8EC2D4BE83055E01B9C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gIWIAoR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1565288
                        Entropy (8bit):7.370419339882362
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9:knw9oUUEEDlGUJ8Y9c87MeY
                        MD5:1F5F26DBB8ADF9485BB5A828FEFF7276
                        SHA1:97B82E346661D7A0E1B798FED7E5B484E7FE75CC
                        SHA-256:CAD0015551C46244E8F5F4FA4A269B342F7C8E41601B1B6695D5CB045E186DE3
                        SHA-512:6ACFFA9A99AB2AB5B20525E5CCC89455DA9847AAA0CB97312E1A7103F3E80BD9E38D9918BE88E3EEC211A8858D988CB609B50989D0B8ABF266A1E5D7CF60146F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gIerfNx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1632586
                        Entropy (8bit):7.329304717735
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QY:knw9oUUEEDlGUJ8Y9c87MeZ
                        MD5:3AE10D3BB0FBB8E7B5A0FAE415134AA0
                        SHA1:DEA710705C92F8DC81E4E9BA21AFB4149A1D06F9
                        SHA-256:FE51518CF04286608C5218D31B0CDBE8B38CEE897A19AEAE363A71DAF4AE4C02
                        SHA-512:511CB957F6E3C2114511BB104CA6BC986F4CB3729DDF28A93BE654C934D08DC4003688938019D1F462FBEDC48206857F75C5F5F38B5308A7072FB3B723D9B790
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gVxVuPE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1575155
                        Entropy (8bit):7.364273045558277
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QIs:knw9oUUEEDlGUJ8Y9c87Meg
                        MD5:8E2E16AB468DC14D91EEAA7397E7B85A
                        SHA1:6C29FFED93B6E43E531489623B20072E647D9734
                        SHA-256:A60F956163B06A99CDA2DDDD06356FC20B1106541E8DA06208A632CA8ACFE787
                        SHA-512:B5B037EEC17D85929FA536E500B41C400F0089E452CEF163F706698CFADF14C839F4BD5D32916244B3B2D17B91388B3BC3991D441F2D8F3264E639F924BCCD8B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gZXMDli.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1581733
                        Entropy (8bit):7.3601808530544615
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QHiKX:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:553FA3856B9FB97266849EA8A87D9B6F
                        SHA1:72DF38DFB1ED971663BBE1FB89B17AE9EA33D33D
                        SHA-256:119D89435E013E8527CBE0E849BA141E85BF4F0280981375C934A6D138CAD0E1
                        SHA-512:0364326ED79010C2944D84572D604ED3676AD390F25BF85183C03DFC1A7BB948E63335217711FACDA80CCF00CB0188A853A80A96A825C772B4DDA6A8396D9117
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gaDJFNb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1552638
                        Entropy (8bit):7.378361586452497
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8:knw9oUUEEDlGUJ8Y9c87MeB
                        MD5:3C6F7F8151777308053B0A3D2289156A
                        SHA1:39C62F6687C9A75130C6174E84022AC9D1168D27
                        SHA-256:71D18986D13CC80F1EA29FE4A5FD52E3463B11A735608E40ACB4F750B91A178C
                        SHA-512:27A6376B0B62FF1FB47C89388BC3222069BD3A3F65FDD2DFBE2947B75D20178F993FFD743D12603963F55870E27BE21294CD6582EF6CB137827AD2322EF11082
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gsJfIAI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1592612
                        Entropy (8bit):7.3535012631541745
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXO:knw9oUUEEDlGUJ8Y9c87Mer
                        MD5:6EAD5EB667FC45BDEA7023B2B5D6EEBF
                        SHA1:1842881BA5971252D7C4123CFD22D75CA44C6940
                        SHA-256:60D5696BB514E0A048A41A018717B25D32C7C1A065B8DFFCDFC34D505447EAF4
                        SHA-512:D1A578F4B00122022C3344A82AE3816B7C07026BDBA8A6A601272A40668FE9984F7FC3F77E817A874093DB203550A03F761571F9BC677E2EF8F0ED224292D248
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\gvzqmaV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1598937
                        Entropy (8bit):7.349625367010667
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QzC4p:knw9oUUEEDlGUJ8Y9c87MeWC4p
                        MD5:C68970B37BA03F51EDB7BC2A7B125CCE
                        SHA1:F33BDC7C3CE6DFF4961224228B0C9EC7585CC720
                        SHA-256:E60F956807DBBD513597FFFA14B3770BFC11C113506369A600C94FC15F25E615
                        SHA-512:BF860055B782275B066A67B6240454486DFEDA9B0251DDDC30BC80D6360404D112DF514A1CD4398EFCC688BA9785093CD00F29351F83FDE0B9C89F57E835143B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hEUdUZb.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1578950
                        Entropy (8bit):7.361915080588519
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QcQ:knw9oUUEEDlGUJ8Y9c87MeG
                        MD5:08332FAC353529DEA937E99707B8A6E3
                        SHA1:C2D365562649F95689587931F4094E8F98D2519A
                        SHA-256:5CF0197823C20832DBE544950A18AAD81C924EACE2F3E1E605DD51A94CA06CD4
                        SHA-512:A76EE82F044C39BF44C878255BA95B271B28DD02B0E6769CAAE3AFC663D1075004E9CA15FA97E5DDB9B5757CB348DF50009F79101EDA1E2E46BF0A5369BB99E3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hHHgQhg.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1611587
                        Entropy (8bit):7.341927156713635
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qmdre:knw9oUUEEDlGUJ8Y9c87Mefre
                        MD5:4897623FA8825AEF0DD3B93F72CAC0F8
                        SHA1:0189F645C47F60AB168529D55878138A3A8EAFF4
                        SHA-256:481CEE3B754260943C3631F759F7AE180C8ACF6AC8ADC9D5C41F17DB061A4CA7
                        SHA-512:868A00F8B9124D98B84084EAD5EB7EFA0D6F9FDFE5F794E4F1659E6B59AF1BC62E94F8EE687D0413B0E205A7219F4321E8C823B6F8F41CA3ED1E0EF3B669455B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hHyzwMR.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1578444
                        Entropy (8bit):7.362229679050905
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q+iK:knw9oUUEEDlGUJ8Y9c87MeZ
                        MD5:D3FEAFD3099644FCFDDAD42C78FCB4F9
                        SHA1:7EDBE9B72B35149A372D2C6E4EB54FA67220B8B5
                        SHA-256:B64ED72A266409E2BEDD9B08BE8F2B0B62BF448C65487D9B31AA23582DB495B1
                        SHA-512:B0452C14615F91FC01A4BB38599ED5773B1258DEB97FEEAB667579E29C387F089460C59876925C698CCA4ECA391EA25C104ED60BFC81180C8E39A5A7D242DD57
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hImJGCQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1585781
                        Entropy (8bit):7.357698206894753
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QjUr:knw9oUUEEDlGUJ8Y9c87Me3r
                        MD5:139056AA5BFA05F42E8B9EA9824F46F0
                        SHA1:B41F0923A062F8E6D4E11F6A35012CA80006A637
                        SHA-256:30C1129303626C2A9AD55C705B580A6801EE962E727DE178071D4F440EDCBB1E
                        SHA-512:38FD7311DDA1B730C495F315ABC133C0E6EE90FBFC98CCD55778F48F8BE1D77F1E2C57F099D3D05E1DCD232DB713B7827AB3879E9934647780A5BD655F3E58A6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hPbLcyI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1595901
                        Entropy (8bit):7.351476583215937
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QK/xc:knw9oUUEEDlGUJ8Y9c87MeZ6
                        MD5:11C0FA03DFDFB670DF9B9F83EF4DC3F7
                        SHA1:5BE72EA96384B46FFB8874395900357594A4710E
                        SHA-256:125E57D3CBC4D858AC4C07E7E86FE5B8686E36CDAEC27E1455C52D21F7C3215E
                        SHA-512:33D92B6C3FE76EA455F91F1884A092EDCB6D8869D63A745A488E5CCA03B7F4AE34F2E8114040C4376B1DCF6C1D86C202DDDFC276F2345F7710FB79939C730BA3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hcWXimc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1588817
                        Entropy (8bit):7.355813793257215
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QWvwr7:knw9oUUEEDlGUJ8Y9c87MePIH
                        MD5:5BEA158BEB125A5A9DB829C07D58288E
                        SHA1:E1188883D920DEC3B461F53A1B9DA4BCDBA0C9A7
                        SHA-256:AEC1282392AF822E1EBBC0D3D9F8D08ED49486CACC1CFB780504CBD67D074CF0
                        SHA-512:89754584D21397E22D376F0E8A8CFB2CCC4320678C9BBEA2F27C055A90C6089C223D6600744636E285DE58112AC786C694BA7C67FC0C703449FEDC2EE399E69A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hdrmJmm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1616141
                        Entropy (8bit):7.339172038120196
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qw:knw9oUUEEDlGUJ8Y9c87Me3
                        MD5:26702191B4EC41626FDB162025C1BB2A
                        SHA1:537D2F9F82B7D43334FA2D6596972511236059DC
                        SHA-256:F5E33FB5E686805C77AEACC4EFA3A7409D8324B6337B723106B652526E98DD84
                        SHA-512:56264888765D9E2BCE202702E51CBB742A1AD81EAFEB8BEE432FC70C604F13D84612D68BCC20A544EB82E98C332E146863EC81E086D23319812ED63FFEA93FAC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hiRRhNA.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1580215
                        Entropy (8bit):7.361124015350371
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QVX2:knw9oUUEEDlGUJ8Y9c87Men
                        MD5:E519F70A3F8E55B77C1B5908C0BA67EC
                        SHA1:B8D057E8FF734C00599BAFE764C5966D78623823
                        SHA-256:E2037E16350DE395CB13C80FFAF701E5A33AF4EDB0157F9837F8286BAB851485
                        SHA-512:DCD86602F2DF0B4FB89C6B8B63701BE8A6AF8B26919E7DB5C48881AC03616154D250704B7798D3DF2D04F53E7C6244E1F66073362B7610157664620753E1B696
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hkdrylp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1596407
                        Entropy (8bit):7.351164598813233
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8:knw9oUUEEDlGUJ8Y9c87Mev
                        MD5:A9F2ABF2CA90A6B8A90A99288AE30609
                        SHA1:EE6795B0D62113B34EC69EC22EEA7ABC8B8D9F8C
                        SHA-256:3A17B6F4BC5EAC55D632C475D501D56A48B61B3985C031A4D5BF4E109875158A
                        SHA-512:B01C2FDED8AD78227884E81A7A6890AA9A076458C8A1DF0D4E9FA333578FC07A8E4880FA898840777EA39F01ABE1018EE98B89FA47B7B77F657A54A62D027E83
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\hldtrer.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1616394
                        Entropy (8bit):7.33903703616125
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qn:knw9oUUEEDlGUJ8Y9c87Mem
                        MD5:215A67D654EE592AE53647915CA5471F
                        SHA1:4B3C06070798A1A50445EF73CBD04361DA3CA0A0
                        SHA-256:D512EA05891ECA97DB7BD85907838AF5682222A4595FE377D77CB6E24FA55A62
                        SHA-512:5EC91568B277149E61AE7DE0AE8D1C268F2B98F77B80BD78E2FCE52578102719D4FE2CE8F51241430DF0B1C86BA8DBE0112507E26552159CD4D102E23E41152A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\htpHIjf.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1612346
                        Entropy (8bit):7.341468286153872
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/z:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:291CD23C430EE3A9BDFD8C878A834126
                        SHA1:FEBD6C995DA2112C21A44175AD17332D3560DF13
                        SHA-256:FB994BAF4835915C1FB0CF9D19DD3613BA19A34EF2EB1BC541AB3E9873945837
                        SHA-512:8B3FF3C1370BB5F1A52046CE44F1FAF3336CF630256C6524D37326B352E2C4B0B761A05EA6A2F4FD936AEA1669D9397A6BD636B776D2A449AFFB82D6373F5AC1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\iDjoCba.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1596154
                        Entropy (8bit):7.351319791473427
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QoB:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:061571B9CC0844142EC75E1A356D9665
                        SHA1:39A94087855286C775A1D0E77180221C59F667D2
                        SHA-256:E7FA946EDB21D6B87E96B28379A44D8831B02A12BF416D3B2DC1E8AB225BFEB6
                        SHA-512:2757FCC5CEF46CF9867D4161CD42D2A8801E8742F5E3D4595690D8E872CF2791DF6FA2448C07FC199BE0CC290BDAAD03EF28C3448643BCB960CC4A68A9564CED
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\iNyWjdh.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1577685
                        Entropy (8bit):7.362693934602465
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QO:knw9oUUEEDlGUJ8Y9c87Meh
                        MD5:18C2A53157E308A8BEBD47F1B9C32379
                        SHA1:F6ECDB855F9F7F06442425A075028EB15AED72D7
                        SHA-256:83387BACA74CC3D81529FAE62A33FD124FC98063A94C20283D6DE2A9C15787BB
                        SHA-512:69FC303F4869782400761B0692986A2FB2E7DEBC9B445112FCCD0149E92DBC3E79DFD746AC0515020634A0802F201111169409A9FDAA9A8B600DB00C5E26B3F2
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\iVxWAhp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1621707
                        Entropy (8bit):7.335834310509792
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJEvJvrZ:knw9oUUEEDlGUJ8Y9c87MevF
                        MD5:2E944D082DAE3CC75EC91ED3D2ED98C2
                        SHA1:FEEE6354BA16D874C5D9664F9B6BFC4094F2690F
                        SHA-256:1995CAF8F0515371A20A2F71E00E1916FD70916C4199745015471F310C188BD1
                        SHA-512:1C3CB4E6C5C06A23FB308808FC1751250E551AD8F6F8A930AD88260CDE4E68561BE77E04B45AB590352670E37A8F1918AA1BF2ACC493945FD4D21D38A9FAFC54
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\iWlgDsI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1625755
                        Entropy (8bit):7.3333850295619465
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QBG:knw9oUUEEDlGUJ8Y9c87Mef
                        MD5:2805CDB9710BEE779E58E84E432790C4
                        SHA1:1CBB3325A13CC2947891C712B919F7D03BF7A886
                        SHA-256:339B76E5FD40B6F19C40BA8109748D02A1FFDD6E126E6090BE38ACC39917298A
                        SHA-512:A13B662A96E8EDB1DAB1E59D82DE79943F56430BEEB1334085805602D82A1583D946CD0C8F15A871686A9828D86EC4C1CC9ADAD1448EDEDB51633C5BDD6C0920
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ifdEeMJ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1626767
                        Entropy (8bit):7.332789455569724
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QD:knw9oUUEEDlGUJ8Y9c87MeE
                        MD5:F1B5D51D78CB5E6942A2EA08648BD412
                        SHA1:92A875B97CAF0DCAA6FE88D7796B60680444C5FA
                        SHA-256:F2CB82F61E52AF02F506A15BA70CF4A800C8B64F342B3271779AF11FF65E86DC
                        SHA-512:54ED8D8727E7478DADF2EE32EDBE6AE0BC066AE2584B4786191031B9825DDFD534DEDF550E1DF5B6DAD279D0E2810277DAB2AB229058F86A464ED3CE38B5987D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ihRMBvK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1609310
                        Entropy (8bit):7.343312172024786
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qxu:knw9oUUEEDlGUJ8Y9c87Meau
                        MD5:192FE9B47270B28B9D783F7EEFF91D1A
                        SHA1:DA517C532230892286D5EAD1B6C655C6509EDF20
                        SHA-256:0E318545CFA59246BA632706B2C20390DC556073079F34B15A4FB4E4D8634A5A
                        SHA-512:B1C7B91A3BFD354ACCD6DC2A6CFC49A518A0D474ECDDE7B43C2B439BBC7C51E2C3D5F30D76FE0557FE5EAD5B321921194006CFDEECC625B5F05143CEF056BCE5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\jNFZeRV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1635116
                        Entropy (8bit):7.32780893417428
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qxd72wz:knw9oUUEEDlGUJ8Y9c87Met+
                        MD5:0F4390D88A9E416E29037AF40F8C594F
                        SHA1:98F7F7E66CEEC37AF3A76A5E9E37AFADE0855CAC
                        SHA-256:CD38D38CBB3D49DCFE90D7D8A9BF0E9120C5CDFC9786548064DC66243824BE5F
                        SHA-512:A83CB6ED040D5AE692868CFD7380E877ED6FF0EFAF0C0492649A09B12D92A850F61E25EADD4B174B7C792E4ED13D0E275AA092885A7B953F94F35FB2DBBED3B6
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\jNvuQDu.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1573131
                        Entropy (8bit):7.365521968691421
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QUI7:knw9oUUEEDlGUJ8Y9c87MeO7
                        MD5:3ABBC625EC44E8F363FDA7C53469AACE
                        SHA1:0FF784C224386721BA51788D9CF2D801F1916A23
                        SHA-256:517FC2FD7B24E31CA35EE3114F089B6CB31B9AA5F60188EA4E90DB1FD8CF23CD
                        SHA-512:466D9797EA980631D9DAF76F17629E2338BB68537FA2F9848A0ECC9248D514BD039B56933D5F145965F5070A845A80E3C7A1FD099FA3CE4657CD19940723E6A7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\jOLYVDQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1589576
                        Entropy (8bit):7.355365498155167
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QAS:knw9oUUEEDlGUJ8Y9c87MejS
                        MD5:738B0E408F080D723CD79190DF49A4F8
                        SHA1:D25F1228022C8FF47E19E3A5A33877FE34BFA532
                        SHA-256:0C5AF3FD08F6E13C518A67A8620ECE400FAF94FFC00457BDBCAFF26EAD6F6BEA
                        SHA-512:FD7885FC4C517D17D769E0E657C25F5B72E8A20499CC98A7C4CCDFE00759F7B9C4830B0AA910D560AD0539CB4F6B9E8464488F68D1D82FA726AF92CE09B1DBB7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\jlhXoDU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1564023
                        Entropy (8bit):7.371203675567442
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QQl:knw9oUUEEDlGUJ8Y9c87MeRl
                        MD5:7B7E047327EF8FBC297321D12841C29B
                        SHA1:AD90C047C5F40A6B7C8B2FC632DE7E0B7E3C3500
                        SHA-256:1197A30AFF8A4513DDD68FFFC291C0258DCEBF63E77F43C8A978485FF74C270D
                        SHA-512:83A82A1FAB33B458123BFA9828A6B9012D5D1DA95566B3A25015CEB19323E9733B48B16F5A81A18A5FC34F21A887A1F4EE8C4C19DB98A4BCCBE01E338E36E984
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\kDIeJiO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1628285
                        Entropy (8bit):7.331876045592974
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/U6w:knw9oUUEEDlGUJ8Y9c87MeJ6w
                        MD5:08DF5DD12008D0EF6F6A1A0B94DB21F2
                        SHA1:5FB2018E8D5CCA6386186AB61963383C55615507
                        SHA-256:73B211AB5EDC70AB5D4CA49BECFB7788AFB056A937F7038490D4126F1A7ACC46
                        SHA-512:11E3202907C84BF3AF8E84270A697DCE7F60E4C3766A54CB4AEE43A4A7AE4A34EFFC967DD633402DC6D67565837EB14500660BAAD437034ED88FA881EF09E363
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\kPIwtDx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1634357
                        Entropy (8bit):7.328247613305846
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qlg2:knw9oUUEEDlGUJ8Y9c87MeyJ
                        MD5:449286D8D7000B013DF20EA12F7AA284
                        SHA1:FE9775F0710DC7989E98F97CE3BBB1CCB5EAD80D
                        SHA-256:73295E08D0C5F9FAA5879102884998825C1C6915E6A9025802EEB346A76FB617
                        SHA-512:DBC7D37571E58071C411E0B36902F1F305279B0AF4EC1C18AAE6EDF93A934589946E99600A9CAE3F0426562FA89CF3D245054BF8FDA2994A899A6DA610A96866
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\kcGcYyc.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1615635
                        Entropy (8bit):7.339482550930095
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QqB:knw9oUUEEDlGUJ8Y9c87Me/B
                        MD5:0BEC2140848833AB9310D8C260E97E92
                        SHA1:C3A736C4E6660236E22055D2E5D4BBE98063DDFC
                        SHA-256:5C8599E0F8C66DD0902130C11DA809990FBCCCD82EC8EFC18AD089EC75AD55E9
                        SHA-512:267AD481FA6E87595C8F8AA37A4EA3B2AC7AA8A8DD28982CD909A77B9B04153FC81DF3D7983394CD557DD4C91E52A52B6965A046B565EB22A65B2CDA7AF53229
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\kiaPNWp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1566300
                        Entropy (8bit):7.369787046785864
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0u:knw9oUUEEDlGUJ8Y9c87MeW
                        MD5:63F97E8CA82F20E4F61AA09C4C43402A
                        SHA1:B747991A76921D10554652EB510EA1AB7E87270F
                        SHA-256:EE9691112C6760A9509809E631885396F23CA3F0A6DAC6BB795EABCAAC5C7504
                        SHA-512:F16C0DDC5C7F9EED087287C40EAB656F6AECAA089E5BBE0B52D8A971B4CE4824AC18B53C6AE9AA82054741291AC1E6A261158BED339037DDBCD4E530EBD093E7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\koSIwBF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1566553
                        Entropy (8bit):7.369622803430985
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q2:knw9oUUEEDlGUJ8Y9c87Me1
                        MD5:FD36D90C5317CA62BDE5E4100E087F19
                        SHA1:E12D232DC3EBEA1706918F2D1637AA8DBAA7A12E
                        SHA-256:98D65E93A2BACAB59C737EEDC84E6142217365D8D8B1396BEE04AC4CBB9F728D
                        SHA-512:E2E2045A4F7633F48538D43E03850123B9F9DB80EDF3949F69E68460DC5509CCE7EA943C57EAE08B870E466B655BF582F1CB4E721E30163E64028B2D1381088B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\kwBHINw.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1596913
                        Entropy (8bit):7.350855341021239
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9r:knw9oUUEEDlGUJ8Y9c87MeCr
                        MD5:1B235CB5623A109F12664926212A7974
                        SHA1:582C20F1A8F0896201F0C8193E728248D1D9F969
                        SHA-256:15B0936C6EDFB5B372891DFA41FCFB71E5C9C682505BCEE942CD394F82BB92B4
                        SHA-512:4FD554B0A3A56397096CE8FC04E68624450BEEA442DB3FF250998D43B68916688E7F2EC40AA2C1937C0854B917B6BAB4FCF9A76FEE84FF12ECDC12A067D0C822
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\lYsCKDB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1622213
                        Entropy (8bit):7.335514682548174
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qim:knw9oUUEEDlGUJ8Y9c87Me6
                        MD5:70448B76A73E1E4A61A259A6780BE017
                        SHA1:5F73D7643B415E940FE1E9631AB43CFDB35AB1AA
                        SHA-256:346D13BDA594AB6C83399881D786B06680A9120ACD96E7DCA64F5B4A38E426CF
                        SHA-512:E520733F110BE29989811B22511767A6DF135C9F1DD6E8352BD6E29321CF2F3177099ED3ED11B03658293E865735A31FC7B385CD278DBAE1E296C3BB6E6C8165
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\lkHmjCB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1625502
                        Entropy (8bit):7.3335450822119945
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qj:knw9oUUEEDlGUJ8Y9c87Me6
                        MD5:19B9163FEB512844D9352AC6C772CAD2
                        SHA1:EADC7FA1995A29BFCFBF2EBE51A406E8FEDFC0C1
                        SHA-256:C1C58A0946AF8A888020E7A9FDDF3B15ADC30B412BD8D74D1B829B410F69B111
                        SHA-512:5F2941A5BEB9E6EE8CEE04DACD12220B3A033B5E7C6D58BA116E5C5E846302F2AFFDFEA33977A51C7FED6286A301A249AB830B1B74019AD2893D1EE30CE58E59
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\lvuSoVX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1600455
                        Entropy (8bit):7.3486919532268065
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qf:knw9oUUEEDlGUJ8Y9c87MeM
                        MD5:31EFFBD08AEB0D107E0AA3A60F8C7C09
                        SHA1:38C17A8543D750DB37501F0B60294D0A3D3674E7
                        SHA-256:42F3E71AF4F4A6F8F5D25722824AA0DA3FDEB2A7080704B0F6F88AA8E6998D6A
                        SHA-512:D98840A1CA877147EF9EE41B31C25C86B786DDC9CA44A773859411383143B8DE859BEFAA4B865FC36695DB848EA5199351DB0DEDE55610ACA2ABC44CC1DA8EDE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\mNMttQk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1581227
                        Entropy (8bit):7.360504498374415
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qc:knw9oUUEEDlGUJ8Y9c87Mev
                        MD5:1FEB317B12CC816CFFB86E537A32FFC0
                        SHA1:9187F1DEF8F8A68B06DBB5DDA1CAF097A587C595
                        SHA-256:563B85CF9CB6F1EB7563754073454C71B0A520010E82204C9514BAD612403090
                        SHA-512:B0D14A615ADDE1EA902256B6B759D8BD44DD5764BBE60830D76223734D0C5DACAF0B40EBB0253C35AE0D49F7ED2C17A96276C21AE5C0ADA38BCB7750A781F6D5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\mUtoiRj.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1572625
                        Entropy (8bit):7.365842650214103
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QgJw1:knw9oUUEEDlGUJ8Y9c87MeRG
                        MD5:7F2DF9FAF9409F748EB96245041B5764
                        SHA1:7CDABA5B77F16C97830069D5B40CBFD66B5C01C2
                        SHA-256:993DADF74613E470DE929994AF2EFFA52B1CDAB14DD14C46A150C1E5C2095D74
                        SHA-512:0B22AD4A0DB813361D6CC3C915DF0CA64243A13CDE4B1295BB791934C80C6C1689360F7A9FB2891C08DCA75880E39331A2DA4EDDA6517668AE7AF17D0D319F56
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\mZbuFep.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1579456
                        Entropy (8bit):7.361600676150614
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qe:knw9oUUEEDlGUJ8Y9c87Meb
                        MD5:5F83975A6291F745B464C13CA728EEE8
                        SHA1:7D10E82B8EBDA7016DC81D4CE8ABB976E0EC73CF
                        SHA-256:211F61135C69C4EF54F62935916C13F3EB3AB1F0B99D8C45E718FAFA6462BB80
                        SHA-512:D66FBC44794BC0F5CE623417CED51189C68737565282CF815F7A60D505ED9D7D392D97DDE9E86D6FC2FB76EC57FFA59CF6D3E9426358A852FAC2DC498C3D9151
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nEqlptY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1567565
                        Entropy (8bit):7.368987575505325
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q6:knw9oUUEEDlGUJ8Y9c87MeV
                        MD5:02E7D4882630D4F0A3EE135C374B8E2F
                        SHA1:CA865EB214007360E1519C0A0EB83B080DBD6FFF
                        SHA-256:10D3695B0CDA132C2AA2A91AE1E2D1FF97C4546E3BB5968FF11AB68997091E26
                        SHA-512:9BC807D6AC7BE0F1754CE484C33733B002D5111DDC6D896496C5BE8232B6F6C617C5666A0F3024B628A854AD5E42AF18498105D81E9464B345D1AED297CA8CA7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nOUmNRd.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1588564
                        Entropy (8bit):7.355978810460905
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qzrp:knw9oUUEEDlGUJ8Y9c87MeY
                        MD5:28AEE47BD2DFCDE48EB5DB5E35FE291D
                        SHA1:2B3ED4B6CD3B46CC2347DD4639DA148C73ADC126
                        SHA-256:AF5C4FC921E2DE8F03D730ACC1399BEFCD8CF334E574FD497C8C9CAABCE05C32
                        SHA-512:9062ACA7C550ADE9B3453C7116CE38B0329B4A025E19CF833812982F09D7CC2575257D312194A086E62E4BEA7734B2FF4B99E54192BC0493344F997B9415B87E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nUwvlEf.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1561240
                        Entropy (8bit):7.372951455259162
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qk:knw9oUUEEDlGUJ8Y9c87MeN
                        MD5:5F36D419216284460276CB13F11C34A5
                        SHA1:98DA9A52D7B6842222B510E4E216D79B0822AC05
                        SHA-256:FAD3E0E13A5F3868B3380182D08BBCB486438DD179EB43A3B6CF3820FC5CCA4A
                        SHA-512:017AD394F56E515F0997DB553F4CBB6AB18EE87813B232FBFA3899A15F67CF28AE89D3DFA72C1B85C10FA30BDB08FEF8B4849BB3A50BC77A04634706B738E9AC
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nUxFpBv.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1617659
                        Entropy (8bit):7.338261517307534
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSP:knw9oUUEEDlGUJ8Y9c87MeL
                        MD5:277FDF15793F3BE7800A03E7B2D053CD
                        SHA1:3BC15B530E7A13D55987DF6A86354D9908C27B18
                        SHA-256:ED065228ECC4057979EAAFD19957BE815E5F3D9C4DC6AD42FB2BF0E7BBBE4AD8
                        SHA-512:AD3163F464A4DA3CFA941C6DC2192D895F698C49262FF15D61F9DB6433CC21237C27C1F9786020032850E850C839CB9A682B600556F1D364E1772BFAE67636B4
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nVRFUMU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1594636
                        Entropy (8bit):7.352246327115918
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q1s9:knw9oUUEEDlGUJ8Y9c87Me1
                        MD5:08F1AB7537AE079DCF4DB558BD073AD2
                        SHA1:DF1EC3C17EADAD137BBA6C72505D35519BA0EC49
                        SHA-256:C4B92C3553082B75D707930B91D1D128105776B45EB668FBD2EE205C5C328C45
                        SHA-512:C189C3A3A7328A9DFE8A0AFDC18B157AC522B28AC1A360C07B24CC33420B687F9B58129400AB76E56AF93473649C7E86BE19199915E7C275E5A95C398D649649
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nZqSwkk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1593877
                        Entropy (8bit):7.352716623199406
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QErk:knw9oUUEEDlGUJ8Y9c87Menk
                        MD5:090362455F44E22D8739293AB790518D
                        SHA1:59E7DD671233102FE40EC18A883332CA42C69EE9
                        SHA-256:AD51701951F79F0773C05A95C69BCD509EBA4F30179798C112F956F5144ECFAD
                        SHA-512:D71E2177A97B34DDFACFA546094820803A93AB4FD85429176E9802064B7756C108535D98977A171EDC1B1B04808B8ED03A164F3996069AC9B96BF4D48912B478
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\niuNHza.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1567059
                        Entropy (8bit):7.369305675835092
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qs:knw9oUUEEDlGUJ8Y9c87Mez
                        MD5:6A172D9E3B3F3EA204DECBD8ABE8928A
                        SHA1:355EBCDF342854559FB09C38ECA71A1D9E5EAF51
                        SHA-256:71DDFF9723B718D0A5B115945B0723B1B8A451439A40F8F4355C56912F85C7EA
                        SHA-512:1C31A647F21627A9B227BD3D3F1EA766F15C4D34635F29B1941FC3D3FAE3B1A84E450272FD06761404BE32B79254C173F06A56BF7C89836077BFCB828181B4A8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\nySppDL.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1601720
                        Entropy (8bit):7.347924141343645
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qls:knw9oUUEEDlGUJ8Y9c87Mez
                        MD5:14606A8ACB479A4653A1A97CB3221D5A
                        SHA1:57E384A989093E1A6DDED5EB1B9BFCC2FC975A71
                        SHA-256:6D598FF44196A0E2D0EBCFB9538258EC41C4E2EB7242519DC9BC959AC5E3E547
                        SHA-512:79C598D12F06AB3B9AB289C111EE31C7E516A54B4EC7FBB020538FC2686415E3028ECCB531DA30B6EC1AC9122C3A49B4D756DBBF5635DD7338515A86345A8C40
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oFlkVvC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1619936
                        Entropy (8bit):7.336890804021611
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QlwS:knw9oUUEEDlGUJ8Y9c87MeeJ
                        MD5:EFD9FFF0B214EC7E7F0A098C0F2DB6B1
                        SHA1:7EDE40A490F83AECB2FB3C8F7A6BBE7E016B69A4
                        SHA-256:09042A8C048C412DE24A7B98AACD330C2F3977E18D14D8BC8B2E4F8E1D34DBF4
                        SHA-512:BDAC1F1181EB591A9B062EDCCAE8C8AA4D61B2C4F04E662C0BEFF8540C83DB9A1AFF795C25D17223CFDED12AD2F7387F1075D741883464825613D08C969A956B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oLIMGEG.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1562252
                        Entropy (8bit):7.372311744031907
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9K:knw9oUUEEDlGUJ8Y9c87MeaK
                        MD5:45DF606EC09F9C4D0FB474E74BFC6536
                        SHA1:3974DEA7DCEDCC54CE3E4485ECB3B502D06F46A4
                        SHA-256:5C7163898595F89F952F92652588050AB35CC137220E5057DA47D6D2D3CEF23F
                        SHA-512:725A5ED1AE5F572FFDB935870F58C671083CCDFCD554AACB682C7C81818D826590CF6D5A75C1E130FB14B34CCE36F0A7B4533722C35426EEA6995455E1E38450
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oTTZHtv.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1618924
                        Entropy (8bit):7.337502215307301
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QAi0as:knw9oUUEEDlGUJ8Y9c87MeLqs
                        MD5:655CF313AE02BA7096AE0EA9113D91E9
                        SHA1:4BD11F37502C08E04E7AB44420D8033F053D06CE
                        SHA-256:EB7ADA30A4BE377B3BEECA11B4CF62A7E5F0D087D7DAE291240A5F7E2A1A3261
                        SHA-512:D8E0105BC186E421591678F20786E6644E573374C19E95CC02557EBB285AF1871E85E0CD4C0CD8DCDAAFDA1A43FAB730833F7C8ECBBBFC168AD8422FC65FA42C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oXhzTJB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1631827
                        Entropy (8bit):7.329753556806955
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qcs:knw9oUUEEDlGUJ8Y9c87MeC
                        MD5:DFF916DB751ACE71C004AE892329533F
                        SHA1:A32BA80AB8420B4E2955A8553CFE9B63564C015A
                        SHA-256:8D5AF894228254F604AC14519BEA603D6DBFDA39978A2DBB7B7EEE47F85762EA
                        SHA-512:F9C4CAACB33ED34DAE86945B19DF114E07FBC333CF7328D64A766034511BEDDFB4869F9B7BD3B535B2BE21253C1B558A9ACCDC6495C7BD78B24D0FDFFE57200C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oblCraV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1553903
                        Entropy (8bit):7.377564580366234
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q+:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:C06B94C5DAC30E49FDD09C6A2A7C8D19
                        SHA1:BFD78C7A44A80598726B740CA0BE71F1EC5E853C
                        SHA-256:8C5A05533180E824F2E4E9B322AA721CAB044BD20EFA86D1BF6A9521A73B1D29
                        SHA-512:E2E636ABEFBE0CFDFB1CEBAE7AA5B8997A34A5D3E97FFE60E7190899E8B23953DBE005851BC9FA66AD18C429A3DE2C8A85F49BB13A3313EFDB612C3EAC611D49
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oeyXpah.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1601973
                        Entropy (8bit):7.347771998329827
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qs1v:knw9oUUEEDlGUJ8Y9c87Me3R
                        MD5:7AF15900AA03E9C7D83077FD296A3170
                        SHA1:C2CEB3370684C7BF8813AF05A97E7C298CB3B442
                        SHA-256:AE6BF81B454014A7CE1BC4EBFDCF00B852552CD74F414CEA83D890E4FECE17B9
                        SHA-512:1C7578FA45DADC43DB011796AD6708CFF8EC8F29EA513AA64372060BCC5FB3A24162C654E72934A3AF38E29AFA46D3C225A5575B02E593D39DF35AE70D6EBB57
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\oheGeDM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1591094
                        Entropy (8bit):7.354433123754233
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QTt:knw9oUUEEDlGUJ8Y9c87MeU
                        MD5:2960EC15F905A1AA9652F8BB44FD3C34
                        SHA1:95E79BE92600F42C093C20F574DBDDDB251F3C41
                        SHA-256:72BFE9B21B11C205F0025A9C06E8FC6BC867F8DA4116FC797D47B99640CA65B3
                        SHA-512:7995A2CB4D9A1FECB290B5EFE63404BA26E4D9611CE6737D73BEB4DDF2B85D8FE3240215B40A0C8F5C191D862E4D2AB5E26FB2D17A041F4D073C5B2B272DF6C0
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pBUJBbD.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1624490
                        Entropy (8bit):7.33415724300079
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXhRsAL4:knw9oUUEEDlGUJ8Y9c87Me+8
                        MD5:A3182DC7B2669E8C613974F54E4E158D
                        SHA1:B88EF45E8439FC81882E699F7A7F1F76D65FE558
                        SHA-256:BE3989B4932B620F282EDB3F7557D921D6DB53B8FA8AD00A76FCB6A5F19C351D
                        SHA-512:34F9167A80F7B1B1CF903EA91D3E43E183E690490B26166903650B63C08107D79B76FCF826D40827110BBE7C264996CFFC01AC7293FCCE3A7AFC2D3E5111789D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pCYFbPY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1590335
                        Entropy (8bit):7.35488092887903
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QOk:knw9oUUEEDlGUJ8Y9c87MeC
                        MD5:0243E8964C0DE6DE91C2619BCF39B567
                        SHA1:7428C172D0A6628C916B0E5D57AF1969B643D6AE
                        SHA-256:68620882D6DBACEE6A90652CB5A9E96165224CF4918FEEE6B8F3E75F30FD2189
                        SHA-512:0BEA7ACDB3D17BA16A20E9F677634EEA318E571FCF63D820910AB48260966E195C4790D33D7F8D03A34C1C455801A023E1EAF1CAF994864A637B0C4EF5680759
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pONZxkY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1576673
                        Entropy (8bit):7.363325763566976
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QM:knw9oUUEEDlGUJ8Y9c87MeH
                        MD5:DD9BE1ADA07CCF5BF9ADFBFF1A99AFDC
                        SHA1:EE5CEB021D3CB6F61674D64C26D657897DD52A69
                        SHA-256:0CC4D17253EBEDD81D9E4D94CB2F35F0DF2B83C16E2026CCF54158287C57C34E
                        SHA-512:A787A035E44E5913C70E6C8D61506461F5402A79950B8D461802B5E54308632DDF259C8EFDA72DCC888D1FA387212392068794053C79C9985EB45E42EEEA6B97
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pQiWMAE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1631574
                        Entropy (8bit):7.3299034323239445
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QD1/6cD:knw9oUUEEDlGUJ8Y9c87Meq1/j
                        MD5:AFDF13D65DFDBC25DE06321787FCB5B6
                        SHA1:9D8151694CE6DF29739A840789B9AE831BD1F8F9
                        SHA-256:16DD71F5FD0790E844EFCD6AC137A2A7D6D085B7F752433CC6D1BE2E3E40FCCC
                        SHA-512:0F0C8BE5F3D063A356851E2F4B0542081DB588303083465A0B407E8DACFCA8BDB0D729DAA600F59BDD89ACA41528C701ADF8C590CC0BEAAB2161E282784AB95A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pVAAkNS.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1597925
                        Entropy (8bit):7.35024906076641
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q615mwB:knw9oUUEEDlGUJ8Y9c87MejJB
                        MD5:723DD12F506F65D57CC7C7EC4912A27B
                        SHA1:6C85447F2A485AABFBA69C02E128B8A02B4E6260
                        SHA-256:119BFAB1868CB512CEBC25BFDEA1C063A699D8A92F47F4B1107FC56168BDC5E3
                        SHA-512:5B205CC8E3AEDF4CB22528FC88AAC5CF1AFC759942F2761E1B61BBDBB0DEA99177C8E9D344386111347FC34EAC62D291921467669F26440DFE831C18FF16CCD7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pmqeloX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1597166
                        Entropy (8bit):7.350692664011566
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q3Wd:knw9oUUEEDlGUJ8Y9c87MeDd
                        MD5:D301F932E436B505326C85E76FC50749
                        SHA1:504A43253FC353CA0488B81154E4356C686272E8
                        SHA-256:BF0A6EA364D4C4A0741670E8334EC00D2D818E03170C84314A988A434DAFA7F5
                        SHA-512:E65A21A186A4BE675D4B34DB712458359DE0B711CB4A819A2E89F2D327A6712ADB04EA8FAE693449F705882B3CF4993F0FA0A9E18E902B30F3D1C988AF002DF8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pnHAApr.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1582239
                        Entropy (8bit):7.359872190192133
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QTmH:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:9F04B815F5125CC1BDCF30FCF6A3C6D2
                        SHA1:13DA85C3F9A3C227A9C36094E5B7AA96C6152F7F
                        SHA-256:28349406A614068400CFD7E67FFBB693E45092531A24BA9F0122CB23B03AB94E
                        SHA-512:256C003BB4B6133DEA77D01972CCFB896C480276571DF76426D0F4824416493F36604A70199B195199DCBE7BF1421C4AC729594BF4F8552B0C1C007BF157D5C1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\pydLviI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1614623
                        Entropy (8bit):7.340092735542899
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QCJfVGj:knw9oUUEEDlGUJ8Y9c87MeVJfe
                        MD5:61199D44F9FB669A0CD7DAA510FBFA11
                        SHA1:9DEA9549A14EDDD9AFB5B4B433685B90333AED5D
                        SHA-256:130AB21388E93A05D217E7C459B9BE621954EF2D837E22291F023976D916EA32
                        SHA-512:7FCD02DBE21CD11E3821D3C81FE9BB93EECD2BDF3C3EDA4A75B03CD93127E6D8B2B7B726DEFAF53B720C0E4533337BEE65EBF1ED8B28006E2172FB77E2E19E29
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qBNFibO.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1599949
                        Entropy (8bit):7.349016486542149
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QNPT:knw9oUUEEDlGUJ8Y9c87MeO
                        MD5:DEA8310FA3D2502F4F61C87A4D9620F9
                        SHA1:F20B387E055402739888E4A5F921F93C0E170BD6
                        SHA-256:AA6B90742B665654CEB0E87C05A078309A3727B439A6EC5F6D101BAEDBA446EA
                        SHA-512:CB3625C2E45F605C8499225422499DD6118370444F700F0B3577F889275AA66B81E8D72ADEDF378EF42974BA6E04DE83054FD84283BF95D5FE31C5890D28E3DD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qPOzufP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1604756
                        Entropy (8bit):7.346078690797658
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QcZ:knw9oUUEEDlGUJ8Y9c87Mep
                        MD5:CC7680EDDDC6570782588086DF6F5491
                        SHA1:2F0FAEB5E99026777A050537D5DD70DBB20B92DC
                        SHA-256:1E8BFECB6D4AE56C54F0060FAB82B418F80F8D2B9CA7FB3C66707E851C435D40
                        SHA-512:7A392D1F9F85F60A4B30072A7D10CD2D91F07682CD6447356F77313E2CD358D293CFAB7E689F9F78CBC451DEC4DFB809750734DFBE22B3400DB089277E7168F5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qQrbmYX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1617153
                        Entropy (8bit):7.338568326837825
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXXkz:knw9oUUEEDlGUJ8Y9c87MeGg
                        MD5:10BBB3F75F4647D31744F078363839C4
                        SHA1:CD16EBD662B732B6A4405F622E97F761997407C9
                        SHA-256:C6420492ED5AEE1A3C946C47C8B02DDC49AE033ECBA45C3708316EB84110D632
                        SHA-512:680757D7745005CBDCB05967116B43E1DDB49778D67870A6E61A31F44346C1863304401F7C7DAB5FF3F6E85D0D54FB90EF070F03068BD3F3CFFF258A2743FB04
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qYfJmBx.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1584516
                        Entropy (8bit):7.358471598915743
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QZrVl+:knw9oUUEEDlGUJ8Y9c87MeWl+
                        MD5:A30DFBF3716EDF8C6312F57CAF582D45
                        SHA1:638B6EDA1035AF85550DB61DEC0E73D92839A135
                        SHA-256:9756A17B7644515F981FB2CBD55633973EEEFBE3EEC5A786EDAC0FDD06E25DDA
                        SHA-512:B594978F6518620A6A42C8F6A5F867FEA053FE70FD0A98EE1DEE5B60A185B8BC5CF981C4E15172C2FE086553A47CB8D53F2B59AC70997D3875FD1E6F5C415696
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qrMFKUE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1607539
                        Entropy (8bit):7.344381766078418
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QR6:knw9oUUEEDlGUJ8Y9c87MeD
                        MD5:1C8DB9C5C483BF6A545401C0E80E1EED
                        SHA1:2818C1BF20BD704A79DC39D9CF7E1496EBB99F84
                        SHA-256:FDDD23CA656F008CE59F6C889F06F2726787E4A33502A9725FAD6DBD216AE180
                        SHA-512:0400D945726AD40224BC0C45A5EBE68DEFBF459AADFCFD2D38479D841E53C859BACC3E70A6419B0D151B13FDC271E9A9C830AFBDF7023473CDD3F5D3484A4C60
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qulWMNK.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1559722
                        Entropy (8bit):7.373909636059176
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/V:knw9oUUEEDlGUJ8Y9c87Me6V
                        MD5:B6CE0FBF5B338360494444FC268D4B8A
                        SHA1:5E85F22878F6E137782D8BEC00FC60FA72D6FA20
                        SHA-256:EFCE622DC68E5F565A792E842A7ED94C624BF574C9ABC6B1E6F2ACA94D0D16FE
                        SHA-512:02D4EA00643089EC6225887A216006F944530C177E714EEEEC599397C2208E2D07CD68ACB6C1CA098EA8819010FE4D133775AC87E5AC2A423319778144269D89
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\qyjihXJ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1622466
                        Entropy (8bit):7.335360645020387
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QSvgv:knw9oUUEEDlGUJ8Y9c87MeI
                        MD5:758110962390BF94DB8CD8D1CF581A2A
                        SHA1:945AB35B388104DED1D4724FAF3279519C8DF540
                        SHA-256:AD9F27567FD6F3A4A500537751D31C495E4719AAE290651DA6C47C805DEB035F
                        SHA-512:A8F524EE71B3912927F9536A3E73AAB7C572811FD32291684A76696E70B1046CC45314DFBAAB9CD6173997EFA5A052A86EB1987CBC191A88CA981EC7E826A578
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rECIoeF.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1566806
                        Entropy (8bit):7.369469017723847
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qxx:knw9oUUEEDlGUJ8Y9c87Mea
                        MD5:DAF885366925DDB3EF54181822B5F5E0
                        SHA1:611C8C1C30496C230389E2B8B8930F8CE7D62FC8
                        SHA-256:31AFE41683C568518CFECCEC674DF718ABA96D686BA54D59BA3CF2441A31E84A
                        SHA-512:10FE9665524537F7CD579669A5FF734F1CA5A9ECAB0845CC3E5043F09FECB4C6EFD1EF006BC9E5322B99C1B66C2091A4865987980A939B30049803FD91D66B99
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rSfKwnk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1627273
                        Entropy (8bit):7.332495463443368
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QQBE/:knw9oUUEEDlGUJ8Y9c87Me2
                        MD5:85CB56096FBC9B6493EAEAEB6DAED183
                        SHA1:3E811E800B9E0B796DCEA479595D4798454C7209
                        SHA-256:2E47220F3F728A23A89F796F0EDA9CE2E1287583AECB45E55D966949E98D08CE
                        SHA-512:0CE57CBF73A3E2CE6659D082EED9B9D25F6CD935981B3178A9C430661C60AD0D66286DAB2F058CEC554BCEA17AB2C2ACDE1C44D8AD18F9C2B0F7665BCE823C77
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rWLJMFs.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1595648
                        Entropy (8bit):7.351634759342248
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q4bN:knw9oUUEEDlGUJ8Y9c87MePp
                        MD5:391E3F492BEA1B8A7476A776E058B6D3
                        SHA1:71CFDCD076A5EF9263B064370D399DCD1608DDC1
                        SHA-256:EE5C4CDAED57BBBC7E4DD4D8100E576FE71B5CC44EA9F1EBA993C2140DF8F89A
                        SHA-512:603764F499EC6690703D5115539BEED4CD1C90872A5CF1B3BB52E6E6AF72043EFA98694E357ED45F9A64FF8E0A421B48969839129D794F000304636353B285CB
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rfvRxbV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1608551
                        Entropy (8bit):7.3437760878574
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QQg:knw9oUUEEDlGUJ8Y9c87Mes
                        MD5:53B5903C0C10426404CDF9E5C59137B0
                        SHA1:F85ABEBD0C4D80FF7956A2AEE132704D49037A9A
                        SHA-256:0D3070B83AAACC3E672CAB67EBCCA835CC1B57FA73951B447BF235759337713A
                        SHA-512:9F5C04D83B54775B11F4C4419E5BDBCB4F72D3C969A5DC54F45229E94DFF8F34721BA7E60EC2295948FF9F22ED362087E9AC1490C0A0E731AA582E79B6E6AFAF
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rzBuUNn.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1587046
                        Entropy (8bit):7.356918411779401
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QgtW:knw9oUUEEDlGUJ8Y9c87Meto
                        MD5:63096F73006FC91B367E8A4742681C43
                        SHA1:3309B3F2A89D67998174AF570170809408DE2B1C
                        SHA-256:EDC58E16F6190A037DCC998B8DA2DF6248EA6ECE75F1FAE868A9BB26AEB829A9
                        SHA-512:35776865CE454B30E4922B803A375E188DB142E976E5E57F15EE05C4480CA85373D6DE75EF335790DB9FF69889E1FEFAFD93C2F8A935D2737C80740F249085D4
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\rzOVEdp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1574649
                        Entropy (8bit):7.364580546658746
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QL5:knw9oUUEEDlGUJ8Y9c87Meu
                        MD5:0B9BA21DE8F60B91C2E495B807CD314F
                        SHA1:6AE1F564DF2B7C6B91AAFC39074E82FBA71C86E3
                        SHA-256:977E57A3AD33295B63E578BFD554E51ACCD55296AE07229E843AD043C5B695FF
                        SHA-512:09FEC7E387953A48DF8C3B8C994FD9F353B1CCB5F5703C79E44AA147F17ADFAE32CBCA9AC543C5FB245A0D38169F5A013ED1C3D7BF8B1F2CFE0E2BC80A0269D1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sDUxUOz.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1608298
                        Entropy (8bit):7.343922599476094
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QVs6+:knw9oUUEEDlGUJ8Y9c87MeF
                        MD5:1A37D91F3F2B80D20EBB2461260641D0
                        SHA1:E988077DF7BDEDF425BB843D62E684E1267A4457
                        SHA-256:F84979D59BDC990D2056FA450F03EE2F945BCE4F7463A8B80E253967437550F5
                        SHA-512:ED2FC138E68E9FECFF73735AA9C44754906B36526FA0B529A798EB1E29E276D86E99F8231E9985AC7F4D815CFB8D9B64BB776D45CE0670D317839CC92A6F6099
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sGHQnMX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1634104
                        Entropy (8bit):7.328404555681379
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qzn:knw9oUUEEDlGUJ8Y9c87MeS
                        MD5:8C2B6D197E13A10BC6D1724C4C9729B5
                        SHA1:B6BC3D6196C696BC9071EECC2DF3C0EBB5937165
                        SHA-256:6CBFDA71464566420D3FCC8CFB763C464C5042945E9032DA158130949F65002E
                        SHA-512:DAB9A9FC7948ED0F0FF40E2B25F2D409FA97D9E27FA63CE6054ECA4B53DF5840A478A5A063082E833C08FDA8B673CEE24560F6F8DD08A61581B312017DD78F36
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sHrvKbH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1601214
                        Entropy (8bit):7.3482326754963925
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJ:knw9oUUEEDlGUJ8Y9c87Mec
                        MD5:2ED03B32016BC1D948F8D8998EC51ED0
                        SHA1:9C9C29175AA6AEC0C738D8E2181C64E04E3173E7
                        SHA-256:D1E496CEC44241D375E1B974A4B0E51D178A61F3AF36609D8AA7E3D46CCA64B5
                        SHA-512:CB1C79AA3135B9B90CE31A0C966B53F3B1DB33DAF7AEA7E02E8358F83FDA2B2B8372B3A37DF91DC4580E1E91A3BAAD63212B007CE399E7F69C015C83AB49EC42
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sOMtwdY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1603997
                        Entropy (8bit):7.346540505691206
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qg:knw9oUUEEDlGUJ8Y9c87Men
                        MD5:A5F0250BDDD71E9790F2DFB520271DA1
                        SHA1:57BCB8CFF6CE7E3D4E75BAA41C0C8820EB4102CC
                        SHA-256:73B314CBB1B66D46366502190A7D3118E33311D3D73D170616C31DC2AF3C53EA
                        SHA-512:9A86F543552A7F8C0527A6FA5FA3B27CE5FBD68FAC1F14D21C5EFD1DB53DA24328C6D6FA11E8A4ED7A963928397B09535738CB37D40FFF3788839B20CA81670D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sRxYPzo.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1595142
                        Entropy (8bit):7.351935507195877
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qn:knw9oUUEEDlGUJ8Y9c87Mea
                        MD5:E2B7331214036320152DD8A75E5EF877
                        SHA1:95C3D2B903B6F3CFAC1421054FA3614926DD70C4
                        SHA-256:8392193261DA05B459517D7412FD345BD139BBD375EA581AD57D1AAC665A1C99
                        SHA-512:FEEADF54D49BCB27B47D22216F7152B1B58BE48F674A477AE56DC19634E00535C092AFBFBAFCEC580B0A2023DE93C9798C4A49FD24DAE0AEF4C2D11D817B705B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\sklRMsM.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1628538
                        Entropy (8bit):7.331734682746041
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QVbeN:knw9oUUEEDlGUJ8Y9c87MeAa
                        MD5:96FA18765682E3CA553992361DD80F5C
                        SHA1:E08722BC82048FC88276718FEBFE1C4060663935
                        SHA-256:38203DD3EC6B69B2C9B7BF9D32B834328934B46F3DC4EB5AECD75B82E91F6F91
                        SHA-512:AC823C784EA59E7BC39435B73881E38DC172990FCD8963288E401013CF03944FD402C29788295946BEADCCF523254710ED89268109567044517298DDA3A8CCFD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\spwZxbD.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1586793
                        Entropy (8bit):7.357077411457412
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QiPt:knw9oUUEEDlGUJ8Y9c87MexPt
                        MD5:13177C43BC8068D47CA4318E292C0EA0
                        SHA1:7577C447E20287AB1BBAE80B6DA0C5056C717EDA
                        SHA-256:F78453813FB8F9CC1906C52610D6E6EF0234552D0D2FFE642FFAC3F208674C23
                        SHA-512:B4E10B6AF47CF9F4DA613F6C393741B45137739F68B3E60E4FA3FAA14270788BF39896F12E601BCDA1B5B51F5EC7E40237078379474D7C37AC1917E49AC4C13F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\suHCBrv.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1585528
                        Entropy (8bit):7.357849158328653
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q7:knw9oUUEEDlGUJ8Y9c87MeW
                        MD5:6B3D2723A5AA446EDABB86736AE700BD
                        SHA1:FCB4A150F2E0AF76C05D3A75EAD90446F24AD825
                        SHA-256:DB72F544747F6CBEB17A0A62F9A99ADD4DBB2C42817442AF50CC37F4B2C75565
                        SHA-512:432FB9E4CCFA8691E130F1D224BE8FF43E6B64A17B1437CCE56E218F5DEA4F3F44D0B679BB7BCE6DC87A7A11A48F42CE520CE15BEB86449AB3BA14A61FBC1C37
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\tRrgCEd.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1574902
                        Entropy (8bit):7.364428531587992
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8:knw9oUUEEDlGUJ8Y9c87MeN
                        MD5:918D25389B40B10FCE7C61B82545DD1D
                        SHA1:888A99565C97A6C8BE0BE4E074BD1B7F5AB59145
                        SHA-256:6690567B417988ED846DD544BB8AD4EB1650AAC17499C7D15F8FB06C7DC13DEB
                        SHA-512:B4D26221441B60B323C9DBF04122AF2D6EE172B0F05EBF632478ABE0FAF695F7AB3541769E4CF0E81C6A812507CA5A863767766F244D3E89A9ED98E9C5368FD9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\tYuJBKo.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1590082
                        Entropy (8bit):7.355045853026449
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXG:knw9oUUEEDlGUJ8Y9c87MeoG
                        MD5:1E1CDEA839E9723FCF39F29111145CDE
                        SHA1:4C79DC2760E290DC1098A582FAA8A08006F47DF8
                        SHA-256:016AE21DDCD43FB7AFE56B327BC0F92E5E3726E3F37269BF00010AB770BB8854
                        SHA-512:B088892E938E41E39D41E2E1B93FA32C88A0252B11A9882445ABB9FFD34C7D49C6ADF36A2CB4524D24D73B1B1AA21EEED07756E8E8A040931EC5F47A374DF978
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\thYWpNp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1621454
                        Entropy (8bit):7.335975123950549
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QhlP:knw9oUUEEDlGUJ8Y9c87MeC
                        MD5:8009FE2C413FB7BE678CBE650C7A81EC
                        SHA1:EC772007BCFA149552C3E67461692A00AF0B10AC
                        SHA-256:5F91E85303AE7198D0783C4F34243558DDACB30C2DF982DD178D3C20A96FF2A6
                        SHA-512:C4241F14652996C9414C3737C8A1D4B83416BC540525F0D2867A2F87E496098B2384609A1063C9E22269EE3916D6272DFCAC4C0B49729D048FE0961DD03AD0A3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\uJLpuAT.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1575661
                        Entropy (8bit):7.363951269009077
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QZ:knw9oUUEEDlGUJ8Y9c87MeW
                        MD5:545FAF9E9DE6DF34043690FB43416F29
                        SHA1:11B104E8D506002C82E9D1F324017CBCD848CC4B
                        SHA-256:73C972F2B740B47C82D11FB99792085049C39DDCB0A24A79EAD351325EC9EC6C
                        SHA-512:40CD1F505503331E5B3DABD811E201F6AFE83F3C7864A35D780CE3506EDBBFDE192766C6685821DB1A52CC8F08ABDF22E27831FE31AC248F5BF0D529CA556752
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\uUnCnJC.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1557698
                        Entropy (8bit):7.375174139435369
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qs:knw9oUUEEDlGUJ8Y9c87Mex
                        MD5:AA04864EAF71339517E97CB478B7A713
                        SHA1:83EC2FF9A64F3441B86B5C61F6835D3949D8319C
                        SHA-256:4E962993B9AB254BF58F7C2977CAA1C837D94F3526FC03940D22D579C1A5853D
                        SHA-512:A4D2C259FB5D2F354BB2482C3D4D8F6166D1A514A2CE6B23687283AF0CFDDD247D22CB357A4922A705C3E6203C4FB109E45B9FB10448855AA29490DBE64EC70A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ugXtQTT.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1589070
                        Entropy (8bit):7.3556786788355275
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QJkn:knw9oUUEEDlGUJ8Y9c87Met
                        MD5:DFACA6AAD59C22EA51E46288EF694DA1
                        SHA1:9A358A47E92EF49D8A48E09E240DD7C190E1B7F7
                        SHA-256:840297EFE4599892BA5C7DC08A096EFF8A0CBF9A704F8D20F075A129EF9D86C8
                        SHA-512:97DEB7F6C7B3DFA5D38D46DCDFFF4C33F38B10069F6988225810B1BCAFAC21C78037F4E455C411EF75C61F9340E879D6799AD76005C669258AD78174F0C49B5C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\uoUnoPV.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1605262
                        Entropy (8bit):7.345761063111444
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QTnV:knw9oUUEEDlGUJ8Y9c87MeunV
                        MD5:796C48AE90A2AB3284AC38BEE6E7A5F9
                        SHA1:020212C376688C94F9A4393B81902279EA81B57C
                        SHA-256:61B3026CFECD43F0D9563BA7267B71C112918BF4A60D2AEB540A66CFD4538AD8
                        SHA-512:37B839C325B54132B0710924B5850F7F61894D4EF80860DE9704354E494A403F6096FB45D7EA36FCE42346EA04BFB25D76D9B2D0E79643076189390016B13F70
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\uwpSJTY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1569083
                        Entropy (8bit):7.3680432486255745
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qm:knw9oUUEEDlGUJ8Y9c87Mel
                        MD5:13D82A082743E58E8C2D1C84F1FC59BA
                        SHA1:2B289C8B6BD57C0DEFECC42BF9F739C61D1E3A1E
                        SHA-256:AE42B28E77E497E87C731DA0364293A362B687175B1D602CCCD26A2CD69209EC
                        SHA-512:D6751D93253166DFF89800D2E4847001AD9F547955BC9DAED93F7C07C19138E8B864A23DF96581F2B84B9C3E8B86DD0331D0F4F5651463B4165EB6227D2293DE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\uxZFvtG.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1571866
                        Entropy (8bit):7.366313734645448
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q9:knw9oUUEEDlGUJ8Y9c87MeM
                        MD5:B5F52ECFF651552BA323050F871A4E63
                        SHA1:79D9CE6D19E7F93568F6D68E622EAF64ECD69B8D
                        SHA-256:C972458C82D1838F5A014A93E6AA21EF101581F55FF41E3D038621B87953155A
                        SHA-512:83E15B8CF805C900780E0ACB4A026C99414A6604D8CAA14973BD6C7B52F0D26FD3A671FC237E99F4DBC9B11C764A8E797B2871AC6B5F60E86689D48A7B479256
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vINSkcN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1602985
                        Entropy (8bit):7.347153281661071
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QFnJPT3S:knw9oUUEEDlGUJ8Y9c87MeEnJO
                        MD5:20538477940582E55224422FAD63B90F
                        SHA1:15DA0F0C1A338C87F8595BCD5FDB8194E10844B2
                        SHA-256:D1DFE9790FC7A2486B47BB85B69504BEF4C5A5EEDE8035BAAD43BD75599CBCCD
                        SHA-512:26023A8A9B6BD7DEDF2CCD7BBED7BB49553B86DACAF2B9DC0AE909176C16D374B8C622190898BF4696A0EAB81E203F1D317B1D9EFBCB2A80B398B40073D259A8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vQWABTG.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1591600
                        Entropy (8bit):7.354108618584789
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qe:knw9oUUEEDlGUJ8Y9c87MeX
                        MD5:06CFD47554B6193002A0C7CFD3D2DC98
                        SHA1:6DD6A445F070366460BE4A6782117ED5A3EF8D8D
                        SHA-256:113A5D607EF6BCF1101E474BDCABB91E2B734D987D1AD81227D2745C88DDDD94
                        SHA-512:FC4EAE12E92FB9501857A6B9F6EC668FF12355E616E305BF034BB767E5E1213A9CA3921210BF81D214A4D1068CCACDB346B87605251B66A1F2FECDDB85BECD9F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vUMVWef.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1563264
                        Entropy (8bit):7.371690580107561
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QC:knw9oUUEEDlGUJ8Y9c87Me/
                        MD5:6D2ACD512ACB613FA3CB1A22F23E95CD
                        SHA1:1E4BA5996B59DEA5AE81AD7D24C301D9DB964211
                        SHA-256:87AB64A8C6D5D8764D32968F716C9782CD33E0A7A882D427DA5ED03C0742E8D0
                        SHA-512:AE702E56DF08E492EBB0E48C1E14D616183DA7CD12ABD4F8058D78D44A734571EEE72949C3A528997B1694D140F005D81D9649E405C6A929731A77110BA9F742
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vsZRZPn.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1571360
                        Entropy (8bit):7.366632729391797
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QmFuJB:knw9oUUEEDlGUJ8Y9c87MehO
                        MD5:7EDD250117C32EE0F13238D7737F0D01
                        SHA1:0482471E0F1384F863B011D24917E02978C1308A
                        SHA-256:72E3E391FC8015271E82384AC0D5C43885326A7CFF4E0EE24ED1F30812DF2B49
                        SHA-512:9D02C5D3C367C19A591709C4CEAAF5B9B42F790E3B46BFB00417ABFDEE04DD9177A9F40A5AA63EB095D275B7400EDE89E895CE31C3EDAB308F3A5E89550CB0AE
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vtyxvBq.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1591347
                        Entropy (8bit):7.354268795042195
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qr:knw9oUUEEDlGUJ8Y9c87MeU
                        MD5:4588CA245BFFBF77B988EC5BD92E7997
                        SHA1:C9E725C588CAC26E2A8E94A8B4A9FB7199F2B1D5
                        SHA-256:A808D603D0D63F0B6A5AE81EDD4E219BF056E1031907AE17D9792F815B0DC974
                        SHA-512:8E68E15AC6D20C3F4A2E0DD050262419E01184B590B051C917BEE9D39227B9043AF86CB8F4C751DC30FE40E80A02E71EB606D2CCE77DF21EF6848D06DB3A7286
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\vwIpBIp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1615382
                        Entropy (8bit):7.3396399997117
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QLje8OZ:knw9oUUEEDlGUJ8Y9c87Me9
                        MD5:7A873D41612F38E13FA90705A38B2A84
                        SHA1:C85EC5926734E2EA4DA3DEAAE7C7BB417AFAA3C9
                        SHA-256:E5EE354EFB71C5615851254382F8D85AEC2ED88B8EDE55663D41266C5CFA227C
                        SHA-512:FF6A34BC6D7753785E517B919D7419AE31B10C3B5C11BB5D1DDD0D573FEE675C0ED5A1E1B140740D7B368979049CAF7683D2B7FFE9D73528F3DBB453C7EBF795
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wHmEWnE.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1611081
                        Entropy (8bit):7.342238293551903
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QKZ+dk:knw9oUUEEDlGUJ8Y9c87Me1F
                        MD5:11681802686676D1D4C78227AC246997
                        SHA1:3B685F6CBFFB7F104DC389FE45034B949C6EC6B0
                        SHA-256:F5DBC59A3FD3104D5B83517F7DBD4CF057DF864C84CF5C068F71F7CC0505124D
                        SHA-512:7FAC425C23D13C3E55A14A792AC110C8AE3E18FB2A5C149465DB6DEDB29017FD728DAE394608495C88423D21CB14E8E2C10C0A791859355847885F50C5C48515
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wIBrJnT.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1591853
                        Entropy (8bit):7.353954543472139
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QHi2:knw9oUUEEDlGUJ8Y9c87MeK
                        MD5:184D94B914518C00AF740C1D365EC023
                        SHA1:BC64C361D749D045B2904BF9ECBE60FC9F493534
                        SHA-256:6CD872BD35E68C6BE83BEEC3AE0E74F5B4BF5D60CE146874D09F6ECB3F437B39
                        SHA-512:21ADEF4D58348DBBE3889189751296013E2A9D02F901EDE13D763729EC5FA4AF67709B932834EC061FFAAA8A9ED412A4DF476008E133FDD909C01FC0123E29E1
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wLBrJuN.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1592106
                        Entropy (8bit):7.353801223238545
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QzE:knw9oUUEEDlGUJ8Y9c87MeuE
                        MD5:AEBE282145EAC2A9F57F9E15D72E0AA3
                        SHA1:F470E6CDAA18F596063C06EFA1BB25064FAD7B81
                        SHA-256:95F2EDC85488B7588CD2A0F69C2BA0708806C8F582556B5E010166BD60288FDB
                        SHA-512:234C1923A257303576B6C4F83899D856BA6E5A6799916A06D33BF8B9BCF984B9423F79800395B20B76D7E6EC8E438221741AF40A40E25715D00F583B2CF9ACBA
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wMaaxvk.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1582998
                        Entropy (8bit):7.3594063670992025
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QMw:knw9oUUEEDlGUJ8Y9c87Me4
                        MD5:28286FFDFF941DD4C4E7907F8F230607
                        SHA1:C74E218EDC4DE2B750F3C37C59634E7EEA20E1A1
                        SHA-256:09D54C13A7BD6BEBA986B8DEC721C28E478F740A80B62B46E5FA0A83EBA91AFC
                        SHA-512:9ADD9D4504E8A0B1A40B038E8A4F8C1B0489628036DF43CBF3636A4659B403C404EA95EDAD78FE14330811085ABDF03F2F5B338D74B5644D3F7DE8C3C88D9BAD
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\waRaTny.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1570095
                        Entropy (8bit):7.367412087727212
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/c:knw9oUUEEDlGUJ8Y9c87Men
                        MD5:B5337CB661984F93C354256F73583C89
                        SHA1:D43959292F6C7F73D35F31685FB5484FCFDB2F3B
                        SHA-256:28E87D2F13F0B50C299D785698E83C98AB299D9B8880D60BAB25DE6673FF2AF8
                        SHA-512:9F23D94B6C38720821D8A84CE6E0586B747C5A263DEAC0D28CF8BF23FE6D94C3A9DCDA310E15659686D3A2E19F03598DCE92DFB2008421B423A1F4E2F029C12C
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wkKSPgp.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1552385
                        Entropy (8bit):7.3785206095129325
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q+:knw9oUUEEDlGUJ8Y9c87MeF
                        MD5:929C31014AA7306D984B55A172B50A05
                        SHA1:A8C64C5958A16B08FB68FD5BC24070F612232F3D
                        SHA-256:B64D13722F713D0859FCCE8C08BB7BBCCD29341CF7511D14C9010EC9F9754309
                        SHA-512:6A9B387DC39E9D05EB9AFA64E92DD00F73AECA3F116FBBBD674F5288F2BFD7957B9490C34851F7A7C34902CC72124137E514CC894465F46F487A32E9EEBAE001
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\wncnOga.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1572372
                        Entropy (8bit):7.365997815878015
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qx:knw9oUUEEDlGUJ8Y9c87MeQ
                        MD5:2F08B533D64DAA0E3F5FEB5910D08C04
                        SHA1:CD5909F633E00E1FB782FAE29121EE1EE3C06A75
                        SHA-256:009E496902FE9521C3EB6EFEA0750B8059D922238D850D61619D7742D6AFA62D
                        SHA-512:22BBFB435122E4433A816BC13306D52744E36AA225E003ED720D825FD27866EECF2F63EF74D054DF9151D4B6482B9A91EB2845428FB12AE5BFCFE9506694144A
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\xZCsQFU.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1561999
                        Entropy (8bit):7.372475947862725
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q8Q:knw9oUUEEDlGUJ8Y9c87MeA
                        MD5:3093BF4C136AA0AD3AD3491B8701C5EE
                        SHA1:14EF9F737325E8B019221E396428680C282A6431
                        SHA-256:1F22EE0380494EA6C1ACEF8454C2C430E0A53AF2FE549BBC7C124856F0E2BDFF
                        SHA-512:B51456C663FFB4BE532CDFCFC009A8ABFB5F5455F724A4A182C8E3C7AE56AA974244FEB574FF5C1056D9B5C426BAB00CDB76AC2DDD59CE59062B644EBAED650E
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\xjXpcqI.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1587552
                        Entropy (8bit):7.356601765262663
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QGC:knw9oUUEEDlGUJ8Y9c87MeG
                        MD5:81EAA2A206E0A0F8B1F81300D3415FC3
                        SHA1:8AB0E1E443727C83A148542A25840DC64078A34C
                        SHA-256:A367FE6AC10650FBB06CC2ABA3E5D78C3E7AC07E5335CE48713337C8DA8D3807
                        SHA-512:B4C82265FA05BD264E7650128CC3DF17A66612B08EF7A45F13B833C21005838F61FBE0E551E08C3D947FEF58B7E246D3E333AF0AB2ABAA40C16465ED52647CD9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\xosmhFY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1562758
                        Entropy (8bit):7.372000440681019
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q7:knw9oUUEEDlGUJ8Y9c87Mee
                        MD5:7FAC6EB7C8D431278C690DD450119C45
                        SHA1:B8F0F5AED4E0D35FA44B7CE3C00AA395C0A0B605
                        SHA-256:7AC35406AF5D5F5D4DA05FF1A156494396B3BD299AC1F3547C33C7EEA7C26808
                        SHA-512:3D36A769DC16D7564ED509963A815CB0E29B8FC0B42EDB2959355A423FDB78004E6AAFF8B764E7AE815F3C8049B96C880FDDAEED871061B9677BBFE31B075E2D
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\xsPUYnY.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1579962
                        Entropy (8bit):7.3612917173876715
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDY:knw9oUUEEDlGUJ8Y9c87MeWY
                        MD5:2A599ECC71FA6268A605F5A665121677
                        SHA1:EDDC2FDBC5BE39AF9D32D643C3D20C3A4BA22155
                        SHA-256:1AE8395A5A43A00C90ADBD91C804B9348998ECDCA5E1CC3A2F8617495FAE176E
                        SHA-512:42EECFBAF14D9121F65916813489C681CDD65012E9BF525B483AFAE3408086F35FB6C34889C225326C9DBC4ABD381591F152A95A39EE4E11DAA0F9B2A833D8EF
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\yNciWyL.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1623478
                        Entropy (8bit):7.334764758984121
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0QZ:knw9oUUEEDlGUJ8Y9c87Me5o
                        MD5:AE35BEE195118142F76842854870233B
                        SHA1:D05DCCE83BEBA2CCDB57A86285384D399589F4E8
                        SHA-256:C6BD5ADC40F240ECC62BC884D6A911968B4B6EB3971F4BA7F81B57A1917E19F3
                        SHA-512:47F12C98FFE36F19C81B8551E4E549A1ED1C489BF914DFB71A300A329FD2045C9C15CF3AD86391F2386AAD6F98D8B0D66F08CF8B5538B18DF591EE14501DC9B9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\yQykaWi.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1592359
                        Entropy (8bit):7.353643613934119
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QOD:knw9oUUEEDlGUJ8Y9c87MeD
                        MD5:D337A140BBC206B8392B13EFE20431D5
                        SHA1:BB651D0F1C01AA50ED358B5DFBE46E31300D7D11
                        SHA-256:BE0946CB2751879B76D5255D1C460BE136309628C250E23C1F9AFD607946D066
                        SHA-512:D9D3B5711844C23B6B388C3C516EF85E4A41A0459B0A50195F989559024B7FEB47B96E5780DF3CECDE9DDB2900C6E57D45FBCA7728DE319D09E967E919B5346B
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\ycvgKWP.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1634863
                        Entropy (8bit):7.327943662034914
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QXENL:knw9oUUEEDlGUJ8Y9c87MeJL
                        MD5:4C2937F152292F576FDFFA9D7CE497E8
                        SHA1:9F3EC88BB7E993905F21034B0E991845F71F1F75
                        SHA-256:355DF7F33FDF9F249AA1D69F0FB7CAA74347AF1383A93A3D13DAA402A2577FC3
                        SHA-512:DECD3C81697508D92A63A386E852BC96E7912518B2F83A4F78D8BD7567F205FA482C69DD72476F5A6FC0AF9445F7996AAEEEE7C862B44E974EF22B8090DF70E7
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\yeQSiTm.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1596660
                        Entropy (8bit):7.351001934474312
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QEmh:knw9oUUEEDlGUJ8Y9c87Meo
                        MD5:C0D741CE2B3570A829ACD0302594F06E
                        SHA1:DB91680B84694047B61E661E6B7448F1E81DCC36
                        SHA-256:83CF37F9CD2BB71845E26087E660747DD8BCC494366B2EDF796F4BD920698406
                        SHA-512:B7B5DFCF1B823A4DF8BE20512374BD5A9A322B7FC737B4F00D26A5E68243CB1815153F9B3DB55C742E73AB548F0D163614292CA41137CEA5620C76144E7563E8
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zAqphYy.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1573637
                        Entropy (8bit):7.365209564780608
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qv:knw9oUUEEDlGUJ8Y9c87Mec
                        MD5:AC9394137DF5BD2065E5DE74AEB94810
                        SHA1:376B852F884A1A799FD6C803847A1B0B95138FD7
                        SHA-256:9C9F22D641F5F4A3944504B6B0665BA2BBCEAB9DC91751CD1C8D18275D0CCA30
                        SHA-512:83F2315DFE78D84BA928D4201C7942E7F6C1914510310A8FEC7A5049E82E1A673552727ECD1A4B218B8498CEED3C1D24A520DC9156172D3AD9ACF3BCA97804F4
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zZluDpQ.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1634610
                        Entropy (8bit):7.328104701553784
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q0lEQ:knw9oUUEEDlGUJ8Y9c87Me4Q
                        MD5:34F3C1A837FF86285912A85F3837678E
                        SHA1:1489B01130A711C8B9E34F61FF7D769774CEC133
                        SHA-256:516BFB6F34C5DF5AC25DD09E3FC51883C9800D244F59C7532511F420E78B37C3
                        SHA-512:F1CBA10D840368A06ABF25058CA3F0174F00056B29EFB3951F9FACDEAB10C816F499E1E60AA8D9D4CB1454946A5FAD5D57303D8CC4251C1CB0DD126528C8DA6F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zafOJaW.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1624743
                        Entropy (8bit):7.334005902549008
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QDBO:knw9oUUEEDlGUJ8Y9c87MeGBO
                        MD5:76B02AFDE72ADC29BF570311D36B8CAF
                        SHA1:CA8247EEF905C0E11C378CFA8346F7B34B997893
                        SHA-256:8CA399EFAD2D466EEEA99A7C6DF7C4DA8948F6830B72B765E02EE083C915D81D
                        SHA-512:5B845E4CD3B21A7C96CE25A552C26A36CCFF84772CF4AFB53A0AF247728A6B456619D67B949A83BF20A6F9EC946B591A8E952B2D89F1E775AD650E3F6D6AED55
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zcRTKcl.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1603238
                        Entropy (8bit):7.346991857919804
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q/:knw9oUUEEDlGUJ8Y9c87Meu
                        MD5:7FE00D994CBF3EEB8ED67115862F522A
                        SHA1:49A6031F0EE86E3FEC8B6874A057171534BD9F54
                        SHA-256:DD5BCADECA89C16D969AE38F645114513633B6E5A98B58C96C2797D3DC2DB194
                        SHA-512:B7E11AEC4013074EEA25B77BE9AC6F47D0CDF1C40A63D7D2CD31FDA5D4F904DE15629FCACC19B18083269D6F593000C8FF640636CD56AA7484465E5D01BA0FB3
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zgnppqX.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1560228
                        Entropy (8bit):7.373582460309805
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QiL:knw9oUUEEDlGUJ8Y9c87Mez
                        MD5:D7D2CE8CDA6DB1CCE2F7BEEE3CAFB325
                        SHA1:AE830240C3BCD8121F6106BDB072C64D44A46F82
                        SHA-256:04DA8E17892009D18E3572161FB02F3DFEED7F51B80A255DB14FA098600A58F3
                        SHA-512:AEA97B2221863653659ED13C2367204517BF09D8A48C1DA2951AA1F95E28563907B1FCDB597754F10CC0ACFCFDA9A2F35CC83F19E0F75F8203AD7638533363D9
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zoNaMRv.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1606527
                        Entropy (8bit):7.345000193218779
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Qi19:knw9oUUEEDlGUJ8Y9c87Me5v
                        MD5:61DAEA43B512216CC50D5D7DFB49D9FD
                        SHA1:42799382A3FFD43775324B5BE68835AB07FBDECB
                        SHA-256:C298BCCB6EB8671A8CD09CB376EF3A3DCF65B1E4570495707758159A275F8F5F
                        SHA-512:A7575E8EC141D8738194EA9F77293501D07B783099835124F1B899885534D8BEE35311C88E0198E23817D79AED9B8AE3702E245BCFFA8BC82D5FB9A20F1BE0A5
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zoWFHEB.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1633092
                        Entropy (8bit):7.328998167245428
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QL9F:knw9oUUEEDlGUJ8Y9c87MeuF
                        MD5:03A88D826E906C00EB7AB925F3EC58EF
                        SHA1:3A8BE0CFE4792C0EEBDAAEDDE202D54A56F554A1
                        SHA-256:1B4C27AB35794B988289AD2D79CE49220EA3E25C53E9FA2CFAEF274D1F7F78B6
                        SHA-512:ABFE8ED45D1ABBE4C83FE0E841DF503AC54B17933EEE07FED96F677D68468EB99AE265C5161258C43931F1D583F93E1E26E1AE63DC0E1AE0185569E690068842
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        C:\Windows\System32\zxkWcfH.exe

                        Download File
                        Process:C:\Users\user\Desktop\file.exe
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1622972
                        Entropy (8bit):7.335074567335811
                        Encrypted:false
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3QNFnHRQ:knw9oUUEEDlGUJ8Y9c87MeX
                        MD5:AA548E94F371F6B8C18855E2AB9FB36B
                        SHA1:F40244BAAB42CE0C51016EEAB299940BECACD2A7
                        SHA-256:E5217B8E1EFD076DF754915FD0D9658DA11304DE5C14DFC66334AD589741CBC1
                        SHA-512:DD70FF1E0277359CE428D67F9BB345C1116DA991053667902AA4584FA180589C385AC64A3D7A86489267B283AE5141CDE692497CF04F8C9779EF27CAF781BC5F
                        Malicious:true
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a.a.a....a....a....fa.>.&..a.(..a.(..a.(..0a...a......a.a...`...a....a.....a.av..a...a.Rich.a.........PE..d.....g].........."......@........6...>...6....@..............................?...........`...................................................?.@.....?.......=...............?.............................x.>.(.....>.............................................UPX0......6.............................UPX1.....@....6..4..................@....rsrc.........?......8..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                        Static File Info

                        General

                        File type:PE32+ executable (console) x86-64, for MS Windows
                        Entropy (8bit):7.378681738029535
                        TrID:
                        • Win64 Executable Console (202006/5) 81.26%
                        • UPX compressed Win32 Executable (30571/9) 12.30%
                        • Win64 Executable (generic) (12005/4) 4.83%
                        • Generic Win/DOS Executable (2004/3) 0.81%
                        • DOS Executable Generic (2002/1) 0.81%
                        File name:file.exe
                        File size:1'552'132 bytes
                        MD5:4178bac91df58826af26760d0519dc75
                        SHA1:19d7c2b17f2b7e58cfc2de9da425a106bd556bcd
                        SHA256:a7847a3df956c6ef6f88ba1386af47d9e974cd08285cb9fbd93c95dd5166c251
                        SHA512:c48826f2936447460f0783639f35d66d93751fada4f51ef8f8cee6fe247ffc2ce08a271cf9d87d994b219778912c359cfaf41f165f522bebcca1abf98fae9f5f
                        SSDEEP:24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICTW0hm3Q1:knw9oUUEEDlGUJ8Y9c87Mek
                        TLSH:D0752361BD1EEC6CF9647138604D2A388B8D81F9714819612EAE0BDF3D9DE15EE7700E
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............a...a...a.......a.......a......fa..>.&..a..(....a..(....a..(...0a.......a.......a...a...`.......a.......a.......a...av..a.

                        File Icon

                        Icon Hash:00928e8e8686b000

                        Static PE Info

                        General

                        Entrypoint:0x1403eeef0
                        Entrypoint Section:UPX1
                        Digitally signed:false
                        Imagebase:0x140000000
                        Subsystem:windows cui
                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Time Stamp:0x5D6712D5 [Wed Aug 28 23:48:37 2019 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:e4290fa6afc89d56616f34ebbd0b1f2c

                        Entrypoint Preview

                        Instruction
                        push ebx
                        push esi
                        push edi
                        push ebp
                        dec eax
                        lea esi, dword ptr [FFF7D105h]
                        dec eax
                        lea edi, dword ptr [esi-0036B000h]
                        push edi
                        xor ebx, ebx
                        xor ecx, ecx
                        dec eax
                        or ebp, FFFFFFFFh
                        call 00007F86B87FDF35h
                        add ebx, ebx
                        je 00007F86B87FDEE4h
                        rep ret
                        mov ebx, dword ptr [esi]
                        dec eax
                        sub esi, FFFFFFFCh
                        adc ebx, ebx
                        mov dl, byte ptr [esi]
                        rep ret
                        dec eax
                        lea eax, dword ptr [edi+ebp]
                        cmp ecx, 05h
                        mov dl, byte ptr [eax]
                        jbe 00007F86B87FDF03h
                        dec eax
                        cmp ebp, FFFFFFFCh
                        jnbe 00007F86B87FDEFDh
                        sub ecx, 04h
                        mov edx, dword ptr [eax]
                        dec eax
                        add eax, 04h
                        sub ecx, 04h
                        mov dword ptr [edi], edx
                        dec eax
                        lea edi, dword ptr [edi+04h]
                        jnc 00007F86B87FDED1h
                        add ecx, 04h
                        mov dl, byte ptr [eax]
                        je 00007F86B87FDEF2h
                        dec eax
                        inc eax
                        mov byte ptr [edi], dl
                        sub ecx, 01h
                        mov dl, byte ptr [eax]
                        dec eax
                        lea edi, dword ptr [edi+01h]
                        jne 00007F86B87FDED2h
                        rep ret
                        cld
                        inc ecx
                        pop ebx
                        jmp 00007F86B87FDEEAh
                        dec eax
                        inc esi
                        mov byte ptr [edi], dl
                        dec eax
                        inc edi
                        mov dl, byte ptr [esi]
                        add ebx, ebx
                        jne 00007F86B87FDEECh
                        mov ebx, dword ptr [esi]
                        dec eax
                        sub esi, FFFFFFFCh
                        adc ebx, ebx
                        mov dl, byte ptr [esi]
                        jc 00007F86B87FDEC8h
                        lea eax, dword ptr [ecx+01h]
                        jmp 00007F86B87FDEE9h
                        dec eax
                        inc ecx
                        call ebx
                        adc eax, eax
                        inc ecx
                        call ebx
                        adc eax, eax
                        add ebx, ebx
                        jne 00007F86B87FDEECh
                        mov ebx, dword ptr [esi]
                        dec eax
                        sub esi, FFFFFFFCh
                        adc ebx, ebx
                        mov dl, byte ptr [esi]
                        jnc 00007F86B87FDEC6h
                        sub eax, 03h
                        jc 00007F86B87FDEFBh
                        shl eax, 08h
                        movzx edx, dl
                        or eax, edx
                        dec eax
                        inc esi
                        xor eax, FFFFFFFFh
                        je 00007F86B87FDF3Ah
                        sar eax, 1

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3f01dc0x140.rsrc
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f00000x1dc.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3da0000x9cfcUPX1
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f031c0x14.rsrc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x3ef1780x28UPX1
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3ef1a80x108UPX1
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        UPX00x10000x36b0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        UPX10x36c0000x840000x834009d4e269c4bd3112a3debcf707f32a84fFalse0.9733221726190476data7.90463534391323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x3f00000x10000x40054c776f8ba5cbbb04c6778f32231ca83False0.44140625data4.198035031100888IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_MANIFEST0x3f005c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                        Imports

                        DLLImport
                        ADVAPI32.dllLsaClose
                        KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                        USER32.dllShowWindow
                        WS2_32.dllhtons

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        No network behavior found

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:10:20:02
                        Start date:30/09/2024
                        Path:C:\Users\user\Desktop\file.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\file.exe"
                        Imagebase:0x7ff791430000
                        File size:1'552'132 bytes
                        MD5 hash:4178BAC91DF58826AF26760D0519DC75
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:1
                        Start time:10:20:02
                        Start date:30/09/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff70f010000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:3
                        Start time:10:20:02
                        Start date:30/09/2024
                        Path:C:\Windows\System32\JvuHRXO.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\JvuHRXO.exe
                        Imagebase:0x7ff6e1ed0000
                        File size:1'552'132 bytes
                        MD5 hash:EFE5567C52CDCBC8690FD321EC00F4C6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:4
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\wkKSPgp.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\wkKSPgp.exe
                        Imagebase:0x7ff7e2fb0000
                        File size:1'552'385 bytes
                        MD5 hash:929C31014AA7306D984B55A172B50A05
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000004.00000002.1361257869.00007FF7E2FB1000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:5
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\gaDJFNb.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\gaDJFNb.exe
                        Imagebase:0x7ff6273a0000
                        File size:1'552'638 bytes
                        MD5 hash:3C6F7F8151777308053B0A3D2289156A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.1362497526.00007FF6273A1000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:6
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\ehLRfQc.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\ehLRfQc.exe
                        Imagebase:0x7ff647cc0000
                        File size:1'552'891 bytes
                        MD5 hash:58618D756BB2B3A175CC8DFB65BE7F66
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000006.00000002.1363257135.00007FF647CC1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:7
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\OTQisvZ.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\OTQisvZ.exe
                        Imagebase:0x7ff63cce0000
                        File size:1'553'144 bytes
                        MD5 hash:E83C60B58124A5275584D15BA2B3CF31
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000007.00000002.1363885220.00007FF63CCE1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:8
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\AvKmyWx.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\AvKmyWx.exe
                        Imagebase:0x7ff610230000
                        File size:1'553'397 bytes
                        MD5 hash:841BEA0ABC6175B71CF54816D381E9A6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.1364414958.00007FF610231000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:9
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\XaZvEHG.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\XaZvEHG.exe
                        Imagebase:0x7ff61d670000
                        File size:1'553'650 bytes
                        MD5 hash:1E79FAB138B52D40408396604E7A89D0
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.1364920698.00007FF61D671000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:10
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\oblCraV.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\oblCraV.exe
                        Imagebase:0x7ff6a9e60000
                        File size:1'553'903 bytes
                        MD5 hash:C06B94C5DAC30E49FDD09C6A2A7C8D19
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000A.00000002.1366048511.00007FF6A9E61000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:11
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\YuhEzpi.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\YuhEzpi.exe
                        Imagebase:0x7ff740490000
                        File size:1'554'156 bytes
                        MD5 hash:A5D4B65C0F5E9766461FF2B0F4C815C6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000002.1367675145.00007FF740491000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:12
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\DYRnoDf.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\DYRnoDf.exe
                        Imagebase:0x7ff6e0b30000
                        File size:1'554'409 bytes
                        MD5 hash:A6403A65B8303085E94CE9310A448013
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.1375078736.00007FF6E0B31000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:13
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\biTFilm.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\biTFilm.exe
                        Imagebase:0x7ff650c60000
                        File size:1'554'662 bytes
                        MD5 hash:79F501C63616597374F43B9FED4B1A93
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.1375345435.00007FF650C61000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:14
                        Start time:10:20:03
                        Start date:30/09/2024
                        Path:C:\Windows\System32\BXwYBdZ.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\BXwYBdZ.exe
                        Imagebase:0x7ff7f5f90000
                        File size:1'554'915 bytes
                        MD5 hash:304FAB3A2BC6B94A463C737CF9711097
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000E.00000002.1375169466.00007FF7F5F91000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:15
                        Start time:10:20:04
                        Start date:30/09/2024
                        Path:C:\Windows\System32\AJbunRc.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\AJbunRc.exe
                        Imagebase:0x7ff695c60000
                        File size:1'555'168 bytes
                        MD5 hash:9249C26A0C05508DC019A58EC0C1E2D6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000F.00000002.1376970168.00007FF695C61000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:16
                        Start time:10:20:04
                        Start date:30/09/2024
                        Path:C:\Windows\System32\SUqdJFj.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\SUqdJFj.exe
                        Imagebase:0x7ff6abe50000
                        File size:1'555'421 bytes
                        MD5 hash:8D908ED8EF0402B5AB264EE4594F3A79
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000010.00000002.1378219320.00007FF6ABE51000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:17
                        Start time:10:20:04
                        Start date:30/09/2024
                        Path:C:\Windows\System32\TIHWeXa.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\TIHWeXa.exe
                        Imagebase:0x7ff78ccd0000
                        File size:1'555'674 bytes
                        MD5 hash:54410A03DE36A3DD45485B857A5B3753
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.1379338394.00007FF78CCD1000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:18
                        Start time:10:20:04
                        Start date:30/09/2024
                        Path:C:\Windows\System32\PXvfCpI.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\PXvfCpI.exe
                        Imagebase:0x7ff63fd90000
                        File size:1'555'927 bytes
                        MD5 hash:533E23733BABCC29390780A5146B1CF4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000012.00000002.1380687334.00007FF63FD91000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:19
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\dhdvyXn.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\dhdvyXn.exe
                        Imagebase:0x7ff741710000
                        File size:1'556'180 bytes
                        MD5 hash:341B372A6E1B883CE92F64DAB373A2D1
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000013.00000002.1381609239.00007FF741711000.00000040.00000001.01000000.00000014.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:20
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\QMneGpM.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\QMneGpM.exe
                        Imagebase:0x7ff765d80000
                        File size:1'556'433 bytes
                        MD5 hash:883E2DF487DD73EC9FF3EC7D55C33572
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000014.00000002.1382041502.00007FF765D81000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:21
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\ODEkuhr.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\ODEkuhr.exe
                        Imagebase:0x7ff7fa7c0000
                        File size:1'556'686 bytes
                        MD5 hash:66DBD24ABCD99942214566774EBEB69A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.1383052956.00007FF7FA7C1000.00000040.00000001.01000000.00000016.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:22
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\VFmvQYa.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\VFmvQYa.exe
                        Imagebase:0x7ff7bf040000
                        File size:1'556'939 bytes
                        MD5 hash:61292ABF6BC248C5B46499F4CAC74B75
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000016.00000002.1383923541.00007FF7BF041000.00000040.00000001.01000000.00000017.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:23
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\FJbyTtP.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\FJbyTtP.exe
                        Imagebase:0x7ff72c9d0000
                        File size:1'557'192 bytes
                        MD5 hash:50E70B08C468FC6A4CE90728D7D345A4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000017.00000002.1385081519.00007FF72C9D1000.00000040.00000001.01000000.00000018.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:24
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\FTsRyWe.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\FTsRyWe.exe
                        Imagebase:0x7ff69f8a0000
                        File size:1'557'445 bytes
                        MD5 hash:F6FA7545DFB588110D679B9B2D75CAE3
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000018.00000002.1385460441.00007FF69F8A1000.00000040.00000001.01000000.00000019.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:25
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\uUnCnJC.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\uUnCnJC.exe
                        Imagebase:0x7ff6c4430000
                        File size:1'557'698 bytes
                        MD5 hash:AA04864EAF71339517E97CB478B7A713
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000019.00000002.1386427447.00007FF6C4431000.00000040.00000001.01000000.0000001A.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:26
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\NbSGhVM.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\NbSGhVM.exe
                        Imagebase:0x7ff6b47a0000
                        File size:1'557'951 bytes
                        MD5 hash:CE99976E2ACE058B821BA6C6FC97AAE6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001A.00000002.1387497734.00007FF6B47A1000.00000040.00000001.01000000.0000001B.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:27
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\WJJOByy.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\WJJOByy.exe
                        Imagebase:0x7ff77f320000
                        File size:1'558'204 bytes
                        MD5 hash:26627894C10B22509E23F1BA97445377
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.1388605319.00007FF77F321000.00000040.00000001.01000000.0000001C.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:28
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\DNWTLfi.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\DNWTLfi.exe
                        Imagebase:0x7ff6f3450000
                        File size:1'558'457 bytes
                        MD5 hash:72A3D455067D2ABD9D9606F78856FEAD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.1389033820.00007FF6F3451000.00000040.00000001.01000000.0000001D.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:29
                        Start time:10:20:05
                        Start date:30/09/2024
                        Path:C:\Windows\System32\JVLiIAQ.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\JVLiIAQ.exe
                        Imagebase:0x7ff7f0e60000
                        File size:1'558'710 bytes
                        MD5 hash:60C427DC5B7212AE6F10165CC4848ACF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000002.1390364369.00007FF7F0E61000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:30
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\eTlchBa.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\eTlchBa.exe
                        Imagebase:0x7ff781b70000
                        File size:1'558'963 bytes
                        MD5 hash:1CE5A93FF2C2015A32FA3AD7FBB5A1B6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.1391714498.00007FF781B71000.00000040.00000001.01000000.0000001F.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:31
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\FmDRJeq.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\FmDRJeq.exe
                        Imagebase:0x7ff6cc6e0000
                        File size:1'559'216 bytes
                        MD5 hash:60C73320719C5E50A9245FBB0A6BF53D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001F.00000002.1392384745.00007FF6CC6E1000.00000040.00000001.01000000.00000020.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:32
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\JxXCqVa.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\JxXCqVa.exe
                        Imagebase:0x7ff601720000
                        File size:1'559'469 bytes
                        MD5 hash:A662C82861FF6D4B5EC0D01658010347
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000020.00000002.1393342592.00007FF601721000.00000040.00000001.01000000.00000021.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:33
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\qulWMNK.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\qulWMNK.exe
                        Imagebase:0x7ff75ce90000
                        File size:1'559'722 bytes
                        MD5 hash:B6CE0FBF5B338360494444FC268D4B8A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000021.00000002.1395070392.00007FF75CE91000.00000040.00000001.01000000.00000022.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:34
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\KvrKIPQ.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\KvrKIPQ.exe
                        Imagebase:0x7ff76a090000
                        File size:1'559'975 bytes
                        MD5 hash:2A193B3E90BD493310609819108D476C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000022.00000002.1396382038.00007FF76A091000.00000040.00000001.01000000.00000023.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:35
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\zgnppqX.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\zgnppqX.exe
                        Imagebase:0x7ff7fb250000
                        File size:1'560'228 bytes
                        MD5 hash:D7D2CE8CDA6DB1CCE2F7BEEE3CAFB325
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000023.00000002.1398206646.00007FF7FB251000.00000040.00000001.01000000.00000024.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:36
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\VeDzKyt.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\VeDzKyt.exe
                        Imagebase:0x7ff6be0a0000
                        File size:1'560'481 bytes
                        MD5 hash:FC5C0E5903F220CB4693672BA774C9F0
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000024.00000002.1400934255.00007FF6BE0A1000.00000040.00000001.01000000.00000025.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:37
                        Start time:10:20:06
                        Start date:30/09/2024
                        Path:C:\Windows\System32\Emkynwd.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\Emkynwd.exe
                        Imagebase:0x7ff7750c0000
                        File size:1'560'734 bytes
                        MD5 hash:0434051E980CE3C204BB982D764E8003
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000025.00000002.1402533725.00007FF7750C1000.00000040.00000001.01000000.00000026.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:38
                        Start time:10:20:07
                        Start date:30/09/2024
                        Path:C:\Windows\System32\UTMWcnW.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\UTMWcnW.exe
                        Imagebase:0x7ff74e920000
                        File size:1'560'987 bytes
                        MD5 hash:380180CF328326AE0989418E4BE15B19
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000026.00000002.1403867031.00007FF74E921000.00000040.00000001.01000000.00000027.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:39
                        Start time:10:20:07
                        Start date:30/09/2024
                        Path:C:\Windows\System32\nUwvlEf.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\nUwvlEf.exe
                        Imagebase:0x7ff602d90000
                        File size:1'561'240 bytes
                        MD5 hash:5F36D419216284460276CB13F11C34A5
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.1404780984.00007FF602D91000.00000040.00000001.01000000.00000028.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:40
                        Start time:10:20:07
                        Start date:30/09/2024
                        Path:C:\Windows\System32\FSsBuPy.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\FSsBuPy.exe
                        Imagebase:0x7ff6ec710000
                        File size:1'561'493 bytes
                        MD5 hash:B7662CD52112E08B2FD1CFCBDB637951
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000028.00000002.1405612196.00007FF6EC711000.00000040.00000001.01000000.00000029.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:0.5%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:7.2%
                          Total number of Nodes:83
                          Total number of Limit Nodes:5
                          execution_graph 24128 7ff6e1f97140 24129 7ff6e1f971a1 24128->24129 24136 7ff6e1f9719c try_get_function 24128->24136 24130 7ff6e1f97284 24130->24129 24133 7ff6e1f97292 GetProcAddress 24130->24133 24131 7ff6e1f971d0 LoadLibraryExW 24132 7ff6e1f971f1 GetLastError 24131->24132 24131->24136 24132->24136 24134 7ff6e1f972a3 24133->24134 24134->24129 24135 7ff6e1f97269 FreeLibrary 24135->24136 24136->24129 24136->24130 24136->24131 24136->24135 24137 7ff6e1f9722b LoadLibraryExW 24136->24137 24137->24136 24281 7ff6e1f35950 11 API calls __crtLCMapStringA 24171 7ff6e1ed1310 RtlEncodePointer GetCurrentThread GetThreadTimes Concurrency::details::Security::InitializeCookie 24285 7ff6e1f3315a 84 API calls __crtLCMapStringA 24173 7ff6e1f3315a 59 API calls 24177 7ff6e1f34b78 7 API calls 24291 7ff6e1ed70f0 62 API calls __crtLCMapStringA 24180 7ff6e1ee4ee0 48 API calls 24293 7ff6e1ee2ce0 66 API calls 5 library calls 24299 7ff6e1f159c0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __crtLCMapStringA 24299->24299 24145 7ff6e1f84fc0 24146 7ff6e1f84fc9 std::locale::_Setgloballocale 24145->24146 24149 7ff6e1f84fd8 std::locale::_Setgloballocale 24146->24149 24163 7ff6e1f9b678 24 API calls 7 library calls 24146->24163 24148 7ff6e1f8500b std::locale::_Setgloballocale 24157 7ff6e1f97024 24148->24157 24149->24148 24164 7ff6e1f7d6d4 8 API calls 4 library calls 24149->24164 24152 7ff6e1f8509b 24166 7ff6e1f96964 12 API calls 2 library calls 24152->24166 24154 7ff6e1f85039 24154->24152 24165 7ff6e1f977c4 6 API calls 2 library calls 24154->24165 24155 7ff6e1f850a5 24162 7ff6e1f97035 _Tolower std::locale::_Locimp::_New_Locimp 24157->24162 24158 7ff6e1f97086 24167 7ff6e1f855fc 12 API calls _set_errno_from_matherr 24158->24167 24159 7ff6e1f9706a RtlAllocateHeap 24160 7ff6e1f97084 24159->24160 24159->24162 24160->24154 24162->24158 24162->24159 24163->24149 24164->24148 24165->24154 24166->24155 24167->24160 24198 7ff6e1f333d6 13 API calls _set_errno_from_matherr 24305 7ff6e1ed1090 17 API calls 2 library calls 24306 7ff6e1ed1890 RtlPcToFileHeader RaiseException std::locale::_Locimp::_New_Locimp 24307 7ff6e1f351e0 8 API calls __crtLCMapStringA 24201 7ff6e1ed4680 14 API calls 24314 7ff6e1ed4060 58 API calls 24210 7ff6e1f33016 6 API calls 24212 7ff6e1f35820 5 API calls __crtLCMapStringA 24321 7ff6e1ed4446 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __crtLCMapStringA 24214 7ff6e1f33028 63 API calls 24323 7ff6e1f35a30 GetConsoleCursorInfo GetLastError SetConsoleCursorInfo 24218 7ff6e1ed4e32 63 API calls 2 library calls 24220 7ff6e1f3303d 35 API calls 24222 7ff6e1ee4e30 52 API calls 24325 7ff6e1edd030 81 API calls 5 library calls 24223 7ff6e1ed1220 16 API calls 2 library calls 24329 7ff6e1ed1020 3 API calls 3 library calls 24330 7ff6e1ee4020 12 API calls __std_exception_copy 24224 7ff6e1ee4618 5 API calls std::_Locinfo::_Locinfo_ctor 24138 7ff6e1ed1210 24139 7ff6e1fdcf80 memcpy_s 24138->24139 24140 7ff6e1fdcfb5 VirtualAlloc 24139->24140 24141 7ff6e1fdd968 24140->24141 24142 7ff6e1fddaa2 VirtualProtect 24141->24142 24143 7ff6e1fe30d8 24142->24143 24144 7ff6e1fddac1 FlushInstructionCache 24143->24144 24337 7ff6e1ed1000 15 API calls shared_ptr 24340 7ff6e1ed5bf0 54 API calls 24236 7ff6e1edc5f0 88 API calls 24238 7ff6e1ee25e0 60 API calls 24239 7ff6e1ee1de0 VirtualFree _aligned_free 24240 7ff6e1ee51d0 13 API calls 2 library calls 24241 7ff6e1edddd0 82 API calls 5 library calls 24347 7ff6e1edafc0 20 API calls _Init_thread_header 24350 7ff6e1ee57c0 51 API calls __crtLCMapStringA 24243 7ff6e1f354b0 6 API calls __crtLCMapStringA 24351 7ff6e1f33eb0 12 API calls __crtLCMapStringA 24244 7ff6e1f334b4 164 API calls 2 library calls 24248 7ff6e1f330d4 closesocket 24251 7ff6e1ed5190 5 API calls 2 library calls 24360 7ff6e1ee5390 64 API calls 2 library calls 24259 7ff6e1ee5980 RtlEnterCriticalSection 24260 7ff6e1edcd80 26 API calls 24262 7ff6e1ed6d72 QueryPerformanceCounter QueryPerformanceFrequency 24264 7ff6e1ee5960 RtlLeaveCriticalSection 24372 7ff6e1ee4750 27 API calls 2 library calls 24270 7ff6e1ee5d40 50 API calls

                          Executed Functions

                          Function 00007FF6E1ED1210 Relevance: 5.0, APIs: 3, Instructions: 450memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: Virtual$AllocCacheFlushInstructionProtect
                          • String ID:
                          • API String ID: 4198816981-0
                          • Opcode ID: dbca1cd8a53be6768382ebd769ae2cf545a93a53a08875e664a694e18fe80307
                          • Instruction ID: 5fd4b2841d09fcdb01422f2da4ada961d64a0c39933892f4088c79dba609f8e0
                          • Opcode Fuzzy Hash: dbca1cd8a53be6768382ebd769ae2cf545a93a53a08875e664a694e18fe80307
                          • Instruction Fuzzy Hash: F3622476E19F4694E7019B00F8942E533EABF15348F900236D85C83775EFBEA259D38A
                          Function 00007FF6E1F84FC0 Relevance: 1.6, APIs: 1, Instructions: 69COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 677994e989ef9fdccc8d5de0764661c739de16847ee102746a180695621236d7
                          • Instruction ID: 051707f9cf868213b9dc9c9ad1977d0aded8c6f2b8189753789a8489269e7e8d
                          • Opcode Fuzzy Hash: 677994e989ef9fdccc8d5de0764661c739de16847ee102746a180695621236d7
                          • Instruction Fuzzy Hash: 9D21D223B1868683FB149B52D4543B92690EF40790F548234D76D87BC6CF3DE862D786
                          Function 00007FF6E1F97024 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 13b68864943d87d358c1e89c74b643038432c164e3390248c2df408e80e9bf6e
                          • Instruction ID: dbe184ffefeec863db4127894d8bbbff8adafa8e4f4eff8a9ddcdbde2d97ff74
                          • Opcode Fuzzy Hash: 13b68864943d87d358c1e89c74b643038432c164e3390248c2df408e80e9bf6e
                          • Instruction Fuzzy Hash: 1CF0AF4AF0930281FF186AA285253F452D11F84740F0C4130C90DC73E2EE1FE480699A

                          Non-executed Functions

                          Function 00007FF6E1F3EBF0 Relevance: 77.1, APIs: 26, Strings: 18, Instructions: 140libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 106 7ff6e1f3ebf0-7ff6e1f3ec09 GetModuleHandleA 107 7ff6e1f3eda9-7ff6e1f3edbd GetLastError call 7ff6e1f3ee80 106->107 108 7ff6e1f3ec0f-7ff6e1f3ec39 GetProcAddress * 2 106->108 111 7ff6e1f3edbe-7ff6e1f3edd2 GetLastError call 7ff6e1f3ee80 107->111 110 7ff6e1f3ec3f-7ff6e1f3ec59 GetProcAddress 108->110 108->111 113 7ff6e1f3ec5f-7ff6e1f3ec79 GetProcAddress 110->113 114 7ff6e1f3edd3-7ff6e1f3ede7 GetLastError call 7ff6e1f3ee80 110->114 111->114 117 7ff6e1f3ede8-7ff6e1f3edfc GetLastError call 7ff6e1f3ee80 113->117 118 7ff6e1f3ec7f-7ff6e1f3ec99 GetProcAddress 113->118 114->117 122 7ff6e1f3edfd-7ff6e1f3ee11 GetLastError call 7ff6e1f3ee80 117->122 118->122 123 7ff6e1f3ec9f-7ff6e1f3ecb9 GetProcAddress 118->123 125 7ff6e1f3ee12-7ff6e1f3ee26 GetLastError call 7ff6e1f3ee80 122->125 124 7ff6e1f3ecbf-7ff6e1f3ecde GetProcAddress 123->124 123->125 128 7ff6e1f3ee27-7ff6e1f3ee3b GetLastError call 7ff6e1f3ee80 124->128 129 7ff6e1f3ece4-7ff6e1f3ecfe GetProcAddress 124->129 125->128 132 7ff6e1f3ee3c-7ff6e1f3ee50 GetLastError call 7ff6e1f3ee80 128->132 129->132 133 7ff6e1f3ed04-7ff6e1f3ed1e GetProcAddress 129->133 136 7ff6e1f3ee51-7ff6e1f3ee65 GetLastError call 7ff6e1f3ee80 132->136 133->136 137 7ff6e1f3ed24-7ff6e1f3ed34 GetModuleHandleA 133->137 142 7ff6e1f3ee66-7ff6e1f3ee7a GetLastError call 7ff6e1f3ee80 136->142 137->142 143 7ff6e1f3ed3a-7ff6e1f3ed61 GetProcAddress LoadLibraryA 137->143 146 7ff6e1f3ed7a-7ff6e1f3ed8a LoadLibraryA 143->146 147 7ff6e1f3ed63-7ff6e1f3ed73 GetProcAddress 143->147 149 7ff6e1f3ed8c-7ff6e1f3ed9c GetProcAddress 146->149 150 7ff6e1f3eda3-7ff6e1f3eda8 146->150 147->146 149->150
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressProc$ErrorLast$HandleLibraryLoadModule
                          • String ID: GetModuleHandleA$GetProcAddress$GetQueuedCompletionStatusEx$NtDeviceIoControlFile$NtQueryDirectoryFile$NtQueryInformationFile$NtQueryInformationProcess$NtQuerySystemInformation$NtQueryVolumeInformationFile$NtSetInformationFile$PowerRegisterSuspendResumeNotification$RtlGetVersion$RtlNtStatusToDosError$SetWinEventHook$kernel32.dll$ntdll.dll$powrprof.dll$user32.dll
                          • API String ID: 988530940-437142567
                          • Opcode ID: ac7932858a578e43f2c3f26d81dce32a6cb2a8420338cca60a6fb014c41d81bb
                          • Instruction ID: c30b6df2723dc47587cbbc6a12e5317d29b74d267ed4c01fc1b05dccd4325a59
                          • Opcode Fuzzy Hash: ac7932858a578e43f2c3f26d81dce32a6cb2a8420338cca60a6fb014c41d81bb
                          • Instruction Fuzzy Hash: 1361FE66E09B0395FB059F14A8697F423E2BF08755F440835C50EC33A1FFAEA649D28B
                          Function 00007FF6E1F334B4 Relevance: 56.5, APIs: 30, Strings: 2, Instructions: 536filesynchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 151 7ff6e1f334b4-7ff6e1f33528 call 7ff6e1f3b760 call 7ff6e1f854c4 157 7ff6e1f3352a-7ff6e1f3352f 151->157 158 7ff6e1f33534-7ff6e1f33542 151->158 159 7ff6e1f33894-7ff6e1f338ab call 7ff6e1f5c170 157->159 160 7ff6e1f3358e-7ff6e1f335a9 GetNumberOfConsoleInputEvents 158->160 161 7ff6e1f33544-7ff6e1f33570 DuplicateHandle 158->161 165 7ff6e1f3379a-7ff6e1f33823 160->165 166 7ff6e1f335af-7ff6e1f335c1 GetConsoleScreenBufferInfo 160->166 163 7ff6e1f33584-7ff6e1f33589 161->163 164 7ff6e1f33572-7ff6e1f3357f GetLastError call 7ff6e1f3ef30 161->164 163->160 182 7ff6e1f3388c 164->182 169 7ff6e1f33865-7ff6e1f3387b 165->169 170 7ff6e1f33825-7ff6e1f33863 165->170 171 7ff6e1f335d5-7ff6e1f335e9 WaitForSingleObject 166->171 172 7ff6e1f335c3-7ff6e1f335d0 GetLastError call 7ff6e1f3ef30 166->172 176 7ff6e1f33882 169->176 170->176 173 7ff6e1f338ac-7ff6e1f338e4 call 7ff6e1f84fc0 171->173 174 7ff6e1f335ef-7ff6e1f335f6 171->174 183 7ff6e1f33884 172->183 192 7ff6e1f33a07 173->192 193 7ff6e1f338ea-7ff6e1f33901 173->193 179 7ff6e1f335f8-7ff6e1f3361a GetConsoleMode 174->179 180 7ff6e1f3364d-7ff6e1f3365a 174->180 176->183 184 7ff6e1f3361c-7ff6e1f33639 SetConsoleMode 179->184 185 7ff6e1f3363b 179->185 187 7ff6e1f33660-7ff6e1f3366f 180->187 188 7ff6e1f33721-7ff6e1f33749 180->188 182->159 183->182 184->185 189 7ff6e1f33645 184->189 185->189 194 7ff6e1f3367d-7ff6e1f33694 187->194 195 7ff6e1f33671-7ff6e1f33676 187->195 190 7ff6e1f3374b-7ff6e1f33750 188->190 191 7ff6e1f33752-7ff6e1f3375d 188->191 189->180 197 7ff6e1f33760-7ff6e1f3376c 190->197 191->197 196 7ff6e1f33a0c-7ff6e1f33a24 192->196 198 7ff6e1f33907-7ff6e1f3390b 193->198 199 7ff6e1f33a03-7ff6e1f33a05 193->199 200 7ff6e1f33696-7ff6e1f3369d 194->200 201 7ff6e1f336a1-7ff6e1f336a4 194->201 195->194 202 7ff6e1f3376e-7ff6e1f33771 197->202 203 7ff6e1f33773-7ff6e1f33794 ReleaseSemaphore 197->203 204 7ff6e1f3392c 198->204 205 7ff6e1f3390d-7ff6e1f33910 198->205 199->196 200->201 206 7ff6e1f336a6-7ff6e1f336a8 201->206 207 7ff6e1f336ae-7ff6e1f336b1 201->207 202->203 203->165 203->173 210 7ff6e1f33931-7ff6e1f33935 204->210 208 7ff6e1f33925-7ff6e1f3392a 205->208 209 7ff6e1f33912-7ff6e1f33915 205->209 206->207 211 7ff6e1f336bb-7ff6e1f336ce 207->211 212 7ff6e1f336b3-7ff6e1f336b5 207->212 208->210 209->192 215 7ff6e1f3391b-7ff6e1f33920 209->215 216 7ff6e1f33937-7ff6e1f3394c call 7ff6e1f34e30 210->216 217 7ff6e1f3395a-7ff6e1f3395d 210->217 213 7ff6e1f336d8-7ff6e1f336db 211->213 214 7ff6e1f336d0-7ff6e1f336d2 211->214 212->211 219 7ff6e1f336dd-7ff6e1f336df 213->219 220 7ff6e1f336e5-7ff6e1f3371b 213->220 214->213 215->196 221 7ff6e1f33960-7ff6e1f33974 WaitForSingleObject 216->221 225 7ff6e1f3394e-7ff6e1f33955 call 7ff6e1f3ef30 216->225 217->221 219->220 220->188 223 7ff6e1f3397a-7ff6e1f3398b SetConsoleMode 221->223 224 7ff6e1f33a25-7ff6e1f33a77 call 7ff6e1f84fc0 UnregisterWait PostQueuedCompletionStatus 221->224 226 7ff6e1f339b8-7ff6e1f339ce ReleaseSemaphore 223->226 227 7ff6e1f3398d-7ff6e1f339b2 GetLastError call 7ff6e1f3ef30 ReleaseSemaphore 223->227 235 7ff6e1f33a89-7ff6e1f33afd GetLastError call 7ff6e1f3ee80 call 7ff6e1f5cda0 224->235 236 7ff6e1f33a79-7ff6e1f33a88 224->236 225->196 226->224 232 7ff6e1f339d0-7ff6e1f339e6 226->232 227->224 238 7ff6e1f339b4-7ff6e1f339b6 227->238 232->199 237 7ff6e1f339e8-7ff6e1f339f8 call 7ff6e1f34d50 232->237 247 7ff6e1f33b26-7ff6e1f33b53 ReadConsoleW 235->247 248 7ff6e1f33aff-7ff6e1f33b1b PostQueuedCompletionStatus 235->248 237->199 243 7ff6e1f339fa-7ff6e1f33a01 call 7ff6e1f3ef30 237->243 238->196 243->196 252 7ff6e1f33b91-7ff6e1f33b99 GetLastError 247->252 253 7ff6e1f33b55-7ff6e1f33b8f call 7ff6e1fe31e8 247->253 250 7ff6e1f33cc8-7ff6e1f33cdc GetLastError call 7ff6e1f3ee80 248->250 251 7ff6e1f33b21 248->251 265 7ff6e1f33cdd-7ff6e1f33ce2 call 7ff6e1f84fc0 250->265 254 7ff6e1f33c99-7ff6e1f33cc7 call 7ff6e1f5c170 251->254 256 7ff6e1f33b9b-7ff6e1f33ba1 GetLastError 252->256 257 7ff6e1f33ba3-7ff6e1f33bac GetLastError 252->257 263 7ff6e1f33bb3-7ff6e1f33bc5 253->263 261 7ff6e1f33bb1 256->261 257->261 261->263 266 7ff6e1f33bcb-7ff6e1f33bce 263->266 267 7ff6e1f33c82-7ff6e1f33c97 PostQueuedCompletionStatus 263->267 269 7ff6e1f33ce3-7ff6e1f33cf7 GetLastError call 7ff6e1f3ee80 265->269 270 7ff6e1f33c6a-7ff6e1f33c80 ReleaseSemaphore 266->270 271 7ff6e1f33bd4-7ff6e1f33bdb 266->271 267->254 267->269 270->265 270->267 273 7ff6e1f33be1-7ff6e1f33beb 271->273 273->273 276 7ff6e1f33bed-7ff6e1f33bef 273->276 276->270 277 7ff6e1f33bf1-7ff6e1f33c26 CreateFileA 276->277 277->270 278 7ff6e1f33c28-7ff6e1f33c48 277->278 279 7ff6e1f33c58-7ff6e1f33c64 SetConsoleCursorPosition CloseHandle 278->279 280 7ff6e1f33c4a-7ff6e1f33c54 278->280 279->270 280->279
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: Error$Last$ConsoleCreateCriticalInitializeSection$CompletionPostQueuedSemaphoreStatus$FileHandleModeReleaseWait$ByteCharCloseCtrlCursorDuplicateEventFeatureFrequencyHandlerInfoItemMultiObjectPerformancePositionPresentProcessorQueryQueueReadSingleSystemUnregisterUserWideWork
                          • String ID: PostQueuedCompletionStatus$conout$
                          • API String ID: 3578229814-1875676862
                          • Opcode ID: 9b16a57174d3099a3aafc04fad8a86dea68d3e57e4c90114e81ca1bc634ade45
                          • Instruction ID: 5160e28da1c09cc7f9bd53b1d45170cf73d01a058f9934f80030acba247c172f
                          • Opcode Fuzzy Hash: 9b16a57174d3099a3aafc04fad8a86dea68d3e57e4c90114e81ca1bc634ade45
                          • Instruction Fuzzy Hash: EE22D073E08B8286E710CF25A8083BA37E1FB84B54F004135DA5EC7695DF3EE5469786
                          Function 00007FF6E1F33165 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 320networksynchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 281 7ff6e1f33165-7ff6e1f3316a 282 7ff6e1f3316c-7ff6e1f3317c 281->282 283 7ff6e1f33181-7ff6e1f33190 281->283 284 7ff6e1f3e790-7ff6e1f3e7bb 282->284 285 7ff6e1f33199-7ff6e1f331ac 283->285 286 7ff6e1f33192-7ff6e1f33195 283->286 289 7ff6e1f3e7c8-7ff6e1f3e7db 284->289 290 7ff6e1f3e7bd-7ff6e1f3e7c4 284->290 287 7ff6e1f3315a-7ff6e1f33164 285->287 288 7ff6e1f331ae-7ff6e1f331b5 285->288 286->285 288->287 293 7ff6e1f331b7-7ff6e1f33274 288->293 291 7ff6e1f3e7dd-7ff6e1f3e7e4 289->291 292 7ff6e1f3e815-7ff6e1f3e857 289->292 290->289 291->292 294 7ff6e1f3e7e6-7ff6e1f3e7ea 291->294 295 7ff6e1f3e85d-7ff6e1f3e875 CreateEventA 292->295 296 7ff6e1f3e8f1-7ff6e1f3e910 call 7ff6e1f40ca0 292->296 293->287 302 7ff6e1f3327a-7ff6e1f3327e 293->302 298 7ff6e1f3e7ec-7ff6e1f3e7fc 294->298 299 7ff6e1f3e800-7ff6e1f3e814 call 7ff6e1f5c170 294->299 300 7ff6e1f3e87b-7ff6e1f3e889 295->300 301 7ff6e1f3e93e-7ff6e1f3e952 GetLastError call 7ff6e1f3ee80 295->301 313 7ff6e1f3e91f 296->313 314 7ff6e1f3e912-7ff6e1f3e91d WSAGetLastError 296->314 298->299 306 7ff6e1f3e88b-7ff6e1f3e8a1 CreateEventA 300->306 307 7ff6e1f3e8da-7ff6e1f3e8eb CloseHandle WaitForSingleObject 300->307 312 7ff6e1f3e953-7ff6e1f3e9a7 GetLastError call 7ff6e1f3ee80 301->312 302->284 311 7ff6e1f3e8a7-7ff6e1f3e8d8 SetEvent 306->311 306->312 307->296 311->296 320 7ff6e1f3e9a9-7ff6e1f3e9b6 312->320 321 7ff6e1f3e9b8 312->321 315 7ff6e1f3e921-7ff6e1f3e93d call 7ff6e1f5c170 313->315 314->313 314->315 322 7ff6e1f3e9bc-7ff6e1f3e9c3 320->322 321->322 323 7ff6e1f3e9e1-7ff6e1f3e9e5 322->323 324 7ff6e1f3e9c5-7ff6e1f3e9df 322->324 325 7ff6e1f3e9e9-7ff6e1f3ea18 select 323->325 324->325 326 7ff6e1f3ea1a-7ff6e1f3ea22 WSAGetLastError 325->326 327 7ff6e1f3ea60-7ff6e1f3ea64 325->327 328 7ff6e1f3ea2c-7ff6e1f3ea35 WSAGetLastError 326->328 329 7ff6e1f3ea24-7ff6e1f3ea2a WSAGetLastError 326->329 330 7ff6e1f3ea66-7ff6e1f3ea74 327->330 331 7ff6e1f3ea7e-7ff6e1f3eaa2 PostQueuedCompletionStatus 327->331 332 7ff6e1f3ea3a-7ff6e1f3ea5c PostQueuedCompletionStatus 328->332 329->332 333 7ff6e1f3ea76-7ff6e1f3ea7a 330->333 334 7ff6e1f3ea7c 330->334 335 7ff6e1f3eade-7ff6e1f3eb10 GetLastError call 7ff6e1f3ee80 331->335 336 7ff6e1f3eaa4-7ff6e1f3eac8 call 7ff6e1f5c170 331->336 338 7ff6e1f3eac9-7ff6e1f3eadd GetLastError call 7ff6e1f3ee80 332->338 339 7ff6e1f3ea5e 332->339 333->331 333->334 334->331 344 7ff6e1f3eb29-7ff6e1f3eb30 335->344 345 7ff6e1f3eb12-7ff6e1f3eb27 335->345 338->335 339->336 348 7ff6e1f3eb36-7ff6e1f3eb45 344->348 349 7ff6e1f3ebdd-7ff6e1f3ebe2 344->349 347 7ff6e1f3eb4b-7ff6e1f3eb78 QueueUserWorkItem 345->347 350 7ff6e1f3ebd8 347->350 351 7ff6e1f3eb7a-7ff6e1f3eb82 GetLastError 347->351 348->347 350->349 352 7ff6e1f3eb8c-7ff6e1f3eb95 GetLastError 351->352 353 7ff6e1f3eb84-7ff6e1f3eb8a GetLastError 351->353 354 7ff6e1f3eb9a-7ff6e1f3ebaf 352->354 353->354 355 7ff6e1f3ebb1-7ff6e1f3ebcf 354->355 356 7ff6e1f3ebd0-7ff6e1f3ebd4 354->356 356->350
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$Event$CompletionCreatePostQueuedStatus$CloseHandleItemObjectQueueSingleUserWaitWorkselect
                          • String ID: CreateEvent$PostQueuedCompletionStatus
                          • API String ID: 4248182287-725115575
                          • Opcode ID: 1c606d2906668a12fcb97fdbac070811e938530ef58a810bb3c20050f3ab9570
                          • Instruction ID: aa89871e774db082c1b5b0cd1f176496786dc42fc3856fc21ddc0cf0c5a014fd
                          • Opcode Fuzzy Hash: 1c606d2906668a12fcb97fdbac070811e938530ef58a810bb3c20050f3ab9570
                          • Instruction Fuzzy Hash: F6D11173A08B8286EB508F25E4583A937E1FF44B94F140135DA8D83B95CF3EE495DB86
                          Function 00007FF6E1F3B760 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 168filesynchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 428 7ff6e1f3b760-7ff6e1f3b76e 429 7ff6e1f3b99f-7ff6e1f3b9a6 428->429 430 7ff6e1f3b774-7ff6e1f3b794 CreateEventA 428->430 431 7ff6e1f3b9a7-7ff6e1f3b9bb GetLastError call 7ff6e1f3ee80 430->431 432 7ff6e1f3b79a-7ff6e1f3b7b0 430->432 440 7ff6e1f3b9bc-7ff6e1f3b9d4 call 7ff6e1f84fc0 431->440 433 7ff6e1f3b978-7ff6e1f3b989 CloseHandle WaitForSingleObject 432->433 434 7ff6e1f3b7b6-7ff6e1f3b81c SetErrorMode call 7ff6e1f7d980 RtlInitializeCriticalSection call 7ff6e1f3ebf0 call 7ff6e1f40660 GetSystemInfo RtlInitializeCriticalSection 432->434 437 7ff6e1f3b98f-7ff6e1f3b997 433->437 452 7ff6e1f3b820-7ff6e1f3b847 434->452 437->429 445 7ff6e1f3ba26-7ff6e1f3ba28 440->445 446 7ff6e1f3b9d6-7ff6e1f3b9da 440->446 448 7ff6e1f3b9dc-7ff6e1f3b9e0 446->448 449 7ff6e1f3b9e2-7ff6e1f3b9e7 446->449 448->445 448->449 449->445 451 7ff6e1f3b9e9-7ff6e1f3b9ee 449->451 451->445 453 7ff6e1f3b9f0-7ff6e1f3b9f5 451->453 452->452 454 7ff6e1f3b849-7ff6e1f3b86a RtlInitializeCriticalSection SetConsoleCtrlHandler 452->454 453->445 455 7ff6e1f3b9f7-7ff6e1f3ba01 453->455 454->440 456 7ff6e1f3b870-7ff6e1f3b88f CreateSemaphoreA 454->456 457 7ff6e1f3ba09-7ff6e1f3ba14 455->457 458 7ff6e1f3ba03-7ff6e1f3ba08 455->458 459 7ff6e1f3b8a6-7ff6e1f3b8db CreateFileW 456->459 460 7ff6e1f3b891-7ff6e1f3b8a0 GetLastError call 7ff6e1f3ef30 456->460 457->445 461 7ff6e1f3ba16-7ff6e1f3ba25 457->461 463 7ff6e1f3b8dd-7ff6e1f3b8ea QueueUserWorkItem 459->463 464 7ff6e1f3b8f0-7ff6e1f3b90d RtlInitializeCriticalSection QueryPerformanceFrequency 459->464 460->440 460->459 463->464 465 7ff6e1f3b92a 464->465 466 7ff6e1f3b90f-7ff6e1f3b928 464->466 468 7ff6e1f3b92d-7ff6e1f3b93f 465->468 466->468 469 7ff6e1f3b966-7ff6e1f3b976 SetEvent 468->469 470 7ff6e1f3b941-7ff6e1f3b95f 468->470 469->437 470->469
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressProc$CriticalInitializeSection$CreateErrorHandle$EventLastLibraryLoadModuleSystemclosesocketgetsockoptsocket$CloseConsoleCtrlFileFrequencyHandlerInfoItemMetricsModeObjectPerformanceQueryQueueSemaphoreSingleStartupUserWaitWorkhtons
                          • String ID: CONOUT$$CreateEvent
                          • API String ID: 1276289879-3840627317
                          • Opcode ID: 34ad1de75aafe5302ba19f48c6fb0b9d35a7a33365373e0c9b7d3ad527770663
                          • Instruction ID: 7d368df6eefabc04c52363f376bf4ac475a9a224a3428c31ac988736fe9154c5
                          • Opcode Fuzzy Hash: 34ad1de75aafe5302ba19f48c6fb0b9d35a7a33365373e0c9b7d3ad527770663
                          • Instruction Fuzzy Hash: A8718073E09A4686FB608B24E8583B923E2BF50754F500236C55E836E0DF7EE546D34B
                          Function 00007FF6E1F1CFF0 Relevance: 17.6, Instructions: 17637COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 414e5aa9d30e7a3741b300f697656c792e4bc112451461f008accf2e068fc729
                          • Instruction ID: a9a549bd8c98f9c90ad05c8a71ad0ab3fcccd6e76b1f72c5564e06ae7b46a05a
                          • Opcode Fuzzy Hash: 414e5aa9d30e7a3741b300f697656c792e4bc112451461f008accf2e068fc729
                          • Instruction Fuzzy Hash: 9E84C573A24BC485EB12CB39D4516AAB360FBDA784F419326EF8963715EF39E191C340
                          Function 00007FF6E1F86B44 Relevance: 7.8, APIs: 5, Instructions: 321fileCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorFileLastWrite$Console
                          • String ID:
                          • API String ID: 786612050-0
                          • Opcode ID: 77638cfe2a0151889c6fb1031f8a99b5bb066a6de73158d7596f6798f2d71abe
                          • Instruction ID: 41cc874f71d3c07018965e1cb86ca7c3a6dfb10ce80dcda26688072641107695
                          • Opcode Fuzzy Hash: 77638cfe2a0151889c6fb1031f8a99b5bb066a6de73158d7596f6798f2d71abe
                          • Instruction Fuzzy Hash: EED12133B08A818AE700CF65E4502ED7BB1FB447A8B444136DF9E87B98DE3AD116D385
                          Function 00007FF6E1FABD00 Relevance: 7.7, Strings: 6, Instructions: 214COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: IP Address currently banned$Unauthenticated$job$job$message$your IP is banned
                          • API String ID: 0-1524868794
                          • Opcode ID: ae4d8b2e23721ba325973145e22b0f1ce8f58fa40aee982beaf2b96fa0685587
                          • Instruction ID: e33a2eb38bd03ab2e98f0ee4477f667f74caec5c0c995140d3e6694b19d0659a
                          • Opcode Fuzzy Hash: ae4d8b2e23721ba325973145e22b0f1ce8f58fa40aee982beaf2b96fa0685587
                          • Instruction Fuzzy Hash: BC919863F14B4286EB00CB61D8513F823A1BB49BD8F409622DE1D93B94EF7DE195D389
                          Function 00007FF6E1F8AD30 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: memcpy_s
                          • String ID:
                          • API String ID: 1502251526-0
                          • Opcode ID: 233296a0f5906bd60a065a0cdbcf1dd5df12df26031465e9d7d9a4158470f016
                          • Instruction ID: 9f407ddc98150558c366ea21420487466074b0c4f110e041cb0d0c41d8ec569e
                          • Opcode Fuzzy Hash: 233296a0f5906bd60a065a0cdbcf1dd5df12df26031465e9d7d9a4158470f016
                          • Instruction Fuzzy Hash: 7DC1A273B1868687DB24CF1AA144BAAB7D1FB84784F448135DB4A87784DE3EE841DB84
                          Function 00007FF6E1FDF340 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: %x:%x.%x$gfff$gfff
                          • API String ID: 0-2706413318
                          • Opcode ID: 69ebbe362fd0cf53e1fc1c88e85850168c67687152113341d95fb84493b55f08
                          • Instruction ID: 6e5f3a1e46daf9cc39677db4127564ac43d3fda6916327da3d51259e2d1f6d6b
                          • Opcode Fuzzy Hash: 69ebbe362fd0cf53e1fc1c88e85850168c67687152113341d95fb84493b55f08
                          • Instruction Fuzzy Hash: B0D1E577214F8885DB40CF6AE89178A37A9F759F88F55A626DE8C87318DF38D4A4C340
                          Function 00007FF6E1FB4BB0 Relevance: 4.0, Strings: 3, Instructions: 248COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: affinity$intensity$threads
                          • API String ID: 0-2570081736
                          • Opcode ID: ac0a03c45e0cec9494ed1f07204dfa59701f73ae5f921430744c51cc04affedc
                          • Instruction ID: fd7921ebd91d8ad59bf6301df2a86ef504547f6fe60617a3992f9b101b1430ab
                          • Opcode Fuzzy Hash: ac0a03c45e0cec9494ed1f07204dfa59701f73ae5f921430744c51cc04affedc
                          • Instruction Fuzzy Hash: 1FA1AC63B08A5186EF108B65D8407FC23A0FB48B68F504235DE6E977D8DF39E482D389
                          Function 00007FF6E1F99388 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID: gfffffff
                          • API String ID: 3215553584-1523873471
                          • Opcode ID: 6aebf934d7ea39e85c5fb03b766d2d87b10ab9a724e6dd98facc6f511ca0d49d
                          • Instruction ID: b1e24a49a972233953a34b19196c0baf7ac3b71c23f369756dfd287ef1568558
                          • Opcode Fuzzy Hash: 6aebf934d7ea39e85c5fb03b766d2d87b10ab9a724e6dd98facc6f511ca0d49d
                          • Instruction Fuzzy Hash: 3F915963B097C546EB11DF6A90203ED67D5BB98B80F068032CA4E87391EE3ED506D782
                          Function 00007FF6E1F99C20 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID: -
                          • API String ID: 3215553584-2547889144
                          • Opcode ID: 8ccdc3bedf963f8658453a3380d59c0bf34e8eab54b584b17a988530b39aa7b7
                          • Instruction ID: 7173a46afb07fe8841a773c57fb5dc7702a69da7eb2d75b2103ebfd59bf9a79c
                          • Opcode Fuzzy Hash: 8ccdc3bedf963f8658453a3380d59c0bf34e8eab54b584b17a988530b39aa7b7
                          • Instruction Fuzzy Hash: C5812733A087C646EB64AF5694603F9B6D0FB997D0F454236DA9E83BC8CE3ED4009745
                          Function 00007FF6E1EF4410 Relevance: 3.7, Instructions: 3672COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bbeb5cecb1e9a0dc1d5fa4bcad2355e10e2125eef46ad5baad8a5624a2f76512
                          • Instruction ID: f368042c69775480fcca82870ea422fdf4e12de604179de10203318d7de55a45
                          • Opcode Fuzzy Hash: bbeb5cecb1e9a0dc1d5fa4bcad2355e10e2125eef46ad5baad8a5624a2f76512
                          • Instruction Fuzzy Hash: FC73B573A24BC541EB12CB39D4516AAB360FBDA780F419326EF8963B15EF39E191C740
                          Function 00007FF6E1F9CB20 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionRaise_clrfp
                          • String ID:
                          • API String ID: 15204871-0
                          • Opcode ID: a0c5210aa52080534b476771829b37d96f251845d1f2a80f8bf3990da6f749ee
                          • Instruction ID: e45631f77cc3fca2f9a3a9d29edb5c52fca9f714d5b80d2684ce07c08aa9bd11
                          • Opcode Fuzzy Hash: a0c5210aa52080534b476771829b37d96f251845d1f2a80f8bf3990da6f749ee
                          • Instruction Fuzzy Hash: E5B15B73600B848BEB15DF29C4963A83BE0F744B88F598822DB6D837A4CF3AD451D745
                          Function 00007FF6E1FD3CE0 Relevance: 3.0, Strings: 2, Instructions: 483COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: cd255badf2d2b6a3b88b4e1f03ec988874d57fe1b564c0e5c5f89eaeacd773dd
                          • Instruction ID: a2c20c6ab7d8bafe0ef428e9f54bb54d0caa0384e2ef0dd8bcffa86b7223c463
                          • Opcode Fuzzy Hash: cd255badf2d2b6a3b88b4e1f03ec988874d57fe1b564c0e5c5f89eaeacd773dd
                          • Instruction Fuzzy Hash: 5F32CE73A182C08EE721CF29D8407ED7BA1F799348F004229EB8997A98DF79D585DB41
                          Function 00007FF6E1FC8C70 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 62500af5f56c2fe7d5015565428c973e1c2eca6304322754c82ac54a755daf7c
                          • Instruction ID: 23c4d74800bfe1378b036a47b91aee87aaadb3402a16f00e97350f0552c78a10
                          • Opcode Fuzzy Hash: 62500af5f56c2fe7d5015565428c973e1c2eca6304322754c82ac54a755daf7c
                          • Instruction Fuzzy Hash: 6F32E373A083C08EE721CF25D8407ED7BF1F794348F004229EA8A9BA98DB79D581DB45
                          Function 00007FF6E1FCE4A0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: abb8d8d2a55f3f8e00d6ada00382a51ee9e49d9415b47fa843799f39c6e3c6d2
                          • Instruction ID: f80c3e2208e2cb419fb9d6ac9b6824b350dd7376fb9ffd98420903100f805e7d
                          • Opcode Fuzzy Hash: abb8d8d2a55f3f8e00d6ada00382a51ee9e49d9415b47fa843799f39c6e3c6d2
                          • Instruction Fuzzy Hash: 1E32F173A183808EE321CF25D8507ED7BE1FB5834CF004229EA8A9BB99DB79D544DB45
                          Function 00007FF6E1FC5190 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: c7af9c3ca5478d8fd622f85f1cf1fd9e6758002fa69982e03d6c2070837bf825
                          • Instruction ID: fc492d012a3966bfbd7510e3fa41ae0bf8722cd79e5794a1f93a6bd1c1815f15
                          • Opcode Fuzzy Hash: c7af9c3ca5478d8fd622f85f1cf1fd9e6758002fa69982e03d6c2070837bf825
                          • Instruction Fuzzy Hash: 4C32F1B3A083C08EE321CF24D8407ED7BE1F79934DF404229EA499BAA8DB79D544DB45
                          Function 00007FF6E1FDC190 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 25b2ccb4599827e10e55a827c7ebb7e92966dedbe64e1d577d1b2a945107946d
                          • Instruction ID: 75ed7719899fba19c88280afed54ce6a0f6e214e89b673403cf13b2c0dafe57a
                          • Opcode Fuzzy Hash: 25b2ccb4599827e10e55a827c7ebb7e92966dedbe64e1d577d1b2a945107946d
                          • Instruction Fuzzy Hash: D132EF73A183C08EE721CF29D8407FD7BE0F799348F404229EA8997A98DB79E545DB41
                          Function 00007FF6E1FCA9D0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 85257a6787fb6080f93ff3b0b3c6fd79044a62bd5acd8d60689c27f895e95432
                          • Instruction ID: fce310e786b17652552678915e8ddd22ebee550511eb4e02329162b9375b1e12
                          • Opcode Fuzzy Hash: 85257a6787fb6080f93ff3b0b3c6fd79044a62bd5acd8d60689c27f895e95432
                          • Instruction Fuzzy Hash: DC32D173A087C08EE321CF29D8407ED7BF1FB59348F104229EA899BA58DB79E544DB45
                          Function 00007FF6E1FD0200 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 8e24140326c873a3a403ece4a65a5e036c684f78545b5246e9a996e90f0ade6b
                          • Instruction ID: 261709433e5d3401847fe64c0036eb169ebe2bd325d0ae068dcdc6dfb0b1e7eb
                          • Opcode Fuzzy Hash: 8e24140326c873a3a403ece4a65a5e036c684f78545b5246e9a996e90f0ade6b
                          • Instruction Fuzzy Hash: 2F32D073A187808EE721CF29D8407ED7BE0F799348F104229EA8997B99DF79D584CB41
                          Function 00007FF6E1FD5A60 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 489b870cae5561419b372d2f45531df2621b4eae22bd712c06c6674425a6854f
                          • Instruction ID: 35e11d087c03db371503bb5fd6e74bbe2af303f45254ddfeef39028eccfc9a41
                          • Opcode Fuzzy Hash: 489b870cae5561419b372d2f45531df2621b4eae22bd712c06c6674425a6854f
                          • Instruction Fuzzy Hash: 1932D073A087808EE721CF29D8407ED7BF1F798349F004229EA8997AA8DB79D545DB41
                          Function 00007FF6E1FD77C0 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: f1f490112418749fd7372edcb295d6d7ec4dc54b1e93074b89361b8bb2ce6c3a
                          • Instruction ID: 251ba78eadba488bd0f31a945dabdd3a0327c94f56e7b77283e6c75c1931887d
                          • Opcode Fuzzy Hash: f1f490112418749fd7372edcb295d6d7ec4dc54b1e93074b89361b8bb2ce6c3a
                          • Instruction Fuzzy Hash: 2F32DF73E087808EE721CF25D8407ED7BA1F79934CF004229EA899BA98DB79D581CB41
                          Function 00007FF6E1FD1F70 Relevance: 3.0, Strings: 2, Instructions: 466COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: VUUU$gj
                          • API String ID: 0-4043792639
                          • Opcode ID: 394a4c87b147f4a468111ec340262e2f51209e3ddfe3d61fe6f1a50bc7170569
                          • Instruction ID: e29b28750d53a88b8aa7ddd96dd8499e7428d8f020f7507d9ae6387a5c2edfc4
                          • Opcode Fuzzy Hash: 394a4c87b147f4a468111ec340262e2f51209e3ddfe3d61fe6f1a50bc7170569
                          • Instruction Fuzzy Hash: A332DF73A082808EE725CF28D8407ED7BE1FB5934CF014229EB4997A99DF79D581DB81
                          Function 00007FF6E1ED92E0 Relevance: 1.7, Strings: 1, Instructions: 478COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: gfff
                          • API String ID: 0-1553575800
                          • Opcode ID: ec9c8680fe913ba38bc405bd4cb512db4c8260cd84c410b3cb4e43d97803d635
                          • Instruction ID: bae694131149a58cc13faf3dff2c7d264327d58543400165fbdf82f9077cf8a0
                          • Opcode Fuzzy Hash: ec9c8680fe913ba38bc405bd4cb512db4c8260cd84c410b3cb4e43d97803d635
                          • Instruction Fuzzy Hash: 36124863A18AD549E7118B3988503BD3BE6ABC17C4F444232FECAA3385CF3EA545DB05
                          Function 00007FF6E1EE9BE0 Relevance: 1.7, Instructions: 1651COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 83f74dbe62eb343cc461e410bb81ff3e6ee4017303c50fe1ee24b245654634d8
                          • Instruction ID: 80b22f3930bba620813da9455634cb6f8f47acbde96763cd9a90a17e319aa10e
                          • Opcode Fuzzy Hash: 83f74dbe62eb343cc461e410bb81ff3e6ee4017303c50fe1ee24b245654634d8
                          • Instruction Fuzzy Hash: D1F2E473A24B8485EB52CB39D4056AA77A4FFDA780F419326EF8963B05DF39E191C700
                          Function 00007FF6E1F1B790 Relevance: 1.4, Instructions: 1388COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26954f86dcabcd62a4d6ef56c63345842d5b9d7df8ccf9efe765b9b29fcd13dc
                          • Instruction ID: a66da82dcdadf417907e6898f583553c2cf5f948af4d80b8e5f3c279dab2f4f9
                          • Opcode Fuzzy Hash: 26954f86dcabcd62a4d6ef56c63345842d5b9d7df8ccf9efe765b9b29fcd13dc
                          • Instruction Fuzzy Hash: 26D2C073A24BC485EB11CF39D4116EAB3A1FB99B84F419326EE8963715EF39D192C340
                          Function 00007FF6E1EF2C80 Relevance: 1.3, Instructions: 1270COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 230ceda557af1ab0c57b3090b2edb4674d67acf905bdc1e08f7a911a752ca2bb
                          • Instruction ID: 8af749c69c6a7f9703921ba81edb0892b7ef7aaec62cef3e9a6579306f01876e
                          • Opcode Fuzzy Hash: 230ceda557af1ab0c57b3090b2edb4674d67acf905bdc1e08f7a911a752ca2bb
                          • Instruction Fuzzy Hash: EAC2C2A3A24BC445EB12CB3DD4116A9B361FBDA7C4F419326EE8963B15EF39E191C340
                          Function 00007FF6E1F18A20 Relevance: 1.1, Instructions: 1101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: FeaturePresentProcessorcapture_previous_context
                          • String ID:
                          • API String ID: 3936158736-0
                          • Opcode ID: 98d16c9b521386b2259f0843824372fa278e1c9022ca4071cb905e18300bd552
                          • Instruction ID: 4bd4c6908192b7604c4849c96f65c088ff20b9f8fdcae8e6e44e108e2209b54f
                          • Opcode Fuzzy Hash: 98d16c9b521386b2259f0843824372fa278e1c9022ca4071cb905e18300bd552
                          • Instruction Fuzzy Hash: 4CB20673A24BC485DB52CB39D4056A973A4FBEA780F419326EF8963B05EF39E195C700
                          Function 00007FF6E1F08B10 Relevance: 1.1, Instructions: 1088COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: FeaturePresentProcessorcapture_previous_context
                          • String ID:
                          • API String ID: 3936158736-0
                          • Opcode ID: e76c40cfd511001eaa19ebb246e2c01bc840fa4ecc23c096ac3032cde4274a82
                          • Instruction ID: 4be6536ebb2de07fc51b111741be734fc45a932280701ead182e9c0bb11bce01
                          • Opcode Fuzzy Hash: e76c40cfd511001eaa19ebb246e2c01bc840fa4ecc23c096ac3032cde4274a82
                          • Instruction Fuzzy Hash: 61A21873A24BC585DB12CB39D4056E973A0FBEA780F419326EF8963B15EB39E195C700
                          Function 00007FF6E1F159C0 Relevance: 1.0, Instructions: 995COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 257fad1a32ad2c5b32685c2132ece70adbaac5d5c8eeaae160c1317491dba1f5
                          • Instruction ID: c4d62a98c60d16dab183e25721d5f20addc02128b5e4e8eed444495886b38d61
                          • Opcode Fuzzy Hash: 257fad1a32ad2c5b32685c2132ece70adbaac5d5c8eeaae160c1317491dba1f5
                          • Instruction Fuzzy Hash: E792D573E24BC885D752CB39E4056AA77A4FF9A780F429326EF8963B05DB38E151C740
                          Function 00007FF6E1EF1C50 Relevance: .9, Instructions: 898COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 78fae09360e4050c85d906c07632171f75affdd26c575836ed5a63bd659cca8b
                          • Instruction ID: 1f9103af6c91248f2c60798546f5b35fcfb8bd4eb55a7e295a806562f6c993dd
                          • Opcode Fuzzy Hash: 78fae09360e4050c85d906c07632171f75affdd26c575836ed5a63bd659cca8b
                          • Instruction Fuzzy Hash: 0A82E073A24BC485EB12CB39D4116EAB3A0FBD9B84F419326EE8963715DF39D192C740
                          Function 00007FF6E1F1A7B0 Relevance: .8, Instructions: 827COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0a9735a18818e4c7740d8a1d581ceec84148c2a0cedf8099cfa70c468fbae3b8
                          • Instruction ID: f4a955eb3009434aaa08f10d5b41a5a759fefdbd75174f62216ac83116f6f5ac
                          • Opcode Fuzzy Hash: 0a9735a18818e4c7740d8a1d581ceec84148c2a0cedf8099cfa70c468fbae3b8
                          • Instruction Fuzzy Hash: C282E773E24BC885DB52CB39E4456AA77A4FFDA780F425316EE8963B05DB38E191C700
                          Function 00007FF6E1EF0460 Relevance: .8, Instructions: 816COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f02eb38d7e5ccd605778f75e836842cbb6c40f1e66da9875a756e91229524a69
                          • Instruction ID: d66d9692508413729c3de9e17a940df80b23ad005c9a0c31e923fc58a97234e3
                          • Opcode Fuzzy Hash: f02eb38d7e5ccd605778f75e836842cbb6c40f1e66da9875a756e91229524a69
                          • Instruction Fuzzy Hash: 5B72E873E24B8845DB52CB39E8456BA77A4FFDA780F825316EE8963B05DB38E151C700
                          Function 00007FF6E1EFB730 Relevance: .7, Instructions: 710COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 21e1ff45cdc839c1f9b636fa377199ac56ad9813605e405f3730f374d1607858
                          • Instruction ID: acbf3bf80105fc57ba782c08826d638d376272e466d764a834a48c443207a239
                          • Opcode Fuzzy Hash: 21e1ff45cdc839c1f9b636fa377199ac56ad9813605e405f3730f374d1607858
                          • Instruction Fuzzy Hash: 59628E73A24BC48AEB11CF3DD4425A9B760FBDA784B11A316EE88A3B15EF35D191C740
                          Function 00007FF6E1F173A0 Relevance: .7, Instructions: 689COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: FeaturePresentProcessorcapture_previous_context
                          • String ID:
                          • API String ID: 3936158736-0
                          • Opcode ID: 1afe2d521151158849974ea62489a0f4abbd6ac322ca9fa9395da705bc291ff4
                          • Instruction ID: 765d030500bfcbf133173cbdccf5abea8d2f987fb117936caba7ea28484af325
                          • Opcode Fuzzy Hash: 1afe2d521151158849974ea62489a0f4abbd6ac322ca9fa9395da705bc291ff4
                          • Instruction Fuzzy Hash: B562F373A24BC586E711CB29E4016EA73A0FB99BC4F419326EE8D63B15DF38E195C740
                          Function 00007FF6E1EEEE40 Relevance: .7, Instructions: 683COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c8e9f25fcefa2d9ed722fcbb692fd3e783007fbbf66c1173087b0a56cde01e3
                          • Instruction ID: 5c01a5e6adbce5061278eacb9346f2409eb8d0f44ed7d7f53e6224e6ae9399e1
                          • Opcode Fuzzy Hash: 9c8e9f25fcefa2d9ed722fcbb692fd3e783007fbbf66c1173087b0a56cde01e3
                          • Instruction Fuzzy Hash: E7623973A24B8585EB52CF29E4056B973A0FFD9780F825326EF8963B05DB39E195C700
                          Function 00007FF6E1EEBA40 Relevance: .7, Instructions: 679COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 905398d3b122b23a6da1e04b3ead6738e8ae70658c5caecc13cb87bcee5f2bc7
                          • Instruction ID: 7f4ed5f68c333f2ba8b5d804a1589c1630a9960df9b5dffa1ad431217414f0f5
                          • Opcode Fuzzy Hash: 905398d3b122b23a6da1e04b3ead6738e8ae70658c5caecc13cb87bcee5f2bc7
                          • Instruction Fuzzy Hash: D662F973E20B9845D752CF29E405ABA77A4FF9A781F825316EF8963B05DB38E161C700
                          Function 00007FF6E1EE8CF0 Relevance: .6, Instructions: 645COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b325ce7ec80a8391b983811fe2b499f5be85328e03aa1366758769a733ad1cb5
                          • Instruction ID: 456acfc3f12cbb10143bab6e1c9a4505b1a5cd605f5fad1c245799b9544a91f9
                          • Opcode Fuzzy Hash: b325ce7ec80a8391b983811fe2b499f5be85328e03aa1366758769a733ad1cb5
                          • Instruction Fuzzy Hash: 03420773A14A9589D751CF25E8107AA77A0FB89BC4F854226EF8E63B04CF3DE156C740
                          Function 00007FF6E1F02AC0 Relevance: .6, Instructions: 621COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ce3e0216b470758df95f35f3a338097ca59c532875c8e3a813de312fdcf92a0a
                          • Instruction ID: c3034ec691420b69f15fa18580af9bef8934e4ee8422582b0a58eef56e6c02b1
                          • Opcode Fuzzy Hash: ce3e0216b470758df95f35f3a338097ca59c532875c8e3a813de312fdcf92a0a
                          • Instruction Fuzzy Hash: 2A527D73A20BC586EB11CF3DC4425E9B360FB9A784B11A316EF89A7B16EB35D191C740
                          Function 00007FF6E1EF9E70 Relevance: .5, Instructions: 548COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2b727dab8bb22d6a843b93345e6ccd1d14f48bfa9b494fbbfab42315b2df311
                          • Instruction ID: 78b215397a8882447b79b29ab06054c6e467f0bdc07bab9240043f7ae4f3032a
                          • Opcode Fuzzy Hash: d2b727dab8bb22d6a843b93345e6ccd1d14f48bfa9b494fbbfab42315b2df311
                          • Instruction Fuzzy Hash: 4F32CF73E24B8486EB11CB39D4525E9B760FBDA784B11A316EF89A3B05EF35E181C740
                          Function 00007FF6E1FBD450 Relevance: .5, Instructions: 535COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 968b5d405900e6dbc41bbcdfcb83b6ba9fed1168ae3ae9f4cf072ab53662c39a
                          • Instruction ID: f4ffa8267e8d8ee453a3bda4aa271158e123393064156b5c40e16449b3468136
                          • Opcode Fuzzy Hash: 968b5d405900e6dbc41bbcdfcb83b6ba9fed1168ae3ae9f4cf072ab53662c39a
                          • Instruction Fuzzy Hash: F6328B73A141E08FE3A0CF7EC440AAD3FF2E389749B558126EA58D7A19D639D606CB50
                          Function 00007FF6E1F18020 Relevance: .5, Instructions: 528COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d155f7fbb6359bc51c6da99b4a6fd90faf9ffc2bb9dc0c8428c8c750349e2c99
                          • Instruction ID: c660c4d1c10c21895b939fc9cad41d70a495c5450808dbd076b2b7fbfc53daaf
                          • Opcode Fuzzy Hash: d155f7fbb6359bc51c6da99b4a6fd90faf9ffc2bb9dc0c8428c8c750349e2c99
                          • Instruction Fuzzy Hash: F0321973A20BC445E752CB29D4156AA73A4FF9A7C0F429326FE8963B05DB38E295C700
                          Function 00007FF6E1FDE1F0 Relevance: .5, Instructions: 527COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 01a75545c0a8850c92bb6629d570a55a1506892a8ae65f4a4dd220c1200896f5
                          • Instruction ID: c93bba647652e652d508ac9b381829cc0a7d15a87fca7cb317963ebd2c8a262d
                          • Opcode Fuzzy Hash: 01a75545c0a8850c92bb6629d570a55a1506892a8ae65f4a4dd220c1200896f5
                          • Instruction Fuzzy Hash: D7329573E202604BD3969A16EC6CF6A37A4F7457CAF439316FF8123A40C638A915DB60
                          Function 00007FF6E1EEDD10 Relevance: .5, Instructions: 522COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8448cbb1b64b83b1f8addf648e298d4cc8ea6228ddbba9b46ec20e963300bc7c
                          • Instruction ID: d21c71bf0314508aa471673cbea9be3d602e1bf1246a3445464a5a2d7245a340
                          • Opcode Fuzzy Hash: 8448cbb1b64b83b1f8addf648e298d4cc8ea6228ddbba9b46ec20e963300bc7c
                          • Instruction Fuzzy Hash: 89322A73A24BC446E7528F29D4156BA73A4FF997C0F825326FE8963B04DB39E291C700
                          Function 00007FF6E1F00C40 Relevance: .5, Instructions: 481COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ab73aa79b11cd967c1185394dea81c949a6dabf06e7c47d8c60c780c09b85382
                          • Instruction ID: 4ff923afa2aba42592e9a5e5d5435e1849c54a6cca44fbfb0167b3db9aca3bec
                          • Opcode Fuzzy Hash: ab73aa79b11cd967c1185394dea81c949a6dabf06e7c47d8c60c780c09b85382
                          • Instruction Fuzzy Hash: 5222D073A14B808AEB11CF29D4016AE77B0FB89BC8F419726EF8963719DB39E551C740
                          Function 00007FF6E1EF1420 Relevance: .5, Instructions: 479COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cc513ad19a1cb4f69cbc40da8a27ccd51c6a701a0f75f5b41960e5cd831a1531
                          • Instruction ID: 51556a918e5da0461ceb1bf32fee78cf9ca38d430c0788edab9660cf65947e7f
                          • Opcode Fuzzy Hash: cc513ad19a1cb4f69cbc40da8a27ccd51c6a701a0f75f5b41960e5cd831a1531
                          • Instruction Fuzzy Hash: BB12F263A24B8485EB11DF39D4116AAB3A0FF99B84F419326EF8D63715EF39D192C340
                          Function 00007FF6E1F01500 Relevance: .5, Instructions: 475COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 28cee12d71f886e600b4119b2edc01b71a1d46abf96b7b39e8a8e8a514dc67a6
                          • Instruction ID: bfc243c3ca33d299bfd310db3ba820aadcaf58ce8d070f5daff9bd16bc92666e
                          • Opcode Fuzzy Hash: 28cee12d71f886e600b4119b2edc01b71a1d46abf96b7b39e8a8e8a514dc67a6
                          • Instruction Fuzzy Hash: AE229D73E24B8486EB11CB39C4525E9B370FB9A784B01A316EF89A7716EF35E181C740
                          Function 00007FF6E1F09F90 Relevance: .5, Instructions: 475COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 03155c5429494ee9e20baf5f1e1e005bab1ffe2f319b37671d72e102ae246fe6
                          • Instruction ID: 024ac0bc0af5c53588047ce1d3ba7c0f794a300c557ad7dc262dfc0b0e3ed58d
                          • Opcode Fuzzy Hash: 03155c5429494ee9e20baf5f1e1e005bab1ffe2f319b37671d72e102ae246fe6
                          • Instruction Fuzzy Hash: 3B22C963A24FC541DB21CB39D4466EAB360FBDA780F019316EE8DA3B15EF79E1918740
                          Function 00007FF6E1EEFB80 Relevance: .5, Instructions: 471COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b433cb30afbedf37bb336883fb086c9c21c4606c2258c6337c3f23b3fb557186
                          • Instruction ID: 0a33b7608a4d56c78ce3aec40c34a6c40faf26259cf8ff49cdf0668504c887cd
                          • Opcode Fuzzy Hash: b433cb30afbedf37bb336883fb086c9c21c4606c2258c6337c3f23b3fb557186
                          • Instruction Fuzzy Hash: AD22CA63A24FC541DB21CB39D4466EAB360FBDA780F019316EE8DA3B15EF79E1918740
                          Function 00007FF6E1F00530 Relevance: .4, Instructions: 407COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 02cf38f396628b738e90a7a767d2a73912552fd260eed526a1d7d0e5c61cd43e
                          • Instruction ID: 10d43dbe7937b6c0d5ea453b9801b09858b2868055b25361f479c4c12d06eac6
                          • Opcode Fuzzy Hash: 02cf38f396628b738e90a7a767d2a73912552fd260eed526a1d7d0e5c61cd43e
                          • Instruction Fuzzy Hash: CF027D73A14B8485EB11CB39D4416EA73A0FB99788F119326EF8D67719DF39D181C780
                          Function 00007FF6E1EEE700 Relevance: .4, Instructions: 393COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6823febebe70fc2767df55d04b304faa895b7d8abf2de131058cb684cca7e075
                          • Instruction ID: 678b80168caaa9c4ed4cf311b93cd2aa02e7b48fe7948c84863a56bf52d3a0e7
                          • Opcode Fuzzy Hash: 6823febebe70fc2767df55d04b304faa895b7d8abf2de131058cb684cca7e075
                          • Instruction Fuzzy Hash: 1602C563A24FC581DB11CB39D4456EAB364FBEA784F019316EE8DA3B15EF69E191C300
                          Function 00007FF6E1EF8EB0 Relevance: .4, Instructions: 379COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 68bfbc66b856b33c6a55fb7ec2a86ca2dfe22956a37c943b9d3a7fe7fc627c41
                          • Instruction ID: 2cd1963c6e2d9d24af74cba5923ee75339327930f6614cf57f2555f46318e1a7
                          • Opcode Fuzzy Hash: 68bfbc66b856b33c6a55fb7ec2a86ca2dfe22956a37c943b9d3a7fe7fc627c41
                          • Instruction Fuzzy Hash: 1EF1A073A14F8486E711CF79D412AEA77A0FB99788B11A316EF88A7715DF38D181C740
                          Function 00007FF6E1ED7350 Relevance: .4, Instructions: 369COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ff31b48562205eaab67610eea54d23f7b458280763c9b6392ffce827203bfbe3
                          • Instruction ID: ecde2f4f0e8f1f8a041e71219d7d8f574eb3e74b8eeaa1953246e9c78da1af29
                          • Opcode Fuzzy Hash: ff31b48562205eaab67610eea54d23f7b458280763c9b6392ffce827203bfbe3
                          • Instruction Fuzzy Hash: B3E1F63350D6D08EC346CFBD90145687FA6D3A9B8870AC373EB9687782D52BD218DB25
                          Function 00007FF6E1FC4BD0 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: d5c50b1a0bb9c9e855bedab8ea016ea23f907ac90b981666783591bf8ebb1c65
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: E5C16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FCA420 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: 4dd0ba2eb606947f78132ef56c97466b7baedb106859ade3720b996c1f4c7919
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: FDC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FCFC50 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: bd972719915e6f2a801e3d2a8af7c20a7be8323e39f7390842747583002ab8a2
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: 0DC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FD54A0 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: 1dc0827ea3fe491a6d518023968fc7835d8632c4da0dc97cf227fdfe3b0fe483
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: 24C15056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FC6940 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: 07e8cf1917cb42b5426c4e38c2080e13afaf189f7a112f13f8b1af539e080a93
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: 6FC15F56D28FC651E303573C9003665A720AFB75D4E10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FCC180 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: d00b7776c764e0a556f293bef84eb071d4608025dc18289ac574ac60a5f30963
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: 1EC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FD19B0 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: a491778b747f2a60df36d16599faa9807b1a45e65e9eb1c87345fc6c06cbc0a5
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: D6C15056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FD7210 Relevance: .2, Instructions: 250COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction ID: f35766de4f2c4fe8eb1c5dd7cb0a80f48dcb833bc7b8bb9b3e68426ace4eb4ef
                          • Opcode Fuzzy Hash: 2deed8df43f6fba748270dd8fa7852d831a06d3ff68173a20427325f88b3fb23
                          • Instruction Fuzzy Hash: 7DC16056D28FC651E303573C9003665A720AFB75D4F10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FD8F70 Relevance: .2, Instructions: 249COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7b7bd1e8442331093181661bd6ffc4eeff1f1889b0cd70343597ba93131f94a
                          • Instruction ID: 703bf14b7526bbcdeefa5888023411a51ce4bb592aef44734d09f1f9d4478244
                          • Opcode Fuzzy Hash: c7b7bd1e8442331093181661bd6ffc4eeff1f1889b0cd70343597ba93131f94a
                          • Instruction Fuzzy Hash: 07B15F56D28FC651E303573C9003665A720BFB75D4E10D33BFEC2B1A63EB127A95A622
                          Function 00007FF6E1FC94D0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 734806d04d6018518dc1b8fea5586600004df9ba73f2dfb250fa0eec825c13c0
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 80A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FCED00 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: ad12ee6b991570438aec074f607540fa99a41d0b169a4ac4998c3bb12ad9fa1a
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 8BA16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FC59F0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: f59296e7106886720b90a5ce28c28599dfa17072ecf5f6ac4fcc3326e24362d0
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 38A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FDC9F0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 439f336d5f135e176ce2286d206df7787b9d5a32316d780fc9a409dfd9d6f0a6
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: B4A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FCB230 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 6295a3716fde9bdd7142f58d34748d37c5167c4157ecf7c2a6497d59264a3928
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 6AA16156D2CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FD0A60 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 8217b0dfdaa32131b1bb6d21f24aa5ddbf2df9ce416e11ca3077103e291a67ef
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: C5A16156D1CFCA51E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FD62C0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: f29a8bca430203d7991c59a19d64078e13fa69c05bc01ceee76d870733bae5ed
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 2DA16156D2CFC651E3035638A003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FC7760 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 303c3aff967d5aff2a49854f80f4455eeac42758be89f0d86fb09f15f037e9f7
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: ADA16156D1CFCA51E30356389003165A320AFB75D4E10D73BFED2F5A73DB127A85AA22
                          Function 00007FF6E1FCCF90 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 85a07776c16743b31621408346bb075a25dd6027745e95ca514f89ed75b48487
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 74A16156D1CFCA51E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FD27B0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: 6b5f82fd5e0836aceccd660a116bb30ba934cc504dac7d56b58c37bfc5dee9a1
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: 35A16156D2CFC651E3035638A003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1FD8020 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction ID: e05fcaf393e8c68afe35c26eff232814fbb9b01e48289ad5138db61f7cd67547
                          • Opcode Fuzzy Hash: fb59345376e873577708a0ebfd80bf754789f3bb26771381581266b733c645cc
                          • Instruction Fuzzy Hash: B6A16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F5673DB127A85AA22
                          Function 00007FF6E1F17010 Relevance: .2, Instructions: 216COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 237bddffa5d047de5b004f2f5dcfb8bac6f4de1ab6db49f837ab484293edc903
                          • Instruction ID: 84d0005b48d84e56ca5fa59f30ce55c631005451e26bdb2518ed2964a29e99d6
                          • Opcode Fuzzy Hash: 237bddffa5d047de5b004f2f5dcfb8bac6f4de1ab6db49f837ab484293edc903
                          • Instruction Fuzzy Hash: 2191E333A24B8581DB10DB25E4112DE67A0FB99BC4F459326EE8E97B09DF3CE0868744
                          Function 00007FF6E1EECD10 Relevance: .2, Instructions: 215COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bd65414849b9e12c1f790725c5c3a9273f2d6d3a085c959eec426e6c93e8cdd2
                          • Instruction ID: 7d8fa4be475e3e59b66e62180afd74901397429fdd5cc0bb1b95543eb0f3e10f
                          • Opcode Fuzzy Hash: bd65414849b9e12c1f790725c5c3a9273f2d6d3a085c959eec426e6c93e8cdd2
                          • Instruction Fuzzy Hash: B291E233A14B8582DB20CF25E4112AE7360FB89BC4F459326EE8D97B05DF79E1858740
                          Function 00007FF6E1EF8A70 Relevance: .2, Instructions: 195COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 051c55ad3cc3dc5380d97b2e6e99cfc1ee00bbda2322a277e640efe1714d0bba
                          • Instruction ID: ea27b76dbb48ff2b3be9a877cef94ab758ee113fa822b59da23da080852c0e09
                          • Opcode Fuzzy Hash: 051c55ad3cc3dc5380d97b2e6e99cfc1ee00bbda2322a277e640efe1714d0bba
                          • Instruction Fuzzy Hash: E481B363A24F8082E711DF39E4112AAB7A0FBDAB84F109326EF8967715DF39D581C740
                          Function 00007FF6E1FA9D20 Relevance: .2, Instructions: 193COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 118556049-0
                          • Opcode ID: 5b8b7b861c0c623f90d3a1095cf849ab6577ae91c4db93b7d491fc4a4acef93c
                          • Instruction ID: e9b4e7bb146bcf82cf60c53b72ce57782b75c26abcf33dbf5084e0325bbaf12a
                          • Opcode Fuzzy Hash: 5b8b7b861c0c623f90d3a1095cf849ab6577ae91c4db93b7d491fc4a4acef93c
                          • Instruction Fuzzy Hash: D7916B33A14B8181E7049F25E8813AAB3A4FB88794F548235EF8D87B95DF7DE491C384
                          Function 00007FF6E1F16C70 Relevance: .2, Instructions: 189COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dbf65506813e8a8266ea8017e2eddde827c9295cdd58f0bc307018baf71d1350
                          • Instruction ID: d8d151071c370615dc2775e67847c2b45dbf5e754cb4c1be4223f4b0f5bd7ccf
                          • Opcode Fuzzy Hash: dbf65506813e8a8266ea8017e2eddde827c9295cdd58f0bc307018baf71d1350
                          • Instruction Fuzzy Hash: 5F81F233A14B9585E7509F25E8107AE33A0FB89B84F868236EE8D53B04DF3DE155CB40
                          Function 00007FF6E1EEC980 Relevance: .2, Instructions: 188COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b2e6e07617f18ded6bc3e3d9d248a318ed27d4f029b2735121e159b9c3873e78
                          • Instruction ID: a870835594d92a84ea33b3d5eb3499e6744ebea9684415faef36aae506238f1c
                          • Opcode Fuzzy Hash: b2e6e07617f18ded6bc3e3d9d248a318ed27d4f029b2735121e159b9c3873e78
                          • Instruction Fuzzy Hash: 9E81E233A14B9586E7619F25E8007AE73A0FB89B84F858226EF8D53704DF3DE155CB40
                          Function 00007FF6E1F00230 Relevance: .2, Instructions: 179COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 538df35bac2b0b382e239122cddd70f161197cb0b932976ffb6624dade5687fc
                          • Instruction ID: 2706191b85298db11a82984ed9a4578e3432ae2f42493e46a743bdc2e41220df
                          • Opcode Fuzzy Hash: 538df35bac2b0b382e239122cddd70f161197cb0b932976ffb6624dade5687fc
                          • Instruction Fuzzy Hash: 7771C363A14F8086E711DF29D4012AAB3B0FB89B98F14A326EF8D67719DF39D585C740
                          Function 00007FF6E1FC3410 Relevance: .1, Instructions: 145COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8eb8d0335b54d9b05304a1c7fe36590fc33a68fc2ff89287a318044e3e34a436
                          • Instruction ID: c32ce580d7262f705e722342bf89e9ddde3b2abc0700de1b98f8c6314db7b2eb
                          • Opcode Fuzzy Hash: 8eb8d0335b54d9b05304a1c7fe36590fc33a68fc2ff89287a318044e3e34a436
                          • Instruction Fuzzy Hash: 34412D92B34AF507D317413D28125799ED0CED3786780E32AF9F5BAB92D709D252E350
                          Function 00007FF6E1FC3C20 Relevance: .1, Instructions: 145COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1e33040d17acf127ae18a379b7551e09cf88f318cad9050f93baa7f425ab3dfc
                          • Instruction ID: afc8d8043212c2c684690a5d873d035ad55dffa0587e65b0f879c4c180321c2a
                          • Opcode Fuzzy Hash: 1e33040d17acf127ae18a379b7551e09cf88f318cad9050f93baa7f425ab3dfc
                          • Instruction Fuzzy Hash: FC412D92B34AF507D317413D28125799ED0CED3786780E32AF9F5BAB92D709E252E350
                          Function 00007FF6E1FC3970 Relevance: .1, Instructions: 145COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71bb2a3a8507f8c1bca5c44f9f3237c45aaa5d10e08b0740922e23203d516326
                          • Instruction ID: aebd783fa8849bb0c1183819ccb8a807df76bf966dfb2ad14c8645c38a27ba7b
                          • Opcode Fuzzy Hash: 71bb2a3a8507f8c1bca5c44f9f3237c45aaa5d10e08b0740922e23203d516326
                          • Instruction Fuzzy Hash: B3411CD2A34AF507D317413D28125799ED0CED3786780E32AF9F5BAB92D709D252E350
                          Function 00007FF6E1F941F8 Relevance: .1, Instructions: 126COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 485612231-0
                          • Opcode ID: b06302be2fde9658264fc2c2032669dc3cd2a606415917f2d681beb5bc13c23a
                          • Instruction ID: eab1a4baead359f4d740bdb7fae09ebdab50be264026c809026173ad676303f6
                          • Opcode Fuzzy Hash: b06302be2fde9658264fc2c2032669dc3cd2a606415917f2d681beb5bc13c23a
                          • Instruction Fuzzy Hash: B2410723B14A9586EF04DF6AD9242A9B391F748FD8B099032DE0DC7B58DF3DD0859344
                          Function 00007FF6E1F06B80 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dca16760c16045323fb2a8147a8deaac5a83d9e0392267e522cfab10fc015eeb
                          • Instruction ID: c1fbbcb393ecbf86dc85b9f7fcd283349fd608bcda6133b1c68c0fb4d0be536a
                          • Opcode Fuzzy Hash: dca16760c16045323fb2a8147a8deaac5a83d9e0392267e522cfab10fc015eeb
                          • Instruction Fuzzy Hash: 6C41B023A24FC581DB20DB25E8113E963A0FB8AB84F459226DE8D93709DF38D185D780
                          Function 00007FF6E1F97AC0 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 407 7ff6e1f97ac0-7ff6e1f97c11 call 7ff6e1f97140 * 10
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                          • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                          • API String ID: 3255926029-3252031757
                          • Opcode ID: 91240c9a3aa641d89153d2bf06212acd11137062757dc36d65217fd2db88123f
                          • Instruction ID: 0623d3637ddb10a740cc6a0e6bb37dbdf63bc1d205f44bb258ed4993477ba180
                          • Opcode Fuzzy Hash: 91240c9a3aa641d89153d2bf06212acd11137062757dc36d65217fd2db88123f
                          • Instruction Fuzzy Hash: B8319A66D18647A1E700EB95E8517F023A2AF48300F905133D41D971B1DFBEA689E3CB
                          Function 00007FF6E1FB7420 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 94synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: CriticalSection$EnterErrorLastLeave$BreakDebugFormatFreeLocalMessageObjectReleaseSemaphoreSingleWait
                          • String ID: ReleaseSemaphore$WaitForSingleObject
                          • API String ID: 1615886272-4124537571
                          • Opcode ID: e9cc749e60f475d9a44ed2d54b6e60c7d89acd2eb14e1c7f009ab47b21cadf54
                          • Instruction ID: 2d34231ec208640b20cdd3b133f00aed875ac9de4333d37fe061e63388260d02
                          • Opcode Fuzzy Hash: e9cc749e60f475d9a44ed2d54b6e60c7d89acd2eb14e1c7f009ab47b21cadf54
                          • Instruction Fuzzy Hash: CB414433A0868282EB109F20E8443B963A1FF90B68F444731DA6D876E9DF7ED545D785
                          Function 00007FF6E1F40CA0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94networksynchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1815 7ff6e1f40ca0-7ff6e1f40ccd 1816 7ff6e1f40cf9-7ff6e1f40d14 CreateEventA 1815->1816 1817 7ff6e1f40ccf-7ff6e1f40cf7 1815->1817 1819 7ff6e1f40d16-7ff6e1f40d18 1816->1819 1820 7ff6e1f40d91 1816->1820 1818 7ff6e1f40d1b-7ff6e1f40d5c 1817->1818 1823 7ff6e1f40d5e-7ff6e1f40d63 1818->1823 1824 7ff6e1f40dc2-7ff6e1f40dc4 1818->1824 1819->1818 1821 7ff6e1f40d96-7ff6e1f40db4 1820->1821 1825 7ff6e1f40db9-7ff6e1f40dbc CloseHandle 1823->1825 1826 7ff6e1f40d65-7ff6e1f40d76 WaitForSingleObject 1823->1826 1827 7ff6e1f40dc6-7ff6e1f40dcc 1824->1827 1828 7ff6e1f40dde-7ff6e1f40de8 WSASetLastError 1824->1828 1825->1824 1832 7ff6e1f40d78-7ff6e1f40d8b GetLastError CloseHandle WSASetLastError 1826->1832 1833 7ff6e1f40db5 1826->1833 1829 7ff6e1f40dd9 1827->1829 1830 7ff6e1f40dce-7ff6e1f40dd7 call 7ff6e1f40900 1827->1830 1828->1820 1831 7ff6e1f40dea-7ff6e1f40dec 1828->1831 1829->1828 1830->1828 1831->1821 1832->1820 1833->1825
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$CloseHandle$CreateEventObjectSingleWait
                          • String ID: $
                          • API String ID: 1659421480-227171996
                          • Opcode ID: 814e11ab62e77d39b33319818ca8f5031c5b562b9c142cd7743e2281ea6eb97f
                          • Instruction ID: 76edde60ed078826a9669e36b5f388a0429a15d3c808fb6f7e638f069e350022
                          • Opcode Fuzzy Hash: 814e11ab62e77d39b33319818ca8f5031c5b562b9c142cd7743e2281ea6eb97f
                          • Instruction Fuzzy Hash: 65311837B08B4282E7108F21A9547ED62E1FB44BA4F140234DEAD83BD4CF7DE9069745
                          Function 00007FF6E1F33D00 Relevance: 10.6, APIs: 7, Instructions: 94registryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$ItemObjectQueueRegisterSingleUserWaitWork
                          • String ID:
                          • API String ID: 1560240253-0
                          • Opcode ID: eeb17fedcdb5142e3386fb1f08de7f2ba6d5cec0eaaf99e4a6ea21e014e94945
                          • Instruction ID: a65e741b631fa0ec4074a15ae07f499ab766219163a7d5db5a102bc66eb90297
                          • Opcode Fuzzy Hash: eeb17fedcdb5142e3386fb1f08de7f2ba6d5cec0eaaf99e4a6ea21e014e94945
                          • Instruction Fuzzy Hash: A9417B33908B81C6E314CF21E4483A973A5FB48B54F044239DB8E83AA4DF39E1E5D746
                          Function 00007FF6E1FA3A10 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                          • String ID: CONOUT$
                          • API String ID: 3230265001-3130406586
                          • Opcode ID: 15af370bf763f069f52876f87fad64a7a75a2c89b340c3f415ddd61936df9302
                          • Instruction ID: 74019a9be284e37e01f9eb984c93d56f5632f96e3d47aa549f7e1aed5552bf44
                          • Opcode Fuzzy Hash: 15af370bf763f069f52876f87fad64a7a75a2c89b340c3f415ddd61936df9302
                          • Instruction Fuzzy Hash: 0511B123F18A4182E3509B02E85436966E1FB88BF8F000238EA5DC3794CF7ED944878A
                          Function 00007FF6E1EE6A50 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                          • String ID:
                          • API String ID: 1102183713-0
                          • Opcode ID: 66dfc2bc74e36f4536d11ace84cb251e6dc4e5b29a4e980d63146d2e4b7f7949
                          • Instruction ID: 95fcfdda7510b1f624d36563080ae6f70aa873d0621ac2b60775c8ba4f133108
                          • Opcode Fuzzy Hash: 66dfc2bc74e36f4536d11ace84cb251e6dc4e5b29a4e980d63146d2e4b7f7949
                          • Instruction Fuzzy Hash: 80418F23A08B4280EB219B15D4403F967A1FF98B98F048131DA9E877D5EF3EE595D34A
                          Function 00007FF6E1F87490 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 2210144848-0
                          • Opcode ID: 6b25fe23a028cccc73de48d364bf80b96e3cd102fabd06cb304e44258fdd0e20
                          • Instruction ID: 62de3cee8aacd1aaf629a257fde911d5a84f0423b3b2764081f7e47fbb474435
                          • Opcode Fuzzy Hash: 6b25fe23a028cccc73de48d364bf80b96e3cd102fabd06cb304e44258fdd0e20
                          • Instruction Fuzzy Hash: 49810563E186528AF7109F6688513FC37E1BB44798F400231DE0ED76A1DF3EA441E76A
                          Function 00007FF6E1F351E0 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: BufferConsoleInfoScreen
                          • String ID:
                          • API String ID: 3437242342-0
                          • Opcode ID: b53ea00cebd40e770cc94a8e5450a1a270c52d8ba46037af354d465eaad8f65c
                          • Instruction ID: 3f89281740bde2db1616d1a9733f77bdcfee0592953821ad50afdfa2c9c85210
                          • Opcode Fuzzy Hash: b53ea00cebd40e770cc94a8e5450a1a270c52d8ba46037af354d465eaad8f65c
                          • Instruction Fuzzy Hash: D881F173B1C64286D7648B25A4847BE72E1FBC4746F500138EA4EC3BA4DF3EE4459B46
                          Function 00007FF6E1EE6BE0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                          • String ID:
                          • API String ID: 459529453-0
                          • Opcode ID: ccd45bfdc7f7fa5f318b369a14bf029eaa0acc61c784431ca12860f6dc1c6762
                          • Instruction ID: 12b093d6b889b7f6a3a3b5d4868630d34a1370ef5ede4aef176d0c623c38acd0
                          • Opcode Fuzzy Hash: ccd45bfdc7f7fa5f318b369a14bf029eaa0acc61c784431ca12860f6dc1c6762
                          • Instruction Fuzzy Hash: C041D023E09A8280EB249B11D5403F937A1FF98B94F084131DAAD87795DF7EE991D34A
                          Function 00007FF6E1FA176C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: _set_statfp
                          • String ID:
                          • API String ID: 1156100317-0
                          • Opcode ID: 53512fb03dbae7469fc7500c1bfe0bb856749efdb792acf0b38c9be78e2f8441
                          • Instruction ID: 4377ea79fa507a8b4d8a421493f44d9bb6c77b587fe280e44869592dc2d45f0d
                          • Opcode Fuzzy Hash: 53512fb03dbae7469fc7500c1bfe0bb856749efdb792acf0b38c9be78e2f8441
                          • Instruction Fuzzy Hash: 91113623E0CA0703F3642528D1123F608C16F48374F4A1E30E97EC72DADE1EA841A1AE
                          Function 00007FF6E1F3D1B0 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: CriticalSection$CancelEnterLeave
                          • String ID:
                          • API String ID: 4260397832-0
                          • Opcode ID: b631b3e411eb0ba31c5c9b68d27e687c3bd3e68f05547bb762fa21174a77f9da
                          • Instruction ID: 193375ca295ca54929f3e3fc4edaefa2fcd8fba581d9a8d9346c350d799fb37d
                          • Opcode Fuzzy Hash: b631b3e411eb0ba31c5c9b68d27e687c3bd3e68f05547bb762fa21174a77f9da
                          • Instruction Fuzzy Hash: F911823391464181EB548B24D88D3F823A1EB44B38F540330E97D8B2E8CF7DD5969346
                          Function 00007FF6E1EE4C80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionThrow
                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                          • API String ID: 432778473-1866435925
                          • Opcode ID: b3b7852f9c8b3f823a9b54919673e778e53c4232fe196ca441d960dbfd48c92a
                          • Instruction ID: 07e8484dce0a38d393f2fd1deae65719ced349239fe451ea196540220355e6e0
                          • Opcode Fuzzy Hash: b3b7852f9c8b3f823a9b54919673e778e53c4232fe196ca441d960dbfd48c92a
                          • Instruction Fuzzy Hash: 5F41BE33A05B8685EB10CF18D6813A877A1FB84B88F548532DB5D837A0EF3AD666C305
                          Function 00007FF6E1EE6480 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 110COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                          • API String ID: 0-1866435925
                          • Opcode ID: af51aba71734f2234834fb7c9865e2f7269a77f704942f2437ee904e9977284d
                          • Instruction ID: 667dfe3a1cb3fc944667e71684c1b46df9a337eb5c5ae359d27be4a19802d9a0
                          • Opcode Fuzzy Hash: af51aba71734f2234834fb7c9865e2f7269a77f704942f2437ee904e9977284d
                          • Instruction Fuzzy Hash: 61419033704A4582EF14CF19D48036877A0FB84F98F548636DA6E877A5DF39D94AC705
                          Function 00007FF6E1EE69A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionThrow
                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                          • API String ID: 432778473-1866435925
                          • Opcode ID: b43d8aa3543ba4050381859482258e9b7a41e4f0adf89a989cb268dc93de194d
                          • Instruction ID: 4173ac0695f65bbe22adfc54d1da14fda7f41cad13ddd8d383640cb3983d302d
                          • Opcode Fuzzy Hash: b43d8aa3543ba4050381859482258e9b7a41e4f0adf89a989cb268dc93de194d
                          • Instruction Fuzzy Hash: 17119663A04A4985EF10CB14D4813B86761EB84BA8F544731EAAEC72F5DF2ED586C305
                          Function 00007FF6E1EE2CE0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 255COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: Concurrency::cancel_current_taskMtx_unlockXinvalid_argumentstd::_
                          • String ID: list<T> too long
                          • API String ID: 769516727-4027344264
                          • Opcode ID: b6493fd9deeeae7f68379cfe2d0b7fe73c4a827ebd78f726660df5924ca12df8
                          • Instruction ID: 929c0d54cc9ef9f8b8335de09d2b277afb282c20eabb7c2106035144b423470d
                          • Opcode Fuzzy Hash: b6493fd9deeeae7f68379cfe2d0b7fe73c4a827ebd78f726660df5924ca12df8
                          • Instruction Fuzzy Hash: 1FB14537A04B4186E714DF61E4503AD33B5EB48B88F148126DF8D9379ADF39E9A1D384
                          Function 00007FF6E1F997D4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID: e+000$gfff
                          • API String ID: 3215553584-3030954782
                          • Opcode ID: cc6524a8b83673953fb25d8bbc7e836184950a66c45220a11ea2598c04edadba
                          • Instruction ID: 06aebc32fac42c4444ecc9f35f914dfd29aadea184dda2e035b7a0c6f9eedf72
                          • Opcode Fuzzy Hash: cc6524a8b83673953fb25d8bbc7e836184950a66c45220a11ea2598c04edadba
                          • Instruction Fuzzy Hash: 2F515963B183C286E7249F3994503E96BD1FB84B90F488235C7AE8BBD5CE2ED040D746
                          Function 00007FF6E1F87234 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: U
                          • API String ID: 442123175-4171548499
                          • Opcode ID: 5e4e9e54c1aa22bbb616cd923bef572ced648aea231344f0bb5886cbeb0cfb00
                          • Instruction ID: 0e41a13527f862297111fdd3f089aae6102c471486200f6b4bcf2f782f5376f3
                          • Opcode Fuzzy Hash: 5e4e9e54c1aa22bbb616cd923bef572ced648aea231344f0bb5886cbeb0cfb00
                          • Instruction Fuzzy Hash: 0841B323A18A4586EB20CF25E8453EA67A1FB88794F804131EE4EC7798DF3DD441DB85
                          Function 00007FF6E1F33367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: UnregisterWait
                          • String ID: UnregisterWaitEx
                          • API String ID: 2974071796-3194662728
                          • Opcode ID: 96736a56b12e9d5ec6cee067ab60e91e6458c612f9e026bf870b5747563a4665
                          • Instruction ID: 07f754850b72edbe22dd6345a664b0112371a98b8b59333c28fcbd042886d202
                          • Opcode Fuzzy Hash: 96736a56b12e9d5ec6cee067ab60e91e6458c612f9e026bf870b5747563a4665
                          • Instruction Fuzzy Hash: E4019233A0458286E7208F29D4447BC33B1EB05F74F040330CA79876D8CE29E892A797
                          Function 00007FF6E1F977C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1359897501.00007FF6E1ED1000.00000040.00000001.01000000.00000004.sdmp, Offset: 00007FF6E1ED0000, based on PE: true
                          • Associated: 00000003.00000002.1359792004.00007FF6E1ED0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E201A000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22AA000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1359897501.00007FF6E22BC000.00000040.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360420594.00007FF6E22BE000.00000080.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000003.00000002.1360481693.00007FF6E22C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff6e1ed0000_JvuHRXO.jbxd
                          Yara matches
                          Similarity
                          • API ID: CountCriticalInitializeSectionSpintry_get_function
                          • String ID: InitializeCriticalSectionEx
                          • API String ID: 539475747-3084827643
                          • Opcode ID: f0be8cbf3ad190b351ddd9c4fb8100e56dbbdb331066f4260019902eb9f3bce6
                          • Instruction ID: 92c76637fe21b54ee44f01379b7fe96daa31a94a1f3627a39a0a679abcbb3103
                          • Opcode Fuzzy Hash: f0be8cbf3ad190b351ddd9c4fb8100e56dbbdb331066f4260019902eb9f3bce6
                          • Instruction Fuzzy Hash: 56F0E927F0874192E704AF52F4402F522A1BF88B90F548135D91D83B54CF3ED584DBC5