9f12a9ce12d4dbcb733fa3dca7742615386c6fe67dd0468f1f76bfba5a93098c

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a593bed6758acd3ac424f63f2ef6f60N.exe
Size

824KB
MD5

7a593bed6758acd3ac424f63f2ef6f60
SHA1

90c0af4ec8a89f8e7097765f5c4083f771000a92
SHA256

9f12a9ce12d4dbcb733fa3dca7742615386c6fe67dd0468f1f76bfba5a93098c
SHA512

8b7f0ccf845848ec20ab57c4d2547d8c91150e89d598499059434e1182b3deb3aef9b18b10d97a4c5f1324bb47816a11ad9efbf5d673080d15bc54ede1dedfbb
SSDEEP

6144:04sZBOZdjEYTPXMhaMP/kFTA7OAmBOZdjEYTPXMhaMP/a:0nANL8oq/kFTsOWNL8oq/a

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	wklyaukv.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	ivxd.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	chqe.exe

Deletes itself 1 IoCs

pid	Process
2836	wklyaukv.exe

Executes dropped EXE 64 IoCs

pid	Process
2400	ivxd.exe
2836	wklyaukv.exe
3000	chqe.exe
2644	wklyaukv.exe
1728	wklyaukv.exe
1468	wklyaukv.exe
1904	wklyaukv.exe
2892	wklyaukv.exe
1476	wklyaukv.exe
1808	wklyaukv.exe
1784	wklyaukv.exe
1620	wklyaukv.exe
1148	wklyaukv.exe
1752	wklyaukv.exe
2272	wklyaukv.exe
2152	wklyaukv.exe
2288	wklyaukv.exe
2348	wklyaukv.exe
1996	wklyaukv.exe
2084	wklyaukv.exe
2092	wklyaukv.exe
2552	wklyaukv.exe
1848	wklyaukv.exe
2544	wklyaukv.exe
2044	wklyaukv.exe
2132	wklyaukv.exe
2076	wklyaukv.exe
2792	wklyaukv.exe
2196	wklyaukv.exe
1080	wklyaukv.exe
3032	wklyaukv.exe
2440	wklyaukv.exe
444	wklyaukv.exe
1320	wklyaukv.exe
2000	wklyaukv.exe
884	wklyaukv.exe
1640	wklyaukv.exe
1632	wklyaukv.exe
1076	wklyaukv.exe
1940	wklyaukv.exe
372	wklyaukv.exe
624	wklyaukv.exe
1628	wklyaukv.exe
1636	wklyaukv.exe
2268	wklyaukv.exe
1656	wklyaukv.exe
780	wklyaukv.exe
1344	wklyaukv.exe
876	wklyaukv.exe
1548	wklyaukv.exe
1552	wklyaukv.exe
2164	wklyaukv.exe
856	wklyaukv.exe
3016	wklyaukv.exe
2384	wklyaukv.exe
2456	wklyaukv.exe
2412	wklyaukv.exe
3012	wklyaukv.exe
556	wklyaukv.exe
748	wklyaukv.exe
2208	wklyaukv.exe
2464	wklyaukv.exe
1152	wklyaukv.exe
2188	wklyaukv.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe

Adds Run key to start application 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\ivxd = "c:\\windows\\system\\ivxd.exe"	chqe.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\wklyaukv = "c:\\windows\\system32\\wklyaukv.exe"	chqe.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\chqe = "c:\\windows\\chqe.exe"	chqe.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\wklyaukv = "c:\\windows\\system32\\wklyaukv.exe"	wklyaukv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\chqe = "c:\\windows\\chqe.exe"	wklyaukv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\ivxd = "c:\\windows\\system\\ivxd.exe"	ivxd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\chqe = "c:\\windows\\chqe.exe"	ivxd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\wklyaukv = "c:\\windows\\system32\\wklyaukv.exe"	ivxd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\ivxd = "c:\\windows\\system\\ivxd.exe"	7a593bed6758acd3ac424f63f2ef6f60N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\wklyaukv = "c:\\windows\\system32\\wklyaukv.exe"	7a593bed6758acd3ac424f63f2ef6f60N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\chqe = "c:\\windows\\chqe.exe"	7a593bed6758acd3ac424f63f2ef6f60N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\ivxd = "c:\\windows\\system\\ivxd.exe"	wklyaukv.exe

Drops file in System32 directory 55 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ykmin.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\edink.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\kukxq.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\svdlxliz.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\idww.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\msnqrhrf.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\idww.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\vyzgnab.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\gtyzqxqy.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\svdlxliz.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\vajptwj.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\lkwqigy.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\unia.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\uazx.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\uazx.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\ycrhno.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\kukxq.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\ycrhno.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\kukxq.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\vyzgnab.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\svdlxliz.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\vajptwj.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\gtyzqxqy.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\ykmin.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\vyzgnab.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\unia.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\msnqrhrf.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File created	\??\c:\windows\SysWOW64\wklyaukv.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\uazx.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\vajptwj.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\lkwqigy.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\svdlxliz.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\unia.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\msnqrhrf.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\edink.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\idww.exe	wklyaukv.exe
File opened for modification	\??\c:\windows\SysWOW64\wklyaukv.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\uazx.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\idww.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\unia.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\lkwqigy.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\ycrhno.exe	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\SysWOW64\edink.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\msnqrhrf.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\ykmin.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\lkwqigy.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\gtyzqxqy.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\vyzgnab.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\ycrhno.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\ykmin.exe	wklyaukv.exe
File opened for modification	C:\windows\SysWOW64\wklyaukv.exe	wklyaukv.exe
File opened for modification	C:\Windows\SysWOW64\edink.exe	ivxd.exe
File opened for modification	C:\Windows\SysWOW64\vajptwj.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\gtyzqxqy.exe	chqe.exe
File opened for modification	C:\Windows\SysWOW64\kukxq.exe	chqe.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system\yhwnjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\fereuicyjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\zdrtlgjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\fehwvjczc	ivxd.exe
File opened for modification	C:\Windows\eqngjczc	chqe.exe
File opened for modification	C:\Windows\czlnfbsjczc	chqe.exe
File opened for modification	C:\Windows\system\hcmvpcjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\thdfdzumjczc	wklyaukv.exe
File opened for modification	C:\Windows\xazs.ijczc	chqe.exe
File opened for modification	C:\Windows\system\npucglujczc	wklyaukv.exe
File opened for modification	C:\Windows\system\o.chlqjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\gvokiulvjczc	ivxd.exe
File opened for modification	C:\Windows\famvljczc	chqe.exe
File opened for modification	C:\Windows\qghzomkzjczc	chqe.exe
File opened for modification	C:\Windows\system\pzoscjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\kvozgvjczc	ivxd.exe
File opened for modification	C:\Windows\system\mynvicfjczc	ivxd.exe
File opened for modification	C:\Windows\system\pwfwpauhjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\l.igjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\deihuqqojczc	wklyaukv.exe
File opened for modification	C:\Windows\.m.szjczc	chqe.exe
File opened for modification	C:\Windows\nocajczc	chqe.exe
File opened for modification	C:\Windows\system\nbbxjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\uhyobtcjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\rxrhjczc	ivxd.exe
File opened for modification	C:\Windows\system\odzkvujczc	ivxd.exe
File opened for modification	C:\Windows\kxivetajczc	chqe.exe
File opened for modification	C:\Windows\system\yzusjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\foexjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\kkcwtayjczc	wklyaukv.exe
File opened for modification	C:\Windows\qacrjczc	chqe.exe
File opened for modification	C:\Windows\eavccbyjczc	chqe.exe
File opened for modification	C:\Windows\system\fsptfhujczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\ulimzzunjczc	ivxd.exe
File opened for modification	C:\Windows\system\kyggjczc	ivxd.exe
File opened for modification	C:\Windows\system\pvorwjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\szcnjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\o.zzwzczjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\rbuzabjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\irlppvdgjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\.ogsjczc	ivxd.exe
File opened for modification	C:\Windows\system\zhapsmobjczc	ivxd.exe
File opened for modification	C:\Windows\system\ibzuoizjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\xnvtkohijczc	ivxd.exe
File opened for modification	C:\Windows\system\nrgljczc	ivxd.exe
File opened for modification	C:\Windows\system\mffyjczc	ivxd.exe
File opened for modification	C:\Windows\tmguqmjczc	chqe.exe
File opened for modification	C:\Windows\.bffjczc	chqe.exe
File opened for modification	C:\Windows\system\vh.glrwjczc	wklyaukv.exe
File opened for modification	C:\Windows\vdlqjczc	chqe.exe
File opened for modification	C:\Windows\system\onhhmjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\dbdpvjczc	ivxd.exe
File opened for modification	C:\Windows\system\hmttkjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\hoqbyxijczc	chqe.exe
File opened for modification	C:\Windows\xmezwjczc	chqe.exe
File opened for modification	C:\Windows\system\vl.ljczc	wklyaukv.exe
File opened for modification	C:\Windows\wgmbyjczc	chqe.exe
File opened for modification	C:\Windows\iggajczc	chqe.exe
File opened for modification	C:\Windows\system\akbgku.jczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\pwfmzwjczc	7a593bed6758acd3ac424f63f2ef6f60N.exe
File opened for modification	C:\Windows\system\iiu.dadcjczc	wklyaukv.exe
File opened for modification	C:\Windows\system\zihiojczc	wklyaukv.exe
File opened for modification	C:\Windows\system\ftrqeajczc	ivxd.exe
File opened for modification	C:\Windows\system\zyyqbkkjczc	ivxd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2520	7a593bed6758acd3ac424f63f2ef6f60N.exe
2400	ivxd.exe
2836	wklyaukv.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
3000	chqe.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2836	wklyaukv.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
2400	ivxd.exe
3000	chqe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2400	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	30
PID 2520 wrote to memory of 2400	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	30
PID 2520 wrote to memory of 2400	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	30
PID 2520 wrote to memory of 2400	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	30
PID 2520 wrote to memory of 2836	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	31
PID 2520 wrote to memory of 2836	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	31
PID 2520 wrote to memory of 2836	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	31
PID 2520 wrote to memory of 2836	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	31
PID 2520 wrote to memory of 3000	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	32
PID 2520 wrote to memory of 3000	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	32
PID 2520 wrote to memory of 3000	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	32
PID 2520 wrote to memory of 3000	2520	7a593bed6758acd3ac424f63f2ef6f60N.exe	32
PID 2836 wrote to memory of 2644	2836	wklyaukv.exe	33
PID 2836 wrote to memory of 2644	2836	wklyaukv.exe	33
PID 2836 wrote to memory of 2644	2836	wklyaukv.exe	33
PID 2836 wrote to memory of 2644	2836	wklyaukv.exe	33
PID 2400 wrote to memory of 1728	2400	ivxd.exe	34
PID 2400 wrote to memory of 1728	2400	ivxd.exe	34
PID 2400 wrote to memory of 1728	2400	ivxd.exe	34
PID 2400 wrote to memory of 1728	2400	ivxd.exe	34
PID 3000 wrote to memory of 1468	3000	chqe.exe	35
PID 3000 wrote to memory of 1468	3000	chqe.exe	35
PID 3000 wrote to memory of 1468	3000	chqe.exe	35
PID 3000 wrote to memory of 1468	3000	chqe.exe	35
PID 2836 wrote to memory of 1904	2836	wklyaukv.exe	37
PID 2836 wrote to memory of 1904	2836	wklyaukv.exe	37
PID 2836 wrote to memory of 1904	2836	wklyaukv.exe	37
PID 2836 wrote to memory of 1904	2836	wklyaukv.exe	37
PID 2400 wrote to memory of 2892	2400	ivxd.exe	38
PID 2400 wrote to memory of 2892	2400	ivxd.exe	38
PID 2400 wrote to memory of 2892	2400	ivxd.exe	38
PID 2400 wrote to memory of 2892	2400	ivxd.exe	38
PID 3000 wrote to memory of 1476	3000	chqe.exe	39
PID 3000 wrote to memory of 1476	3000	chqe.exe	39
PID 3000 wrote to memory of 1476	3000	chqe.exe	39
PID 3000 wrote to memory of 1476	3000	chqe.exe	39
PID 2836 wrote to memory of 1808	2836	wklyaukv.exe	40
PID 2836 wrote to memory of 1808	2836	wklyaukv.exe	40
PID 2836 wrote to memory of 1808	2836	wklyaukv.exe	40
PID 2836 wrote to memory of 1808	2836	wklyaukv.exe	40
PID 2400 wrote to memory of 1784	2400	ivxd.exe	41
PID 2400 wrote to memory of 1784	2400	ivxd.exe	41
PID 2400 wrote to memory of 1784	2400	ivxd.exe	41
PID 2400 wrote to memory of 1784	2400	ivxd.exe	41
PID 3000 wrote to memory of 1620	3000	chqe.exe	42
PID 3000 wrote to memory of 1620	3000	chqe.exe	42
PID 3000 wrote to memory of 1620	3000	chqe.exe	42
PID 3000 wrote to memory of 1620	3000	chqe.exe	42
PID 2836 wrote to memory of 1148	2836	wklyaukv.exe	43
PID 2836 wrote to memory of 1148	2836	wklyaukv.exe	43
PID 2836 wrote to memory of 1148	2836	wklyaukv.exe	43
PID 2836 wrote to memory of 1148	2836	wklyaukv.exe	43
PID 2400 wrote to memory of 1752	2400	ivxd.exe	44
PID 2400 wrote to memory of 1752	2400	ivxd.exe	44
PID 2400 wrote to memory of 1752	2400	ivxd.exe	44
PID 2400 wrote to memory of 1752	2400	ivxd.exe	44
PID 3000 wrote to memory of 2272	3000	chqe.exe	45
PID 3000 wrote to memory of 2272	3000	chqe.exe	45
PID 3000 wrote to memory of 2272	3000	chqe.exe	45
PID 3000 wrote to memory of 2272	3000	chqe.exe	45
PID 2836 wrote to memory of 2152	2836	wklyaukv.exe	46
PID 2836 wrote to memory of 2152	2836	wklyaukv.exe	46
PID 2836 wrote to memory of 2152	2836	wklyaukv.exe	46
PID 2836 wrote to memory of 2152	2836	wklyaukv.exe	46

C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exe
"C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2520
- C:\windows\system\ivxd.exe
  "C:\windows\system\ivxd.exe" "C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1728
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2892
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1784
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1752
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2288
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2084
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1848
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2132
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2196
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2440
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2000
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1632
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:372
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1636
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:780
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1548
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:856
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2456
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:556
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2464
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1724
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1504
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1696
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2988
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2356
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2468
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2728
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2752
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2568
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2388
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2820
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2768
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2668
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1280
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1468
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1272
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2936
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2896
- C:\windows\SysWOW64\wklyaukv.exe
  "C:\windows\system32\wklyaukv.exe" "C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exe"
  2⤵
  - Drops file in Drivers directory
  - Deletes itself
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2644
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1904
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1808
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1148
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2152
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1996
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2552
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2044
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2792
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:3032
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1320
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1640
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1940
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1628
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1656
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:876
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2164
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2384
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:3012
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2208
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2188
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1500
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1240
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2548
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2956
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:264
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:3008
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2864
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2880
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2716
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2764
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2712
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2812
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2220
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1904
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2800
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:288
- C:\windows\chqe.exe
  "C:\windows\chqe.exe" "C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1468
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1476
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1620
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2272
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2348
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2092
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2544
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2076
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1080
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:444
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:884
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1076
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:624
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2268
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1344
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1552
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:3016
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:2412
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:748
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    - Executes dropped EXE
    PID:1152
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1820
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1440
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:3052
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2028
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:548
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1836
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2876
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2724
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:800
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:3064
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2824
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2844
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2352
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:1680
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2584
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2808
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2984
- - C:\windows\SysWOW64\wklyaukv.exe
    "C:\windows\system32\wklyaukv.exe"
    3⤵
    PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7a593bed6758acd3ac424f63f2ef6f60N.exeivxd.exe_

Filesize
824KB

MD5
7a593bed6758acd3ac424f63f2ef6f60

SHA1
90c0af4ec8a89f8e7097765f5c4083f771000a92

SHA256
9f12a9ce12d4dbcb733fa3dca7742615386c6fe67dd0468f1f76bfba5a93098c

SHA512
8b7f0ccf845848ec20ab57c4d2547d8c91150e89d598499059434e1182b3deb3aef9b18b10d97a4c5f1324bb47816a11ad9efbf5d673080d15bc54ede1dedfbb

Download Submit
C:\Windows\SysWOW64\wklyaukv.exe

Filesize
629KB

MD5
efeb37c8a3731c79557c37dc760a15ea

SHA1
d33c89ee231d4aaedbc7d25c79f25fbf0b9cd3b7

SHA256
9d586fd1443dee60b269d8ea41061370d786b05d51c38ebf41f381f1448a4652

SHA512
57bb54a41761e2f04fff9c1631354b328f9c1ddc5a71fd60196a6c04eed3ddc65710a83d62cd666fc28b7afb350b19d7a5cfb4a4325bd62683ccdaf4d73e54b4

Download Submit