4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365

max time kernel
5s
max time network
146s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
11/11/2023, 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888Rat.exe
Size

93.6MB
MD5

553951bbbde6c6001ade88f3a06a9b9a
SHA1

28cd84b4533433cc925123f106e4efbbddd3c2ca
SHA256

4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365
SHA512

e9cf57ca2cd87fa2b3c05c0003ae11fc51d4139072d028ba52d665de57fffcb9c279cbe19ede001cc56ac464212ab8f6cbb8e7023c7ca567835a7b540a58521d
SSDEEP

1572864:ST0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5km:ST0I1IGfr0H4HbLYrXajRPcl0issnM4s

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
484	SERVERS.EXE
4804	SERVERS.EXE
3620	888RAT.EXE
3956	SERVERS.EXE

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
916	schtasks.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3152	2980	888Rat.exe	70
PID 2980 wrote to memory of 3152	2980	888Rat.exe	70
PID 2980 wrote to memory of 3152	2980	888Rat.exe	70
PID 2980 wrote to memory of 484	2980	888Rat.exe	71
PID 2980 wrote to memory of 484	2980	888Rat.exe	71
PID 3152 wrote to memory of 2724	3152	888RAT.EXE	72
PID 3152 wrote to memory of 2724	3152	888RAT.EXE	72
PID 3152 wrote to memory of 2724	3152	888RAT.EXE	72
PID 3152 wrote to memory of 4804	3152	888RAT.EXE	73
PID 3152 wrote to memory of 4804	3152	888RAT.EXE	73
PID 2724 wrote to memory of 288	2724	888RAT.EXE	160
PID 2724 wrote to memory of 288	2724	888RAT.EXE	160
PID 2724 wrote to memory of 288	2724	888RAT.EXE	160
PID 2724 wrote to memory of 3620	2724	SERVERS.EXE	252
PID 2724 wrote to memory of 3620	2724	SERVERS.EXE	252
PID 288 wrote to memory of 2408	288	888RAT.EXE	289
PID 288 wrote to memory of 2408	288	888RAT.EXE	289
PID 288 wrote to memory of 2408	288	888RAT.EXE	289
PID 288 wrote to memory of 3956	288	888RAT.EXE	76
PID 288 wrote to memory of 3956	288	888RAT.EXE	76

C:\Users\Admin\AppData\Local\Temp\888Rat.exe
"C:\Users\Admin\AppData\Local\Temp\888Rat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3152
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        Executes dropped EXE
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        11⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        12⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        13⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        15⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        16⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        17⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        18⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        18⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        19⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        19⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        20⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        21⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        21⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        22⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        22⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        23⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        23⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        24⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        25⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        26⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        26⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        27⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        28⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        28⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        29⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        29⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        30⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        31⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        31⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        32⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        32⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        33⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        34⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        34⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        35⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        35⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        36⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        37⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        37⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        38⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        38⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        39⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        39⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        40⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        40⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        41⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        41⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        42⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        43⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        43⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        44⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        44⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        45⤵
        Suspicious use of WriteProcessMemory
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        46⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        46⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        47⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        47⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        48⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        48⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        49⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        50⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        50⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        51⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        51⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        52⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        53⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        54⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        54⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        55⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        55⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        56⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        56⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        57⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        58⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        58⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        59⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        59⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        60⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        61⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        61⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        62⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        62⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        63⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        63⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        64⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        64⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        65⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        65⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        66⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        66⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        67⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        68⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        68⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        69⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        69⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        70⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        71⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        71⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        72⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        72⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        73⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        74⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        74⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        75⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        76⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        77⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        77⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        78⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        79⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        79⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        80⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        80⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        81⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        82⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        82⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        83⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        83⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        84⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        84⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        85⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        85⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        86⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        86⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        87⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        87⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        88⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        88⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        89⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        89⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        90⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        90⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        91⤵
        Executes dropped EXE
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        92⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        93⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        93⤵
        
        PID:504
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        94⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        95⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        95⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        96⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        96⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        97⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        97⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        98⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        98⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        99⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        99⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        100⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        100⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        101⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        102⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        103⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        103⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        104⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        104⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        105⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        106⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        106⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        107⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        108⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        109⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        110⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        110⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        111⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        111⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        112⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        113⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        114⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        114⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        115⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        115⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        116⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        116⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        117⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        118⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        119⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        119⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        120⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        120⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        121⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        122⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        122⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        123⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        124⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        124⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        125⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        126⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        126⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        127⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        127⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        128⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        128⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        129⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        129⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        130⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        130⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        131⤵
        Suspicious use of WriteProcessMemory
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        131⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        132⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        132⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        133⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        133⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        134⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        134⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        135⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        136⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        136⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        137⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        137⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        138⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        138⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        139⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        139⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        140⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        141⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        141⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        142⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        142⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        143⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        143⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        144⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        145⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        145⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        146⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        147⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        147⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        148⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        148⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        149⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        150⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        150⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        151⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        152⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        152⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        153⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        153⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        154⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        155⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        155⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        156⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        157⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        157⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        158⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        158⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        159⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        159⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        160⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        161⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        162⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        163⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        163⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        164⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        165⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        165⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        166⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        166⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        167⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        167⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        168⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        169⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        170⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        171⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        171⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        172⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        172⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        173⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        173⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        174⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        174⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        175⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        175⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        176⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        176⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        177⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        177⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        178⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        178⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        179⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        179⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        180⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        180⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        181⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        181⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        182⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        182⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        183⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        183⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        184⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        184⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        185⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        185⤵
        
        PID:96
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        186⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        187⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        187⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        188⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        188⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        189⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        189⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        190⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        190⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        191⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        191⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        192⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        192⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        193⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        193⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        194⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        194⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        195⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        195⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        196⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        196⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        197⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        197⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        198⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        198⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        199⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        199⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        200⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        201⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        201⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        202⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        203⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        203⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        204⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        204⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        205⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        206⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        207⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        207⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        208⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        208⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        209⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        209⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        210⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        210⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        211⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        211⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        212⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        213⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        213⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        212⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        206⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        205⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        202⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        200⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        186⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        170⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        169⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        168⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        164⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        162⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        161⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        160⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        156⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        154⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        151⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        149⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        146⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        144⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        140⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        135⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        125⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        123⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        121⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        118⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        117⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        113⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        112⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        109⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        108⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        107⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        105⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        102⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        101⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        94⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        92⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        91⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        81⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        78⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        76⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        75⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        73⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        70⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        67⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        60⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        57⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        53⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        52⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        49⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        45⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        42⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        36⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        33⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        30⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        27⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        25⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        24⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        20⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        17⤵
        
        PID:200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        16⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        13⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        12⤵
        
        PID:4104
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    - Executes dropped EXE
    PID:4804
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  - Executes dropped EXE
  PID:484
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /tn "WINDOWSSYSTEMHOST" /tr "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE" /sc MINUTE /MO 1
    3⤵
    - Creates scheduled task(s)
    PID:916

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SERVERS.EXE.log

Filesize
1KB

MD5
c0dc8d352a16499272e8f7886876c842

SHA1
a0faf19ad2c41cbc8dfff1c12437e2ae0dd4a541

SHA256
5e7990a7907b9b0f3489ce37e0fbc15f4d0b96485d66bba614287645aeff5d9b

SHA512
30f6415da1d40a0011973adc4286330eb4b3ca95ae5467bf258f693ba92bf19077ba78afd3438bf3d249d943dc2bb0cb4ed2efcdb65dab4f3db669f855e6e3e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
memory/200-85-0x000000001AE60000-0x000000001AE70000-memory.dmp

Filesize
64KB

Download
memory/200-82-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/484-22-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/484-10-0x0000000002EC0000-0x0000000002ED0000-memory.dmp

Filesize
64KB

Download
memory/484-8-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/484-27-0x0000000002EC0000-0x0000000002ED0000-memory.dmp

Filesize
64KB

Download
memory/484-7-0x0000000003020000-0x00000000030BE000-memory.dmp

Filesize
632KB

Download
memory/484-46-0x000000001C210000-0x000000001C24E000-memory.dmp

Filesize
248KB

Download
memory/484-32-0x00000000030C0000-0x00000000030D2000-memory.dmp

Filesize
72KB

Download
memory/484-5-0x0000000000F50000-0x0000000000F58000-memory.dmp

Filesize
32KB

Download
memory/820-86-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/820-87-0x000000001B5F0000-0x000000001B600000-memory.dmp

Filesize
64KB

Download
memory/1216-74-0x000000001B9F0000-0x000000001BA00000-memory.dmp

Filesize
64KB

Download
memory/1216-73-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/1668-77-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/1668-50-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/1668-51-0x000000001BAC0000-0x000000001BAD0000-memory.dmp

Filesize
64KB

Download
memory/2604-68-0x000000001B790000-0x000000001B7A0000-memory.dmp

Filesize
64KB

Download
memory/2604-67-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3108-75-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3108-43-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3108-71-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3108-44-0x000000001B650000-0x000000001B660000-memory.dmp

Filesize
64KB

Download
memory/3120-84-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3120-64-0x0000000002EA0000-0x0000000002EB0000-memory.dmp

Filesize
64KB

Download
memory/3120-63-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3620-38-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/3620-33-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3620-37-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3620-14-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/3620-13-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3956-16-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3956-17-0x000000001B810000-0x000000001B820000-memory.dmp

Filesize
64KB

Download
memory/3956-49-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3956-41-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/3956-45-0x000000001B810000-0x000000001B820000-memory.dmp

Filesize
64KB

Download
memory/4104-59-0x000000001B8F0000-0x000000001B900000-memory.dmp

Filesize
64KB

Download
memory/4104-80-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4104-57-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4328-78-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4328-79-0x0000000002330000-0x0000000002340000-memory.dmp

Filesize
64KB

Download
memory/4364-25-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/4364-61-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4364-54-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4364-58-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/4364-23-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4488-52-0x000000001AE80000-0x000000001AE90000-memory.dmp

Filesize
64KB

Download
memory/4488-19-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4488-55-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4488-47-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4488-20-0x000000001AE80000-0x000000001AE90000-memory.dmp

Filesize
64KB

Download
memory/4804-39-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4804-24-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4804-28-0x00000000013C0000-0x00000000013D0000-memory.dmp

Filesize
64KB

Download
memory/4804-11-0x00000000013C0000-0x00000000013D0000-memory.dmp

Filesize
64KB

Download
memory/4804-9-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4820-35-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4820-42-0x000000001B8C0000-0x000000001B8D0000-memory.dmp

Filesize
64KB

Download
memory/4820-66-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4820-69-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/4820-70-0x000000001B8C0000-0x000000001B8D0000-memory.dmp

Filesize
64KB

Download
memory/5060-29-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download
memory/5060-30-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/5060-62-0x00007FF81B8B0000-0x00007FF81C29C000-memory.dmp

Filesize
9.9MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads