berbew | 263b41f42d5b9e564bd527b80bf6dc499367af7f1c1b6436dc70fc072d5a5f4d

Resubmissions

19-09-2024 16:35

240919-t3mwmaydma 10

19-09-2024 15:27

240919-svslgawara 666

Analysis

max time kernel
64s
max time network
66s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-09-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoomRat.exe
Size

12.1MB
MD5

de44552631e89947e4654a39f41c18fc
SHA1

b1370d875efcf7bbba3ec1a9cfbd2bb20ae23c6d
SHA256

263b41f42d5b9e564bd527b80bf6dc499367af7f1c1b6436dc70fc072d5a5f4d
SHA512

d876bd63a929791e49dd5119fcf488a7c89eb471a183c71b287fb621144f5ffc72c606f3a3dc250ed65649d3bf3b69427abc4c5fc5d03b86324386708ee77def
SSDEEP

393216:vGV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:SYQZ2YwUlJn1QtIm28IKzo

Score

10^/10

berbew blackmoon cobaltstrike emotet gozi epoch3 backdoor banker isfb trojan upx

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

Extracted

Family

emotet

Botnet

Epoch3

173.94.215.84:80

85.25.207.108:8080

178.128.14.92:8080

60.125.114.64:443

181.126.54.234:80

157.7.164.178:8081

95.216.205.155:8080

216.75.37.196:8080

179.62.238.49:80

71.57.180.213:80

172.96.190.154:8080

112.78.142.170:80

178.238.232.46:443

177.144.130.105:443

105.209.235.113:8080

46.105.131.68:8080

185.86.148.68:443

143.95.101.72:8080

75.127.14.170:8080

168.0.97.6:80

rsa_pubkey.plain

Extracted

Family

gozi

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000800000001ad91-3761.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detect Blackmoon payload 5 IoCs

resource	yara_rule
behavioral1/memory/4864-152-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/3116-348-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4104-471-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5888-502-0x0000000000400000-0x0000000000453000-memory.dmp	family_blackmoon
behavioral1/memory/5292-562-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Emotet payload 1 IoCs

Detects Emotet payload in memory.

trojan banker

resource	yara_rule
behavioral1/memory/3304-376-0x0000000000650000-0x000000000065C000-memory.dmp	emotet

Loads dropped DLL 20 IoCs

pid	Process
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe
2328	DoomRat.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4864-152-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5572-389-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/3116-348-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4104-471-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5292-562-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000700000001ae2d-3456.dat	upx

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	83.133.123.20
Destination IP	83.133.123.20

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
2	pastebin.com

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/5936-477-0x0000000000400000-0x0000000000496000-memory.dmp	autoit_exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5540	5636	WerFault.exe	116
5524	5672	WerFault.exe	141

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2328	2776	DoomRat.exe	73
PID 2776 wrote to memory of 2328	2776	DoomRat.exe	73
PID 2328 wrote to memory of 2176	2328	DoomRat.exe	74
PID 2328 wrote to memory of 2176	2328	DoomRat.exe	74

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
  "C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2176
- - C:\Users\Admin\Downloads\240919-std2pawdrneb9f80f55068fb6230e3a89a6ca96058_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-std2pawdrneb9f80f55068fb6230e3a89a6ca96058_JaffaCakes118.exe
    3⤵
    PID:3716
- - C:\Users\Admin\Downloads\240919-std2pawdrpbb64af99da14ec165dba310c182536c64d06a9fa580a87553e2d9e1cf5b134b8N.exe
    C:\Users\Admin\Downloads\240919-std2pawdrpbb64af99da14ec165dba310c182536c64d06a9fa580a87553e2d9e1cf5b134b8N.exe
    3⤵
    PID:4632
  - - C:\backup.exe
      \backup.exe \
      4⤵
      PID:2176
    - - C:\Program Files (x86)\backup.exe
        
        "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
        5⤵
        
        PID:11964
- - C:\Users\Admin\Downloads\240919-spkzfawcknTrojan.Win32.Amadey.RPQ.MTB-407c3a4a359e25417c213b7384425234d72d917a8346e63d5440273e823335a0N
    C:\Users\Admin\Downloads\240919-spkzfawcknTrojan.Win32.Amadey.RPQ.MTB-407c3a4a359e25417c213b7384425234d72d917a8346e63d5440273e823335a0N
    3⤵
    PID:4864
  - - \??\c:\20026.exe
      c:\20026.exe
      4⤵
      PID:3064
    - - \??\c:\nnnhht.exe
        
        c:\nnnhht.exe
        5⤵
        
        PID:3116
      - \??\c:\k00866.exe
        
        c:\k00866.exe
        6⤵
        
        PID:4104
        
        \??\c:\08886.exe
        
        c:\08886.exe
        7⤵
        
        PID:5292
        
        \??\c:\42226.exe
        
        c:\42226.exe
        8⤵
        
        PID:6016
- - C:\Users\Admin\Downloads\240919-sp7hfawcnjd5f04415bea64ec976392a719df7b7a0d68d449121e17851729e5d53522837a4N.exe
    C:\Users\Admin\Downloads\240919-sp7hfawcnjd5f04415bea64ec976392a719df7b7a0d68d449121e17851729e5d53522837a4N.exe
    3⤵
    PID:3648
  - - C:\Windows\SysWOW64\Lfhdlh32.exe
      C:\Windows\system32\Lfhdlh32.exe
      4⤵
      PID:4428
- - C:\Users\Admin\Downloads\240919-sn58zswcjm540be4a741c569135346a2cc42ed7a142230da4aab32faba564639f79b4bff6dN.exe
    C:\Users\Admin\Downloads\240919-sn58zswcjm540be4a741c569135346a2cc42ed7a142230da4aab32faba564639f79b4bff6dN.exe
    3⤵
    PID:1008
- - C:\Users\Admin\Downloads\240919-sqhwgawcpkeb9da9383be38641e7f8f4ef0bc96295_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sqhwgawcpkeb9da9383be38641e7f8f4ef0bc96295_JaffaCakes118.exe
    3⤵
    PID:3296
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\9664.tmp.bat
      4⤵
      PID:8412
- - C:\Users\Admin\Downloads\240919-sjekgavdrcab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949bN.exe
    C:\Users\Admin\Downloads\240919-sjekgavdrcab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949bN.exe
    3⤵
    PID:2072
  - - C:\Windows\SysWOW64\Lphoelqn.exe
      C:\Windows\system32\Lphoelqn.exe
      4⤵
      PID:2036
- - C:\Users\Admin\Downloads\240919-sq7jtswcrqb054f0e0df1e4c336b52d7d28c79aeda40df6d2593616b2852078156aeac8e1eN.exe
    C:\Users\Admin\Downloads\240919-sq7jtswcrqb054f0e0df1e4c336b52d7d28c79aeda40df6d2593616b2852078156aeac8e1eN.exe
    3⤵
    PID:804
- - C:\Users\Admin\Downloads\240919-spw2pswclq75bd5eaf0128130032ccc83fb4b53cc7fbb7a57be6679ba7040568b9affeb7f7N.exe
    C:\Users\Admin\Downloads\240919-spw2pswclq75bd5eaf0128130032ccc83fb4b53cc7fbb7a57be6679ba7040568b9affeb7f7N.exe
    3⤵
    PID:1880
- - C:\Users\Admin\Downloads\240919-sh6ybsvdqe3b2d7bf4853453953c26fe925f662e16122a1d5d3f237c4ae89c10fbddf4ab6eN.exe
    C:\Users\Admin\Downloads\240919-sh6ybsvdqe3b2d7bf4853453953c26fe925f662e16122a1d5d3f237c4ae89c10fbddf4ab6eN.exe
    3⤵
    PID:5280
  - - C:\Windows\SysWOW64\Andqdh32.exe
      C:\Windows\system32\Andqdh32.exe
      4⤵
      PID:312
- - C:\Users\Admin\Downloads\240919-saya8avemn780da5756cc8c54ddd347e3d6d00c816f28cff1f936381983bb5ba3eda20ac01N.exe
    C:\Users\Admin\Downloads\240919-saya8avemn780da5756cc8c54ddd347e3d6d00c816f28cff1f936381983bb5ba3eda20ac01N.exe
    3⤵
    PID:5572
  - - C:\Windows\4k51k4.exe
      C:\Windows\4k51k4.exe
      4⤵
      PID:10704
- - C:\Users\Admin\Downloads\240919-snhgxswbppa6aaee5495c66c452b1d8aca6582b5f9a66c17ded7a4702c88fd007adce9add6N.exe
    C:\Users\Admin\Downloads\240919-snhgxswbppa6aaee5495c66c452b1d8aca6582b5f9a66c17ded7a4702c88fd007adce9add6N.exe
    3⤵
    PID:5584
  - - C:\Windows\SysWOW64\Andqdh32.exe
      C:\Windows\system32\Andqdh32.exe
      4⤵
      PID:1244
- - C:\Users\Admin\Downloads\240919-saqalsvelreb92c90ea30e7b4ddb21fd9ff30e1f6f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-saqalsvelreb92c90ea30e7b4ddb21fd9ff30e1f6f_JaffaCakes118.exe
    3⤵
    PID:5740
- - C:\Users\Admin\Downloads\240919-sqlx5awcpn44d618895f2f4dbe2d1b73442088c6d85e776ca8ed49c73f4bc2d908efbc899eN.exe
    C:\Users\Admin\Downloads\240919-sqlx5awcpn44d618895f2f4dbe2d1b73442088c6d85e776ca8ed49c73f4bc2d908efbc899eN.exe
    3⤵
    PID:5888
  - - C:\Windows\SysWOW64\Agoabn32.exe
      C:\Windows\system32\Agoabn32.exe
      4⤵
      PID:928
    - - C:\Windows\SysWOW64\Gkleeplq.exe
        
        C:\Windows\system32\Gkleeplq.exe
        5⤵
        
        PID:6088
- - C:\Users\Admin\Downloads\240919-slggvawaqq1a6a536e5fb99dbe6c0f81d0d48506b23e6fce6cb5f32f82225b3d3d54ee9c1eN.exe
    C:\Users\Admin\Downloads\240919-slggvawaqq1a6a536e5fb99dbe6c0f81d0d48506b23e6fce6cb5f32f82225b3d3d54ee9c1eN.exe
    3⤵
    PID:5896
  - - C:\Windows\SysWOW64\Bfabnjjp.exe
      C:\Windows\system32\Bfabnjjp.exe
      4⤵
      PID:4912
- - C:\Users\Admin\Downloads\240919-smve4awbnk82e97fd57c5018d7b22cc8174d0f0e1a28b99248768bb0999a9deff320432d14N.exe
    C:\Users\Admin\Downloads\240919-smve4awbnk82e97fd57c5018d7b22cc8174d0f0e1a28b99248768bb0999a9deff320432d14N.exe
    3⤵
    PID:5912
- - C:\Users\Admin\Downloads\240919-sl87vswblmeb9ace42ad371f175b3d5a2dc2a3ebd8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sl87vswblmeb9ace42ad371f175b3d5a2dc2a3ebd8_JaffaCakes118.exe
    3⤵
    PID:5920
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe"
      4⤵
      PID:10308
- - C:\Users\Admin\Downloads\240919-skwv5swann00aa168efc0adf799af6102847a97cf3503f1be2a3e831c2560888a99e6f29ffN.exe
    C:\Users\Admin\Downloads\240919-skwv5swann00aa168efc0adf799af6102847a97cf3503f1be2a3e831c2560888a99e6f29ffN.exe
    3⤵
    PID:5928
  - - C:\Windows\SysWOW64\Fgppmd32.exe
      C:\Windows\system32\Fgppmd32.exe
      4⤵
      PID:660
- - C:\Users\Admin\Downloads\240919-spj25svgjceb9cdac54d037f7626ddb615175a9c18_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-spj25svgjceb9cdac54d037f7626ddb615175a9c18_JaffaCakes118.exe
    3⤵
    PID:5936
  - - C:\Windows\SysWOW64\ulzmpgoqsz.exe
      ulzmpgoqsz.exe
      4⤵
      PID:8748
    - - C:\Windows\SysWOW64\zhrngrgc.exe
        
        C:\Windows\system32\zhrngrgc.exe
        5⤵
        
        PID:10716
  - - C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      4⤵
      PID:9852
- - C:\Users\Admin\Downloads\240919-snfnbsvfnd60c9bd9e280b97a2ac3785d9fb138e84c40032656085eba8a265d1c622349bb6N.exe
    C:\Users\Admin\Downloads\240919-snfnbsvfnd60c9bd9e280b97a2ac3785d9fb138e84c40032656085eba8a265d1c622349bb6N.exe
    3⤵
    PID:5944
- - C:\Users\Admin\Downloads\240919-skvcbavemheb99c17c5bf25ff4bd4a4ad5ba6cf12d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-skvcbavemheb99c17c5bf25ff4bd4a4ad5ba6cf12d_JaffaCakes118.exe
    3⤵
    PID:5952
  - - C:\Users\Admin\zuamo.exe
      "C:\Users\Admin\zuamo.exe"
      4⤵
      PID:7832
- - C:\Users\Admin\Downloads\240919-sbtz7avargde6f66015e605baa65fe55411a5437669e7026b7b441b48e0d8e410c81c944a4N.exe
    C:\Users\Admin\Downloads\240919-sbtz7avargde6f66015e605baa65fe55411a5437669e7026b7b441b48e0d8e410c81c944a4N.exe
    3⤵
    PID:4156
- - C:\Users\Admin\Downloads\240919-skl1yawaml8073230cdcff4ca1203757fe287faf839de1cf08060bfbba349a10da168de27cN.exe
    C:\Users\Admin\Downloads\240919-skl1yawaml8073230cdcff4ca1203757fe287faf839de1cf08060bfbba349a10da168de27cN.exe
    3⤵
    PID:508
- - C:\Users\Admin\Downloads\240919-skn6aswamp15034360651b17b97e4b3f026ea2d78cc141624cdac5398db80afa44f29edc4dN.exe
    C:\Users\Admin\Downloads\240919-skn6aswamp15034360651b17b97e4b3f026ea2d78cc141624cdac5398db80afa44f29edc4dN.exe
    3⤵
    PID:5672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 368
      4⤵
      Program crash
      PID:5524
- - C:\Users\Admin\Downloads\240919-spqjxsvgkaeb9d07474728f002e7080a5e9caa40a7_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-spqjxsvgkaeb9d07474728f002e7080a5e9caa40a7_JaffaCakes118.exe
    3⤵
    PID:10012
- - C:\Users\Admin\Downloads\240919-sa3kyavapaeb931dd96eef969ee4bb78f2a18ddd6c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sa3kyavapaeb931dd96eef969ee4bb78f2a18ddd6c_JaffaCakes118.exe
    3⤵
    PID:7552
- - C:\Users\Admin\Downloads\240919-sqw34avgpdeb9ddee05cdb0a2bd1ebf3b03568d77c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sqw34avgpdeb9ddee05cdb0a2bd1ebf3b03568d77c_JaffaCakes118.exe
    3⤵
    PID:5612
- - C:\Users\Admin\Downloads\240919-ss6ejsvhreeb9f4e5024983187deb7ae3852021ba6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ss6ejsvhreeb9f4e5024983187deb7ae3852021ba6_JaffaCakes118.exe
    3⤵
    PID:6848
- - C:\Users\Admin\Downloads\240919-sqbr6avgmbeb9d8d84c0964ea996c6935486d21f41_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sqbr6avgmbeb9d8d84c0964ea996c6935486d21f41_JaffaCakes118.exe
    3⤵
    PID:6828
- - C:\Users\Admin\Downloads\240919-sq9deswdjl748ffebe46bd6aa9f07b24681d90ad6cbafcd37812d35e43c91c1a55ca7aa696N.exe
    C:\Users\Admin\Downloads\240919-sq9deswdjl748ffebe46bd6aa9f07b24681d90ad6cbafcd37812d35e43c91c1a55ca7aa696N.exe
    3⤵
    PID:6988
- - C:\Users\Admin\Downloads\240919-sp5c3swcmq43a8af30f52ac54c268025a5ef5f55ae6ace79ff4ed5cb891a43b729251dce18N.exe
    C:\Users\Admin\Downloads\240919-sp5c3swcmq43a8af30f52ac54c268025a5ef5f55ae6ace79ff4ed5cb891a43b729251dce18N.exe
    3⤵
    PID:6832
- - C:\Users\Admin\Downloads\240919-sh4szavhpra4d16b9bb39dde16dcc36e60ef0aee7a2f761a155e042594bccc91c58a270850N.exe
    C:\Users\Admin\Downloads\240919-sh4szavhpra4d16b9bb39dde16dcc36e60ef0aee7a2f761a155e042594bccc91c58a270850N.exe
    3⤵
    PID:6180
- - C:\Users\Admin\Downloads\240919-skte1svemgda296e743f6ac8553d053bd9177b89da9e6b3cb4ee67fb6c6fface3e57b4cc45N.exe
    C:\Users\Admin\Downloads\240919-skte1svemgda296e743f6ac8553d053bd9177b89da9e6b3cb4ee67fb6c6fface3e57b4cc45N.exe
    3⤵
    PID:5664
- - C:\Users\Admin\Downloads\240919-spmg9swckq4d34263c38e98e6aeb0a3d811fc4a6689b546d6c5b88b4f2958aa042a929f8dfN.exe
    C:\Users\Admin\Downloads\240919-spmg9swckq4d34263c38e98e6aeb0a3d811fc4a6689b546d6c5b88b4f2958aa042a929f8dfN.exe
    3⤵
    PID:2804
- - C:\Users\Admin\Downloads\240919-sg43cavhllf25a6501c9701d48eb62b438c8832b354c2354120da5ccd08947a296c4ab5827N.exe
    C:\Users\Admin\Downloads\240919-sg43cavhllf25a6501c9701d48eb62b438c8832b354c2354120da5ccd08947a296c4ab5827N.exe
    3⤵
    PID:5004
- - C:\Users\Admin\Downloads\240919-scf5qavfjrfaa1f00130c372a34ab11558ad649a9142d4282ef3df1febf83e287f9bbf0452N.exe
    C:\Users\Admin\Downloads\240919-scf5qavfjrfaa1f00130c372a34ab11558ad649a9142d4282ef3df1febf83e287f9bbf0452N.exe
    3⤵
    PID:7464
- - C:\Users\Admin\Downloads\240919-sqsqnsvgnheb9dd764707240980fe6713038a4754c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sqsqnsvgnheb9dd764707240980fe6713038a4754c_JaffaCakes118.exe
    3⤵
    PID:5992
- - C:\Users\Admin\Downloads\240919-set5csvcld202409195c829f1a956645f3ab2b77d845cfe009virlock.exe
    C:\Users\Admin\Downloads\240919-set5csvcld202409195c829f1a956645f3ab2b77d845cfe009virlock.exe
    3⤵
    PID:6660
- - C:\Users\Admin\Downloads\240919-r76s7atgrgb5989fb49c64b04d2feedad3268b3b0e84f12969f6b6c0d4ec65e1d4949cabfcN.exe
    C:\Users\Admin\Downloads\240919-r76s7atgrgb5989fb49c64b04d2feedad3268b3b0e84f12969f6b6c0d4ec65e1d4949cabfcN.exe
    3⤵
    PID:7332
- - C:\Users\Admin\Downloads\240919-r7bytavclr4e71b50229a98c725cab167f2a19a0aa44708684e62c0b5ebcbb2596504e4befN.exe
    C:\Users\Admin\Downloads\240919-r7bytavclr4e71b50229a98c725cab167f2a19a0aa44708684e62c0b5ebcbb2596504e4befN.exe
    3⤵
    PID:7444
- - C:\Users\Admin\Downloads\240919-sdgsmsvbqb0e123f0cf4818c9a4ca07bb0c301b12347f6c714cb2fbb5e2b497565ebb8d4b0N.exe
    C:\Users\Admin\Downloads\240919-sdgsmsvbqb0e123f0cf4818c9a4ca07bb0c301b12347f6c714cb2fbb5e2b497565ebb8d4b0N.exe
    3⤵
    PID:7452
- - C:\Users\Admin\Downloads\240919-seysjsvgkrf1ec2e5a413213f00ec75832bbdf857cdcee9b85f34617b2e94f01957b23da01N.exe
    C:\Users\Admin\Downloads\240919-seysjsvgkrf1ec2e5a413213f00ec75832bbdf857cdcee9b85f34617b2e94f01957b23da01N.exe
    3⤵
    PID:9172
- - C:\Users\Admin\Downloads\240919-sfljlsvgnne8d5949dc6f27e87edc5e79731e0c875dc81121a3826cd3fae0d015939ba11a6N.exe
    C:\Users\Admin\Downloads\240919-sfljlsvgnne8d5949dc6f27e87edc5e79731e0c875dc81121a3826cd3fae0d015939ba11a6N.exe
    3⤵
    PID:6692
- - C:\Users\Admin\Downloads\240919-sg9ylavdlc202409196fec678eb1c362521a1bf7cb26664eadvirlock.exe
    C:\Users\Admin\Downloads\240919-sg9ylavdlc202409196fec678eb1c362521a1bf7cb26664eadvirlock.exe
    3⤵
    PID:6664
- - C:\Users\Admin\Downloads\240919-sqwsbsvgpc593fd658f602181116ffa5155401dd00fbc9987eb1448491300ea57d3b648cd8N.exe
    C:\Users\Admin\Downloads\240919-sqwsbsvgpc593fd658f602181116ffa5155401dd00fbc9987eb1448491300ea57d3b648cd8N.exe
    3⤵
    PID:7868
- - C:\Users\Admin\Downloads\240919-sed35svfrn2024091953957c9719c6574eafbf32ffc7ca0ab6virlock.exe
    C:\Users\Admin\Downloads\240919-sed35svfrn2024091953957c9719c6574eafbf32ffc7ca0ab6virlock.exe
    3⤵
    PID:7644
- - C:\Users\Admin\Downloads\240919-r8mrpsthkh60f64e8be3e817e07dd1cce0137f21c57340bd0a27f328b7dd6e23eec19c3f72N.exe
    C:\Users\Admin\Downloads\240919-r8mrpsthkh60f64e8be3e817e07dd1cce0137f21c57340bd0a27f328b7dd6e23eec19c3f72N.exe
    3⤵
    PID:9112
- - C:\Users\Admin\Downloads\240919-sc8jzavbpceb94887eafca72cb836ff86c0f05d93e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sc8jzavbpceb94887eafca72cb836ff86c0f05d93e_JaffaCakes118.exe
    3⤵
    PID:4120
- - C:\Users\Admin\Downloads\240919-sg2bfsvhljeb97d32e35a6881a0e96c2c346c66b24_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sg2bfsvhljeb97d32e35a6881a0e96c2c346c66b24_JaffaCakes118.exe
    3⤵
    PID:6168
- - C:\Users\Admin\Downloads\240919-r834pavdmlcc27baeec251e3e2f9ebb55f2d548434d021c2dd87eb0759d0c390a4a6f3784b.exe
    C:\Users\Admin\Downloads\240919-r834pavdmlcc27baeec251e3e2f9ebb55f2d548434d021c2dd87eb0759d0c390a4a6f3784b.exe
    3⤵
    PID:6136
- - C:\Users\Admin\Downloads\240919-sc86havbpdf987da605469d0fe2af25072c1b1c82f368229e3c0445482e3279c70969590e9N.exe
    C:\Users\Admin\Downloads\240919-sc86havbpdf987da605469d0fe2af25072c1b1c82f368229e3c0445482e3279c70969590e9N.exe
    3⤵
    PID:9124
- - C:\Users\Admin\Downloads\240919-r78msathjb97f840c51d671c729ba140a4a6834362fa03e8bd8d82375e5daea152da567f24N.exe
    C:\Users\Admin\Downloads\240919-r78msathjb97f840c51d671c729ba140a4a6834362fa03e8bd8d82375e5daea152da567f24N.exe
    3⤵
    PID:7800
- - C:\Users\Admin\Downloads\240919-shkp4avhnjaf797466ad31778cd259c8cd1d339f015da5934b9d5ceda05f8f2f9b958a8c44N.exe
    C:\Users\Admin\Downloads\240919-shkp4avhnjaf797466ad31778cd259c8cd1d339f015da5934b9d5ceda05f8f2f9b958a8c44N.exe
    3⤵
    PID:8604
- - C:\Users\Admin\Downloads\240919-sada2svala2.exe
    C:\Users\Admin\Downloads\240919-sada2svala2.exe
    3⤵
    PID:6880
- - C:\Users\Admin\Downloads\240919-r7lg9atgnfeb903ba4825444383a00ec563caa0544_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-r7lg9atgnfeb903ba4825444383a00ec563caa0544_JaffaCakes118.exe
    3⤵
    PID:8520
- - C:\Users\Admin\Downloads\240919-se5wvsvglneb964a87d93c8c86b57efa26638152e3_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-se5wvsvglneb964a87d93c8c86b57efa26638152e3_JaffaCakes118.exe
    3⤵
    PID:8168
- - C:\Users\Admin\Downloads\240919-smckaawblpeb9aeed46535d0ed75bb81e725f1fc2c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-smckaawblpeb9aeed46535d0ed75bb81e725f1fc2c_JaffaCakes118.exe
    3⤵
    PID:7916
- - C:\Users\Admin\Downloads\240919-sbvxgsvbja2024-09-19_edfef3e96e70c8e379fce328ac45acbe_avoslocker_cobalt-strike_floxif.exe
    C:\Users\Admin\Downloads\240919-sbvxgsvbja2024-09-19_edfef3e96e70c8e379fce328ac45acbe_avoslocker_cobalt-strike_floxif.exe
    3⤵
    PID:8060
- - C:\Users\Admin\Downloads\240919-srhl4awdkneb9e622370965143047a6295f010ca1c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-srhl4awdkneb9e622370965143047a6295f010ca1c_JaffaCakes118.exe
    3⤵
    PID:8576
- - C:\Users\Admin\Downloads\240919-slc5esvepeNexus.exe
    C:\Users\Admin\Downloads\240919-slc5esvepeNexus.exe
    3⤵
    PID:4168
- - C:\Users\Admin\Downloads\240919-shv6tsvhpjfile.exe
    C:\Users\Admin\Downloads\240919-shv6tsvhpjfile.exe
    3⤵
    PID:6124
- - C:\Users\Admin\Downloads\240919-r8h4hsthkfpe513ZxNNQ32P70 (1).exe
    "C:\Users\Admin\Downloads\240919-r8h4hsthkfpe513ZxNNQ32P70 (1).exe"
    3⤵
    PID:8984
- - C:\Users\Admin\Downloads\240919-sbp18sveqpeb9364c25d00aebb3e6169e227f501a1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sbp18sveqpeb9364c25d00aebb3e6169e227f501a1_JaffaCakes118.exe
    3⤵
    PID:5904
- - C:\Users\Admin\Downloads\240919-srmaaavhjbb092ce64b794f10396cb5e3ff8ef94bea951b10e7968cb06b54edece5df72a83N.exe
    C:\Users\Admin\Downloads\240919-srmaaavhjbb092ce64b794f10396cb5e3ff8ef94bea951b10e7968cb06b54edece5df72a83N.exe
    3⤵
    PID:8368
- - C:\Users\Admin\Downloads\240919-sptatawclleb9d2f7293c21bb29f02a69b2ac9530c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sptatawclleb9d2f7293c21bb29f02a69b2ac9530c_JaffaCakes118.exe
    3⤵
    PID:5316
- - C:\Users\Admin\Downloads\240919-sdyq6avfpp2024091937fbe98e77f04cffe217a4d0a64ccf63gandcrab.exe
    C:\Users\Admin\Downloads\240919-sdyq6avfpp2024091937fbe98e77f04cffe217a4d0a64ccf63gandcrab.exe
    3⤵
    PID:6560
- - C:\Users\Admin\Downloads\240919-sdx5mavfpneb9534f0d594c38ba97c3a619541c0b2_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sdx5mavfpneb9534f0d594c38ba97c3a619541c0b2_JaffaCakes118.exe
    3⤵
    PID:8196
  - - C:\Users\Admin\Downloads\240919-sdx5mavfpneb9534f0d594c38ba97c3a619541c0b2_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-sdx5mavfpneb9534f0d594c38ba97c3a619541c0b2_JaffaCakes118.exe"
      4⤵
      PID:2136
- - C:\Users\Admin\Downloads\240919-ss2rcswdqmeb9f3d8e5bd34b92f86bff7d160b992d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ss2rcswdqmeb9f3d8e5bd34b92f86bff7d160b992d_JaffaCakes118.exe
    3⤵
    PID:7996
- - C:\Users\Admin\Downloads\240919-r8a3xavcrk05dae67bcee6dd1e90fce7b81bcb377a7c740f2284c83c578e255847b79e303dN.exe
    C:\Users\Admin\Downloads\240919-r8a3xavcrk05dae67bcee6dd1e90fce7b81bcb377a7c740f2284c83c578e255847b79e303dN.exe
    3⤵
    PID:7964
  - - C:\Windows\SysWOW64\Phodcg32.exe
      C:\Windows\system32\Phodcg32.exe
      4⤵
      PID:10112
    - - C:\Windows\SysWOW64\Dnpdegjp.exe
        
        C:\Windows\system32\Dnpdegjp.exe
        5⤵
        
        PID:14944
- - C:\Users\Admin\Downloads\240919-sblc2sveqjBackdoor.Win32.Padodor.SK.MTB-54519c92801ac2089896197bd4899fa0e54333f6437ae8976a9a88f97c68aa54N
    C:\Users\Admin\Downloads\240919-sblc2sveqjBackdoor.Win32.Padodor.SK.MTB-54519c92801ac2089896197bd4899fa0e54333f6437ae8976a9a88f97c68aa54N
    3⤵
    PID:7804
  - - C:\Windows\SysWOW64\Phodcg32.exe
      C:\Windows\system32\Phodcg32.exe
      4⤵
      PID:9212
- - C:\Users\Admin\Downloads\240919-sns9esvfpffa46bf9dc2cdad6c8f05a214d4b121eff5f15d7f70977be7530f09f0b6fbe0e4N.exe
    C:\Users\Admin\Downloads\240919-sns9esvfpffa46bf9dc2cdad6c8f05a214d4b121eff5f15d7f70977be7530f09f0b6fbe0e4N.exe
    3⤵
    PID:3516
- - C:\Users\Admin\Downloads\240919-srdyxavgrcBackdoor.Win32.Berbew.pz-cea53575e91bcaeb54bce7a5654833bcfd6ab9c5e1872a48a1f55a13d22e933eN
    C:\Users\Admin\Downloads\240919-srdyxavgrcBackdoor.Win32.Berbew.pz-cea53575e91bcaeb54bce7a5654833bcfd6ab9c5e1872a48a1f55a13d22e933eN
    3⤵
    PID:8424
  - - C:\Windows\SysWOW64\Phodcg32.exe
      C:\Windows\system32\Phodcg32.exe
      4⤵
      PID:200
    - - C:\Windows\SysWOW64\Dfdpad32.exe
        
        C:\Windows\system32\Dfdpad32.exe
        5⤵
        
        PID:11204
- - C:\Users\Admin\Downloads\240919-se18nsvglj37466b282f17b2d87fcea8fe22a8dacd9b5c2159c206803d000a875003754bfcN.exe
    C:\Users\Admin\Downloads\240919-se18nsvglj37466b282f17b2d87fcea8fe22a8dacd9b5c2159c206803d000a875003754bfcN.exe
    3⤵
    PID:4356
  - - C:\Windows\SysWOW64\Dbkqfe32.exe
      C:\Windows\system32\Dbkqfe32.exe
      4⤵
      PID:15092
- - C:\Users\Admin\Downloads\240919-sa5ejavapebb18de7a6aec9549f295f7940ab6624e7c59934e1e03a81e1e3ccd42b87dbfcaN.exe
    C:\Users\Admin\Downloads\240919-sa5ejavapebb18de7a6aec9549f295f7940ab6624e7c59934e1e03a81e1e3ccd42b87dbfcaN.exe
    3⤵
    PID:8444
  - - C:\Windows\SysWOW64\Oogpjbbb.exe
      C:\Windows\system32\Oogpjbbb.exe
      4⤵
      PID:12808
    - - C:\Windows\SysWOW64\Domdjj32.exe
        
        C:\Windows\system32\Domdjj32.exe
        5⤵
        
        PID:15108
- - C:\Users\Admin\Downloads\240919-sbqmrsvard136a72b872680f5c983d2953f0c765e46fea9516f95d2563b3bb99508f6ff896N.exe
    C:\Users\Admin\Downloads\240919-sbqmrsvard136a72b872680f5c983d2953f0c765e46fea9516f95d2563b3bb99508f6ff896N.exe
    3⤵
    PID:7892
  - - C:\Windows\SysWOW64\Onpjichj.exe
      C:\Windows\system32\Onpjichj.exe
      4⤵
      PID:12312
- - C:\Users\Admin\Downloads\240919-sfeq3avcmg2841029e2f5f4705adc25db405ddda2aaab4f3c65ba6845cd9afcd65c15d1f74N.exe
    C:\Users\Admin\Downloads\240919-sfeq3avcmg2841029e2f5f4705adc25db405ddda2aaab4f3c65ba6845cd9afcd65c15d1f74N.exe
    3⤵
    PID:7848
  - - C:\Windows\SysWOW64\Omcjep32.exe
      C:\Windows\system32\Omcjep32.exe
      4⤵
      PID:14128
    - - C:\Windows\SysWOW64\Dhclmp32.exe
        
        C:\Windows\system32\Dhclmp32.exe
        5⤵
        
        PID:15052
- - C:\Users\Admin\Downloads\240919-shbr7avdlfd72c1ef17beeb522d2021bfae5effdc1bdee4445911bb1b2beaa63dc4e1442b2N.exe
    C:\Users\Admin\Downloads\240919-shbr7avdlfd72c1ef17beeb522d2021bfae5effdc1bdee4445911bb1b2beaa63dc4e1442b2N.exe
    3⤵
    PID:5384
  - - C:\Windows\SysWOW64\Ohhnbhok.exe
      C:\Windows\system32\Ohhnbhok.exe
      4⤵
      PID:14144
- - C:\Users\Admin\Downloads\240919-r9353svejnd39282f2b2de084a7db152539c5e5e025f4c762561ce8c3213282d9cda9838bbN.exe
    C:\Users\Admin\Downloads\240919-r9353svejnd39282f2b2de084a7db152539c5e5e025f4c762561ce8c3213282d9cda9838bbN.exe
    3⤵
    PID:6284
  - - C:\Windows\SysWOW64\Odmbaj32.exe
      C:\Windows\system32\Odmbaj32.exe
      4⤵
      PID:12752
    - - C:\Windows\SysWOW64\Dbicpfdk.exe
        
        C:\Windows\system32\Dbicpfdk.exe
        5⤵
        
        PID:14916
- - C:\Users\Admin\Downloads\240919-r96k7svakc9a08caae004cc164b8f59c34b2ebedf7ae1c84a4f0b83ae3285cb3639858fd72N.exe
    C:\Users\Admin\Downloads\240919-r96k7svakc9a08caae004cc164b8f59c34b2ebedf7ae1c84a4f0b83ae3285cb3639858fd72N.exe
    3⤵
    PID:8620
- - C:\Users\Admin\Downloads\240919-sdj8rsvfnq695819316016397932703a7454d90ca2d60c5376d3447a89b9aeaca05b8ea4bbN.exe
    C:\Users\Admin\Downloads\240919-sdj8rsvfnq695819316016397932703a7454d90ca2d60c5376d3447a89b9aeaca05b8ea4bbN.exe
    3⤵
    PID:9988
  - - C:\Windows\SysWOW64\Oejbfmpg.exe
      C:\Windows\system32\Oejbfmpg.exe
      4⤵
      PID:14056
    - - C:\Windows\SysWOW64\Dmohno32.exe
        
        C:\Windows\system32\Dmohno32.exe
        5⤵
        
        PID:14928
- - C:\Users\Admin\Downloads\240919-r8vsbathlheb91519abcf3f5ab50c4bcfd5366854b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-r8vsbathlheb91519abcf3f5ab50c4bcfd5366854b_JaffaCakes118.exe
    3⤵
    PID:8304
- - C:\Users\Admin\Downloads\240919-r8smysvdklae873946813780a6683662612dd72c99e4532811e4b6e0f869dc46d74a2bedc4.exe
    C:\Users\Admin\Downloads\240919-r8smysvdklae873946813780a6683662612dd72c99e4532811e4b6e0f869dc46d74a2bedc4.exe
    3⤵
    PID:8388
- - C:\Users\Admin\Downloads\240919-slt3yawbjn5da81b48298894356c732d7acad28c70784358c46fd415a2fcdf98c122f1b99dN.exe
    C:\Users\Admin\Downloads\240919-slt3yawbjn5da81b48298894356c732d7acad28c70784358c46fd415a2fcdf98c122f1b99dN.exe
    3⤵
    PID:5824
- - C:\Users\Admin\Downloads\240919-r9esgsthpbeb91ef931b4e8cd7fb9044e7c9aeaf14_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-r9esgsthpbeb91ef931b4e8cd7fb9044e7c9aeaf14_JaffaCakes118.exe
    3⤵
    PID:9444
- - C:\Users\Admin\Downloads\240919-smlg7awbmk8845ce2be94554b294db773bfc5b76550a7cbb78261e0163f0ef0c1cb2bebb8cN.exe
    C:\Users\Admin\Downloads\240919-smlg7awbmk8845ce2be94554b294db773bfc5b76550a7cbb78261e0163f0ef0c1cb2bebb8cN.exe
    3⤵
    PID:2624
- - C:\Users\Admin\Downloads\240919-shpn2svdna359ddf43018f021e31a0b855a33d0dc5722017a6a8c1a3caf740f28fef3dfd1fN.exe
    C:\Users\Admin\Downloads\240919-shpn2svdna359ddf43018f021e31a0b855a33d0dc5722017a6a8c1a3caf740f28fef3dfd1fN.exe
    3⤵
    PID:7596
- - C:\Users\Admin\Downloads\240919-r9xy3avdrr1dJhrysonhGIP1t.exe
    C:\Users\Admin\Downloads\240919-r9xy3avdrr1dJhrysonhGIP1t.exe
    3⤵
    PID:8928
- - C:\Users\Admin\Downloads\240919-sc4k1svbngeb945f9a250dd01c142347503a383573_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sc4k1svbngeb945f9a250dd01c142347503a383573_JaffaCakes118.exe
    3⤵
    PID:5600
- - C:\Users\Admin\Downloads\240919-sk3cxswapleb99fba32f4b5255cd44ab27c2d8c6be_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sk3cxswapleb99fba32f4b5255cd44ab27c2d8c6be_JaffaCakes118.exe
    3⤵
    PID:5800
- - C:\Users\Admin\Downloads\240919-r873msvdnk4af231d9a82163fc6f2bcf1e02295e5bcc6c33f2d8536071b2c820be4af60e40N.exe
    C:\Users\Admin\Downloads\240919-r873msvdnk4af231d9a82163fc6f2bcf1e02295e5bcc6c33f2d8536071b2c820be4af60e40N.exe
    3⤵
    PID:8384
- - C:\Users\Admin\Downloads\240919-scnvkavfkq3bbbebccee4318342a5fd7d19ffd329c6d41f6e8b2f33236c243fb76a76edc54N.exe
    C:\Users\Admin\Downloads\240919-scnvkavfkq3bbbebccee4318342a5fd7d19ffd329c6d41f6e8b2f33236c243fb76a76edc54N.exe
    3⤵
    PID:5972
- - C:\Users\Admin\Downloads\240919-sgfdzsvcqh20240919630553d0f28fc3fe152da4891d1e44fdvirlock.exe
    C:\Users\Admin\Downloads\240919-sgfdzsvcqh20240919630553d0f28fc3fe152da4891d1e44fdvirlock.exe
    3⤵
    PID:9244
- - C:\Users\Admin\Downloads\240919-sj7agswakr2f1484f98f19d34d3dd58124d7446999fd1a4212484f371b07c90a15e4f71837N.exe
    C:\Users\Admin\Downloads\240919-sj7agswakr2f1484f98f19d34d3dd58124d7446999fd1a4212484f371b07c90a15e4f71837N.exe
    3⤵
    PID:9276
- - C:\Users\Admin\Downloads\240919-sdznfsvcjac0b91839ec7d79a23306d9b68e1427c7de81ab904f7e37ef96ee62de4a616b19N.exe
    C:\Users\Admin\Downloads\240919-sdznfsvcjac0b91839ec7d79a23306d9b68e1427c7de81ab904f7e37ef96ee62de4a616b19N.exe
    3⤵
    PID:9316
- - C:\Users\Admin\Downloads\240919-stbasswajfeb9f765a1135e957e8f55e415e2d5d3e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-stbasswajfeb9f765a1135e957e8f55e415e2d5d3e_JaffaCakes118.exe
    3⤵
    PID:9328
- - C:\Users\Admin\Downloads\240919-r74c3atgqh0cd8b3b5837a4a9ce387756c776df7d06b9da33cdb606cc63ea461679af2be50N.exe
    C:\Users\Admin\Downloads\240919-r74c3atgqh0cd8b3b5837a4a9ce387756c776df7d06b9da33cdb606cc63ea461679af2be50N.exe
    3⤵
    PID:9352
- - C:\Users\Admin\Downloads\240919-sj21rswakn87d0936cbd8e6c9c317d4707f7da4b7e64a8a76e2a653ac4791d9f2fc01bb15bN.exe
    C:\Users\Admin\Downloads\240919-sj21rswakn87d0936cbd8e6c9c317d4707f7da4b7e64a8a76e2a653ac4791d9f2fc01bb15bN.exe
    3⤵
    PID:9368
- - C:\Users\Admin\Downloads\240919-sef8havckaeb95a79739b85a153e629ea3b25d1218_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sef8havckaeb95a79739b85a153e629ea3b25d1218_JaffaCakes118.exe
    3⤵
    PID:9392
- - C:\Users\Admin\Downloads\240919-r6n7ravcjp190920240949TJgGO5EprAaBIME.pif
    C:\Users\Admin\Downloads\240919-r6n7ravcjp190920240949TJgGO5EprAaBIME.pif
    3⤵
    PID:9428
- - C:\Users\Admin\Downloads\240919-r9p88avdqr0585be4f98856af13430b2e7c07aeb99e485eda6f51c417dcaced41dccc7a787.exe
    C:\Users\Admin\Downloads\240919-r9p88avdqr0585be4f98856af13430b2e7c07aeb99e485eda6f51c417dcaced41dccc7a787.exe
    3⤵
    PID:9452
- - C:\Users\Admin\Downloads\240919-sllfsswarkeb9a6fd7722fa25f5b0976a9a7815230_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sllfsswarkeb9a6fd7722fa25f5b0976a9a7815230_JaffaCakes118.exe
    3⤵
    PID:5892
- - C:\Users\Admin\Downloads\240919-r66f2avclkbe876394f4de755ff16e10361c1b776053759033959b7dee135947172ceea0f6N.exe
    C:\Users\Admin\Downloads\240919-r66f2avclkbe876394f4de755ff16e10361c1b776053759033959b7dee135947172ceea0f6N.exe
    3⤵
    PID:9480
- - C:\Users\Admin\Downloads\240919-sa7vnavenn202409190ac21c658e41264a54ed5f1602faaec4gandcrab.exe
    C:\Users\Admin\Downloads\240919-sa7vnavenn202409190ac21c658e41264a54ed5f1602faaec4gandcrab.exe
    3⤵
    PID:9512
- - C:\Users\Admin\Downloads\240919-sa2zeavenk8d1bca4bba87068325f36f8c1bf51766c046fadd1cae1e337240c43e8338116bN.exe
    C:\Users\Admin\Downloads\240919-sa2zeavenk8d1bca4bba87068325f36f8c1bf51766c046fadd1cae1e337240c43e8338116bN.exe
    3⤵
    PID:9548
- - C:\Users\Admin\Downloads\240919-r8971athne949d6aaba22f0bd4da230e8946d1300d939ab70f6b8f6e0442ade1c93634c8fbN.exe
    C:\Users\Admin\Downloads\240919-r8971athne949d6aaba22f0bd4da230e8946d1300d939ab70f6b8f6e0442ade1c93634c8fbN.exe
    3⤵
    PID:9552
- - C:\Users\Admin\Downloads\240919-sf9ansvgqre464f71ed96f91b82bf85660bd2942b5e71c64681cb1f09d2e29bc4f178b8c3bN.exe
    C:\Users\Admin\Downloads\240919-sf9ansvgqre464f71ed96f91b82bf85660bd2942b5e71c64681cb1f09d2e29bc4f178b8c3bN.exe
    3⤵
    PID:9596
- - C:\Users\Admin\Downloads\240919-smqf5svfkeeb9b430fff16314d097e17dee3ff8258_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-smqf5svfkeeb9b430fff16314d097e17dee3ff8258_JaffaCakes118.exe
    3⤵
    PID:9608
- - C:\Users\Admin\Downloads\240919-sfnc7svcnceb967cd66773626a7715a1d65155dc49_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sfnc7svcnceb967cd66773626a7715a1d65155dc49_JaffaCakes118.exe
    3⤵
    PID:9440
- - C:\Users\Admin\Downloads\240919-r81zbsthmcbc6bb8d4733c7ca4d3029ad1466a44c525cd16cceaf71656ce38a8686997b4e9N.exe
    C:\Users\Admin\Downloads\240919-r81zbsthmcbc6bb8d4733c7ca4d3029ad1466a44c525cd16cceaf71656ce38a8686997b4e9N.exe
    3⤵
    PID:9628
- - C:\Users\Admin\Downloads\240919-ssza8svhqeeb9f301008633bae40b32f0b16f270f3_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ssza8svhqeeb9f301008633bae40b32f0b16f270f3_JaffaCakes118.exe
    3⤵
    PID:9636
- - C:\Users\Admin\Downloads\240919-smzd2svfld347bb51f64bc7ebcbfd454b841f714496a5fda1bdf4782df51bc268b3499421aN.exe
    C:\Users\Admin\Downloads\240919-smzd2svfld347bb51f64bc7ebcbfd454b841f714496a5fda1bdf4782df51bc268b3499421aN.exe
    3⤵
    PID:9680
- - C:\Users\Admin\Downloads\240919-sgbe2avgrl8c3c400ae7fefe7cf00662b173876e77c52b11f5c890ec63e53d70f23910a336N.exe
    C:\Users\Admin\Downloads\240919-sgbe2avgrl8c3c400ae7fefe7cf00662b173876e77c52b11f5c890ec63e53d70f23910a336N.exe
    3⤵
    PID:9684
- - C:\Users\Admin\Downloads\240919-sf3g5avgql2146461450c058f83e9d2d6c59ee719a360ada5bb3b0ccfa0d0d6a0f792b001aN.exe
    C:\Users\Admin\Downloads\240919-sf3g5avgql2146461450c058f83e9d2d6c59ee719a360ada5bb3b0ccfa0d0d6a0f792b001aN.exe
    3⤵
    PID:9712
- - C:\Users\Admin\Downloads\240919-scg21svfkjeb93f5338a6afb8aba6483832017159f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-scg21svfkjeb93f5338a6afb8aba6483832017159f_JaffaCakes118.exe
    3⤵
    PID:4568
- - C:\Users\Admin\Downloads\240919-sb38vsvbjg0467c3a82c8ac4edae7751beffb1175c37c1e0e990e176019599ba454f0eb642N.exe
    C:\Users\Admin\Downloads\240919-sb38vsvbjg0467c3a82c8ac4edae7751beffb1175c37c1e0e990e176019599ba454f0eb642N.exe
    3⤵
    PID:2764
- - C:\Users\Admin\Downloads\240919-r6948atglg1cca522d5efffef9c7cc49ad1cc755ac9e5f04acd0b261fe62badd9634f217d3N.exe
    C:\Users\Admin\Downloads\240919-r6948atglg1cca522d5efffef9c7cc49ad1cc755ac9e5f04acd0b261fe62badd9634f217d3N.exe
    3⤵
    PID:4460
- - C:\Users\Admin\Downloads\240919-sf5bqavcqcae3fc035b8238a4ea8dd46e87d5db74160898a80b85afc4c6bb380951145cbb7N.exe
    C:\Users\Admin\Downloads\240919-sf5bqavcqcae3fc035b8238a4ea8dd46e87d5db74160898a80b85afc4c6bb380951145cbb7N.exe
    3⤵
    PID:524
- - C:\Users\Admin\Downloads\240919-r7f8jatgmfeb902189a72a0d48c707c2a4afbd3dd6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-r7f8jatgmfeb902189a72a0d48c707c2a4afbd3dd6_JaffaCakes118.exe
    3⤵
    PID:9820
- - C:\Users\Admin\Downloads\240919-r8kbksvcrreb91391b675209757b8768839cc61c95_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-r8kbksvcrreb91391b675209757b8768839cc61c95_JaffaCakes118.exe
    3⤵
    PID:10068
- - C:\Users\Admin\Downloads\240919-r8zfhathmb638890af02583dd725142262062ec94b3f624fb46434c4b2147d6fb688c5b338.exe
    C:\Users\Admin\Downloads\240919-r8zfhathmb638890af02583dd725142262062ec94b3f624fb46434c4b2147d6fb688c5b338.exe
    3⤵
    PID:10364
- - C:\Users\Admin\Downloads\240919-stb74awajh3936-0-0x0000000000250000-0x0000000000735000-memory.dmp
    C:\Users\Admin\Downloads\240919-stb74awajh3936-0-0x0000000000250000-0x0000000000735000-memory.dmp
    3⤵
    PID:10524
- - C:\Users\Admin\Downloads\240919-sl4x5swbkq20240919be895bd5ac158111518ec50d41fcb871magniber.exe
    C:\Users\Admin\Downloads\240919-sl4x5swbkq20240919be895bd5ac158111518ec50d41fcb871magniber.exe
    3⤵
    PID:10828
- - C:\Users\Admin\Downloads\240919-skmx8swamm202409198ebf786f4a48bf08443cfae508859af0cobaltstrikecobaltstrikepoetratsnatch.exe
    C:\Users\Admin\Downloads\240919-skmx8swamm202409198ebf786f4a48bf08443cfae508859af0cobaltstrikecobaltstrikepoetratsnatch.exe
    3⤵
    PID:10876
- - C:\Users\Admin\Downloads\240919-stadhawajd28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7.exe
    C:\Users\Admin\Downloads\240919-stadhawajd28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7.exe
    3⤵
    PID:11008
- - C:\Users\Admin\Downloads\240919-sg6aeavhlmeb97e7a36339fcf00fa4639ef481e2dc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-sg6aeavhlmeb97e7a36339fcf00fa4639ef481e2dc_JaffaCakes118.exe
    3⤵
    PID:9424
- - C:\Users\Admin\Downloads\240919-sbmwwaveql202409192902f742fd97d91cdf9709d16c17f224floxifmafia.exe
    C:\Users\Admin\Downloads\240919-sbmwwaveql202409192902f742fd97d91cdf9709d16c17f224floxifmafia.exe
    3⤵
    PID:2940
- - C:\Users\Admin\Downloads\240919-sc9f9svfmn2024091931ac9be3494081280c5b6c71ed81527bcobaltstrikecobaltstrikepoetratsnatch.exe
    C:\Users\Admin\Downloads\240919-sc9f9svfmn2024091931ac9be3494081280c5b6c71ed81527bcobaltstrikecobaltstrikepoetratsnatch.exe
    3⤵
    PID:10300
- - C:\Users\Admin\Downloads\240919-sr7k8avhmb59697f085fdaea5fa0273569694228ca2cab1e8030c76212f068c4fab4fef701N.exe
    C:\Users\Admin\Downloads\240919-sr7k8avhmb59697f085fdaea5fa0273569694228ca2cab1e8030c76212f068c4fab4fef701N.exe
    3⤵
    PID:11400
- - C:\Users\Admin\Downloads\240919-sk9r1avepdb5a44b7d778a29fdcc528d83d7669aeb6a6844c30571c4b3ae02bf3a9ac668d8N.exe
    C:\Users\Admin\Downloads\240919-sk9r1avepdb5a44b7d778a29fdcc528d83d7669aeb6a6844c30571c4b3ae02bf3a9ac668d8N.exe
    3⤵
    PID:14380
- - C:\Users\Admin\Downloads\240919-scy1javbnaeb944ddf7cddb1a125fcceada59c5b37_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-scy1javbnaeb944ddf7cddb1a125fcceada59c5b37_JaffaCakes118.exe
    3⤵
    PID:14392
- - C:\Users\Admin\Downloads\240919-sqjsrsvgnb20240919f137e79faffc23b3671d83d9d805e048cobaltstrikecobaltstrikepoetratsnatch.exe
    C:\Users\Admin\Downloads\240919-sqjsrsvgnb20240919f137e79faffc23b3671d83d9d805e048cobaltstrikecobaltstrikepoetratsnatch.exe
    3⤵
    PID:14400
- - C:\Users\Admin\Downloads\240919-slmzmaveqg20240919a2acb21a7c5a824738585561ed53eaacwannacry.exe
    C:\Users\Admin\Downloads\240919-slmzmaveqg20240919a2acb21a7c5a824738585561ed53eaacwannacry.exe
    3⤵
    PID:14416

C:\Windows\SysWOW64\Mlcifmbl.exe
C:\Windows\system32\Mlcifmbl.exe
1⤵
PID:5124
- C:\Windows\SysWOW64\Mnebeogl.exe
  C:\Windows\system32\Mnebeogl.exe
  2⤵
  PID:5408
- - C:\Windows\SysWOW64\Nphhmj32.exe
    C:\Windows\system32\Nphhmj32.exe
    3⤵
    PID:6096
  - - C:\Windows\SysWOW64\Fgppmd32.exe
      C:\Windows\system32\Fgppmd32.exe
      4⤵
      PID:5804

C:\Windows\SysWOW64\Mpoefk32.exe
C:\Windows\system32\Mpoefk32.exe
1⤵
PID:5160
- C:\Windows\SysWOW64\Npfkgjdn.exe
  C:\Windows\system32\Npfkgjdn.exe
  2⤵
  PID:5560
- - C:\Windows\SysWOW64\Neeqea32.exe
    C:\Windows\system32\Neeqea32.exe
    3⤵
    PID:3312

C:\Windows\SysWOW64\Mdjagjco.exe
C:\Windows\system32\Mdjagjco.exe
1⤵
PID:5208
- C:\Windows\SysWOW64\Mlhbal32.exe
  C:\Windows\system32\Mlhbal32.exe
  2⤵
  PID:5460
- - C:\Windows\SysWOW64\Ncfdie32.exe
    C:\Windows\system32\Ncfdie32.exe
    3⤵
    PID:96
  - - C:\Windows\SysWOW64\Fhmpagkp.exe
      C:\Windows\system32\Fhmpagkp.exe
      4⤵
      PID:5812

C:\Windows\SysWOW64\Mcmabg32.exe
C:\Windows\system32\Mcmabg32.exe
1⤵
PID:5224
- C:\Windows\SysWOW64\Ndokbi32.exe
  C:\Windows\system32\Ndokbi32.exe
  2⤵
  PID:5492
- - C:\Windows\SysWOW64\Ngbpidjh.exe
    C:\Windows\system32\Ngbpidjh.exe
    3⤵
    PID:1156

C:\Windows\SysWOW64\Mcpnhfhf.exe
C:\Windows\system32\Mcpnhfhf.exe
1⤵
PID:5324
- C:\Windows\SysWOW64\Nebdoa32.exe
  C:\Windows\system32\Nebdoa32.exe
  2⤵
  PID:5636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 372
    3⤵
    - Program crash
    PID:5540

C:\Windows\SysWOW64\Mnebeogl.exe
C:\Windows\system32\Mnebeogl.exe
1⤵
PID:5420
- C:\Windows\SysWOW64\Afmhck32.exe
  C:\Windows\system32\Afmhck32.exe
  2⤵
  PID:2036
- - C:\Windows\SysWOW64\Fgppmd32.exe
    C:\Windows\system32\Fgppmd32.exe
    3⤵
    PID:5068

C:\Windows\SysWOW64\Goljqnpd.exe
C:\Windows\system32\Goljqnpd.exe
1⤵
PID:5652

C:\Windows\SysWOW64\Jilnqqbj.exe
C:\Windows\system32\Jilnqqbj.exe
1⤵
PID:6876

C:\Windows\SysWOW64\Jfgdkd32.exe
C:\Windows\system32\Jfgdkd32.exe
1⤵
PID:5292

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s C:\Windows\system32\MSWINSCK.OCX
1⤵
PID:7544

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 sTop "McShield"
1⤵
PID:7908

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 sTop "NAV Alert"
1⤵
PID:7932

C:\Windows\SysWOW64\mskeyprotect\Faultrep.exe
"C:\Windows\SysWOW64\mskeyprotect\Faultrep.exe"
1⤵
PID:8004

C:\Windows\SysWOW64\Lflgmqhd.exe
C:\Windows\system32\Lflgmqhd.exe
1⤵
PID:1636

\??\c:\windows\resources\spoolsv.exe
c:\windows\resources\spoolsv.exe SE
1⤵
PID:8516

C:\Windows\SysWOW64\Amhfkopc.exe
C:\Windows\system32\Amhfkopc.exe
1⤵
PID:6080

C:\Windows\SysWOW64\Cpbbch32.exe
C:\Windows\system32\Cpbbch32.exe
1⤵
PID:8836

C:\Windows\SysWOW64\Ddcqedkk.exe
C:\Windows\system32\Ddcqedkk.exe
1⤵
PID:7696

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\fqgky.bat
1⤵
PID:9340

C:\Windows\SysWOW64\Fielph32.exe
C:\Windows\system32\Fielph32.exe
1⤵
PID:6792

C:\Windows\msipc.exe
C:\Windows\msipc.exe /Restart
1⤵
PID:9920

C:\Windows\ActiveXExe\TXVGHJRO.EXE
C:\Windows\ActiveXExe\TXVGHJRO.EXE
1⤵
PID:10048

C:\Windows\SysWOW64\rasplap\icsigd.exe
"C:\Windows\SysWOW64\rasplap\icsigd.exe"
1⤵
PID:10276

C:\Windows\SysWOW64\KBDFI\Neeqea32.exe
"C:\Windows\SysWOW64\KBDFI\Neeqea32.exe"
1⤵
PID:10284

C:\Windows\SysWOW64\svchost.exe
C:\Users\Admin\Downloads\240919-sq8f5avgqd20240929162138.exe
1⤵
PID:10384

\??\c:\002084.exe
c:\002084.exe
1⤵
PID:15296
- \??\c:\u604866.exe
  c:\u604866.exe
  2⤵
  PID:14816

C:\Program Files\Common Files\Services\backup.exe
"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
1⤵
PID:11924

C:\Program Files\Google\backup.exe
"C:\Program Files\Google\backup.exe" C:\Program Files\Google\
1⤵
PID:12028

C:\Windows\SysWOW64\Dkokcl32.exe
C:\Windows\system32\Dkokcl32.exe
1⤵
PID:14868

C:\Users\Admin\Downloads\240919-sq8f5avgqd20240929162138.exe
"C:\Users\Admin\Downloads\240919-sq8f5avgqd20240929162138.exe"
1⤵
PID:13080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27762\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-console-l1-1-0.dll

Filesize
22KB

MD5
a58f3fbbbbb1ecb4260d626b07be2cda

SHA1
aed4398a71905952064fc5da1191f57846bbd2d6

SHA256
89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a

SHA512
7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-datetime-l1-1-0.dll

Filesize
22KB

MD5
adf9263b966cea234762c0782aba6e78

SHA1
e97047edecf92a0b654f7a25efd5484f13ded88f

SHA256
10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529

SHA512
56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-debug-l1-1-0.dll

Filesize
22KB

MD5
28840d7d1ea0a873fb8f91c3e93d6108

SHA1
0856b3ceb5e300510b9791b031fffceaa78ee929

SHA256
d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce

SHA512
93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
22KB

MD5
586d46d392348ad2ee25404b9d005a4e

SHA1
4bece51a5daacf3c7dcff0edf34bcb813512027f

SHA256
2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d

SHA512
daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-fibers-l1-1-0.dll

Filesize
22KB

MD5
221f63ee94e3ffb567d2342df588bebc

SHA1
4831d769ebe1f44bf4c1245ee319f1452d45f3cd

SHA256
fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143

SHA512
3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-file-l1-1-0.dll

Filesize
26KB

MD5
6ee268f365dc48d407c337d1c7924b0c

SHA1
3eb808e972ae127c5cfcd787c473526a0caee699

SHA256
eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10

SHA512
914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-handle-l1-1-0.dll

Filesize
22KB

MD5
c79ccd7c5b752b1289980b0be29804c4

SHA1
2054a8f9ebf739adfcfc23534759ae52901c189f

SHA256
8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0

SHA512
92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-heap-l1-1-0.dll

Filesize
22KB

MD5
aa20afdb5cbf1041d355a4234c2c1d45

SHA1
811f508bd33e89bbd13e37623b6e2e9e88fdcd7c

SHA256
ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09

SHA512
06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
22KB

MD5
f8203547595aa86bfe2cf85e579de087

SHA1
ca31fc30201196931595ac90f87c53e736f64acf

SHA256
e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1

SHA512
d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
22KB

MD5
0ccdef1404dbe551cd48604ff4252055

SHA1
38a8d492356dc2b1f1376bdeacab82d266a9d658

SHA256
4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549

SHA512
0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-memory-l1-1-0.dll

Filesize
22KB

MD5
3abf2eb0c597131b05ee5b8550a13079

SHA1
5197da49b5e975675d1b954febb3738d6141f0c8

SHA256
ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8

SHA512
656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
22KB

MD5
83a0b483d37ed23c6e67896d91cea3f0

SHA1
6b5045ed8717c5b9f50e6a23643357c8c024abdb

SHA256
d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25

SHA512
dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
22KB

MD5
8b0fe1a0ea86820020d2662873425bc4

SHA1
3c2292c34a2b53b29f62cc57838e087e98498012

SHA256
070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82

SHA512
0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
22KB

MD5
eaa2228507c1fbde1698256c01cd97b7

SHA1
c98936c79b769cf03e2163624b195c152324c88a

SHA256
4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5

SHA512
8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-profile-l1-1-0.dll

Filesize
22KB

MD5
82e58246846b6daf6ad4e4b208d322d4

SHA1
80f3b8460ab80d9abe54886417a6bc53fd9289fa

SHA256
f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785

SHA512
e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
22KB

MD5
650c005113599fb8b0b2e0d357756ac7

SHA1
56791db00766dc400df477dcb4bd59c6fa509de6

SHA256
5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda

SHA512
4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-string-l1-1-0.dll

Filesize
22KB

MD5
f6afbc523b86f27b93074bc04668d3f2

SHA1
6311708ab0f04cb82accc6c06ae6735a2c691c1d

SHA256
71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0

SHA512
9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-synch-l1-1-0.dll

Filesize
22KB

MD5
445571331c2fc8a153952a6980c1950a

SHA1
bea310d6243f2b25f2de8d8d69abaeb117cf2b82

SHA256
1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915

SHA512
853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-synch-l1-2-0.dll

Filesize
22KB

MD5
5da5938e0d3a9024f42d55e1fd4c0cd7

SHA1
7e83fec64b4c4a96cfcae26ced9a48d4447f12b7

SHA256
0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00

SHA512
9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
22KB

MD5
c1919eacf044d5c47cc2c83d3d9c9cd9

SHA1
0a80158c5999ea9f1c4ca11988456634d7491fcc

SHA256
9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8

SHA512
ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-core-util-l1-1-0.dll

Filesize
22KB

MD5
0793ca01735f1d6a40dd6767e06dbb67

SHA1
6abea799a4a6e94d5a68fab51e79734751e940c5

SHA256
cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b

SHA512
33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-conio-l1-1-0.dll

Filesize
22KB

MD5
eeafb70f56cc0052435c2268021588e9

SHA1
89c89278c2ac4846ac7b8bd4177965e6f8f3a750

SHA256
b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030

SHA512
ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-convert-l1-1-0.dll

Filesize
26KB

MD5
17680cd553168e9126ca9d7437caecc7

SHA1
8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841

SHA256
6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca

SHA512
146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-environment-l1-1-0.dll

Filesize
22KB

MD5
e9d4a1374a200a6e195e3c5ab42e6bbd

SHA1
c0c79309a6ab14592b91087bec0cc519979e5ebf

SHA256
612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50

SHA512
1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
22KB

MD5
10a42548fcf16732d354a6ed24f53ec5

SHA1
b6b28307c0cc79e0abef15ed25758947c1ccab85

SHA256
ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb

SHA512
ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-heap-l1-1-0.dll

Filesize
22KB

MD5
5d3da2f634470ab215345829c1518456

SHA1
fec712a88415e68925f63257d3a20ab496c2aac0

SHA256
d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240

SHA512
16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-locale-l1-1-0.dll

Filesize
22KB

MD5
c74e10b82c8e652efdec8e4d6ad6deaa

SHA1
bad903bb9f9ecfda83f0db58d4b281ea458a06bd

SHA256
d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6

SHA512
5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-math-l1-1-0.dll

Filesize
30KB

MD5
e07a207d5d3cc852aa6d60325b68ed03

SHA1
64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51

SHA256
b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322

SHA512
0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-process-l1-1-0.dll

Filesize
22KB

MD5
98bf2202e52b98a742f24724bb534166

SHA1
60a24df76b24aa6946bb16ead9575c7828d264b0

SHA256
fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a

SHA512
d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
26KB

MD5
6edcd747d5beb5d5b0550b9e8c84e3a3

SHA1
8b8baf8f112ac0a64ee79091b02a412d19497e69

SHA256
d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760

SHA512
1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
374349666a3b260411281ab95c5405a2

SHA1
42a9a8f5d1933ec140bd89aa6c42c894285f14d1

SHA256
2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a

SHA512
5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-string-l1-1-0.dll

Filesize
26KB

MD5
06f29e2e2ebc8e3d8d0110a48aa7b289

SHA1
b9047a9aa94d25f331e85aa343729a7f3ff23773

SHA256
6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4

SHA512
9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-time-l1-1-0.dll

Filesize
22KB

MD5
a1002f4a501f4a8de33d63f561a9fbc6

SHA1
e1217b42c831ce595609cfde857cd1b6727c966d

SHA256
fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b

SHA512
123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\api-ms-win-crt-utility-l1-1-0.dll

Filesize
22KB

MD5
9f15a5d2f28cca5f4c2b51451fa2db7c

SHA1
cef982e7cb6b31787c462d21578c3c750d1f3edb

SHA256
33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63

SHA512
7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27762\unicodedata.pyd

Filesize
1.1MB

MD5
b848e259fabaf32b4b3c980a0a12488d

SHA1
da2e864e18521c86c7d8968db74bb2b28e4c23e2

SHA256
c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c

SHA512
4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\dtzklibd.tmp

Filesize
2.2MB

MD5
33079f6868aa04ebb876ab5e0e6026e2

SHA1
fee6de1037cd74c9e74c1c9b654c38bb158bf01c

SHA256
e264d914ebfc98ef20a8241df1df6e586e7a42105287c7980030c57a544873c9

SHA512
2f59c500aeba8c2d5fa155d7e6b010dd946ceaef59a79c2da11f529cfead3f8a2f18b6aa103d93d12ae390133fab13fb56b485ba3d387e60dc905c967e0ab2c3

Download Submit
C:\Users\Admin\Downloads\240919-r8vsbathlheb91519abcf3f5ab50c4bcfd5366854b_JaffaCakes118.exe

Filesize
72KB

MD5
eb91519abcf3f5ab50c4bcfd5366854b

SHA1
6d6a9840a889dffbedd02b8846457136dae1332c

SHA256
272e5dfbbdc4eab44792f464d0815d477f90a8ccf117cf3b3f26f74be4c1090f

SHA512
db4e8a049873c1991a46a39c4b2447e441cc554f0952f56c36c9ce2389f8e6c1b3c6e3ba2b267cef21d14bfcedfe08a1bc9508d4aadaf83eb833a8d73a62cd49

Download Submit
C:\Users\Admin\Downloads\240919-skmx8swamm202409198ebf786f4a48bf08443cfae508859af0cobaltstrikecobaltstrikepoetratsnatch.exe

Filesize
4.9MB

MD5
8ebf786f4a48bf08443cfae508859af0

SHA1
0b46a651965a6eb39ab68cfde1a3999f577b298c

SHA256
654585158ce68405e63d04a448f2bfb7c2ebdfe5508376932d9a37d7965c3744

SHA512
46cba4e19f73d69a5d229520f0e09994e24a1facc92c2fec39d0ec5a368553b92a8997781c8ddff7c0304c9ac058597804e03e1048a4512ac3ec87463162607f

Download Submit
C:\Users\Admin\Downloads\240919-srmaaavhjbb092ce64b794f10396cb5e3ff8ef94bea951b10e7968cb06b54edece5df72a83N.exe

Filesize
1.8MB

MD5
9e14cdb86789ff51a3ef4d63618ee3c0

SHA1
3d687884bf28275c13e9fe02701ab13cda8ad841

SHA256
b092ce64b794f10396cb5e3ff8ef94bea951b10e7968cb06b54edece5df72a83

SHA512
271e72e8fb6cf7e55e537abc6484eb5c7cda229fae081ea4908ada6d4ca6d3288b8106926fb9a2d7688021751bb2797950bd39f34610fc5fbc523d3f71ca7aa5

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
21KB

MD5
b15a03955f60bdc07a092346b922080e

SHA1
a1277c81e1d3966b0aa1d59477a590af27c17455

SHA256
dccf23e93dbdba268849aa42f9f8fec1e74a80c9c424c3177a424eda588de84d

SHA512
fe4a4e1e83b8202b7b7fac521da3da7a6f050eb8f6bda2ef050f53bd819da8ad18e49e9f26230f995ceb6721402d8b556a4360332b4e85557e0db8c74b951e00

Download Submit
C:\Users\Admin\qauyuq.exe

Filesize
96KB

MD5
e70f80068b12cf25c568bae6363cd730

SHA1
60727cb658165b68dc63e0e3d12aacfd510b5347

SHA256
321575be83961993816f8dc5bbe4d190d0b24bb446553e09662b1f5d8966b8bd

SHA512
65cc8dc6e9d6567ba2991a4af91e017f4aac1c2dcf6631d920db751c7a5a6b869bc89c724494a222cd0092cb9058074b348cc7372872b4aff639316f1b522de2

Download Submit
C:\Windows\SysWOW64\Idodkeom.dll

Filesize
7KB

MD5
481b4bca0d1d35151b0732e57c56916c

SHA1
9fce142dc47aabeac2c070365c0aa87f66d0c574

SHA256
36289b56296589f781947ab7702c2571b922c47800599d1dea7829ea0d966742

SHA512
6a9c702945301e24371da57e4b62656bdb9602491a8f46af73c2371adf3479f4d88c6432eff825602fc054af1648d5c246314c8213ef85c85338b1e9ccd0c001

Download Submit
C:\Windows\SysWOW64\Kaafjamj.dll

Filesize
7KB

MD5
e4c727288738c94fb86acc21cfd57a58

SHA1
ff56a2a4876b6627a841894daff11a4edea3e650

SHA256
14f7756779055362a76a952f679aeddefb8d3bb9f505b81b5393c388a5916384

SHA512
e6b57f73efa90b7543642f7f09cff44f4c8bfbb768190001fff7eb05426a3f9c9ebc1c54984aaf72fb85a20b0d5094a9e1802850e2b9d80ceb51175afdb85558

Download Submit
C:\nnnhht.exe

Filesize
82KB

MD5
4678beaa725a72fd982fb93bd593c256

SHA1
0021993cae536a07950f9ea0c6fb6436bc794936

SHA256
305015f8c260e196acf99cc4acaba652a3f9387099db21ef16d29f7b63c656e4

SHA512
9b05418aca15532ebc3e14a8c0aa8abe0ab2a1e32d0085f3b8ff30b29362941ee9d574e423147984c982af38c59af933e0e26f50e133bcf3b483ac60c7d897e2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27762\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27762\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
memory/96-508-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/216-268-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/312-512-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/424-319-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/508-556-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/804-179-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/820-324-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/928-518-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1008-167-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1156-510-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-686-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2036-511-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2036-271-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2036-233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2704-232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3116-348-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3156-323-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3304-376-0x0000000000650000-0x000000000065C000-memory.dmp

Filesize
48KB

Download
memory/3312-509-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3568-369-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3648-317-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3648-153-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4068-321-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4104-471-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4148-322-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4156-555-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4428-173-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4428-392-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4532-230-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4600-516-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4600-231-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4736-554-0x0000000000400000-0x000000000044E2BC-memory.dmp

Filesize
312KB

Download
memory/4736-318-0x0000000000400000-0x000000000044E2BC-memory.dmp

Filesize
312KB

Download
memory/4760-320-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4864-150-0x0000000000490000-0x000000000049C000-memory.dmp

Filesize
48KB

Download
memory/4864-151-0x0000000000427000-0x0000000000428000-memory.dmp

Filesize
4KB

Download
memory/4864-152-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4864-145-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4912-519-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5124-371-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5160-380-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5208-381-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5224-382-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5280-383-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5292-562-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5324-384-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5408-393-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5408-667-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5420-385-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5460-386-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5492-387-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5560-388-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5572-389-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5584-390-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5636-391-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5740-517-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5888-502-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/5896-503-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5912-504-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5928-505-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5936-477-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/5944-506-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5952-501-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/6096-507-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6596-831-0x0000000000400000-0x000000000068D000-memory.dmp

Filesize
2.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads