berbew | 6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc

Resubmissions

19-09-2024 12:52

240919-p4ffqazdpn 10

Analysis

max time kernel
84s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magic.exe
Size

36.7MB
MD5

f921e16ca321bbe2e490f036f8b99c74
SHA1

6e25638b340ba77f3e467bbbdc27c48209e193af
SHA256

6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc
SHA512

04492839ccaeeddc9090b7f6c6458294540bb3e2589108a3c459ae87a11c6cabe6548d80805f37b8bd43616d3645afdabe8b95b9f37c85c06f5c87b137a10274
SSDEEP

786432:pjE3Qtst8rW8WZ2YwUlJAdQ/2j6+s7LWB75zuXVgM3MGYS2fAMJLjvZ:a3QtIoWlZ2mlq62qHWB75ilZMGJ24MRN

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

Detect Blackmoon payload 4 IoCs

resource	yara_rule
behavioral1/memory/5652-1536-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5444-1494-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5348-1477-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/1700-1457-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023968-2074.dat	family_umbral

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/files/0x00070000000238e7-1860.dat	family_xworm

Detects MyDoom family 1 IoCs

resource	yara_rule
behavioral1/memory/1800-1148-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom

Process spawned unexpected child process 7 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	24332	4540	schtasks.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	14540	4540	schtasks.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	15452	4540	schtasks.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	23544	4540	schtasks.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	21088	4540	schtasks.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	16032	4540	Process not Found	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	18036	4540	Process not Found	88

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Vobfus
A widespread worm which spreads via network drives and removable media.
worm vobfus
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x0007000000024243-13846.dat	dcrat

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x0008000000023c63-7190.dat	floxif

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x0007000000023d54-10592.dat	warzonerat

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
16440	powershell.exe
2292	powershell.exe
10416	powershell.exe
24204	powershell.exe
23096	powershell.exe
17068	powershell.exe
8604	powershell.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000023c63-7190.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
752	240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
1800	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
1872	services.exe

Loads dropped DLL 44 IoCs

pid	Process
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe
212	magic.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
10608	Process not Found

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1800-1073-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/1872-1081-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1800-1148-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/1872-1176-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0007000000023a8b-3472.dat	upx
behavioral1/memory/5652-1536-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2752-1505-0x00000000021D0000-0x000000000325E000-memory.dmp	upx
behavioral1/memory/2752-1492-0x00000000021D0000-0x000000000325E000-memory.dmp	upx
behavioral1/memory/5444-1494-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2752-1471-0x00000000021D0000-0x000000000325E000-memory.dmp	upx
behavioral1/memory/2752-1451-0x00000000021D0000-0x000000000325E000-memory.dmp	upx
behavioral1/memory/5348-1477-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1700-1457-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x0007000000023b46-4243.dat	upx
behavioral1/files/0x0008000000023c63-7190.dat	upx
behavioral1/files/0x0007000000023d64-10678.dat	upx
behavioral1/files/0x0007000000023d49-10602.dat	upx
behavioral1/files/0x0007000000023914-4694.dat	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	discord.com
16	discord.com
18	discord.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
489	api.2ip.ua
345	ip-api.com
398	api.2ip.ua
400	api.2ip.ua
410	checkip.dyndns.org

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000023a3e-2781.dat	autoit_exe
behavioral1/files/0x0007000000023b86-4676.dat	autoit_exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\java.exe	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
File created	C:\Windows\services.exe	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
File opened for modification	C:\Windows\java.exe	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe

Program crash 19 IoCs

pid	pid_target	Process	procid_target
5952	6612	WerFault.exe	185
7916	8212	WerFault.exe
8248	6612	WerFault.exe	185
7628	5112	WerFault.exe	152
9000	10324	WerFault.exe	389
10792	8048	WerFault.exe	299
14320	10848	WerFault.exe	454
13968	5412	WerFault.exe	164
23264	23848	WerFault.exe
22308	14880	WerFault.exe	814
18256	14880	WerFault.exe	814
23568	17124	WerFault.exe
16612	23984	WerFault.exe
7504	23848	WerFault.exe
10632	11680	WerFault.exe	502
14656	4956	WerFault.exe	146
8692	11680	WerFault.exe	502
5816	11664	WerFault.exe	500
13504	11696	WerFault.exe	503

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
18152	240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 8 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
15452	schtasks.exe
23544	schtasks.exe
21088	schtasks.exe
16032	Process not Found
5440	Process not Found
18036	Process not Found
24332	schtasks.exe
14540	schtasks.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	395	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 212	3064	magic.exe	83
PID 3064 wrote to memory of 212	3064	magic.exe	83
PID 212 wrote to memory of 3120	212	magic.exe	84
PID 212 wrote to memory of 3120	212	magic.exe	84
PID 212 wrote to memory of 4380	212	magic.exe	89
PID 212 wrote to memory of 4380	212	magic.exe	89
PID 212 wrote to memory of 752	212	magic.exe	90
PID 212 wrote to memory of 752	212	magic.exe	90
PID 212 wrote to memory of 752	212	magic.exe	90
PID 212 wrote to memory of 1800	212	magic.exe	91
PID 212 wrote to memory of 1800	212	magic.exe	91
PID 212 wrote to memory of 1800	212	magic.exe	91
PID 1800 wrote to memory of 1872	1800	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe	92
PID 1800 wrote to memory of 1872	1800	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe	92
PID 1800 wrote to memory of 1872	1800	240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe	92

C:\Users\Admin\AppData\Local\Temp\magic.exe
"C:\Users\Admin\AppData\Local\Temp\magic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\magic.exe
  "C:\Users\Admin\AppData\Local\Temp\magic.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4380
- - C:\Users\Admin\Downloads\240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
    C:\Users\Admin\Downloads\240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:752
  - - C:\Windows\SysWOW64\Jiokfpph.exe
      C:\Windows\system32\Jiokfpph.exe
      4⤵
      PID:1860
- - C:\Users\Admin\Downloads\240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
    C:\Users\Admin\Downloads\240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1800
  - - C:\Windows\services.exe
      "C:\Windows\services.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1872
- - C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    3⤵
    PID:4944
  - - C:\Windows\SysWOW64\Jkmgblok.exe
      C:\Windows\system32\Jkmgblok.exe
      4⤵
      PID:4788
    - - C:\Windows\SysWOW64\Jfbkpd32.exe
        
        C:\Windows\system32\Jfbkpd32.exe
        5⤵
        
        PID:4488
      - C:\Windows\SysWOW64\Jiaglp32.exe
        
        C:\Windows\system32\Jiaglp32.exe
        6⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\Jehhaaci.exe
        
        C:\Windows\system32\Jehhaaci.exe
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\Jkaqnk32.exe
        
        C:\Windows\system32\Jkaqnk32.exe
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\Jblijebc.exe
        
        C:\Windows\system32\Jblijebc.exe
        9⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\Jieagojp.exe
        
        C:\Windows\system32\Jieagojp.exe
        10⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\Knbiofhg.exe
        
        C:\Windows\system32\Knbiofhg.exe
        11⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\Kelalp32.exe
        
        C:\Windows\system32\Kelalp32.exe
        12⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\Khpgckkb.exe
        
        C:\Windows\system32\Khpgckkb.exe
        13⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\Lehaho32.exe
        
        C:\Windows\system32\Lehaho32.exe
        14⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\Llbidimc.exe
        
        C:\Windows\system32\Llbidimc.exe
        15⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\Locbfd32.exe
        
        C:\Windows\system32\Locbfd32.exe
        16⤵
        
        PID:396
        
        C:\Windows\SysWOW64\Lbnngbbn.exe
        
        C:\Windows\system32\Lbnngbbn.exe
        17⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\Lfjjga32.exe
        
        C:\Windows\system32\Lfjjga32.exe
        18⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\Lihfcm32.exe
        
        C:\Windows\system32\Lihfcm32.exe
        19⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\Lpbopfag.exe
        
        C:\Windows\system32\Lpbopfag.exe
        20⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\Lbqklb32.exe
        
        C:\Windows\system32\Lbqklb32.exe
        21⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Likcilhh.exe
        
        C:\Windows\system32\Likcilhh.exe
        22⤵
        
        PID:664
        
        C:\Windows\SysWOW64\Lpekef32.exe
        
        C:\Windows\system32\Lpekef32.exe
        23⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\Lfodbqfa.exe
        
        C:\Windows\system32\Lfodbqfa.exe
        24⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\Mhppji32.exe
        
        C:\Windows\system32\Mhppji32.exe
        25⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\Mlnipg32.exe
        
        C:\Windows\system32\Mlnipg32.exe
        26⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\Mibijk32.exe
        
        C:\Windows\system32\Mibijk32.exe
        27⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\Mblkhq32.exe
        
        C:\Windows\system32\Mblkhq32.exe
        28⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\Neffpj32.exe
        
        C:\Windows\system32\Neffpj32.exe
        29⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Olckbd32.exe
        
        C:\Windows\system32\Olckbd32.exe
        30⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\Ocamjm32.exe
        
        C:\Windows\system32\Ocamjm32.exe
        31⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Pgbbek32.exe
        
        C:\Windows\system32\Pgbbek32.exe
        32⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\Phjenbhp.exe
        
        C:\Windows\system32\Phjenbhp.exe
        33⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\Qoifflkg.exe
        
        C:\Windows\system32\Qoifflkg.exe
        34⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\Amaqjp32.exe
        
        C:\Windows\system32\Amaqjp32.exe
        35⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\Bogcgj32.exe
        
        C:\Windows\system32\Bogcgj32.exe
        36⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\Bfedoc32.exe
        
        C:\Windows\system32\Bfedoc32.exe
        37⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\Bppfmigl.exe
        
        C:\Windows\system32\Bppfmigl.exe
        38⤵
        
        PID:6064
- - C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    3⤵
    PID:644
- - C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    3⤵
    PID:1196
  - - C:\Windows\SysWOW64\Jnkcogno.exe
      C:\Windows\system32\Jnkcogno.exe
      4⤵
      PID:4712
    - - C:\Windows\SysWOW64\Jeekkafl.exe
        
        C:\Windows\system32\Jeekkafl.exe
        5⤵
        
        PID:2700
      - C:\Windows\SysWOW64\Jpkphjeb.exe
        
        C:\Windows\system32\Jpkphjeb.exe
        6⤵
        
        PID:988
        
        C:\Windows\SysWOW64\Jehhaaci.exe
        
        C:\Windows\system32\Jehhaaci.exe
        7⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\Jkaqnk32.exe
        
        C:\Windows\system32\Jkaqnk32.exe
        8⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\Jblijebc.exe
        
        C:\Windows\system32\Jblijebc.exe
        9⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\Jejefqaf.exe
        
        C:\Windows\system32\Jejefqaf.exe
        10⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\Kldmckic.exe
        
        C:\Windows\system32\Kldmckic.exe
        11⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Kbnepe32.exe
        
        C:\Windows\system32\Kbnepe32.exe
        12⤵
        
        PID:3984
- - C:\Users\Admin\Downloads\240919-px1hbazblk_0e75ee9ef94eeb429fcb8a5ecb456dcfc259ae6de4ea7a034c41d8abc2305581N.exe
    C:\Users\Admin\Downloads\240919-px1hbazblk_0e75ee9ef94eeb429fcb8a5ecb456dcfc259ae6de4ea7a034c41d8abc2305581N.exe
    3⤵
    PID:4516
  - - C:\Windows\SysWOW64\Jicdap32.exe
      C:\Windows\system32\Jicdap32.exe
      4⤵
      PID:4852
    - - C:\Windows\SysWOW64\Jnpmjf32.exe
        
        C:\Windows\system32\Jnpmjf32.exe
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\Jfgdkd32.exe
        
        C:\Windows\system32\Jfgdkd32.exe
        6⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\Kldmckic.exe
        
        C:\Windows\system32\Kldmckic.exe
        7⤵
        
        PID:3412
- - C:\Users\Admin\Downloads\240919-pt4essydrd_d00a6cfc8751292697cf37afee755de814ef6ecbdf8c71648e638f03afa13381N.exe
    C:\Users\Admin\Downloads\240919-pt4essydrd_d00a6cfc8751292697cf37afee755de814ef6ecbdf8c71648e638f03afa13381N.exe
    3⤵
    PID:2564
  - - C:\Windows\SysWOW64\Kimghn32.exe
      C:\Windows\system32\Kimghn32.exe
      4⤵
      PID:4200
    - - C:\Windows\SysWOW64\Llpmoiof.exe
        
        C:\Windows\system32\Llpmoiof.exe
        5⤵
        
        PID:704
      - C:\Windows\SysWOW64\Lbjelc32.exe
        
        C:\Windows\system32\Lbjelc32.exe
        6⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        7⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\Lidmhmnp.exe
        
        C:\Windows\system32\Lidmhmnp.exe
        8⤵
        
        PID:3140
- - C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    3⤵
    PID:832
  - - C:\Windows\SysWOW64\Lldfjh32.exe
      C:\Windows\system32\Lldfjh32.exe
      4⤵
      PID:4836
    - - C:\Windows\SysWOW64\Lbnngbbn.exe
        
        C:\Windows\system32\Lbnngbbn.exe
        5⤵
        
        PID:1852
      - C:\Windows\SysWOW64\Lfjjga32.exe
        
        C:\Windows\system32\Lfjjga32.exe
        6⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\Lihfcm32.exe
        
        C:\Windows\system32\Lihfcm32.exe
        7⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\Loeolc32.exe
        
        C:\Windows\system32\Loeolc32.exe
        8⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\Llipehgk.exe
        
        C:\Windows\system32\Llipehgk.exe
        9⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\Loglacfo.exe
        
        C:\Windows\system32\Loglacfo.exe
        10⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\Mojhgbdl.exe
        
        C:\Windows\system32\Mojhgbdl.exe
        11⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\Medqcmki.exe
        
        C:\Windows\system32\Medqcmki.exe
        12⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\Mefmimif.exe
        
        C:\Windows\system32\Mefmimif.exe
        13⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\Mlbbkfoq.exe
        
        C:\Windows\system32\Mlbbkfoq.exe
        14⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Mpqkad32.exe
        
        C:\Windows\system32\Mpqkad32.exe
        15⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\Nbadcpbh.exe
        
        C:\Windows\system32\Nbadcpbh.exe
        16⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\Nhpiafnm.exe
        
        C:\Windows\system32\Nhpiafnm.exe
        17⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\Ocamjm32.exe
        
        C:\Windows\system32\Ocamjm32.exe
        18⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Ocffempp.exe
        
        C:\Windows\system32\Ocffempp.exe
        19⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\Ppmcdq32.exe
        
        C:\Windows\system32\Ppmcdq32.exe
        20⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\Pjgebf32.exe
        
        C:\Windows\system32\Pjgebf32.exe
        21⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\Qhonib32.exe
        
        C:\Windows\system32\Qhonib32.exe
        22⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\Amaqjp32.exe
        
        C:\Windows\system32\Amaqjp32.exe
        23⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\Bcbohigp.exe
        
        C:\Windows\system32\Bcbohigp.exe
        24⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\Bggnof32.exe
        
        C:\Windows\system32\Bggnof32.exe
        25⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\Cceddf32.exe
        
        C:\Windows\system32\Cceddf32.exe
        26⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\Dinmhkke.exe
        
        C:\Windows\system32\Dinmhkke.exe
        27⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\Epcdqd32.exe
        
        C:\Windows\system32\Epcdqd32.exe
        28⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\Ggnedlao.exe
        
        C:\Windows\system32\Ggnedlao.exe
        29⤵
        
        PID:528
        
        C:\Windows\SysWOW64\Hdkidohn.exe
        
        C:\Windows\system32\Hdkidohn.exe
        30⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\Hnhghcki.exe
        
        C:\Windows\system32\Hnhghcki.exe
        31⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\Ikqqlgem.exe
        
        C:\Windows\system32\Ikqqlgem.exe
        32⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\Kjhcjq32.exe
        
        C:\Windows\system32\Kjhcjq32.exe
        33⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\Lbinam32.exe
        
        C:\Windows\system32\Lbinam32.exe
        34⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\Mlmbfqoj.exe
        
        C:\Windows\system32\Mlmbfqoj.exe
        35⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\Nknobkje.exe
        
        C:\Windows\system32\Nknobkje.exe
        36⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\Olgncmim.exe
        
        C:\Windows\system32\Olgncmim.exe
        37⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\Hmlpaoaj.exe
        
        C:\Windows\system32\Hmlpaoaj.exe
        38⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\Ikkpgafg.exe
        
        C:\Windows\system32\Ikkpgafg.exe
        39⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\Icnklbmj.exe
        
        C:\Windows\system32\Icnklbmj.exe
        40⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\Jnlbojee.exe
        
        C:\Windows\system32\Jnlbojee.exe
        41⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\Nccokk32.exe
        
        C:\Windows\system32\Nccokk32.exe
        42⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\Poimpapp.exe
        
        C:\Windows\system32\Poimpapp.exe
        43⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Cndeii32.exe
        
        C:\Windows\system32\Cndeii32.exe
        44⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        45⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\Ibcaknbi.exe
        
        C:\Windows\system32\Ibcaknbi.exe
        46⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        47⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\Mfhbga32.exe
        
        C:\Windows\system32\Mfhbga32.exe
        48⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\Npiiffqe.exe
        
        C:\Windows\system32\Npiiffqe.exe
        49⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\Phcgcqab.exe
        
        C:\Windows\system32\Phcgcqab.exe
        50⤵
        
        PID:13544
        
        C:\Windows\SysWOW64\Amlogfel.exe
        
        C:\Windows\system32\Amlogfel.exe
        51⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\Dnmaea32.exe
        
        C:\Windows\system32\Dnmaea32.exe
        52⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\Edeeci32.exe
        
        C:\Windows\system32\Edeeci32.exe
        53⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\Hpfbcn32.exe
        
        C:\Windows\system32\Hpfbcn32.exe
        54⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\Jifecp32.exe
        
        C:\Windows\system32\Jifecp32.exe
        55⤵
        
        PID:15392
        
        C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        56⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\Ofgdcipq.exe
        
        C:\Windows\system32\Ofgdcipq.exe
        57⤵
        
        PID:19880
        
        C:\Windows\SysWOW64\Halaloif.exe
        
        C:\Windows\system32\Halaloif.exe
        58⤵
        
        PID:24404
        
        C:\Windows\SysWOW64\Jldkeeig.exe
        
        C:\Windows\system32\Jldkeeig.exe
        59⤵
        
        PID:18288
        
        C:\Windows\SysWOW64\Loemnnhe.exe
        
        C:\Windows\system32\Loemnnhe.exe
        60⤵
        
        PID:20332
        
        C:\Windows\SysWOW64\Mkepineo.exe
        
        C:\Windows\system32\Mkepineo.exe
        61⤵
        
        PID:14844
- - C:\Users\Admin\Downloads\240919-p2hhaszcqq_0d3e489345fcb6e2c7ed9a7c9171fe7d24f5eb22913bbeae5b88c3fe36854947N.exe
    C:\Users\Admin\Downloads\240919-p2hhaszcqq_0d3e489345fcb6e2c7ed9a7c9171fe7d24f5eb22913bbeae5b88c3fe36854947N.exe
    3⤵
    PID:4236
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      PID:4956
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5292
      - \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        6⤵
        
        PID:5412
        
        \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        7⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 185616
        7⤵
        Program crash
        
        PID:13968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 345808
        5⤵
        Program crash
        
        PID:14656
- - C:\Users\Admin\Downloads\240919-pp7awsygjp_l6E.exe
    C:\Users\Admin\Downloads\240919-pp7awsygjp_l6E.exe
    3⤵
    PID:2564
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:7312
- - C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    3⤵
    PID:2752
- - C:\Users\Admin\Downloads\240919-ptscjayhpm_eb595cc6a1c33055ae501957258ccc4c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ptscjayhpm_eb595cc6a1c33055ae501957258ccc4c_JaffaCakes118.exe
    3⤵
    PID:5112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 284
      4⤵
      Program crash
      PID:7628
- - C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    3⤵
    PID:1700
  - - \??\c:\7vvvv.exe
      c:\7vvvv.exe
      4⤵
      PID:5348
    - - \??\c:\nnbtbb.exe
        
        c:\nnbtbb.exe
        5⤵
        
        PID:5444
      - \??\c:\pvjdj.exe
        
        c:\pvjdj.exe
        6⤵
        
        PID:5652
        
        \??\c:\xflllrl.exe
        
        c:\xflllrl.exe
        7⤵
        
        PID:5832
        
        \??\c:\tttbhh.exe
        
        c:\tttbhh.exe
        8⤵
        
        PID:5848
        
        \??\c:\hbhnnn.exe
        
        c:\hbhnnn.exe
        9⤵
        
        PID:6740
        
        \??\c:\ppvpp.exe
        
        c:\ppvpp.exe
        10⤵
        
        PID:6000
        
        \??\c:\flfxrrr.exe
        
        c:\flfxrrr.exe
        11⤵
        
        PID:7292
        
        \??\c:\fxlfxxr.exe
        
        c:\fxlfxxr.exe
        12⤵
        
        PID:8084
        
        \??\c:\rffxlll.exe
        
        c:\rffxlll.exe
        13⤵
        
        PID:6848
        
        \??\c:\3bbttb.exe
        
        c:\3bbttb.exe
        14⤵
        
        PID:7584
        
        \??\c:\3llfrlf.exe
        
        c:\3llfrlf.exe
        15⤵
        
        PID:6764
        
        \??\c:\bbbthh.exe
        
        c:\bbbthh.exe
        16⤵
        
        PID:7644
        
        \??\c:\thnttt.exe
        
        c:\thnttt.exe
        17⤵
        
        PID:8080
        
        \??\c:\xlxrlrr.exe
        
        c:\xlxrlrr.exe
        18⤵
        
        PID:7508
        
        \??\c:\djvpj.exe
        
        c:\djvpj.exe
        19⤵
        
        PID:8488
        
        \??\c:\7llfrrl.exe
        
        c:\7llfrrl.exe
        20⤵
        
        PID:8940
        
        \??\c:\bttnbb.exe
        
        c:\bttnbb.exe
        21⤵
        
        PID:5380
        
        \??\c:\bbnhnb.exe
        
        c:\bbnhnb.exe
        22⤵
        
        PID:7476
        
        \??\c:\djjpv.exe
        
        c:\djjpv.exe
        23⤵
        
        PID:6504
        
        \??\c:\vpdvj.exe
        
        c:\vpdvj.exe
        24⤵
        
        PID:4044
        
        \??\c:\nhhbhh.exe
        
        c:\nhhbhh.exe
        25⤵
        
        PID:10656
        
        \??\c:\hhhbnh.exe
        
        c:\hhhbnh.exe
        26⤵
        
        PID:8680
        
        \??\c:\bhttnt.exe
        
        c:\bhttnt.exe
        27⤵
        
        PID:3412
        
        \??\c:\lxllllx.exe
        
        c:\lxllllx.exe
        28⤵
        
        PID:6220
        
        \??\c:\jvjjd.exe
        
        c:\jvjjd.exe
        29⤵
        
        PID:6236
        
        \??\c:\jdddv.exe
        
        c:\jdddv.exe
        30⤵
        
        PID:9472
        
        \??\c:\ntbtnn.exe
        
        c:\ntbtnn.exe
        31⤵
        
        PID:9140
        
        \??\c:\pdddj.exe
        
        c:\pdddj.exe
        32⤵
        
        PID:4872
        
        \??\c:\tthhnt.exe
        
        c:\tthhnt.exe
        33⤵
        
        PID:6772
        
        \??\c:\fffxlfx.exe
        
        c:\fffxlfx.exe
        34⤵
        
        PID:12768
        
        \??\c:\tthbtn.exe
        
        c:\tthbtn.exe
        35⤵
        
        PID:10508
        
        \??\c:\jjjvp.exe
        
        c:\jjjvp.exe
        36⤵
        
        PID:13980
        
        \??\c:\nhhhbh.exe
        
        c:\nhhhbh.exe
        37⤵
        
        PID:11384
        
        \??\c:\flffrrf.exe
        
        c:\flffrrf.exe
        38⤵
        
        PID:11888
        
        \??\c:\vvddj.exe
        
        c:\vvddj.exe
        39⤵
        
        PID:5488
        
        \??\c:\xlrrxxr.exe
        
        c:\xlrrxxr.exe
        40⤵
        
        PID:4808
        
        \??\c:\httttt.exe
        
        c:\httttt.exe
        41⤵
        
        PID:7668
        
        \??\c:\rrllxff.exe
        
        c:\rrllxff.exe
        42⤵
        
        PID:13432
        
        \??\c:\9jjvp.exe
        
        c:\9jjvp.exe
        43⤵
        
        PID:8128
        
        \??\c:\ddjpp.exe
        
        c:\ddjpp.exe
        44⤵
        
        PID:5096
        
        \??\c:\nhhhbb.exe
        
        c:\nhhhbb.exe
        45⤵
        
        PID:19608
        
        \??\c:\jdvpp.exe
        
        c:\jdvpp.exe
        46⤵
        
        PID:17700
        
        \??\c:\5lxlffx.exe
        
        c:\5lxlffx.exe
        47⤵
        
        PID:20768
        
        \??\c:\dddjj.exe
        
        c:\dddjj.exe
        48⤵
        
        PID:14756
        
        \??\c:\7jjjv.exe
        
        c:\7jjjv.exe
        49⤵
        
        PID:22032
        
        \??\c:\3ppdv.exe
        
        c:\3ppdv.exe
        50⤵
        
        PID:22412
        
        \??\c:\tnbthh.exe
        
        c:\tnbthh.exe
        51⤵
        
        PID:15140
        
        \??\c:\xrrxxrl.exe
        
        c:\xrrxxrl.exe
        52⤵
        
        PID:17092
        
        \??\c:\3fxfxff.exe
        
        c:\3fxfxff.exe
        53⤵
        
        PID:19252
        
        \??\c:\tnbttn.exe
        
        c:\tnbttn.exe
        54⤵
        
        PID:19464
        
        \??\c:\rllfrlf.exe
        
        c:\rllfrlf.exe
        55⤵
        
        PID:14100
        
        \??\c:\jddvv.exe
        
        c:\jddvv.exe
        56⤵
        
        PID:24108
        
        \??\c:\hbhbnt.exe
        
        c:\hbhbnt.exe
        57⤵
        
        PID:22412
        
        \??\c:\rrrrxfl.exe
        
        c:\rrrrxfl.exe
        58⤵
        
        PID:16396
        
        \??\c:\1xrlxxr.exe
        
        c:\1xrlxxr.exe
        59⤵
        
        PID:7484
- - C:\Users\Admin\Downloads\240919-p1nypazcnl_066692a03f240a40c237f5ec3270d27cac1fda40630dd29f40db006b79a542a8.exe
    C:\Users\Admin\Downloads\240919-p1nypazcnl_066692a03f240a40c237f5ec3270d27cac1fda40630dd29f40db006b79a542a8.exe
    3⤵
    PID:5164
  - - C:\Users\Admin\RuntimeBroker.exe
      "C:\Users\Admin\RuntimeBroker.exe"
      4⤵
      PID:6520
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\RuntimeBroker.exe'
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:17068
  - - C:\Users\Admin\RustAntich1eat.exe
      "C:\Users\Admin\RustAntich1eat.exe"
      4⤵
      PID:7280
  - - C:\Users\Admin\Umbral.exe
      "C:\Users\Admin\Umbral.exe"
      4⤵
      PID:5348
- - C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    3⤵
    PID:5300
- - C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    3⤵
    PID:5872
  - - C:\Windows\SysWOW64\Nplkmckj.exe
      C:\Windows\system32\Nplkmckj.exe
      4⤵
      PID:1824
    - - C:\Windows\SysWOW64\Opadhb32.exe
        
        C:\Windows\system32\Opadhb32.exe
        5⤵
        
        PID:6176
      - C:\Windows\SysWOW64\Ollnhb32.exe
        
        C:\Windows\system32\Ollnhb32.exe
        6⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\Pcmlfl32.exe
        
        C:\Windows\system32\Pcmlfl32.exe
        7⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\Qgnbaj32.exe
        
        C:\Windows\system32\Qgnbaj32.exe
        8⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\Aopmfk32.exe
        
        C:\Windows\system32\Aopmfk32.exe
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\Amfjeobf.exe
        
        C:\Windows\system32\Amfjeobf.exe
        10⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\Bfqkddfd.exe
        
        C:\Windows\system32\Bfqkddfd.exe
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\Cpbbch32.exe
        
        C:\Windows\system32\Cpbbch32.exe
        12⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Cimcan32.exe
        
        C:\Windows\system32\Cimcan32.exe
        13⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\Cibmlmeb.exe
        
        C:\Windows\system32\Cibmlmeb.exe
        14⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\Daediilg.exe
        
        C:\Windows\system32\Daediilg.exe
        15⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\Eidbij32.exe
        
        C:\Windows\system32\Eidbij32.exe
        16⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\Gkiaej32.exe
        
        C:\Windows\system32\Gkiaej32.exe
        17⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\Hpbiip32.exe
        
        C:\Windows\system32\Hpbiip32.exe
        18⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\Injcmc32.exe
        
        C:\Windows\system32\Injcmc32.exe
        19⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\Ihgnkkbd.exe
        
        C:\Windows\system32\Ihgnkkbd.exe
        20⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\Jgenbfoa.exe
        
        C:\Windows\system32\Jgenbfoa.exe
        21⤵
        
        PID:9132
- - C:\Users\Admin\Downloads\240919-pkm2fsxhnc_68ac9ad3a9d617aa87f0abaf98fc9afab3712c6999b72e7ba2d1ad8d27a0a146N.exe
    C:\Users\Admin\Downloads\240919-pkm2fsxhnc_68ac9ad3a9d617aa87f0abaf98fc9afab3712c6999b72e7ba2d1ad8d27a0a146N.exe
    3⤵
    PID:5884
  - - \??\c:\vjjdd.exe
      c:\vjjdd.exe
      4⤵
      PID:5732
    - - \??\c:\9nhhbn.exe
        
        c:\9nhhbn.exe
        5⤵
        
        PID:6732
      - \??\c:\9thbbb.exe
        
        c:\9thbbb.exe
        6⤵
        
        PID:6172
        
        \??\c:\jdjjj.exe
        
        c:\jdjjj.exe
        7⤵
        
        PID:7556
        
        \??\c:\9vpjd.exe
        
        c:\9vpjd.exe
        8⤵
        
        PID:7804
        
        \??\c:\djpjd.exe
        
        c:\djpjd.exe
        9⤵
        
        PID:5344
        
        \??\c:\3fxrfxl.exe
        
        c:\3fxrfxl.exe
        10⤵
        
        PID:7180
        
        \??\c:\lrrlflx.exe
        
        c:\lrrlflx.exe
        11⤵
        
        PID:5916
        
        \??\c:\tntntn.exe
        
        c:\tntntn.exe
        12⤵
        
        PID:3108
        
        \??\c:\xxxrffx.exe
        
        c:\xxxrffx.exe
        13⤵
        
        PID:7884
        
        \??\c:\pjjjd.exe
        
        c:\pjjjd.exe
        14⤵
        
        PID:5440
        
        \??\c:\lrxrffx.exe
        
        c:\lrxrffx.exe
        15⤵
        
        PID:6728
        
        \??\c:\xflfxrl.exe
        
        c:\xflfxrl.exe
        16⤵
        
        PID:7216
        
        \??\c:\rrlfxxr.exe
        
        c:\rrlfxxr.exe
        17⤵
        
        PID:7812
        
        \??\c:\1rrllrl.exe
        
        c:\1rrllrl.exe
        18⤵
        
        PID:7356
        
        \??\c:\vdvpp.exe
        
        c:\vdvpp.exe
        19⤵
        
        PID:7532
        
        \??\c:\nnbttn.exe
        
        c:\nnbttn.exe
        20⤵
        
        PID:6132
        
        \??\c:\hthbnn.exe
        
        c:\hthbnn.exe
        21⤵
        
        PID:8976
        
        \??\c:\tnttnb.exe
        
        c:\tnttnb.exe
        22⤵
        
        PID:6736
        
        \??\c:\pdppp.exe
        
        c:\pdppp.exe
        23⤵
        
        PID:6756
        
        \??\c:\vvpvp.exe
        
        c:\vvpvp.exe
        24⤵
        
        PID:9196
        
        \??\c:\pvjjj.exe
        
        c:\pvjjj.exe
        25⤵
        
        PID:7912
        
        \??\c:\jpjdp.exe
        
        c:\jpjdp.exe
        26⤵
        
        PID:10872
        
        \??\c:\dpjjj.exe
        
        c:\dpjjj.exe
        27⤵
        
        PID:6392
        
        \??\c:\vvpjp.exe
        
        c:\vvpjp.exe
        28⤵
        
        PID:11040
        
        \??\c:\rlllfxx.exe
        
        c:\rlllfxx.exe
        29⤵
        
        PID:10996
        
        \??\c:\flxrlrx.exe
        
        c:\flxrlrx.exe
        30⤵
        
        PID:5156
        
        \??\c:\xllfxxr.exe
        
        c:\xllfxxr.exe
        31⤵
        
        PID:11476
        
        \??\c:\1nhhhn.exe
        
        c:\1nhhhn.exe
        32⤵
        
        PID:12120
        
        \??\c:\vjpjp.exe
        
        c:\vjpjp.exe
        33⤵
        
        PID:12904
        
        \??\c:\bhnhnn.exe
        
        c:\bhnhnn.exe
        34⤵
        
        PID:12820
        
        \??\c:\rrfxffr.exe
        
        c:\rrfxffr.exe
        35⤵
        
        PID:14004
        
        \??\c:\rlrrrlx.exe
        
        c:\rlrrrlx.exe
        36⤵
        
        PID:4616
        
        \??\c:\hntnhb.exe
        
        c:\hntnhb.exe
        37⤵
        
        PID:12760
        
        \??\c:\lrxxlff.exe
        
        c:\lrxxlff.exe
        38⤵
        
        PID:3604
        
        \??\c:\rrrfffx.exe
        
        c:\rrrfffx.exe
        39⤵
        
        PID:8060
        
        \??\c:\bbbbtt.exe
        
        c:\bbbbtt.exe
        40⤵
        
        PID:13220
        
        \??\c:\7thhtt.exe
        
        c:\7thhtt.exe
        41⤵
        
        PID:13376
        
        \??\c:\9dddv.exe
        
        c:\9dddv.exe
        42⤵
        
        PID:6216
        
        \??\c:\pdjpj.exe
        
        c:\pdjpj.exe
        43⤵
        
        PID:3240
        
        \??\c:\1btbtt.exe
        
        c:\1btbtt.exe
        44⤵
        
        PID:8612
        
        \??\c:\5bhbbb.exe
        
        c:\5bhbbb.exe
        45⤵
        
        PID:19656
        
        \??\c:\ttnhbb.exe
        
        c:\ttnhbb.exe
        46⤵
        
        PID:18232
        
        \??\c:\rflxxxl.exe
        
        c:\rflxxxl.exe
        47⤵
        
        PID:24552
        
        \??\c:\xxxrrrr.exe
        
        c:\xxxrrrr.exe
        48⤵
        
        PID:15604
        
        \??\c:\jjppj.exe
        
        c:\jjppj.exe
        49⤵
        
        PID:22228
        
        \??\c:\hhttnt.exe
        
        c:\hhttnt.exe
        50⤵
        
        PID:22880
        
        \??\c:\bhtnnb.exe
        
        c:\bhtnnb.exe
        51⤵
        
        PID:23580
        
        \??\c:\nnbbhn.exe
        
        c:\nnbbhn.exe
        52⤵
        
        PID:24068
        
        \??\c:\hhbtnn.exe
        
        c:\hhbtnn.exe
        53⤵
        
        PID:20312
        
        \??\c:\7bttnt.exe
        
        c:\7bttnt.exe
        54⤵
        
        PID:22536
        
        \??\c:\5dvvp.exe
        
        c:\5dvvp.exe
        55⤵
        
        PID:14452
- - C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    3⤵
    PID:6096
- - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
    "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
    3⤵
    PID:5436
- - C:\Users\Admin\Downloads\240919-ptljzsyhnq_a2e81419ead7bab7d3eb56ba49aa57fbc2607d56565483c6323e977a0468d6a8.exe
    C:\Users\Admin\Downloads\240919-ptljzsyhnq_a2e81419ead7bab7d3eb56ba49aa57fbc2607d56565483c6323e977a0468d6a8.exe
    3⤵
    PID:6612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 412
      4⤵
      Program crash
      PID:5952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 436
      4⤵
      Program crash
      PID:8248
- - C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
    3⤵
    PID:7096
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
      4⤵
      PID:5676
- - C:\Users\Admin\Downloads\240919-pt2k7syhrl_44b64a395000f678979aceb27b896870f458ed124fa1e4ad9c2acc6491ef84daN.exe
    C:\Users\Admin\Downloads\240919-pt2k7syhrl_44b64a395000f678979aceb27b896870f458ed124fa1e4ad9c2acc6491ef84daN.exe
    3⤵
    PID:7208
  - - C:\Windows\SysWOW64\Pflibgil.exe
      C:\Windows\system32\Pflibgil.exe
      4⤵
      PID:7448
    - - C:\Windows\SysWOW64\Amaqjp32.exe
        
        C:\Windows\system32\Amaqjp32.exe
        5⤵
        
        PID:8164
      - C:\Windows\SysWOW64\Ajhniccb.exe
        
        C:\Windows\system32\Ajhniccb.exe
        6⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\Bgnkhg32.exe
        
        C:\Windows\system32\Bgnkhg32.exe
        7⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\Bfjnjcni.exe
        
        C:\Windows\system32\Bfjnjcni.exe
        8⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Dfamapjo.exe
        
        C:\Windows\system32\Dfamapjo.exe
        9⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Eigonjcj.exe
        
        C:\Windows\system32\Eigonjcj.exe
        10⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\Fdamgb32.exe
        
        C:\Windows\system32\Fdamgb32.exe
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\Gilapgqb.exe
        
        C:\Windows\system32\Gilapgqb.exe
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\Hhknpmma.exe
        
        C:\Windows\system32\Hhknpmma.exe
        13⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\Iahlcaol.exe
        
        C:\Windows\system32\Iahlcaol.exe
        14⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\Jgogbgei.exe
        
        C:\Windows\system32\Jgogbgei.exe
        15⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\Lgffic32.exe
        
        C:\Windows\system32\Lgffic32.exe
        16⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\Mhafeb32.exe
        
        C:\Windows\system32\Mhafeb32.exe
        17⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Nbefdijg.exe
        
        C:\Windows\system32\Nbefdijg.exe
        18⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\Oifeab32.exe
        
        C:\Windows\system32\Oifeab32.exe
        19⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\Pcjiff32.exe
        
        C:\Windows\system32\Pcjiff32.exe
        20⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\Gingkqkd.exe
        
        C:\Windows\system32\Gingkqkd.exe
        21⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\Iinqbn32.exe
        
        C:\Windows\system32\Iinqbn32.exe
        22⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Jdmgfedl.exe
        
        C:\Windows\system32\Jdmgfedl.exe
        23⤵
        
        PID:224
        
        C:\Windows\SysWOW64\Mkohaj32.exe
        
        C:\Windows\system32\Mkohaj32.exe
        24⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\Akqfkp32.exe
        
        C:\Windows\system32\Akqfkp32.exe
        25⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\Cndeii32.exe
        
        C:\Windows\system32\Cndeii32.exe
        26⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        27⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\Hipmfjee.exe
        
        C:\Windows\system32\Hipmfjee.exe
        28⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\Ilqoobdd.exe
        
        C:\Windows\system32\Ilqoobdd.exe
        29⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\Lomqcjie.exe
        
        C:\Windows\system32\Lomqcjie.exe
        30⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\Mogcihaj.exe
        
        C:\Windows\system32\Mogcihaj.exe
        31⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        32⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\Ocgbld32.exe
        
        C:\Windows\system32\Ocgbld32.exe
        33⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\Qfkqjmdg.exe
        
        C:\Windows\system32\Qfkqjmdg.exe
        34⤵
        
        PID:13972
- - C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    3⤵
    PID:7336
  - - C:\Windows\SysWOW64\Agdhbi32.exe
      C:\Windows\system32\Agdhbi32.exe
      4⤵
      PID:8096
    - - C:\Windows\SysWOW64\Amhfkopc.exe
        
        C:\Windows\system32\Amhfkopc.exe
        5⤵
        
        PID:6272
      - C:\Windows\SysWOW64\Bgpgng32.exe
        
        C:\Windows\system32\Bgpgng32.exe
        6⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\Cabomkll.exe
        
        C:\Windows\system32\Cabomkll.exe
        7⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\Cpihcgoa.exe
        
        C:\Windows\system32\Cpihcgoa.exe
        8⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\Dmbbhkjf.exe
        
        C:\Windows\system32\Dmbbhkjf.exe
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\Dinmhkke.exe
        
        C:\Windows\system32\Dinmhkke.exe
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\Eaqdegaj.exe
        
        C:\Windows\system32\Eaqdegaj.exe
        11⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\Fmjaphek.exe
        
        C:\Windows\system32\Fmjaphek.exe
        12⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\Ggnedlao.exe
        
        C:\Windows\system32\Ggnedlao.exe
        13⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\Gpkchqdj.exe
        
        C:\Windows\system32\Gpkchqdj.exe
        14⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\Hncmmd32.exe
        
        C:\Windows\system32\Hncmmd32.exe
        15⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\Ijogmdqm.exe
        
        C:\Windows\system32\Ijogmdqm.exe
        16⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Igjngh32.exe
        
        C:\Windows\system32\Igjngh32.exe
        17⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\Jnkldqkc.exe
        
        C:\Windows\system32\Jnkldqkc.exe
        18⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\Kaehljpj.exe
        
        C:\Windows\system32\Kaehljpj.exe
        19⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\Lejgch32.exe
        
        C:\Windows\system32\Lejgch32.exe
        20⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\Naaqofgj.exe
        
        C:\Windows\system32\Naaqofgj.exe
        21⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\Nimbkc32.exe
        
        C:\Windows\system32\Nimbkc32.exe
        22⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\Papfgbmg.exe
        
        C:\Windows\system32\Papfgbmg.exe
        23⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\Jcphab32.exe
        
        C:\Windows\system32\Jcphab32.exe
        24⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\Kmdlffhj.exe
        
        C:\Windows\system32\Kmdlffhj.exe
        25⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\Neqopnhb.exe
        
        C:\Windows\system32\Neqopnhb.exe
        26⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        27⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\Dkfadkgf.exe
        
        C:\Windows\system32\Dkfadkgf.exe
        28⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\Eicedn32.exe
        
        C:\Windows\system32\Eicedn32.exe
        29⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        30⤵
        
        PID:752
        
        C:\Windows\SysWOW64\Ifomll32.exe
        
        C:\Windows\system32\Ifomll32.exe
        31⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        32⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\Mfnoqc32.exe
        
        C:\Windows\system32\Mfnoqc32.exe
        33⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\Nqmfdj32.exe
        
        C:\Windows\system32\Nqmfdj32.exe
        34⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\Ppahmb32.exe
        
        C:\Windows\system32\Ppahmb32.exe
        35⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\Cdimqm32.exe
        
        C:\Windows\system32\Cdimqm32.exe
        36⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\Egohdegl.exe
        
        C:\Windows\system32\Egohdegl.exe
        37⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\Fecadghc.exe
        
        C:\Windows\system32\Fecadghc.exe
        38⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\Iiopca32.exe
        
        C:\Windows\system32\Iiopca32.exe
        39⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\Lhcali32.exe
        
        C:\Windows\system32\Lhcali32.exe
        40⤵
        
        PID:9116
- - C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    3⤵
    PID:7344
  - - C:\Windows\SysWOW64\mspeupx.exe
      C:\Windows\system32\mspeupx.exe
      4⤵
      PID:5672
  - - C:\Windows\SysWOW64\netpass.exe
      C:\Windows\system32\netpass.exe
      4⤵
      PID:5728
- - C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    3⤵
    PID:7960
  - - C:\Users\Admin\gaikuuh.exe
      "C:\Users\Admin\gaikuuh.exe"
      4⤵
      PID:21232
- - C:\Users\Admin\Downloads\240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe
    3⤵
    PID:5708
- - C:\Users\Admin\Downloads\240919-p16hqszcql_e945f807f1294deb50fed243c01bcf11c8a16f2fcbb6f74189ee1ad4802171beN.exe
    C:\Users\Admin\Downloads\240919-p16hqszcql_e945f807f1294deb50fed243c01bcf11c8a16f2fcbb6f74189ee1ad4802171beN.exe
    3⤵
    PID:5960
  - - C:\Windows\SysWOW64\Cippgm32.exe
      C:\Windows\system32\Cippgm32.exe
      4⤵
      PID:8032
    - - C:\Windows\SysWOW64\Cjaifp32.exe
        
        C:\Windows\system32\Cjaifp32.exe
        5⤵
        
        PID:6192
      - C:\Windows\SysWOW64\Dpehof32.exe
        
        C:\Windows\system32\Dpehof32.exe
        6⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\Edhjqc32.exe
        
        C:\Windows\system32\Edhjqc32.exe
        7⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\Epcdqd32.exe
        
        C:\Windows\system32\Epcdqd32.exe
        8⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\Fphnlcdo.exe
        
        C:\Windows\system32\Fphnlcdo.exe
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\Ggnedlao.exe
        
        C:\Windows\system32\Ggnedlao.exe
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\Giqkkf32.exe
        
        C:\Windows\system32\Giqkkf32.exe
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\Hjhalefe.exe
        
        C:\Windows\system32\Hjhalefe.exe
        12⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\Ijogmdqm.exe
        
        C:\Windows\system32\Ijogmdqm.exe
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\Jhlgfj32.exe
        
        C:\Windows\system32\Jhlgfj32.exe
        14⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\Lalnmiia.exe
        
        C:\Windows\system32\Lalnmiia.exe
        15⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\Mbbagk32.exe
        
        C:\Windows\system32\Mbbagk32.exe
        16⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\Oehlkc32.exe
        
        C:\Windows\system32\Oehlkc32.exe
        17⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Polppg32.exe
        
        C:\Windows\system32\Polppg32.exe
        18⤵
        
        PID:6608
- - C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    3⤵
    PID:7520
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2292
  - - C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
      "C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe"
      4⤵
      PID:4340
- - C:\Users\Admin\Downloads\240919-pzkvmsygja_eb5cf6d6717307d5eaa965b807a9e240_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzkvmsygja_eb5cf6d6717307d5eaa965b807a9e240_JaffaCakes118.exe
    3⤵
    PID:7856
- - C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    3⤵
    PID:5492
  - - C:\Windows\SysWOW64\Dfjgaq32.exe
      C:\Windows\system32\Dfjgaq32.exe
      4⤵
      PID:6596
    - - C:\Windows\SysWOW64\Emlenj32.exe
        
        C:\Windows\system32\Emlenj32.exe
        5⤵
        
        PID:6732
      - C:\Windows\SysWOW64\Gilapgqb.exe
        
        C:\Windows\system32\Gilapgqb.exe
        6⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\Hkjjlhle.exe
        
        C:\Windows\system32\Hkjjlhle.exe
        7⤵
        
        PID:488
        
        C:\Windows\SysWOW64\Jdbhkk32.exe
        
        C:\Windows\system32\Jdbhkk32.exe
        8⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\Kecabifp.exe
        
        C:\Windows\system32\Kecabifp.exe
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\Miofjepg.exe
        
        C:\Windows\system32\Miofjepg.exe
        10⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\Nhkikq32.exe
        
        C:\Windows\system32\Nhkikq32.exe
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\Oampjeml.exe
        
        C:\Windows\system32\Oampjeml.exe
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\Phbhcmjl.exe
        
        C:\Windows\system32\Phbhcmjl.exe
        13⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\Gkmdecbg.exe
        
        C:\Windows\system32\Gkmdecbg.exe
        14⤵
        
        PID:10744
- - C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    3⤵
    PID:5472
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2045.tmp.bat
      4⤵
      PID:12028
- - C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    3⤵
    PID:6416
  - - C:\Windows\SysWOW64\Dhomfc32.exe
      C:\Windows\system32\Dhomfc32.exe
      4⤵
      PID:1624
    - - C:\Windows\SysWOW64\Ejdocm32.exe
        
        C:\Windows\system32\Ejdocm32.exe
        5⤵
        
        PID:7648
      - C:\Windows\SysWOW64\Fhmigagd.exe
        
        C:\Windows\system32\Fhmigagd.exe
        6⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\Fpmggb32.exe
        
        C:\Windows\system32\Fpmggb32.exe
        7⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\Gnjjfegi.exe
        
        C:\Windows\system32\Gnjjfegi.exe
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\Hnaqgd32.exe
        
        C:\Windows\system32\Hnaqgd32.exe
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\Hdpbon32.exe
        
        C:\Windows\system32\Hdpbon32.exe
        10⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\Inmpcc32.exe
        
        C:\Windows\system32\Inmpcc32.exe
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\Jgogbgei.exe
        
        C:\Windows\system32\Jgogbgei.exe
        12⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\Kgmcce32.exe
        
        C:\Windows\system32\Kgmcce32.exe
        13⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 444
        14⤵
        Program crash
        
        PID:7916
- - C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
    C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
    3⤵
    PID:8020
  - - C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
      C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
      4⤵
      PID:14564
- - C:\Users\Admin\Downloads\240919-prg4saycnf_eb57bc34b923b43ab02a7fca45fe2c5d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-prg4saycnf_eb57bc34b923b43ab02a7fca45fe2c5d_JaffaCakes118.exe
    3⤵
    PID:7040
  - - C:\Windows\SysWOW64\provsvc\DevicePairingProxy.exe
      "C:\Windows\SysWOW64\provsvc\DevicePairingProxy.exe"
      4⤵
      PID:7148
- - C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    3⤵
    PID:8048
  - - \??\c:\uboot.bin
      "c:\uboot.bin"
      4⤵
      PID:8252
    - - C:\Windows\SysWOW64\Rundll32.exe
        
        Rundll32.exe C:\Users\Admin\AppData\Local\Temp\uboot.dll,abcLaunchEv
        5⤵
        
        PID:8608
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\uboot.bin > nul
        5⤵
        
        PID:9092
  - - \??\c:\ntboot.bin
      "c:\ntboot.bin"
      4⤵
      PID:8416
    - - C:\Windows\ntsock.exe
        
        "C:\Windows\ntsock.exe"
        5⤵
        
        PID:8412
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\ntboot.bin > nul
        5⤵
        
        PID:10528
  - - C:\Windows\ntsys.exe
      "C:\Windows\ntsys.exe"
      4⤵
      PID:5524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 532
      4⤵
      Program crash
      PID:10792
- - C:\Users\Admin\Downloads\240919-pjw8qsxhjh_eb52da90f75ae832560266690ab5eb46_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pjw8qsxhjh_eb52da90f75ae832560266690ab5eb46_JaffaCakes118.exe
    3⤵
    PID:5848
- - C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    3⤵
    PID:8628
- - C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    3⤵
    PID:8260
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Overtippling=Get-Content 'C:\Users\Admin\AppData\Local\Temp\boilinglike\vaporarium\Salvelsesfuld\Belabored.Pra75';$Grundkursets=$Overtippling.SubString(55723,3);.$Grundkursets($Overtippling)
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:8604
- - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    3⤵
    PID:8344
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:10416
  - - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
      "C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe"
      4⤵
      PID:14324
  - - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
      "C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe"
      4⤵
      PID:9328
- - C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    3⤵
    PID:8776
- - C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    3⤵
    PID:7500
  - - C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      4⤵
      PID:8860
- - C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
    C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
    3⤵
    PID:8652
  - - C:\Users\Admin\AppData\Local\Hymenophyllaceae\nonsubmerged.exe
      C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
      4⤵
      PID:11968
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        
        C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
        5⤵
        
        PID:5576
- - C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    3⤵
    PID:9420
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:16440
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\BtEYlavlla.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:24204
- - C:\Users\Admin\Downloads\240919-prr9raygpm_4d6281b866aeaf5b5c58f3fe792e2b9ff4a022b449a48e2b417fb045a353dbcaN.exe
    C:\Users\Admin\Downloads\240919-prr9raygpm_4d6281b866aeaf5b5c58f3fe792e2b9ff4a022b449a48e2b417fb045a353dbcaN.exe
    3⤵
    PID:10976
  - - C:\Windows\SysWOW64\Gipdap32.exe
      C:\Windows\system32\Gipdap32.exe
      4⤵
      PID:10808
    - - C:\Windows\SysWOW64\Injmcmej.exe
        
        C:\Windows\system32\Injmcmej.exe
        5⤵
        
        PID:6680
      - C:\Windows\SysWOW64\Jpaleglc.exe
        
        C:\Windows\system32\Jpaleglc.exe
        6⤵
        
        PID:10928
- - C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    3⤵
    PID:4512
  - - C:\Windows\SysWOW64\Hlambk32.exe
      C:\Windows\system32\Hlambk32.exe
      4⤵
      PID:11148
    - - C:\Windows\SysWOW64\Idhnkf32.exe
        
        C:\Windows\system32\Idhnkf32.exe
        5⤵
        
        PID:5876
      - C:\Windows\SysWOW64\Jgpmmp32.exe
        
        C:\Windows\system32\Jgpmmp32.exe
        6⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\Kmfhkf32.exe
        
        C:\Windows\system32\Kmfhkf32.exe
        7⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\Njkkbehl.exe
        
        C:\Windows\system32\Njkkbehl.exe
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Alnfpcag.exe
        
        C:\Windows\system32\Alnfpcag.exe
        9⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\Bheplb32.exe
        
        C:\Windows\system32\Bheplb32.exe
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\Dbbffdlq.exe
        
        C:\Windows\system32\Dbbffdlq.exe
        11⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\Epmmqheb.exe
        
        C:\Windows\system32\Epmmqheb.exe
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\Gbalopbn.exe
        
        C:\Windows\system32\Gbalopbn.exe
        13⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\Iinjhh32.exe
        
        C:\Windows\system32\Iinjhh32.exe
        14⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\Jlolpq32.exe
        
        C:\Windows\system32\Jlolpq32.exe
        15⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\Mmfkhmdi.exe
        
        C:\Windows\system32\Mmfkhmdi.exe
        16⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\Ncnofeof.exe
        
        C:\Windows\system32\Ncnofeof.exe
        17⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\Ojajin32.exe
        
        C:\Windows\system32\Ojajin32.exe
        18⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\Ahaceo32.exe
        
        C:\Windows\system32\Ahaceo32.exe
        19⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\Dojqjdbl.exe
        
        C:\Windows\system32\Dojqjdbl.exe
        20⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\Eqiibjlj.exe
        
        C:\Windows\system32\Eqiibjlj.exe
        21⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\Hlmchoan.exe
        
        C:\Windows\system32\Hlmchoan.exe
        22⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\Ipkdek32.exe
        
        C:\Windows\system32\Ipkdek32.exe
        23⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\Lpochfji.exe
        
        C:\Windows\system32\Lpochfji.exe
        24⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\Oiagde32.exe
        
        C:\Windows\system32\Oiagde32.exe
        25⤵
        
        PID:19828
        
        C:\Windows\SysWOW64\Hejjanpm.exe
        
        C:\Windows\system32\Hejjanpm.exe
        26⤵
        
        PID:17236
        
        C:\Windows\SysWOW64\Jnbgaa32.exe
        
        C:\Windows\system32\Jnbgaa32.exe
        27⤵
        
        PID:18332
        
        C:\Windows\SysWOW64\Klgqabib.exe
        
        C:\Windows\system32\Klgqabib.exe
        28⤵
        
        PID:15572
        
        C:\Windows\SysWOW64\Odbgdp32.exe
        
        C:\Windows\system32\Odbgdp32.exe
        29⤵
        
        PID:21064
        
        C:\Windows\SysWOW64\Afnlpohj.exe
        
        C:\Windows\system32\Afnlpohj.exe
        30⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\Albkieqj.exe
        
        C:\Windows\system32\Albkieqj.exe
        31⤵
        
        PID:23352
        
        C:\Windows\SysWOW64\Dlncla32.exe
        
        C:\Windows\system32\Dlncla32.exe
        32⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\Jclljaei.exe
        
        C:\Windows\system32\Jclljaei.exe
        33⤵
        
        PID:18276
        
        C:\Windows\SysWOW64\Leqkeajd.exe
        
        C:\Windows\system32\Leqkeajd.exe
        34⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Ohnljine.exe
        
        C:\Windows\system32\Ohnljine.exe
        35⤵
        
        PID:17028
        
        C:\Windows\SysWOW64\Qbkcek32.exe
        
        C:\Windows\system32\Qbkcek32.exe
        36⤵
        
        PID:21348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        32⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        32⤵
        
        PID:23300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        27⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        27⤵
        
        PID:5812
- - C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    3⤵
    PID:9208
  - - C:\Windows\System32\OTBMFiy.exe
      C:\Windows\System32\OTBMFiy.exe
      4⤵
      PID:8224
  - - C:\Windows\System32\dermujf.exe
      C:\Windows\System32\dermujf.exe
      4⤵
      PID:5564
  - - C:\Windows\System32\LcBQsMr.exe
      C:\Windows\System32\LcBQsMr.exe
      4⤵
      PID:6820
  - - C:\Windows\System32\fDvinsj.exe
      C:\Windows\System32\fDvinsj.exe
      4⤵
      PID:2472
  - - C:\Windows\System32\GdbfpPb.exe
      C:\Windows\System32\GdbfpPb.exe
      4⤵
      PID:10640
  - - C:\Windows\System32\gMivAdB.exe
      C:\Windows\System32\gMivAdB.exe
      4⤵
      PID:10712
  - - C:\Windows\System32\BmLDCHK.exe
      C:\Windows\System32\BmLDCHK.exe
      4⤵
      PID:10776
  - - C:\Windows\System32\xFNkYgo.exe
      C:\Windows\System32\xFNkYgo.exe
      4⤵
      PID:2480
  - - C:\Windows\System32\mWkIFGW.exe
      C:\Windows\System32\mWkIFGW.exe
      4⤵
      PID:11220
  - - C:\Windows\System32\UmLuNsb.exe
      C:\Windows\System32\UmLuNsb.exe
      4⤵
      PID:9732
  - - C:\Windows\System32\morMQMV.exe
      C:\Windows\System32\morMQMV.exe
      4⤵
      PID:8240
  - - C:\Windows\System32\QqdMNAh.exe
      C:\Windows\System32\QqdMNAh.exe
      4⤵
      PID:5188
  - - C:\Windows\System32\aeGpOxZ.exe
      C:\Windows\System32\aeGpOxZ.exe
      4⤵
      PID:8104
  - - C:\Windows\System32\HERzfKO.exe
      C:\Windows\System32\HERzfKO.exe
      4⤵
      PID:6740
  - - C:\Windows\System32\kYXoclD.exe
      C:\Windows\System32\kYXoclD.exe
      4⤵
      PID:6076
  - - C:\Windows\System32\wMItQoM.exe
      C:\Windows\System32\wMItQoM.exe
      4⤵
      PID:10616
  - - C:\Windows\System32\nAFWykr.exe
      C:\Windows\System32\nAFWykr.exe
      4⤵
      PID:9684
  - - C:\Windows\System32\AvjPbiV.exe
      C:\Windows\System32\AvjPbiV.exe
      4⤵
      PID:4200
  - - C:\Windows\System32\TqAwcJx.exe
      C:\Windows\System32\TqAwcJx.exe
      4⤵
      PID:4816
  - - C:\Windows\System32\gAZSwWN.exe
      C:\Windows\System32\gAZSwWN.exe
      4⤵
      PID:10548
  - - C:\Windows\System32\adXRgii.exe
      C:\Windows\System32\adXRgii.exe
      4⤵
      PID:10144
  - - C:\Windows\System32\AmnjGNH.exe
      C:\Windows\System32\AmnjGNH.exe
      4⤵
      PID:6856
  - - C:\Windows\System32\QmvkgSD.exe
      C:\Windows\System32\QmvkgSD.exe
      4⤵
      PID:8392
  - - C:\Windows\System32\NUsQTbZ.exe
      C:\Windows\System32\NUsQTbZ.exe
      4⤵
      PID:11904
  - - C:\Windows\System32\DTvHazx.exe
      C:\Windows\System32\DTvHazx.exe
      4⤵
      PID:11928
  - - C:\Windows\System32\qdlrLVR.exe
      C:\Windows\System32\qdlrLVR.exe
      4⤵
      PID:12216
  - - C:\Windows\System32\ZSxfYCd.exe
      C:\Windows\System32\ZSxfYCd.exe
      4⤵
      PID:11284
  - - C:\Windows\System32\fnlqdBN.exe
      C:\Windows\System32\fnlqdBN.exe
      4⤵
      PID:11320
  - - C:\Windows\System32\VMUYCPf.exe
      C:\Windows\System32\VMUYCPf.exe
      4⤵
      PID:3068
  - - C:\Windows\System32\OYvxouS.exe
      C:\Windows\System32\OYvxouS.exe
      4⤵
      PID:12996
  - - C:\Windows\System32\WfLAovJ.exe
      C:\Windows\System32\WfLAovJ.exe
      4⤵
      PID:13364
  - - C:\Windows\System32\XjlkgzQ.exe
      C:\Windows\System32\XjlkgzQ.exe
      4⤵
      PID:13380
  - - C:\Windows\System32\IltsYUm.exe
      C:\Windows\System32\IltsYUm.exe
      4⤵
      PID:13828
  - - C:\Windows\System32\EzRXhww.exe
      C:\Windows\System32\EzRXhww.exe
      4⤵
      PID:13844
  - - C:\Windows\System32\uyMzaTK.exe
      C:\Windows\System32\uyMzaTK.exe
      4⤵
      PID:13864
  - - C:\Windows\System32\IkORFMN.exe
      C:\Windows\System32\IkORFMN.exe
      4⤵
      PID:14236
  - - C:\Windows\System32\ljcAZcj.exe
      C:\Windows\System32\ljcAZcj.exe
      4⤵
      PID:14296
  - - C:\Windows\System32\KCvKQxK.exe
      C:\Windows\System32\KCvKQxK.exe
      4⤵
      PID:12844
  - - C:\Windows\System32\krampHA.exe
      C:\Windows\System32\krampHA.exe
      4⤵
      PID:12608
  - - C:\Windows\System32\mUCufsK.exe
      C:\Windows\System32\mUCufsK.exe
      4⤵
      PID:12952
  - - C:\Windows\System32\isGxIiU.exe
      C:\Windows\System32\isGxIiU.exe
      4⤵
      PID:13104
  - - C:\Windows\System32\erzhUXo.exe
      C:\Windows\System32\erzhUXo.exe
      4⤵
      PID:13440
  - - C:\Windows\System32\cjGLgCE.exe
      C:\Windows\System32\cjGLgCE.exe
      4⤵
      PID:13156
  - - C:\Windows\System32\hoXqxlt.exe
      C:\Windows\System32\hoXqxlt.exe
      4⤵
      PID:13448
  - - C:\Windows\System32\dFQzvxg.exe
      C:\Windows\System32\dFQzvxg.exe
      4⤵
      PID:8748
  - - C:\Windows\System32\WNYprwY.exe
      C:\Windows\System32\WNYprwY.exe
      4⤵
      PID:14104
  - - C:\Windows\System32\zvzGAMR.exe
      C:\Windows\System32\zvzGAMR.exe
      4⤵
      PID:10064
  - - C:\Windows\System32\RtIhGDn.exe
      C:\Windows\System32\RtIhGDn.exe
      4⤵
      PID:1992
  - - C:\Windows\System32\GEVgEBv.exe
      C:\Windows\System32\GEVgEBv.exe
      4⤵
      PID:11768
  - - C:\Windows\System32\gHZclKt.exe
      C:\Windows\System32\gHZclKt.exe
      4⤵
      PID:8236
  - - C:\Windows\System32\QIloFMQ.exe
      C:\Windows\System32\QIloFMQ.exe
      4⤵
      PID:13404
  - - C:\Windows\System32\ulmkpKE.exe
      C:\Windows\System32\ulmkpKE.exe
      4⤵
      PID:13840
  - - C:\Windows\System32\djfnGMd.exe
      C:\Windows\System32\djfnGMd.exe
      4⤵
      PID:4688
  - - C:\Windows\System32\OjNMscv.exe
      C:\Windows\System32\OjNMscv.exe
      4⤵
      PID:12984
  - - C:\Windows\System32\AQbYZzp.exe
      C:\Windows\System32\AQbYZzp.exe
      4⤵
      PID:3368
  - - C:\Windows\System32\saZKBNu.exe
      C:\Windows\System32\saZKBNu.exe
      4⤵
      PID:12292
  - - C:\Windows\System32\CgFHllF.exe
      C:\Windows\System32\CgFHllF.exe
      4⤵
      PID:4076
  - - C:\Windows\System32\JOnLPHj.exe
      C:\Windows\System32\JOnLPHj.exe
      4⤵
      PID:9956
  - - C:\Windows\System32\PcVyuoq.exe
      C:\Windows\System32\PcVyuoq.exe
      4⤵
      PID:12040
  - - C:\Windows\System32\SzzSyeA.exe
      C:\Windows\System32\SzzSyeA.exe
      4⤵
      PID:13804
  - - C:\Windows\System32\eSKCnnd.exe
      C:\Windows\System32\eSKCnnd.exe
      4⤵
      PID:7928
  - - C:\Windows\System32\aKwLGqI.exe
      C:\Windows\System32\aKwLGqI.exe
      4⤵
      PID:14596
  - - C:\Windows\System32\hFDJmkP.exe
      C:\Windows\System32\hFDJmkP.exe
      4⤵
      PID:13336
  - - C:\Windows\System32\EgYRRrW.exe
      C:\Windows\System32\EgYRRrW.exe
      4⤵
      PID:14348
  - - C:\Windows\System32\dsnEoFC.exe
      C:\Windows\System32\dsnEoFC.exe
      4⤵
      PID:15412
  - - C:\Windows\System32\zfYxajh.exe
      C:\Windows\System32\zfYxajh.exe
      4⤵
      PID:7000
  - - C:\Windows\System32\OfRjmqp.exe
      C:\Windows\System32\OfRjmqp.exe
      4⤵
      PID:19904
  - - C:\Windows\System32\CEEojIn.exe
      C:\Windows\System32\CEEojIn.exe
      4⤵
      PID:20576
  - - C:\Windows\System32\uHpZvjC.exe
      C:\Windows\System32\uHpZvjC.exe
      4⤵
      PID:24448
  - - C:\Windows\System32\mDDNYgz.exe
      C:\Windows\System32\mDDNYgz.exe
      4⤵
      PID:17208
  - - C:\Windows\System32\JtPGPsv.exe
      C:\Windows\System32\JtPGPsv.exe
      4⤵
      PID:18832
  - - C:\Windows\System32\mNCoeYI.exe
      C:\Windows\System32\mNCoeYI.exe
      4⤵
      PID:18848
  - - C:\Windows\System32\kBwIBtM.exe
      C:\Windows\System32\kBwIBtM.exe
      4⤵
      PID:18868
  - - C:\Windows\System32\uhdXsmg.exe
      C:\Windows\System32\uhdXsmg.exe
      4⤵
      PID:18884
  - - C:\Windows\System32\BvUquHe.exe
      C:\Windows\System32\BvUquHe.exe
      4⤵
      PID:19876
  - - C:\Windows\System32\SXPYdgN.exe
      C:\Windows\System32\SXPYdgN.exe
      4⤵
      PID:20120
  - - C:\Windows\System32\lzDCUoO.exe
      C:\Windows\System32\lzDCUoO.exe
      4⤵
      PID:16076
  - - C:\Windows\System32\IBnsAKH.exe
      C:\Windows\System32\IBnsAKH.exe
      4⤵
      PID:15248
  - - C:\Windows\System32\VDbEXDO.exe
      C:\Windows\System32\VDbEXDO.exe
      4⤵
      PID:20660
  - - C:\Windows\System32\LaOvlmy.exe
      C:\Windows\System32\LaOvlmy.exe
      4⤵
      PID:20696
  - - C:\Windows\System32\VQaULDV.exe
      C:\Windows\System32\VQaULDV.exe
      4⤵
      PID:24492
  - - C:\Windows\System32\rUWoQeX.exe
      C:\Windows\System32\rUWoQeX.exe
      4⤵
      PID:24512
  - - C:\Windows\System32\xTMvvtp.exe
      C:\Windows\System32\xTMvvtp.exe
      4⤵
      PID:21180
  - - C:\Windows\System32\UKTgsnV.exe
      C:\Windows\System32\UKTgsnV.exe
      4⤵
      PID:15548
  - - C:\Windows\System32\SONZdOU.exe
      C:\Windows\System32\SONZdOU.exe
      4⤵
      PID:15880
  - - C:\Windows\System32\dkXbcvK.exe
      C:\Windows\System32\dkXbcvK.exe
      4⤵
      PID:15896
  - - C:\Windows\System32\owPOXUi.exe
      C:\Windows\System32\owPOXUi.exe
      4⤵
      PID:14832
  - - C:\Windows\System32\jniLprK.exe
      C:\Windows\System32\jniLprK.exe
      4⤵
      PID:21440
  - - C:\Windows\System32\imrikqB.exe
      C:\Windows\System32\imrikqB.exe
      4⤵
      PID:21472
  - - C:\Windows\System32\TFtXKQI.exe
      C:\Windows\System32\TFtXKQI.exe
      4⤵
      PID:22076
  - - C:\Windows\System32\eRwMcNn.exe
      C:\Windows\System32\eRwMcNn.exe
      4⤵
      PID:22188
  - - C:\Windows\System32\gLbMkZY.exe
      C:\Windows\System32\gLbMkZY.exe
      4⤵
      PID:22580
  - - C:\Windows\System32\NxOHVLJ.exe
      C:\Windows\System32\NxOHVLJ.exe
      4⤵
      PID:22548
  - - C:\Windows\System32\Kdttzna.exe
      C:\Windows\System32\Kdttzna.exe
      4⤵
      PID:23032
  - - C:\Windows\System32\CBqTtgm.exe
      C:\Windows\System32\CBqTtgm.exe
      4⤵
      PID:23128
  - - C:\Windows\System32\abYrAUJ.exe
      C:\Windows\System32\abYrAUJ.exe
      4⤵
      PID:23192
  - - C:\Windows\System32\vaXaplc.exe
      C:\Windows\System32\vaXaplc.exe
      4⤵
      PID:23160
  - - C:\Windows\System32\yRfcHNI.exe
      C:\Windows\System32\yRfcHNI.exe
      4⤵
      PID:15220
  - - C:\Windows\System32\WSKMZHL.exe
      C:\Windows\System32\WSKMZHL.exe
      4⤵
      PID:15244
  - - C:\Windows\System32\atIxzRO.exe
      C:\Windows\System32\atIxzRO.exe
      4⤵
      PID:15288
  - - C:\Windows\System32\MANzHEn.exe
      C:\Windows\System32\MANzHEn.exe
      4⤵
      PID:6636
  - - C:\Windows\System32\USZyeRd.exe
      C:\Windows\System32\USZyeRd.exe
      4⤵
      PID:8136
  - - C:\Windows\System32\KEZVofk.exe
      C:\Windows\System32\KEZVofk.exe
      4⤵
      PID:22848
  - - C:\Windows\System32\YRMiHJI.exe
      C:\Windows\System32\YRMiHJI.exe
      4⤵
      PID:11524
  - - C:\Windows\System32\ONUdXPZ.exe
      C:\Windows\System32\ONUdXPZ.exe
      4⤵
      PID:23396
  - - C:\Windows\System32\DiorrNR.exe
      C:\Windows\System32\DiorrNR.exe
      4⤵
      PID:6900
  - - C:\Windows\System32\ZAJWDpa.exe
      C:\Windows\System32\ZAJWDpa.exe
      4⤵
      PID:14984
  - - C:\Windows\System32\wywKlol.exe
      C:\Windows\System32\wywKlol.exe
      4⤵
      PID:22864
  - - C:\Windows\System32\tzqngHQ.exe
      C:\Windows\System32\tzqngHQ.exe
      4⤵
      PID:18984
  - - C:\Windows\System32\gTxGuEp.exe
      C:\Windows\System32\gTxGuEp.exe
      4⤵
      PID:7560
  - - C:\Windows\System32\gubVYXy.exe
      C:\Windows\System32\gubVYXy.exe
      4⤵
      PID:24528
  - - C:\Windows\System32\qiSgAFR.exe
      C:\Windows\System32\qiSgAFR.exe
      4⤵
      PID:16688
  - - C:\Windows\System32\AYbYCNL.exe
      C:\Windows\System32\AYbYCNL.exe
      4⤵
      PID:20920
  - - C:\Windows\System32\wYVEsDx.exe
      C:\Windows\System32\wYVEsDx.exe
      4⤵
      PID:6080
  - - C:\Windows\System32\AFuCfeX.exe
      C:\Windows\System32\AFuCfeX.exe
      4⤵
      PID:14560
  - - C:\Windows\System32\eydcuAF.exe
      C:\Windows\System32\eydcuAF.exe
      4⤵
      PID:17688
  - - C:\Windows\System32\NvRRfrM.exe
      C:\Windows\System32\NvRRfrM.exe
      4⤵
      PID:16480
  - - C:\Windows\System32\LRiCjDw.exe
      C:\Windows\System32\LRiCjDw.exe
      4⤵
      PID:16576
  - - C:\Windows\System32\aIeGHcs.exe
      C:\Windows\System32\aIeGHcs.exe
      4⤵
      PID:8384
  - - C:\Windows\System32\nSthljJ.exe
      C:\Windows\System32\nSthljJ.exe
      4⤵
      PID:9212
  - - C:\Windows\System32\OEjSvLJ.exe
      C:\Windows\System32\OEjSvLJ.exe
      4⤵
      PID:18020
  - - C:\Windows\System32\QJrADyi.exe
      C:\Windows\System32\QJrADyi.exe
      4⤵
      PID:13428
  - - C:\Windows\System32\DqAZKfh.exe
      C:\Windows\System32\DqAZKfh.exe
      4⤵
      PID:21388
  - - C:\Windows\System32\amvpQcj.exe
      C:\Windows\System32\amvpQcj.exe
      4⤵
      PID:15436
  - - C:\Windows\System32\nkyAzwR.exe
      C:\Windows\System32\nkyAzwR.exe
      4⤵
      PID:11824
  - - C:\Windows\System32\MZMUYGY.exe
      C:\Windows\System32\MZMUYGY.exe
      4⤵
      PID:16700
  - - C:\Windows\System32\VuDCsSm.exe
      C:\Windows\System32\VuDCsSm.exe
      4⤵
      PID:18776
  - - C:\Windows\System32\bTfSpPL.exe
      C:\Windows\System32\bTfSpPL.exe
      4⤵
      PID:18564
  - - C:\Windows\System32\wRmlijX.exe
      C:\Windows\System32\wRmlijX.exe
      4⤵
      PID:18604
  - - C:\Windows\System32\ydQerKL.exe
      C:\Windows\System32\ydQerKL.exe
      4⤵
      PID:18844
  - - C:\Windows\System32\inwcDDs.exe
      C:\Windows\System32\inwcDDs.exe
      4⤵
      PID:20612
  - - C:\Windows\System32\JYKPqBS.exe
      C:\Windows\System32\JYKPqBS.exe
      4⤵
      PID:20684
  - - C:\Windows\System32\xXZudbG.exe
      C:\Windows\System32\xXZudbG.exe
      4⤵
      PID:15700
  - - C:\Windows\System32\pqRIXFU.exe
      C:\Windows\System32\pqRIXFU.exe
      4⤵
      PID:21296
  - - C:\Windows\System32\ZYQVtje.exe
      C:\Windows\System32\ZYQVtje.exe
      4⤵
      PID:21516
  - - C:\Windows\System32\RKdDILZ.exe
      C:\Windows\System32\RKdDILZ.exe
      4⤵
      PID:2016
  - - C:\Windows\System32\bzYMjFx.exe
      C:\Windows\System32\bzYMjFx.exe
      4⤵
      PID:21764
  - - C:\Windows\System32\eCyaiUr.exe
      C:\Windows\System32\eCyaiUr.exe
      4⤵
      PID:21824
  - - C:\Windows\System32\mLrjtZw.exe
      C:\Windows\System32\mLrjtZw.exe
      4⤵
      PID:21888
  - - C:\Windows\System32\uWmBagB.exe
      C:\Windows\System32\uWmBagB.exe
      4⤵
      PID:2064
  - - C:\Windows\System32\QxhKyZM.exe
      C:\Windows\System32\QxhKyZM.exe
      4⤵
      PID:4412
  - - C:\Windows\System32\HNzNAiQ.exe
      C:\Windows\System32\HNzNAiQ.exe
      4⤵
      PID:6196
  - - C:\Windows\System32\spkcmkJ.exe
      C:\Windows\System32\spkcmkJ.exe
      4⤵
      PID:22868
  - - C:\Windows\System32\PzIrfIz.exe
      C:\Windows\System32\PzIrfIz.exe
      4⤵
      PID:23164
  - - C:\Windows\System32\MwouZOl.exe
      C:\Windows\System32\MwouZOl.exe
      4⤵
      PID:4368
  - - C:\Windows\System32\dGxGCSn.exe
      C:\Windows\System32\dGxGCSn.exe
      4⤵
      PID:12772
  - - C:\Windows\System32\tGuwUcf.exe
      C:\Windows\System32\tGuwUcf.exe
      4⤵
      PID:11316
  - - C:\Windows\System32\GrPYtfL.exe
      C:\Windows\System32\GrPYtfL.exe
      4⤵
      PID:10552
  - - C:\Windows\System32\kLsZnKX.exe
      C:\Windows\System32\kLsZnKX.exe
      4⤵
      PID:16940
  - - C:\Windows\System32\vpEisme.exe
      C:\Windows\System32\vpEisme.exe
      4⤵
      PID:18636
  - - C:\Windows\System32\aieCbXS.exe
      C:\Windows\System32\aieCbXS.exe
      4⤵
      PID:18700
  - - C:\Windows\System32\XIeasZf.exe
      C:\Windows\System32\XIeasZf.exe
      4⤵
      PID:18756
  - - C:\Windows\System32\vefZgPu.exe
      C:\Windows\System32\vefZgPu.exe
      4⤵
      PID:17612
  - - C:\Windows\System32\bwVFSWV.exe
      C:\Windows\System32\bwVFSWV.exe
      4⤵
      PID:16248
  - - C:\Windows\System32\TdkbSXn.exe
      C:\Windows\System32\TdkbSXn.exe
      4⤵
      PID:20068
  - - C:\Windows\System32\EYROTwI.exe
      C:\Windows\System32\EYROTwI.exe
      4⤵
      PID:12264
  - - C:\Windows\System32\wLUdkMN.exe
      C:\Windows\System32\wLUdkMN.exe
      4⤵
      PID:19388
  - - C:\Windows\System32\hJqeqpO.exe
      C:\Windows\System32\hJqeqpO.exe
      4⤵
      PID:15628
  - - C:\Windows\System32\ZbJBYhU.exe
      C:\Windows\System32\ZbJBYhU.exe
      4⤵
      PID:15480
  - - C:\Windows\System32\PDdeUxH.exe
      C:\Windows\System32\PDdeUxH.exe
      4⤵
      PID:23912
  - - C:\Windows\System32\bLdxULz.exe
      C:\Windows\System32\bLdxULz.exe
      4⤵
      PID:21752
  - - C:\Windows\System32\lkzcTSs.exe
      C:\Windows\System32\lkzcTSs.exe
      4⤵
      PID:21276
  - - C:\Windows\System32\vbhSuAl.exe
      C:\Windows\System32\vbhSuAl.exe
      4⤵
      PID:2212
  - - C:\Windows\System32\wdqXGCK.exe
      C:\Windows\System32\wdqXGCK.exe
      4⤵
      PID:23108
  - - C:\Windows\System32\gdrVwBi.exe
      C:\Windows\System32\gdrVwBi.exe
      4⤵
      PID:19148
  - - C:\Windows\System32\NdibdBk.exe
      C:\Windows\System32\NdibdBk.exe
      4⤵
      PID:19324
  - - C:\Windows\System32\wwxPDoZ.exe
      C:\Windows\System32\wwxPDoZ.exe
      4⤵
      PID:14700
  - - C:\Windows\System32\dYlxzbP.exe
      C:\Windows\System32\dYlxzbP.exe
      4⤵
      PID:22908
  - - C:\Windows\System32\XdwcwTw.exe
      C:\Windows\System32\XdwcwTw.exe
      4⤵
      PID:3336
  - - C:\Windows\System32\xaSFCoZ.exe
      C:\Windows\System32\xaSFCoZ.exe
      4⤵
      PID:23968
  - - C:\Windows\System32\CBwNeOI.exe
      C:\Windows\System32\CBwNeOI.exe
      4⤵
      PID:15116
  - - C:\Windows\System32\yuGOHWo.exe
      C:\Windows\System32\yuGOHWo.exe
      4⤵
      PID:3896
  - - C:\Windows\System32\csyLpOq.exe
      C:\Windows\System32\csyLpOq.exe
      4⤵
      PID:24460
  - - C:\Windows\System32\gJJiIOg.exe
      C:\Windows\System32\gJJiIOg.exe
      4⤵
      PID:15204
  - - C:\Windows\System32\GqOlpoL.exe
      C:\Windows\System32\GqOlpoL.exe
      4⤵
      PID:4732
  - - C:\Windows\System32\GvBHBjg.exe
      C:\Windows\System32\GvBHBjg.exe
      4⤵
      PID:23248
  - - C:\Windows\System32\FZlMHdP.exe
      C:\Windows\System32\FZlMHdP.exe
      4⤵
      PID:4440
  - - C:\Windows\System32\IANPXcu.exe
      C:\Windows\System32\IANPXcu.exe
      4⤵
      PID:18220
- - C:\Users\Admin\Downloads\240919-pzx5zaygkf_eb5d25e57d93a06a9b1fe1170d52ac35_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzx5zaygkf_eb5d25e57d93a06a9b1fe1170d52ac35_JaffaCakes118.exe
    3⤵
    PID:10324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 264
      4⤵
      Program crash
      PID:9000
- - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    3⤵
    PID:10420
  - - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe"
      4⤵
      PID:1196
- - C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    3⤵
    PID:7364
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
      "C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe"
      4⤵
      PID:12284
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        
        "C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe"
        5⤵
        
        PID:11880
- - C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    3⤵
    PID:348
  - - C:\backup.exe
      C:\backup.exe C:\
      4⤵
      PID:11360
    - - C:\PerfLogs\backup.exe
        
        C:\PerfLogs\backup.exe C:\PerfLogs\
        5⤵
        
        PID:11752
    - - C:\Program Files\backup.exe
        
        "C:\Program Files\backup.exe" C:\Program Files\
        5⤵
        
        PID:7104
      - C:\Program Files\7-Zip\backup.exe
        
        "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
        6⤵
        
        PID:13976
        
        C:\Program Files\7-Zip\Lang\backup.exe
        
        "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
        7⤵
        
        PID:15488
      - C:\Program Files\Common Files\backup.exe
        
        "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
        6⤵
        
        PID:17216
        
        C:\Program Files\Common Files\DESIGNER\backup.exe
        
        "C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\
        7⤵
        
        PID:2248
        
        C:\Program Files\Common Files\microsoft shared\backup.exe
        
        "C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\
        7⤵
        
        PID:19132
        
        C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
        
        "C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\
        8⤵
        
        PID:24416
        
        C:\Program Files\Common Files\Services\backup.exe
        
        "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
        7⤵
        
        PID:20832
      - C:\Program Files\Crashpad\backup.exe
        
        "C:\Program Files\Crashpad\backup.exe" C:\Program Files\Crashpad\
        6⤵
        
        PID:16644
        
        C:\Program Files\Crashpad\attachments\backup.exe
        
        "C:\Program Files\Crashpad\attachments\backup.exe" C:\Program Files\Crashpad\attachments\
        7⤵
        
        PID:24348
      - C:\Program Files\dotnet\backup.exe
        
        "C:\Program Files\dotnet\backup.exe" C:\Program Files\dotnet\
        6⤵
        
        PID:9520
    - - C:\Program Files (x86)\data.exe
        
        "C:\Program Files (x86)\data.exe" C:\Program Files (x86)\
        5⤵
        
        PID:24396
      - C:\Program Files (x86)\Adobe\backup.exe
        
        "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
        6⤵
        
        PID:20540
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\
        7⤵
        
        PID:3836
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\
        8⤵
        
        PID:8964
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
        8⤵
        
        PID:20128
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\
        9⤵
        
        PID:21284
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\
        9⤵
        
        PID:15972
        
        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\
        8⤵
        
        PID:17200
      - C:\Program Files (x86)\Google\update.exe
        
        "C:\Program Files (x86)\Google\update.exe" C:\Program Files (x86)\Google\
        6⤵
        
        PID:16044
      - C:\Program Files (x86)\Internet Explorer\backup.exe
        
        "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
        6⤵
        
        PID:22384
    - - C:\Users\backup.exe
        
        C:\Users\backup.exe C:\Users\
        5⤵
        
        PID:18132
      - C:\Users\Admin\backup.exe
        
        C:\Users\Admin\backup.exe C:\Users\Admin\
        6⤵
        
        PID:16532
    - - C:\Windows\update.exe
        
        C:\Windows\update.exe C:\Windows\
        5⤵
        
        PID:16060
- - C:\Users\Admin\Downloads\240919-pmgx8ayenp_24a81e1b909c4155a7a4d818e281dc6f183501204300661b55ec404b94020b25N.exe
    C:\Users\Admin\Downloads\240919-pmgx8ayenp_24a81e1b909c4155a7a4d818e281dc6f183501204300661b55ec404b94020b25N.exe
    3⤵
    PID:6488
  - - C:\Windows\SysWOW64\Mcjmel32.exe
      C:\Windows\system32\Mcjmel32.exe
      4⤵
      PID:9876
    - - C:\Windows\SysWOW64\Ohmhmh32.exe
        
        C:\Windows\system32\Ohmhmh32.exe
        5⤵
        
        PID:10152
      - C:\Windows\SysWOW64\Cfkmkf32.exe
        
        C:\Windows\system32\Cfkmkf32.exe
        6⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\Dkceokii.exe
        
        C:\Windows\system32\Dkceokii.exe
        7⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\Enpmld32.exe
        
        C:\Windows\system32\Enpmld32.exe
        8⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\Gmdcfidg.exe
        
        C:\Windows\system32\Gmdcfidg.exe
        9⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\Iliinc32.exe
        
        C:\Windows\system32\Iliinc32.exe
        10⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\Jniood32.exe
        
        C:\Windows\system32\Jniood32.exe
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\Llodgnja.exe
        
        C:\Windows\system32\Llodgnja.exe
        12⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\Nggnadib.exe
        
        C:\Windows\system32\Nggnadib.exe
        13⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\Aknbkjfh.exe
        
        C:\Windows\system32\Aknbkjfh.exe
        14⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\Chdialdl.exe
        
        C:\Windows\system32\Chdialdl.exe
        15⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\Ebaplnie.exe
        
        C:\Windows\system32\Ebaplnie.exe
        16⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\Fniihmpf.exe
        
        C:\Windows\system32\Fniihmpf.exe
        17⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\Gngeik32.exe
        
        C:\Windows\system32\Gngeik32.exe
        18⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\Ipihpkkd.exe
        
        C:\Windows\system32\Ipihpkkd.exe
        19⤵
        
        PID:14008
        
        C:\Windows\SysWOW64\Kibeoo32.exe
        
        C:\Windows\system32\Kibeoo32.exe
        20⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\Ncbafoge.exe
        
        C:\Windows\system32\Ncbafoge.exe
        21⤵
        
        PID:19696
        
        C:\Windows\SysWOW64\Ijmhkchl.exe
        
        C:\Windows\system32\Ijmhkchl.exe
        22⤵
        
        PID:18824
        
        C:\Windows\SysWOW64\Kdpiqehp.exe
        
        C:\Windows\system32\Kdpiqehp.exe
        23⤵
        
        PID:20268
        
        C:\Windows\SysWOW64\Mclhjkfa.exe
        
        C:\Windows\system32\Mclhjkfa.exe
        24⤵
        
        PID:20712
        
        C:\Windows\SysWOW64\Ncjdki32.exe
        
        C:\Windows\system32\Ncjdki32.exe
        25⤵
        
        PID:22756
        
        C:\Windows\SysWOW64\Aehbmk32.exe
        
        C:\Windows\system32\Aehbmk32.exe
        26⤵
        
        PID:23312
        
        C:\Windows\SysWOW64\Dpjompqc.exe
        
        C:\Windows\system32\Dpjompqc.exe
        27⤵
        
        PID:14152
        
        C:\Windows\SysWOW64\Jclljaei.exe
        
        C:\Windows\system32\Jclljaei.exe
        28⤵
        
        PID:18284
        
        C:\Windows\SysWOW64\Pbdmdlie.exe
        
        C:\Windows\system32\Pbdmdlie.exe
        29⤵
        
        PID:15668
        
        C:\Windows\SysWOW64\Dpihbjmg.exe
        
        C:\Windows\system32\Dpihbjmg.exe
        30⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\Fgcjea32.exe
        
        C:\Windows\system32\Fgcjea32.exe
        31⤵
        
        PID:15332
        
        C:\Windows\SysWOW64\Omjnhiiq.exe
        
        C:\Windows\system32\Omjnhiiq.exe
        32⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        22⤵
        
        PID:16788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        22⤵
        
        PID:17624
- - C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    3⤵
    PID:10532
- - C:\Users\Admin\Downloads\240919-p3h58azdkq_7ae99f0940679808e6f645655c2272d5d1deb41c99a7b9a2206a510a200139d7N.exe
    C:\Users\Admin\Downloads\240919-p3h58azdkq_7ae99f0940679808e6f645655c2272d5d1deb41c99a7b9a2206a510a200139d7N.exe
    3⤵
    PID:11048
  - - C:\Windows\SysWOW64\Bheplb32.exe
      C:\Windows\system32\Bheplb32.exe
      4⤵
      PID:1816
    - - C:\Windows\SysWOW64\Eecphp32.exe
        
        C:\Windows\system32\Eecphp32.exe
        5⤵
        
        PID:11552
      - C:\Windows\SysWOW64\Imiehfao.exe
        
        C:\Windows\system32\Imiehfao.exe
        6⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\Kpjgaoqm.exe
        
        C:\Windows\system32\Kpjgaoqm.exe
        7⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\Mcpcdg32.exe
        
        C:\Windows\system32\Mcpcdg32.exe
        8⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        9⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\Oplfkeob.exe
        
        C:\Windows\system32\Oplfkeob.exe
        10⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\Aagkhd32.exe
        
        C:\Windows\system32\Aagkhd32.exe
        11⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\Dojqjdbl.exe
        
        C:\Windows\system32\Dojqjdbl.exe
        12⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\Enkmfolf.exe
        
        C:\Windows\system32\Enkmfolf.exe
        13⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\Gnnccl32.exe
        
        C:\Windows\system32\Gnnccl32.exe
        14⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\Hioflcbj.exe
        
        C:\Windows\system32\Hioflcbj.exe
        15⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\Iamamcop.exe
        
        C:\Windows\system32\Iamamcop.exe
        16⤵
        
        PID:14356
        
        C:\Windows\SysWOW64\Klbnajqc.exe
        
        C:\Windows\system32\Klbnajqc.exe
        17⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\Llcghg32.exe
        
        C:\Windows\system32\Llcghg32.exe
        18⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\Ojnfihmo.exe
        
        C:\Windows\system32\Ojnfihmo.exe
        19⤵
        
        PID:19792
        
        C:\Windows\SysWOW64\Ilkhog32.exe
        
        C:\Windows\system32\Ilkhog32.exe
        20⤵
        
        PID:17116
- - C:\Users\Admin\Downloads\240919-ptyjjsydrb_53337f76e300133786b572eb4edced81d37493e20370254ab017ae96a1d541e9.exe
    C:\Users\Admin\Downloads\240919-ptyjjsydrb_53337f76e300133786b572eb4edced81d37493e20370254ab017ae96a1d541e9.exe
    3⤵
    PID:10848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 420
      4⤵
      Program crash
      PID:14320
- - C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    3⤵
    PID:8664
  - - C:\Windows\SysWOW64\Bheplb32.exe
      C:\Windows\system32\Bheplb32.exe
      4⤵
      PID:10388
    - - C:\Windows\SysWOW64\Dkokcl32.exe
        
        C:\Windows\system32\Dkokcl32.exe
        5⤵
        
        PID:10384
      - C:\Windows\SysWOW64\Doaneiop.exe
        
        C:\Windows\system32\Doaneiop.exe
        6⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\Emoadlfo.exe
        
        C:\Windows\system32\Emoadlfo.exe
        7⤵
        
        PID:11812
- - C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
    3⤵
    PID:10520
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:23096
  - - C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe
      "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
      4⤵
      PID:22712
- - C:\Users\Admin\Downloads\240919-pny8wsybld_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pny8wsybld_PO-27893493.exe
    3⤵
    PID:9652
- - C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    3⤵
    PID:9500
  - - C:\Users\Admin\AppData\Local\totted\sacculation.exe
      C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
      4⤵
      PID:12020
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
        5⤵
        
        PID:20628
    - - C:\Users\Admin\AppData\Local\totted\sacculation.exe
        
        "C:\Users\Admin\AppData\Local\totted\sacculation.exe"
        5⤵
        
        PID:24464
      - C:\Windows\SysWOW64\svchost.exe
        
        "C:\Users\Admin\AppData\Local\totted\sacculation.exe"
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\totted\sacculation.exe
        
        "C:\Users\Admin\AppData\Local\totted\sacculation.exe"
        6⤵
        
        PID:17788
- - C:\Users\Admin\Downloads\240919-pjqqysydnj_eb52a85af6c9d34ae4faa120e2ca0b40_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pjqqysydnj_eb52a85af6c9d34ae4faa120e2ca0b40_JaffaCakes118.exe
    3⤵
    PID:9452
- - C:\Users\Admin\Downloads\240919-p2re7syhje_HackTool.Win32.CobaltStrike.pz-df20203be16101ce2e48fd3042070f4ce3590ef461cf8fa6ee713051a69667c1N
    C:\Users\Admin\Downloads\240919-p2re7syhje_HackTool.Win32.CobaltStrike.pz-df20203be16101ce2e48fd3042070f4ce3590ef461cf8fa6ee713051a69667c1N
    3⤵
    PID:1952
- - C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    3⤵
    PID:10444
- - C:\Users\Admin\Downloads\240919-pte27syhmr_41eeb0d9d9dc541a94a91971823e382209dd24490911f8ab5fc09cc929578a83N.exe
    C:\Users\Admin\Downloads\240919-pte27syhmr_41eeb0d9d9dc541a94a91971823e382209dd24490911f8ab5fc09cc929578a83N.exe
    3⤵
    PID:3424
  - - C:\Windows\SysWOW64\Dijbno32.exe
      C:\Windows\system32\Dijbno32.exe
      4⤵
      PID:11328
    - - C:\Windows\SysWOW64\Ekaapi32.exe
        
        C:\Windows\system32\Ekaapi32.exe
        5⤵
        
        PID:11864
      - C:\Windows\SysWOW64\Hbohpn32.exe
        
        C:\Windows\system32\Hbohpn32.exe
        6⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\Jcoaglhk.exe
        
        C:\Windows\system32\Jcoaglhk.exe
        7⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\Mcpcdg32.exe
        
        C:\Windows\system32\Mcpcdg32.exe
        8⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\Nclbpf32.exe
        
        C:\Windows\system32\Nclbpf32.exe
        9⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\Omnjojpo.exe
        
        C:\Windows\system32\Omnjojpo.exe
        10⤵
        
        PID:12060
- - C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    3⤵
    PID:8196
  - - C:\Windows\SysWOW64\Ddnfmqng.exe
      C:\Windows\system32\Ddnfmqng.exe
      4⤵
      PID:11312
    - - C:\Windows\SysWOW64\Emoadlfo.exe
        
        C:\Windows\system32\Emoadlfo.exe
        5⤵
        
        PID:11832
      - C:\Windows\SysWOW64\Gihgfk32.exe
        
        C:\Windows\system32\Gihgfk32.exe
        6⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\Iepaaico.exe
        
        C:\Windows\system32\Iepaaico.exe
        7⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\Jljbeali.exe
        
        C:\Windows\system32\Jljbeali.exe
        8⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\Mcifkf32.exe
        
        C:\Windows\system32\Mcifkf32.exe
        9⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\Nfaemp32.exe
        
        C:\Windows\system32\Nfaemp32.exe
        10⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\Pmblagmf.exe
        
        C:\Windows\system32\Pmblagmf.exe
        11⤵
        
        PID:14308
        
        C:\Windows\SysWOW64\Cgqlcg32.exe
        
        C:\Windows\system32\Cgqlcg32.exe
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\Ehlhih32.exe
        
        C:\Windows\system32\Ehlhih32.exe
        13⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\Fqppci32.exe
        
        C:\Windows\system32\Fqppci32.exe
        14⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\Fnkfmm32.exe
        
        C:\Windows\system32\Fnkfmm32.exe
        15⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\Gpdennml.exe
        
        C:\Windows\system32\Gpdennml.exe
        16⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\Ipihpkkd.exe
        
        C:\Windows\system32\Ipihpkkd.exe
        17⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\Kakmna32.exe
        
        C:\Windows\system32\Kakmna32.exe
        18⤵
        
        PID:9600
- - C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe
    "C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe"
    3⤵
    PID:8484
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe"
      4⤵
      PID:6108
- - C:\Users\Admin\Downloads\240919-psa2vsyhjm_dd55f6b1efb8fc7d44a90e690a14fabce76551814eefb859e80a1fb2e44cb4f9N.exe
    C:\Users\Admin\Downloads\240919-psa2vsyhjm_dd55f6b1efb8fc7d44a90e690a14fabce76551814eefb859e80a1fb2e44cb4f9N.exe
    3⤵
    PID:11000
- - C:\Users\Admin\Downloads\240919-ps5lgaydmh_eb58d8799071c166971828940bdf87dc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ps5lgaydmh_eb58d8799071c166971828940bdf87dc_JaffaCakes118.exe
    3⤵
    PID:10832
  - - C:\Windows\SysWOW64\netcenter\fvecerts.exe
      "C:\Windows\SysWOW64\netcenter\fvecerts.exe"
      4⤵
      PID:3492
- - C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    3⤵
    PID:11656
  - - C:\Windows\SysWOW64\Fijkdmhn.exe
      C:\Windows\system32\Fijkdmhn.exe
      4⤵
      PID:12188
    - - C:\Windows\SysWOW64\Ifmqfm32.exe
        
        C:\Windows\system32\Ifmqfm32.exe
        5⤵
        
        PID:12700
      - C:\Windows\SysWOW64\Jpcapp32.exe
        
        C:\Windows\system32\Jpcapp32.exe
        6⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\Llodgnja.exe
        
        C:\Windows\system32\Llodgnja.exe
        7⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\Mogcihaj.exe
        
        C:\Windows\system32\Mogcihaj.exe
        8⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\Nnafno32.exe
        
        C:\Windows\system32\Nnafno32.exe
        9⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\Offnhpfo.exe
        
        C:\Windows\system32\Offnhpfo.exe
        10⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\Panhbfep.exe
        
        C:\Windows\system32\Panhbfep.exe
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\Cdimqm32.exe
        
        C:\Windows\system32\Cdimqm32.exe
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\Fooclapd.exe
        
        C:\Windows\system32\Fooclapd.exe
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\Fkjmlaac.exe
        
        C:\Windows\system32\Fkjmlaac.exe
        14⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\Ihpcinld.exe
        
        C:\Windows\system32\Ihpcinld.exe
        15⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\Lllagh32.exe
        
        C:\Windows\system32\Lllagh32.exe
        16⤵
        
        PID:15588
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        17⤵
        
        PID:19644
        
        C:\Windows\SysWOW64\Hbknebqi.exe
        
        C:\Windows\system32\Hbknebqi.exe
        18⤵
        
        PID:17076
        
        C:\Windows\SysWOW64\Kemhei32.exe
        
        C:\Windows\system32\Kemhei32.exe
        19⤵
        
        PID:20096
        
        C:\Windows\SysWOW64\Namegfql.exe
        
        C:\Windows\system32\Namegfql.exe
        20⤵
        
        PID:15508
        
        C:\Windows\SysWOW64\Ohncdobq.exe
        
        C:\Windows\system32\Ohncdobq.exe
        21⤵
        
        PID:16328
        
        C:\Windows\SysWOW64\Pmhkflnj.exe
        
        C:\Windows\system32\Pmhkflnj.exe
        22⤵
        
        PID:21744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        18⤵
        
        PID:17320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        18⤵
        
        PID:17296
- - C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    3⤵
    PID:11664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11664 -s 500
      4⤵
      Program crash
      PID:5816
- - C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe
    "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
    3⤵
    PID:11672
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
      4⤵
      PID:3932
- - C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    3⤵
    PID:11680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11680 -s 1104
      4⤵
      Program crash
      PID:8692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11680 -s 1112
      4⤵
      Program crash
      PID:10632
- - C:\Users\Admin\Downloads\240919-pts9tsydqe_eb596018e9b4a40957408c5eb799c5e4_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pts9tsydqe_eb596018e9b4a40957408c5eb799c5e4_JaffaCakes118.exe
    3⤵
    PID:11696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 284
      4⤵
      Program crash
      PID:13504
- - C:\Users\Admin\Downloads\240919-plnz5syekq_Trojan.Win64.CoinMiner-bf525f074f45084861de521cd654982b3f3ebcecef76194bce8a4bcd4f161ff7N
    C:\Users\Admin\Downloads\240919-plnz5syekq_Trojan.Win64.CoinMiner-bf525f074f45084861de521cd654982b3f3ebcecef76194bce8a4bcd4f161ff7N
    3⤵
    PID:11704
- - C:\Users\Admin\Downloads\240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
    3⤵
    PID:11720
  - - C:\Users\Admin\Downloads\240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
      240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
      4⤵
      PID:12200
- - C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe
    C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe
    3⤵
    PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\services.exe
      "C:\Users\Admin\AppData\Local\Temp\services.exe"
      4⤵
      PID:2556
- - C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe
    "C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe"
    3⤵
    PID:13656
- - C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    3⤵
    PID:14184
- - C:\Users\Admin\Downloads\240919-py79jszbrl_eb5c9f113596dd3bdec6b30d1798a326_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-py79jszbrl_eb5c9f113596dd3bdec6b30d1798a326_JaffaCakes118.exe
    3⤵
    PID:9112
  - - C:\Windows\SysWOW64\reg.exe
      reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /f
      4⤵
      PID:19544
- - C:\Users\Admin\Downloads\240919-pkxwnaydrk_eb5363b7ca57a204edb30b1c54ac938a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pkxwnaydrk_eb5363b7ca57a204edb30b1c54ac938a_JaffaCakes118.exe
    3⤵
    PID:5732
- - C:\Users\Admin\Downloads\240919-p273yszdjr_541e604156eec44e30df18c71219e67303e2500654e9e06566d5572b889c5325N.exe
    C:\Users\Admin\Downloads\240919-p273yszdjr_541e604156eec44e30df18c71219e67303e2500654e9e06566d5572b889c5325N.exe
    3⤵
    PID:6472
  - - \??\c:\7jddv.exe
      c:\7jddv.exe
      4⤵
      PID:8152
    - - \??\c:\3xlfxfx.exe
        
        c:\3xlfxfx.exe
        5⤵
        
        PID:13696
      - \??\c:\vppjd.exe
        
        c:\vppjd.exe
        6⤵
        
        PID:19848
        
        \??\c:\xxlfrlr.exe
        
        c:\xxlfrlr.exe
        7⤵
        
        PID:20736
        
        \??\c:\vdvpj.exe
        
        c:\vdvpj.exe
        8⤵
        
        PID:20356
        
        \??\c:\lfxlfxl.exe
        
        c:\lfxlfxl.exe
        9⤵
        
        PID:17460
        
        \??\c:\tbthth.exe
        
        c:\tbthth.exe
        10⤵
        
        PID:4380
        
        \??\c:\1jjjd.exe
        
        c:\1jjjd.exe
        11⤵
        
        PID:22096
        
        \??\c:\dvvvd.exe
        
        c:\dvvvd.exe
        12⤵
        
        PID:14904
        
        \??\c:\ttttnt.exe
        
        c:\ttttnt.exe
        13⤵
        
        PID:18424
        
        \??\c:\nhbtbb.exe
        
        c:\nhbtbb.exe
        14⤵
        
        PID:17016
        
        \??\c:\vdppp.exe
        
        c:\vdppp.exe
        15⤵
        
        PID:18732
        
        \??\c:\vdddp.exe
        
        c:\vdddp.exe
        16⤵
        
        PID:5884
        
        \??\c:\btbbbh.exe
        
        c:\btbbbh.exe
        17⤵
        
        PID:19772
        
        \??\c:\btnhnn.exe
        
        c:\btnhnn.exe
        18⤵
        
        PID:18996
- - C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
    3⤵
    PID:7632
  - - C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
      C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
      4⤵
      PID:23736
- - C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe
    C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe
    3⤵
    PID:12172
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
      4⤵
      PID:15504
  - - C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe
      C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe
      4⤵
      PID:19892
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        5⤵
        
        PID:16568
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
        5⤵
        
        PID:19916
- - C:\Users\Admin\Downloads\240919-pr49baycrh_906d63ab68e041593fb8b5fa3ceb09c50aafd486c85dadf8a74d007ba6288b80N.exe
    C:\Users\Admin\Downloads\240919-pr49baycrh_906d63ab68e041593fb8b5fa3ceb09c50aafd486c85dadf8a74d007ba6288b80N.exe
    3⤵
    PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!
      4⤵
      PID:14748
- - C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    3⤵
    PID:4276
  - - C:\ProgramData\aWffiRBXKTIX.exe
      C:\ProgramData\aWffiRBXKTIX.exe
      4⤵
      PID:15556
- - C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    3⤵
    PID:10704
- - C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    3⤵
    PID:11692
  - - \??\c:\hbhbtt.exe
      c:\hbhbtt.exe
      4⤵
      PID:15464
    - - \??\c:\jdjjv.exe
        
        c:\jdjjv.exe
        5⤵
        
        PID:20604
      - \??\c:\jdvjv.exe
        
        c:\jdvjv.exe
        6⤵
        
        PID:17744
        
        \??\c:\9xxfxxx.exe
        
        c:\9xxfxxx.exe
        7⤵
        
        PID:20820
        
        \??\c:\flrrrrx.exe
        
        c:\flrrrrx.exe
        8⤵
        
        PID:21168
        
        \??\c:\vjjjj.exe
        
        c:\vjjjj.exe
        9⤵
        
        PID:14628
        
        \??\c:\9bbbtt.exe
        
        c:\9bbbtt.exe
        10⤵
        
        PID:14784
        
        \??\c:\hhbbbh.exe
        
        c:\hhbbbh.exe
        11⤵
        
        PID:15404
        
        \??\c:\bbttnn.exe
        
        c:\bbttnn.exe
        12⤵
        
        PID:11112
        
        \??\c:\1jddv.exe
        
        c:\1jddv.exe
        13⤵
        
        PID:18316
        
        \??\c:\1xfxrxr.exe
        
        c:\1xfxrxr.exe
        14⤵
        
        PID:19412
        
        \??\c:\nnbhbh.exe
        
        c:\nnbhbh.exe
        15⤵
        
        PID:17436
- - C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
    C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
    3⤵
    PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\onefile_6276_133712240493531413\Stub.exe
      C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
      4⤵
      PID:16468
- - C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe
    "C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe"
    3⤵
    PID:14500
- - C:\Users\Admin\Downloads\240919-pzadxayfqe_eb5cc00c030e8d22ffb8fada31c6ef5a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzadxayfqe_eb5cc00c030e8d22ffb8fada31c6ef5a_JaffaCakes118.exe
    3⤵
    PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\data.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\data.exe
      4⤵
      PID:16520
- - C:\Users\Admin\Downloads\240919-pkhrqsydpr_2024-09-19_2902f742fd97d91cdf9709d16c17f224_floxif_mafia.exe
    C:\Users\Admin\Downloads\240919-pkhrqsydpr_2024-09-19_2902f742fd97d91cdf9709d16c17f224_floxif_mafia.exe
    3⤵
    PID:15440
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:23372
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:20228
- - C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    3⤵
    PID:16708
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:19048
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:23540
- - C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    3⤵
    PID:20552
- - C:\Users\Admin\Downloads\240919-pqzx7sycmb_eb5761c410b5139f23235e9b67964495_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqzx7sycmb_eb5761c410b5139f23235e9b67964495_JaffaCakes118.exe
    3⤵
    PID:23808
- - C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:18152
  - - C:\Users\Admin\AppData\Local\lustring\reindulgence.exe
      "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
      4⤵
      PID:15048
    - - C:\Windows\SysWOW64\svchost.exe
        
        "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
        5⤵
        
        PID:23564
- - C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    3⤵
    PID:20036
  - - C:\Windows\SysWOW64\Lcjldk32.exe
      C:\Windows\system32\Lcjldk32.exe
      4⤵
      PID:20564
    - - C:\Windows\SysWOW64\Namegfql.exe
        
        C:\Windows\system32\Namegfql.exe
        5⤵
        
        PID:13452
      - C:\Windows\SysWOW64\Ohncdobq.exe
        
        C:\Windows\system32\Ohncdobq.exe
        6⤵
        
        PID:21040
        
        C:\Windows\SysWOW64\Bboplo32.exe
        
        C:\Windows\system32\Bboplo32.exe
        7⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\Ljkghi32.exe
        
        C:\Windows\system32\Ljkghi32.exe
        8⤵
        
        PID:19756
        
        C:\Windows\SysWOW64\Oeopnmoa.exe
        
        C:\Windows\system32\Oeopnmoa.exe
        9⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\Qdipag32.exe
        
        C:\Windows\system32\Qdipag32.exe
        10⤵
        
        PID:8068
- - C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    3⤵
    PID:16976
  - - C:\Windows\SysWOW64\Pkklbh32.exe
      C:\Windows\system32\Pkklbh32.exe
      4⤵
      PID:21812
    - - C:\Windows\SysWOW64\Pomncfge.exe
        
        C:\Windows\system32\Pomncfge.exe
        5⤵
        
        PID:22496
      - C:\Windows\SysWOW64\Aecialmb.exe
        
        C:\Windows\system32\Aecialmb.exe
        6⤵
        
        PID:22984
        
        C:\Windows\SysWOW64\Bmagch32.exe
        
        C:\Windows\system32\Bmagch32.exe
        7⤵
        
        PID:14776
        
        C:\Windows\SysWOW64\Mdkabmjf.exe
        
        C:\Windows\system32\Mdkabmjf.exe
        8⤵
        
        PID:16852
        
        C:\Windows\SysWOW64\Qffoejkg.exe
        
        C:\Windows\system32\Qffoejkg.exe
        9⤵
        
        PID:21292
- - C:\Users\Admin\Downloads\240919-prn74aycpb_eb57ee819c3e9840314784fb48e53c74_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-prn74aycpb_eb57ee819c3e9840314784fb48e53c74_JaffaCakes118.exe
    3⤵
    PID:14880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14880 -s 356
      4⤵
      Program crash
      PID:18256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14880 -s 356
      4⤵
      Program crash
      PID:22308
- - C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    3⤵
    PID:22936
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:20648
- - C:\Users\Admin\Downloads\240919-pnhk5syfkl_KZ710-0038.exe
    C:\Users\Admin\Downloads\240919-pnhk5syfkl_KZ710-0038.exe
    3⤵
    PID:23632
- - C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    3⤵
    PID:23648
  - - C:\Windows\SysWOW64\Dmplkd32.exe
      C:\Windows\system32\Dmplkd32.exe
      4⤵
      PID:7592
- - C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    3⤵
    PID:23680
- - C:\Users\Admin\Downloads\240919-px7avszbmk_RustAnticheat.exe
    C:\Users\Admin\Downloads\240919-px7avszbmk_RustAnticheat.exe
    3⤵
    PID:23716
- - C:\Users\Admin\Downloads\240919-pk9v8ayejk_a7911b68254b2f30702a9bb1ba9f01afd684a5c7e63ab844a1963c554a7f5a10N.exe
    C:\Users\Admin\Downloads\240919-pk9v8ayejk_a7911b68254b2f30702a9bb1ba9f01afd684a5c7e63ab844a1963c554a7f5a10N.exe
    3⤵
    PID:23756
  - - C:\Windows\SysWOW64\Ddjehneg.exe
      C:\Windows\system32\Ddjehneg.exe
      4⤵
      PID:11020
    - - C:\Windows\SysWOW64\Logbigbg.exe
        
        C:\Windows\system32\Logbigbg.exe
        5⤵
        
        PID:20892
- - C:\Users\Admin\Downloads\240919-ptc8lsyhmp_6bfda052f5e26b18303ca3f9b8724f3a565bb769fdef657907a216fb1f930532N.exe
    C:\Users\Admin\Downloads\240919-ptc8lsyhmp_6bfda052f5e26b18303ca3f9b8724f3a565bb769fdef657907a216fb1f930532N.exe
    3⤵
    PID:23780
  - - C:\Windows\SysWOW64\Emgblc32.exe
      C:\Windows\system32\Emgblc32.exe
      4⤵
      PID:17404
    - - C:\Windows\SysWOW64\Ljkghi32.exe
        
        C:\Windows\system32\Ljkghi32.exe
        5⤵
        
        PID:19784
- - C:\Users\Admin\Downloads\240919-pmpm3ayanh_6de62e421f9a46f1c1576bdd3ea88a71599957ecdbf52b393c8a68d258bd871bN.exe
    C:\Users\Admin\Downloads\240919-pmpm3ayanh_6de62e421f9a46f1c1576bdd3ea88a71599957ecdbf52b393c8a68d258bd871bN.exe
    3⤵
    PID:23820
- - C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    3⤵
    PID:23832
  - - C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      4⤵
      PID:17124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17124 -s 2352
        5⤵
        Program crash
        
        PID:23568
- - C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    3⤵
    PID:23848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 23848 -s 396
      4⤵
      Program crash
      PID:23264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 23848 -s 396
      4⤵
      Program crash
      PID:7504
- - C:\Users\Admin\Downloads\240919-pndbesyfjl_Estado de Cuenta.exe
    "C:\Users\Admin\Downloads\240919-pndbesyfjl_Estado de Cuenta.exe"
    3⤵
    PID:23880
- - C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    3⤵
    PID:23900
- - C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    3⤵
    PID:23916
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:21612
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:21632
- - C:\Users\Admin\Downloads\240919-p2x8rayhkc_0db31fe824a882de227a91563095589554d7bc53393b50d3e6f323d6ad4261d3N.exe
    C:\Users\Admin\Downloads\240919-p2x8rayhkc_0db31fe824a882de227a91563095589554d7bc53393b50d3e6f323d6ad4261d3N.exe
    3⤵
    PID:23940
  - - C:\Windows\SysWOW64\Eepkkefp.exe
      C:\Windows\system32\Eepkkefp.exe
      4⤵
      PID:14076
- - C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    3⤵
    PID:23956
- - C:\Users\Admin\Downloads\240919-pwlyjayenf_eb5abeeb0ee099d044f525b25da4920a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pwlyjayenf_eb5abeeb0ee099d044f525b25da4920a_JaffaCakes118.exe
    3⤵
    PID:23984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 23984 -s 572
      4⤵
      Program crash
      PID:16612
- - C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    3⤵
    PID:23996
- - C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    3⤵
    PID:24008
- - C:\Users\Admin\Downloads\240919-pkgjnsydpp_9c0fdea0cf6777b2223471c85231b0be7b6c250b8bbf8a4262331fcb2483fef4N.exe
    C:\Users\Admin\Downloads\240919-pkgjnsydpp_9c0fdea0cf6777b2223471c85231b0be7b6c250b8bbf8a4262331fcb2483fef4N.exe
    3⤵
    PID:24016
- - C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    3⤵
    PID:24056
  - - C:\Windows\SysWOW64\Eincadmf.exe
      C:\Windows\system32\Eincadmf.exe
      4⤵
      PID:16988
- - C:\Users\Admin\Downloads\240919-pz7dmsyglh_DBeaver Ultimate.exe
    "C:\Users\Admin\Downloads\240919-pz7dmsyglh_DBeaver Ultimate.exe"
    3⤵
    PID:24084
- - C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    3⤵
    PID:24096
- - C:\Users\Admin\Downloads\240919-pzhqaayfrd_da382dc41f9e81d5e9079ec9cec6e5851a6bc4d7cde888665dad832c9b42ee97N.exe
    C:\Users\Admin\Downloads\240919-pzhqaayfrd_da382dc41f9e81d5e9079ec9cec6e5851a6bc4d7cde888665dad832c9b42ee97N.exe
    3⤵
    PID:24120
- - C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
    3⤵
    PID:24136
  - - C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
      4⤵
      PID:12928
- - C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    3⤵
    PID:24152
  - - C:\Windows\SysWOW64\Jjfdfl32.exe
      C:\Windows\system32\Jjfdfl32.exe
      4⤵
      PID:1688
    - - C:\Windows\SysWOW64\Abdfkj32.exe
        
        C:\Windows\system32\Abdfkj32.exe
        5⤵
        
        PID:9024
      - C:\Windows\SysWOW64\Ehifak32.exe
        
        C:\Windows\system32\Ehifak32.exe
        6⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\Kaflio32.exe
        
        C:\Windows\system32\Kaflio32.exe
        7⤵
        
        PID:18204
- - C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe
    "C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe"
    3⤵
    PID:24164
- - C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe
    "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
    3⤵
    PID:24188
- - C:\Users\Admin\Downloads\240919-pnr5ksyfmj_Overdoers.exe
    C:\Users\Admin\Downloads\240919-pnr5ksyfmj_Overdoers.exe
    3⤵
    PID:24208
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:19060
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:11156
- - C:\Users\Admin\Downloads\240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118.exe
    3⤵
    PID:24232
  - - \??\c:\Documents and Settings\Admin\Application Data\Microsoft\scaa.exe
      "c:\Documents and Settings\Admin\Application Data\Microsoft\scaa.exe" 240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118
      4⤵
      PID:23432
- - C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    3⤵
    PID:24244
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      PID:20608
- - C:\Users\Admin\Downloads\240919-pk2vlsxhqb_2024-09-19_2b8b375eff2b900f9dca0c980fca5b9f_avoslocker_floxif_hijackloader.exe
    C:\Users\Admin\Downloads\240919-pk2vlsxhqb_2024-09-19_2b8b375eff2b900f9dca0c980fca5b9f_avoslocker_floxif_hijackloader.exe
    3⤵
    PID:24272
- - C:\Users\Admin\Downloads\240919-pnzjnayfnk_Quotation_pdf.exe
    C:\Users\Admin\Downloads\240919-pnzjnayfnk_Quotation_pdf.exe
    3⤵
    PID:24284
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:15004
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:15208
- - C:\Users\Admin\Downloads\240919-psby6aydjh_Documents..pdf................................................................................exe
    C:\Users\Admin\Downloads\240919-psby6aydjh_Documents..pdf................................................................................exe
    3⤵
    PID:24312
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:5808
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:18708
- - C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe
    "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
    3⤵
    PID:24308
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
      4⤵
      PID:21800
- - C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    3⤵
    PID:24328
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:19084
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:17632
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      4⤵
      PID:8432
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      4⤵
      PID:20436
- - C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    3⤵
    PID:24352
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
      4⤵
      PID:18532
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:16504
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:5196
- - C:\Users\Admin\Downloads\240919-pwav9szann_eb5a6e6aceac7224a39a67546e5dc3a6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pwav9szann_eb5a6e6aceac7224a39a67546e5dc3a6_JaffaCakes118.exe
    3⤵
    PID:24376
- - C:\Users\Admin\Downloads\240919-py4w5ayfqb_magic.exe
    C:\Users\Admin\Downloads\240919-py4w5ayfqb_magic.exe
    3⤵
    PID:15916
- - C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    3⤵
    PID:15928
- - C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    3⤵
    PID:15940
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /S /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:20388
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F /Q "C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.dat"
      4⤵
      PID:19140
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup nomoreransom.bit dns1.soprodns.ru
      4⤵
      PID:11188
- - C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe
    "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
    3⤵
    PID:15952
- - C:\Users\Admin\Downloads\240919-ptm3tayhpj_magic.exe
    C:\Users\Admin\Downloads\240919-ptm3tayhpj_magic.exe
    3⤵
    PID:15964
- - C:\Users\Admin\Downloads\240919-pxp2ksyfkh_8437b2506fea965a643090ee0b2ec6f2b191fb20aa51534a4a1a775edbdc660aN.exe
    C:\Users\Admin\Downloads\240919-pxp2ksyfkh_8437b2506fea965a643090ee0b2ec6f2b191fb20aa51534a4a1a775edbdc660aN.exe
    3⤵
    PID:12792
- - C:\Users\Admin\Downloads\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe
    C:\Users\Admin\Downloads\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe
    3⤵
    PID:18460
- - C:\Users\Admin\Downloads\240919-pt73zszajk_155883bbf2e724284ceaba37e0df36ed91296574b308964dbc3c33dbdd05c8db.exe
    C:\Users\Admin\Downloads\240919-pt73zszajk_155883bbf2e724284ceaba37e0df36ed91296574b308964dbc3c33dbdd05c8db.exe
    3⤵
    PID:21932
- - C:\Users\Admin\Downloads\240919-p2kyeszcrj_eb5e1cef9f1061fe36269c9cf5ebcafd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-p2kyeszcrj_eb5e1cef9f1061fe36269c9cf5ebcafd_JaffaCakes118.exe
    3⤵
    PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5112 -ip 5112
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6612 -ip 6612
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6612 -ip 6612
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 8212 -ip 8212
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 10324 -ip 10324
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 8048 -ip 8048
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10848 -ip 10848
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 11696 -ip 11696
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 11664 -ip 11664
1⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 11680 -ip 11680
1⤵
PID:13360

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8608 -ip 8608
1⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5412 -ip 5412
1⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 11672 -ip 11672
1⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4956 -ip 4956
1⤵
PID:21004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 11680 -ip 11680
1⤵
PID:23216

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
1⤵
PID:20300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 14880 -ip 14880
1⤵
PID:18644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 23848 -ip 23848
1⤵
PID:23576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 23984 -ip 23984
1⤵
PID:19148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 24188 -ip 24188
1⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 17124 -ip 17124
1⤵
PID:21984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 24284 -ip 24284
1⤵
PID:568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 24312 -ip 24312
1⤵
PID:23072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 11680 -ip 11680
1⤵
PID:23120

C:\Windows\SysWOW64\raserver.exe
"C:\Windows\SysWOW64\raserver.exe"
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 11680 -ip 11680
1⤵
PID:22616

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "KdttznaK" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\Kdttzna.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:24332

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Kdttzna" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\Kdttzna.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:14540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 11680 -ip 11680
1⤵
PID:16844

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "KdttznaK" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\Kdttzna.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:15452

C:\Windows\SysWOW64\control.exe
"C:\Windows\SysWOW64\control.exe"
1⤵
PID:16820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 11680 -ip 11680
1⤵
PID:19308

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Ljkghi32L" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\Ljkghi32.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:23544

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Ljkghi32" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows NT\TableTextService\Ljkghi32.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:21088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 11680 -ip 11680
1⤵
PID:12176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

File and Directory Permissions Modification

T1222

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\3xlfxfx.exe

Filesize
453KB

MD5
021c218f2b0e8927d1fef1c74fa9a43e

SHA1
8b0928af6b7c62e8f3461d27b22ea9896b9ff8a7

SHA256
a0a898f8aa2bb0677018385230951771284424367a1de3a16e5b8a1b61af0fba

SHA512
1922a6ef7707eb4cbf256021e21b2baf0c0b167787cd454bb6ce11c612ac8b795284be8417e4e9eba1a36b1900e71d9156b614f369b58c8f24c158a75c95c3fd

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe

Filesize
310KB

MD5
f7b77010d8665724bca77d3a580da8fe

SHA1
e87495e14e73a6e6a86b36b9077f613c817c0365

SHA256
04c65c93b0bcd2ba9a1e7da9ef61e5cae5e16f9f96922bfa683325918a875a3d

SHA512
00e2173f767b745728bb6bb3b1a910a8140c602aee51574c891270a60f43bcb1f950417ead0b89e0944869be8ea35d46b3c528335ad0a2d2e0105ea5b8258800

Download Submit
C:\Users\Admin\AppData\Local\Temp\4acacee3-cefe-4dab-b6f1-01f9a63ec79a\e.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\OleF23F.tmp

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_asyncio.pyd

Filesize
62KB

MD5
2859c39887921dad2ff41feda44fe174

SHA1
fae62faf96223ce7a3e6f7389a9b14b890c24789

SHA256
aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9

SHA512
790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_multiprocessing.pyd

Filesize
32KB

MD5
1386dbc6dcc5e0be6fef05722ae572ec

SHA1
470f2715fafd5cafa79e8f3b0a5434a6da78a1ba

SHA256
0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007

SHA512
ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_overlapped.pyd

Filesize
48KB

MD5
01ad7ca8bc27f92355fd2895fc474157

SHA1
15948cd5a601907ff773d0b48e493adf0d38a1a6

SHA256
a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b

SHA512
8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_tcl_data\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\_tkinter.pyd

Filesize
61KB

MD5
442304ce4ad2d40e0d85a89b52b6d272

SHA1
5b5add527dd6fea47d4caa923694eee8d741b488

SHA256
6ff6cc788f1ab19de383810ddbd15ecd5fc8216faf5e1e406bbf9a608fbb9991

SHA512
df5a47780a6642c310417c2d2e8c439eb2a324d9318ef1ea5af36c5657cc34a8aa950edbe5f91869bf0d50cccebcb7a08447dbcfdc75e29acc8c72327f231e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\numpy\core\_multiarray_umath.cp311-win_amd64.pyd

Filesize
2.7MB

MD5
ea2e696dd221290a44fc7f095c4f185b

SHA1
dd5ae42ae6d2678d65b003ba4ca8286a80586869

SHA256
c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e

SHA512
7a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30642\zstandard\backend_c.cp311-win_amd64.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uez22q5h.o4t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.exe

Filesize
86KB

MD5
425609a2c35081730982a01d72a76cbe

SHA1
64f95fe985a7ef7ee4f396e36279aa31498ac3cc

SHA256
e03145fefe7fef82c2a476d7dec03305d7da79cd3c8fe1578177580175febbd3

SHA512
6ede1415ac51d588a71bfb5697a599eb777e9530240b7a3524626d2a230bb51017c9b3d05923c5cb41800cca9818f2d99484310390a0425ef8e48984c4c9cfd4

Download Submit
C:\Users\Admin\AppData\Local\cftmon.exe

Filesize
7.5MB

MD5
681eebc46e178bf4a38ab1811d63a83b

SHA1
3442ebda8fbf1c5a74121aace8a879974d1f3313

SHA256
b9a45fd0de545e651a35d3d427e104265c44fd59a2ba3f516eebb3d36801db92

SHA512
94169c955f61104c9cdbef3a3f48b7eb0691e847bf78606c7d79edf2b39304cc01a6d42e462827c93a3d78c6ec52dc459fc2f86f673cdbe47f9650d289e7d942

Download Submit
C:\Users\Admin\AppData\Local\totted\sacculation.exe

Filesize
1.1MB

MD5
e0b036ea8f826bc6d8bb3cb3aaaedead

SHA1
071958138342ea8e068969b0af526e8f25f08eec

SHA256
5bad9df94dcc60bb8e5c4137f2d1026c84787aed707ec9e95f5e6f05e70e290b

SHA512
df196b63bbbd333fed0f6278d30b8b8c2d19c219cf219121d5d3f04f1e5063059490a0f8d02c068aedd458bfec7b43f286ab22265ad997bc2c73417d62053c33

Download Submit
C:\Users\Admin\AppData\Roaming\BtEYlavlla.exe

Filesize
599KB

MD5
8f430690b8710fa451e213dd0b2ec9ab

SHA1
de4b9701915a96ab28ad39dd5bc13be1941bc095

SHA256
c0972bed1bf730f5247f0ee2db6fe2f15b97217b6cfb42a024dc3aad4ec20341

SHA512
eda0d36ba72eec1b1cb5f95e7e7c676a89338f11cd7f2134fe114ac353447aabf4cc54276795dcd46a668dfadd597d143d2e2749fbb0f8b35d78df11da91aea2

Download Submit
C:\Users\Admin\AppData\Roaming\GwTIUBUaZCliF.exe

Filesize
939KB

MD5
8c1604c55bbe974a17ce6037fcd6b41c

SHA1
d933acfc5b52d0bbc96c03cdaf0957fafed58451

SHA256
cfeccd91c9b15b17bd86bbf95e3e1e1d8f99529e2cf4e8b3394ef69574df5367

SHA512
49b57d57f8fe44ae0c4cf812d83d0f1558fa630c294bc66f5b60336e0277d6602fd70ad1e509e74c6005a32940f8a1b94d9432c4403fe7a618991406d1effaff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\scaa.exe

Filesize
76KB

MD5
58e1cac304966817b3e1403fe22be76d

SHA1
a814e76b74d4a9b2f1f7709507892d7f0709a59b

SHA256
ec397fce9b0fe02480a6512f1dc9a1dbacae7658354326d2499dd6bf76797977

SHA512
1068a64701eb5de036d36ab7d3fb5c6cf8a2097b61112872183d222e61f58a077f87f2bfbf423f775be5236ac608440881c84d02cca0c47e9fd79d71585f9f76

Download Submit
C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe.tmp

Filesize
183KB

MD5
7b81a60436dda9749d5e17d65f829360

SHA1
de2d372cc90430fab090632689e14faebf9071e5

SHA256
305a5a45feda2e58e0664c3040f611b2f828d2d15a5c58c208f6e971c573f526

SHA512
e6bfad1303c41c37e7e39b0f82a5dd45decc42f87d8ef773e0cf62728311f261ff54aa65a23d8a1209a4ba52a1b06f5bd39c08be22abb73f6c483dffb4590fdd

Download Submit
C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe

Filesize
1.2MB

MD5
1646d90b7d541f487805f0a2a33c8e86

SHA1
2dcaf8f3005b0753c11fa5578ea19fec126ad3bc

SHA256
317f3c3a07c6bcdc77df7d4123fa26774d8d78ac808528cd2264d4931e84a98a

SHA512
b0fd9d114658fc9effd2261dfb568759a0851f7aa60cc64dec69eef6aa810b79345f81a814589dfd16d44029bacaa8fbd75f09387c2c8930f3b28db533c34391

Download Submit
C:\Users\Admin\Downloads\240919-pnr5ksyfmj_Overdoers.exe.tmp

Filesize
806KB

MD5
92c0c2c928f961f57a43fe76a8f02553

SHA1
eab185625ecb0f6e4e5f0952d7d337dd9c8183df

SHA256
8b6dab15f6e7dbac0ed224909e22622ce7589452b0a1f8bc1640a1a1b7353aca

SHA512
fc702ee0e571f9008424e1a9cb05b8d4bb81a991b2768b5d8b2b7c230f6ca687f3b927375e71fc2b7adece2fdcd7a86e1d610a4095f662361d3dd9aff6342262

Download Submit
C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe.tmp

Filesize
344KB

MD5
e1d5e0bd2c7ce9ca23afbd5a7b176b5c

SHA1
ae87beed24d9b6ec2a1a76fc793f5b27f0448271

SHA256
b2e3550d8a93a7ff700e7c56bb876d4037a3904c4b1a6aaa1db483902c789827

SHA512
4ba93956791209fc22aa121b3baafab5eaef552ac935220a35084b18deec51046ea4d4f06647f86b0551ba2fcb8ee6bed568e7b413ed906c5a5bb3cb3ee8f729

Download Submit
C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe

Filesize
41KB

MD5
ae384090205e1227dedab98854488980

SHA1
73af89c4d6345235f22a52ec833569ddf966b284

SHA256
1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16

SHA512
6a427e0a5ccb6b681fcb670dd5cddc9ebdbe7ca99feaab84008d7789855f93370ed1499a2a16b825c7f4b8cdfd5089ee54cb7864e03a8ca0f83bb0c5ad62e158

Download Submit
C:\Users\Admin\Downloads\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe.tmp

Filesize
3.0MB

MD5
7271df6fbf2e827c263af8dc42218654

SHA1
6707e8f96fd5df65d194c1252e2f2b424d0ced04

SHA256
8edccd013bf8c6545cc126410a409a10f84b4e74e6f334f75f4d2341aec71dae

SHA512
bc72c1ee8afc428297be9026fb5c1cdd30a774edabae4bc3bb03673ff855608cffa394569e066483c93b35a200f1a3479948e010120c24e8ac86c74f0007d560

Download Submit
C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.tmp

Filesize
253KB

MD5
38bd0a6f6dd82a9b8c36d0ace8613cb8

SHA1
64b81b8eaae0aff75b825e7ecba23806f371f65c

SHA256
8f879a1b0fd2d32eb3d45814b76823d7e738483818cbec534ebfa292971ebf3d

SHA512
57061e55ff2154d546c30b41d85e62e71f67d185ae7ae903f88afc48b61d9ef927e772a697df28c6fcec16d60548ec5eac7904eccbdae472f8f07b5dddbf839f

Download Submit
C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.tmp

Filesize
253KB

MD5
91ce1de4969f6654ba99493d77829466

SHA1
1cb34018ff09371eb7b3e7636c9c63a784e2f591

SHA256
bbdde0702ee6fd960a6d646fae4502f97bfa6f258a58c2cf9f78909f9ef378ef

SHA512
9d4ff9d07012ac563d15d24c99f0ee5da2db2c62e7e7a455459fe874a879aaf390993d2b440ded1ecb23e0c2738a02dd17b78559a0958d7145ba5bd917774736

Download Submit
C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe.tmp

Filesize
253KB

MD5
9784cb396805bfb6d26e3440ef3f44ff

SHA1
947f3c7560612cc1aa828277cfa3abca61314509

SHA256
c2b71ae20a22a793d23e3cf81ea2ed289b34f939b456b61b6da2163c603327cb

SHA512
94938edc1b8b348bc9e6123c8b563f04f49c0cb65a7ba4b1d5284e41dd76b24d96f795aff20a8be3045ccf24ae9f63ad53066d2ec375af4a45fedde96ad89d4e

Download Submit
C:\Users\Admin\Downloads\240919-pzkvmsygja_eb5cf6d6717307d5eaa965b807a9e240_JaffaCakes118.exe.tmp

Filesize
592KB

MD5
0ca45a26da85e5fc9415bb2ed3d95c56

SHA1
f3f3b65d71645cf82f18fb2f4b7a481706a93291

SHA256
8fb281ca97601eb5cd0f8ed16fc4383aa1ca7831812802e1c8243913bcdad30e

SHA512
578f2d5640aa1b4b9b425e9b2677b2d1d5582036839e399dc344d2e049e8003f91724bd7d7e9b06b15d6e8173e5e2f9b9eb84ffee8fa078e24a043cf295228ff

Download Submit
C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe.tmp

Filesize
148KB

MD5
10487f2e8af190759c0c89510b81e0a3

SHA1
ba34e7a76ab5103bef3e3e87317f148a151f5412

SHA256
58d9f405856dcf699e75198dd9e3c5dcc697f853c58eef765d4c1a0eb9ee2ff6

SHA512
6e6ea0efa4886b29dda2b56c83e36c7336eff5c5f6db06086d9becae5a1f5cbb7d0b78f0c0760df9e2f1dab7c2dbbc5be121dd957f75f235dd2b615771ae4097

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
34KB

MD5
420bf5a32d7a32787a89ce4d49ecf03e

SHA1
11660f12977a029950b943ab90b9d6eaf6499282

SHA256
dcc6e3c4df0faeb8b1e9f1a73865eb8bf651efc0d49ea1cbc16846cdb229b247

SHA512
9def4a22d0a8027ddc732223aaedc2cbf9da6182845a063dd70832ff83a58e8eaa0aa27777550a0fa17a8cee3d0e9b960b0d1c472b9323275d1839a40c487f32

Download Submit
C:\Users\Admin\RuntimeBroker.exe

Filesize
84KB

MD5
98ccb6806d126e3a211b963d3341efd7

SHA1
108dfe1979c04c588f87d6fc2bb57c3ac10f6742

SHA256
11f00d48ecd890e9b8658c652a6283ead05dea9bcd641d89d0bd7f0f618f3cd2

SHA512
373caadac1ad290d60ea41663482946889ae9e0fea96115e21ba38d19d2bf6123c47501190c3fb33ef51aa07f6dbddc4eab43b82cbc008c4f83684707e1d3510

Download Submit
C:\Users\Admin\RustAntich1eat.exe

Filesize
827KB

MD5
eefb801774c5ccb44153268a9357f5f1

SHA1
b1906b22e14edd142c52808ab3e5ba9346b85de5

SHA256
677aeb1981c58cba41a5d53ccbbf5b471e62dc49dc326570767da940560d840d

SHA512
1cf162fe6184d68dca514059d2de1123e80d0faac401765a54224aa5a987c9454bc92263fbec566835aa7b402f1f63ba59bb425ccc139e0a7391e66991f270b7

Download Submit
C:\Users\Admin\Umbral.exe

Filesize
230KB

MD5
4647720ef8607199527cb3b0bc793587

SHA1
0728b0cc0fc7e0a1a8ed14c0861f8757780e4163

SHA256
349bfc065bf0580379be8c6e0d0dca592deec1bfc104d8d28c70454436de6337

SHA512
906baf94232c9f76d193021345259d01e23d81b3d9a948067035979235fd45e739e89b8047148f61d2f210c40e561067a040100ccacebbf8921050f12a0281f8

Download Submit
C:\Users\Admin\gaikuuh.exe

Filesize
88KB

MD5
b96409215c4a83f97e4698c9683ebe8c

SHA1
a0c76d6ec077cdf656480a0bd0e9d75eaf191dc7

SHA256
1e93233a7acdc0ca3b9386e6be679ee524937b4105b93efd7594437ee692dbde

SHA512
55416ea008eb0c59e6d236f48687e124c6d42b4b256b462e9e79b4760e71a172614be69e7bb0c6f3737ed64b3469a32395672c3b3371498caaa4a3f16f73410c

Download Submit
C:\Users\Admin\puequ.exe

Filesize
156KB

MD5
3fb2070ca9627d2a46e5a72847bfbd57

SHA1
5d4f88dfa98e18add34af83cfdc8878f1c1e155c

SHA256
181cdc6503dae259e07ef8b904b9e297bec467b0edc9ad00b9451dfe2851fd6d

SHA512
73c9d42d7723377ca8e0ca18e4be97ff9312e5dac010f65b3c832e391e26d40daaee7c16c8ceefa37d11ad3c01a73a6b0274447399732e49136f94a57d7dee4f

Download Submit
C:\Users\Admin\tauta.exe

Filesize
208KB

MD5
9885cedf1114baf1e6d2289f5dd6b608

SHA1
193394c726b1409b8389d2233d67c5589e5ddd8d

SHA256
9dbb9606a368e25d726c765c406ec4ebd30b18c58bc1c3ec51c4750aedfa7a5f

SHA512
6bdb86dcb385b9c398a440f3bf83942f02416ebe809ca69e5b3188cad89a294d38335f3ea53a307995cfc804732a7bdeb7263cd699cbc4d2f4aebbee8b645a8f

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
206KB

MD5
3ac9d20ebe39cbf8e1aa28c948a0ec67

SHA1
f3c390ae84eca58a2d22639525056f2e04783aba

SHA256
ab2fa18c412eaef7a4b198d61a753bcf95f588470e8d49f7cc4b0b4df79a7536

SHA512
6ee751a4068c27afda5d576261ac7156cd39231f746463684949dedf9bca0c8202faeb27e4d86a89370f597cbed2a950ba11084272ebf2ec7a7f27f0e58eaab4

Download Submit
C:\Windows\Sun\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe

Filesize
817KB

MD5
e7b40591ce63306e32f43a9ba66c1770

SHA1
d81d0ce32233a0a288a53bec94990b2b5c8120d0

SHA256
6de62e421f9a46f1c1576bdd3ea88a71599957ecdbf52b393c8a68d258bd871b

SHA512
0b2aabf6b1aee43306cd213c707afcddaa7d76a29be4a37386a767f3f58c32f5498425ca83ad0f41e0a027a1780f3b8335dcd0c143813580a8bc4496ef6bd2ef

Download Submit
C:\Windows\SysWOW64\Aehbmk32.exe

Filesize
1.9MB

MD5
14c05c1ddb2fcbe70270ba2721380a2f

SHA1
ead206871e7a41d4853ddb101c4b434d006043c5

SHA256
a7e2f545460a57a786fbb83864812ae58b8bf830bf58397fd782f3cfd2629832

SHA512
bb0502bf0e1ad8b90b0aa1b788e12a77149741d0ee915738eb2787ee4effdae47f01b4e1056d8259b72057006dbe7295160faf5fafec12aad105bb200e94031a

Download Submit
C:\Windows\SysWOW64\Cdimqm32.exe

Filesize
84KB

MD5
befa5290c84d25f1bb8f842ae1f34d5a

SHA1
f1260144ef66a672c2fcc18bdceea696be4bb21f

SHA256
b39d14238093a714679ec5360cdaecd63167f0d1a09a5885fceb4b025eecc4a1

SHA512
18fed8d823850fa9c3e5d1657f633ae5d7d4c8aa5179d63987d51a21ff3d619d585a3fad57b2f3311673c844d75f8a257becaede3e5347484c100cdc808a8a42

Download Submit
C:\Windows\SysWOW64\Cndeii32.exe

Filesize
112KB

MD5
908b30ec4ea00e6bde6d26b21c40a77f

SHA1
2e58fcf31658c20b00dc21b53b335c486cc8efc7

SHA256
ee08a60d66ef1a85f57535b2f900c1ddad5d0b5d865ef5724a465b4723ab86fe

SHA512
1e32ce21098b5bb62e4c87a2952308dc948ca6e26abcf846d8875606adbb45c2914fed0887351a0e4d9b32ee8403580a74772685b46def990c2677925a63e33a

Download Submit
C:\Windows\SysWOW64\Dkibhn32.dll

Filesize
7KB

MD5
d8dcb07357daa435ae0bd4ae5db1ee54

SHA1
3bd9c8c2914fb9fb7aad8ba452d2263e15248a1c

SHA256
5ff277046fe1c56ed55a71277631540601b28afe3e32c4125c314d22ce8cd5fc

SHA512
7e95d869c94611c1037842816801f7d385b0c8ca25e5521bffd75f31fd06b75bb02e647e4b90f7acb8b831c26678658cd65c59be25a8e04ea97ae3bcd3544da6

Download Submit
C:\Windows\SysWOW64\Epcdqd32.exe

Filesize
84KB

MD5
e42fcbfcf5d9a399445b019cabab43ef

SHA1
549f579a05994208f1809615be954b526b3f53be

SHA256
d5278ed61fc4f575e4a083a09397b44f5abd752aa66bac3039e37d3ec608a631

SHA512
afa9369b5ce03975e0b15896fd1b5bda9e99c3442c61106989b6e6abd857aa972d89553e250d25bc9beef4e973b84c150372c2e13b77373fe0739b550e9edff2

Download Submit
C:\Windows\SysWOW64\Eppjfgcp.exe

Filesize
112KB

MD5
897ae0756c3e50469b4373fcc1794d4a

SHA1
52fd8bcd6b384730fdb42dd9f259987b8f5ea608

SHA256
c239952744401aa39bb20b56d2659c2cc3b38a22f8736059cc70e4b294e32840

SHA512
01d3bef6856696ca39d10109bd852fbc527e593cfcb24ba256491e5d9f661e95fe293adbbb3a55625c558291411f703019151a2fcec1909b284bbd9d0dfc288f

Download Submit
C:\Windows\SysWOW64\Fgcjea32.exe

Filesize
1.9MB

MD5
db583f15ae1a3020682bb140649e28a4

SHA1
a7a35691843d4ff89157d6745407bd63ac111b9e

SHA256
42abc17f5d91f424dbc8cc198940d625c9a0baa320b04e8f22dbca1a441bb546

SHA512
c001039de206ee8582ad918b1853ca043f6981c268efc883e91054f4b44b954ae8ee3235e6633781840f5cd9a79740998b2baacc6b01bcc4d7911ab0db88038a

Download Submit
C:\Windows\SysWOW64\Ijogmdqm.exe

Filesize
84KB

MD5
ad9726b022922f1c9f1a9f76769f58c1

SHA1
e48b3598d69e4cdfa15cf3c5d964192f3ec1b0a4

SHA256
545a5c4e398c7292285aab5e5f4241b1818e57510a4d7748e426e7160b30a558

SHA512
4a53c355cbfd4a9f3f6e42bf4fc14041ea2bd56133871501646be8c6b7694103cb23b6c83ff50b34ea1ad5f9a9d336b61d2620f48a5a6bd7c46d135108dd0df8

Download Submit
C:\Windows\SysWOW64\Jclljaei.exe

Filesize
1.9MB

MD5
935e15f4f3a8ef51e1d96d35ee504f2a

SHA1
5f266413caccc9b175a9343bedee05b6bdbbd6f9

SHA256
9e8502ed3deef110b633a120fdd6444dcba773c34366e8c8b01600ce32817bd9

SHA512
90b628f38c026bf3030ae210da0314bd3f3db00ddd5bf2cadcc6315d749aa9d425e2eb11c5a007bc513b070134063ab58b20b0bf39138c2aa4e162fd2026f280

Download Submit
C:\Windows\SysWOW64\Jgogbgei.exe

Filesize
112KB

MD5
7e28149d61b4d4d9f99c5d085b950811

SHA1
2c47579ade3d40121e49110daec892aa095da184

SHA256
9e90eb9a39cb6b5841a81021b7fbe7088abe4aac49a194c0a9b2938430044999

SHA512
1e4c1bfdeae2859e6549cf0f0f5b30b25bc635c88f199056d4c539b0677fc8ac7e980095552af71bea6cf5f545a9d871a7ca65e38dbe1285a40d44ea2af8bd4b

Download Submit
C:\Windows\SysWOW64\Jkaqnk32.exe

Filesize
45KB

MD5
fa5c67ab587c06c4fca195909a4031d9

SHA1
a281a78c45c67bfa27f27d9f8234733ee631737a

SHA256
ff460a6af4c3f25bee7d31558ad0e0bf6ce7f588ba2532788ee8656e12683a6d

SHA512
794d8b68c86c66c6e0cc8854476b671103c76a64f28149db7d017e23eb11963229f95f6d4e1b78141c737686347aaaa6ebd03f7b6237398b664b9fedea9e2779

Download Submit
C:\Windows\SysWOW64\Jnkcogno.exe

Filesize
80KB

MD5
a32dbfa3938fca1694cfb49ed041a2d6

SHA1
4c0840ce44fbd41822eb77608633db5981da153d

SHA256
573d5408b3106a4ff24f856ef3768d9d825e07c46bccfa5ae029701e2d04ffd2

SHA512
0d8f2f0c94f1a2bb491e9f71d435419e0f7b8eecd6d083df8fe4ef4cdd86862eba5c3da23f970da442e3b3e123af5741cb8629487ab198c7030f26feeda828ed

Download Submit
C:\Windows\SysWOW64\Kecabifp.exe

Filesize
100KB

MD5
11adbfff50f0f776ac99581918816f61

SHA1
36815bf577ee7eea171531bdf65cec0836ffeba2

SHA256
dbf53c951e79d81016d0197604d4b4444a960ad6c1c9f462ec4ca9ca93abcc43

SHA512
8b64ccf9245545f7f1cfa5ca15287e4af6b81301ca342936c7e9820d306a0c2a61da3202176431271bf601cbc245cd17076a46fde2c9ec6455636f48309f7956

Download Submit
C:\Windows\SysWOW64\Kednfemc.dll

Filesize
7KB

MD5
cb65f6fb20aac463b5026d2585f52221

SHA1
1d26637df2b2499799b8195734d74d82526f58a6

SHA256
d467a0501419a8299f6004e24d58252e9695edcd056c80a636b78842995e00fe

SHA512
d3ccea84214e09720e53820aa17f02bbc8f8bded664a3b1dcc632149ce8f4c42238e35083bf5f1e8d0e4cd449dcbdf95f6c46a25fbd91531051cb637ad4c9b60

Download Submit
C:\Windows\SysWOW64\Khpgckkb.exe

Filesize
45KB

MD5
dfad346e0363bf70590808f78bff6e67

SHA1
e1962d8274a2e8d8caa0324e1d6ebd353b11cbf8

SHA256
319ad8c5a505ec6f1771aa6314cc3d6f26dd2b615ecb947e98a99c329db86cb1

SHA512
47a2460958c8a1cac1b769c6dad039fcf187e5a9e82f503e70b5b2e1b50fa248b1966769a46e2e897c05e625aed489d14ce6dc4315e775cc7250065fc5e3eca0

Download Submit
C:\Windows\SysWOW64\Klgqabib.exe

Filesize
96KB

MD5
b58d8c55b7576f674c64fd4efa31b1e3

SHA1
bb356144d519b09782994a42cc14296e247cd30e

SHA256
001ac403765a1b9ef96d8f919f541c13f5ca8f7a4905c6bc034ac71f6aa20afc

SHA512
556202430f3879d2c4cbbabe19e3f6c1d3140de4982b59ea65574403b0fc9297efdfe98344875dbcd026ceff6fcbe779777abb58c82e0387dd61b469edde09f9

Download Submit
C:\Windows\SysWOW64\Lgffic32.exe

Filesize
112KB

MD5
4769a536d85fc9c4b052eb4cabf07a6f

SHA1
9447f7bbe168152f7e4b9da132c8c3309bf87b40

SHA256
5a97c76ae11c1e6ee6dc1cdc4ec345f1fdcaea9d6aec09ae91d71143c7919de9

SHA512
66e873278feebd6f96a1b2cd75109d4e51ff99303024c5e63b686232300b93823bf8e559b6b098efb19f313c41accb66b30f6525c8c4f514e61534d9588f70b3

Download Submit
C:\Windows\SysWOW64\Llbidimc.exe

Filesize
45KB

MD5
48a1c2361792bf003e056369a775de59

SHA1
afa3e515d752d81448740981509e8987dcd257fa

SHA256
1da3a3ac416a53810f82ac5615b589fbe228c4f000f06a43b6e092a9a23d6b23

SHA512
ddd9190bdc29b3910a8372683f06fd397ec49f34c946ca1f127b4595c13e8db289cc74231900161ccebe9a5fda2983e5556571c79e60212e632fddbe2239fce9

Download Submit
C:\Windows\SysWOW64\Llodgnja.exe

Filesize
1.9MB

MD5
df69a117df4db1b9d2d9c634e4a71687

SHA1
c6ff2439094b67339c63f019840d6d220d7c23c9

SHA256
efb6b4a737c905f363e6851bdcd7a81a3a30cd1b08c0cbee16bc12b03fae6087

SHA512
6d42353c8c2e834567ba5d741cdfda69a515891567943d03a654e88e8153328755bcd5bab5152efa0c2f98b875c229bfc9fe7788348e3b9c4fbe5c045114298b

Download Submit
C:\Windows\SysWOW64\Ncbafoge.exe

Filesize
1.9MB

MD5
f103e2d7b8795d19b16b0f1a5bb58490

SHA1
9dc204d4b6051d51d9ca2f91aafbe31ae8cef81b

SHA256
66d67cfc276202be52dfcae96679dcc44c597bb98f46e701fb7169ff36ac4bba

SHA512
e10258e192e7e98532409216723de2176e1339260f8314107a49073385bf56cbeebf304d137ee6fcf3d7efc34049f96ee15afdbf0ed204f1303f875530a0a0b9

Download Submit
C:\Windows\SysWOW64\Njfkmphe.exe

Filesize
96KB

MD5
597da3dcc7d09ef24cf2c778f10c1004

SHA1
d57c5c29f107f6a2fa97c47d11d121eb63872482

SHA256
0d8ee9c5aa6724eed9c80dc58684d75192f51f673ae29c5f2d935780d5d71d45

SHA512
3d6ab42bc2d68eda77dbf2210b9d26f93c600e8b90449aeceb8218b06c556748249347344744c498a96f7220b4229e06923ba8bd5274b080af8555b5bdd95f1e

Download Submit
C:\Windows\SysWOW64\Ohncdobq.exe

Filesize
84KB

MD5
fed5c9ad56c5f39a309dff5a5cb5ae0c

SHA1
773e6fad08878cff86d9d59ea0b5b06bc7b6dd28

SHA256
97fa2a62194f9bea6af11df8693923bf36a104c361d986db7f711ecc200e422b

SHA512
f6fb2a8fef1aa696292f001adccfdbcfa4f3a2a9462f3e661f17a746a8a9041a64ae621fe2f51db9e51656a37021fda46399b65c97e7dc520cc916f9490a686c

Download Submit
C:\Windows\SysWOW64\Ohnljine.exe

Filesize
1.9MB

MD5
b6335e43e604ed029c2544d8c027411e

SHA1
7f181a55a56a4ed9cb6e3e0714c6b144df470f61

SHA256
7a000a7bdecb6ca91c5897d6db3ace64f7fe8caec9fa4dfccb93469bd9bbb0cf

SHA512
651d6de002bab65c63c8d01d3ed2c5243ddb72147a67f4155e928eb50a748abb8c0ab91f071e4d3927070f52be67e1c67311d038a070637a9c428e425379e5ce

Download Submit
C:\Windows\SysWOW64\xccpdoat.nls

Filesize
428B

MD5
534cda6b48a4f4eeba156fae0d91da91

SHA1
ee02d7d2b5f6d35d717c818ca9751af162d39795

SHA256
66180bbde64bd522c568ee505c86f8757942a6d7cbe969b7240660c1ff31bba9

SHA512
e4be76b12a415264990f8e9767356b66676f4d2ddd478c6765d0a614032e9a57547f040c6d86cdbcf5b2bca32857850843d7550611cf1e6ea8a2179ae6996c7a

Download Submit
C:\Windows\SysWOW64\xccpdoat.tmp

Filesize
2.3MB

MD5
3ea8e410ff6be98abe04732876c53097

SHA1
57a2c0deabcacb2114d42fb5302ed4397c9e10b7

SHA256
ac0a58e6f3bc92afdab0efeb040d8c97cd1eda4a96242684d7a15fb6c9c37144

SHA512
7ba28545b7c82bf82802fbb611a6e7990090871c371f2a4aed86bc033130f1821f7240794ed1c890410549fd09d93689255521e4fddeaf3f861640667253e439

Download Submit
C:\Windows\System32\OTBMFiy.exe

Filesize
1.2MB

MD5
568c8a9afdcc848bc40dae5a2fa94425

SHA1
a1a341ac6304e6550fccd73c6608004dda217525

SHA256
0386c6e1b369f1d63f487e9807e076c496c268d7b597dba5f638c9c723d601eb

SHA512
4af9b6e6b2ef9ec54f0805500a4f5b4ee0e9aae5a50312c067d4b6df34b0b621b0a146d29b189f0aa2af46c55a065378ba0c01bc1001fb1328a93696beff4ce5

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
233KB

MD5
38008cea557128b4aca88724ceac9953

SHA1
0b8a13dc5c5e37d212372f0de371a4a2cd721d32

SHA256
baabf5f8a683ed6dce8c6c242e4821a22913cddcff11313b569b47a1aa56b0f1

SHA512
30d183470bd319e020dc074eef8158a62d0d3e2bde8c53c9e0ca99f7b1bce66e2dd281cfe649a968d4cc26b02168385b8d1072340ec1f818224f4b59c38f2528

Download Submit
C:\autorun.inf

Filesize
126B

MD5
163e20cbccefcdd42f46e43a94173c46

SHA1
4c7b5048e8608e2a75799e00ecf1bbb4773279ae

SHA256
7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

SHA512
e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

Download Submit
C:\backup.exe

Filesize
450KB

MD5
17bf8df73a5de35cae9b486e244d10f8

SHA1
b47566594ac72512d9bb9c2fb6cc3d6b47a91d0c

SHA256
47a9204be9ea30c7960479470900fe1325460a6ad0a2797f0665d9d76854c3ea

SHA512
b2745f910bfeec7518086b177185e3561c4164431e6eea7deabace0ff0d8454c1b8d49fb235219f90fbdc9e5cf41491f611777d254c5e143b991a49ac3eeb779

Download Submit
C:\nnbtbb.exe

Filesize
73KB

MD5
5e5daa53a97f1f2df5ba5874f75fb060

SHA1
61f31590a287b3dad328b6f26f160dc93c1c2b83

SHA256
46c0120c4be03788f7765b575dfa1eb5be6bc513db617615e08ad87d4f72ad76

SHA512
137b8def55fb02ab0cf5869cd8b2b854f7c8ed38f12e20cc006911e2370c4c68154a4b2f74a614c22c6c60a00e7e672ceca27237e80f8c10b533df75b59bf48e

Download Submit
C:\sufjw.pif

Filesize
100KB

MD5
27284481c527d7411a3934a3387deb8b

SHA1
cdbe148ad60a1913c2df13823bf2f21ad89fe054

SHA256
96f3c401505e427f5464d997da614995ac2856ccee005116c8df4c7cd1b39139

SHA512
dea774874b2802bbedd95d18b3fce004f12c150d6c72ecee84845373954bf90b2e057f04c9bb495ae78abf43048ee2f12e831a1b2986d78ff99b5cc427ef9f18

Download Submit
C:\zPharaoh.exe

Filesize
157KB

MD5
77e1e869b28553d22f279ce3e41cab1c

SHA1
529da587840277f30747139ebbbbd9262b1d01d4

SHA256
25d5ba421099bee722ce297d02506d4237c1dbfc2e066617ffc143772a58630f

SHA512
881b578e4908e4530204eb5d095ca8b83b49951a881624e7cc51e89fd38ea3d96e674f10880b1bf45e0d20a94bd8680688700dca985aa3b3316cbcaeb800a23b

Download Submit
F:\zPharaoh.exe

Filesize
151KB

MD5
71d0b297d87b7880a7d864adf7ca57b1

SHA1
a45be627d094d9d3ba00402f305c4f15fcfc4a4e

SHA256
793366cabe1e5ff928b4cc2a7e6bb65dfa413ff2d7de4d86e71d950b4b4a2f72

SHA512
7b8e485144d55b9b73d1bedade05739e60b72134abc43aa59329fbece9bf3d0c32400818909b118d4fda21c8d973deff1980b3d3f86dff862b8f156643ebf9f3

Download Submit
memory/396-1321-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/644-1555-0x0000000000530000-0x0000000000532000-memory.dmp

Filesize
8KB

Download
memory/644-1529-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/664-1377-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/704-1266-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/704-1364-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/752-1118-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/752-1072-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/832-1576-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/832-1298-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/988-1156-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1196-1253-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1196-1095-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1320-1407-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1396-1387-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1432-1308-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1432-1578-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1628-1356-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1652-1284-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1652-1574-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1700-1457-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1700-1431-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1800-1552-0x00000000006C0000-0x00000000006C2000-memory.dmp

Filesize
8KB

Download
memory/1800-1073-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/1800-1522-0x00000000006C0000-0x00000000006C2000-memory.dmp

Filesize
8KB

Download
memory/1800-1148-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/1800-1523-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1824-1690-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1852-1195-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1852-1328-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1860-1101-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1860-1216-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1860-1115-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1872-1081-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1872-1176-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1872-1525-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/1872-1553-0x0000000002FA0000-0x0000000002FA2000-memory.dmp

Filesize
8KB

Download
memory/1916-1691-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1932-1164-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1968-1337-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2068-1414-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2172-1203-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2356-1202-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2460-1272-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2460-1194-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2564-1438-0x0000000000DB0000-0x0000000000E0A000-memory.dmp

Filesize
360KB

Download
memory/2564-1295-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2564-1227-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2616-1344-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2700-1137-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2752-1451-0x00000000021D0000-0x000000000325E000-memory.dmp

Filesize
16.6MB

Download
memory/2752-1416-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2752-1471-0x00000000021D0000-0x000000000325E000-memory.dmp

Filesize
16.6MB

Download
memory/2752-1505-0x00000000021D0000-0x000000000325E000-memory.dmp

Filesize
16.6MB

Download
memory/2752-1492-0x00000000021D0000-0x000000000325E000-memory.dmp

Filesize
16.6MB

Download
memory/3036-1163-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3036-1560-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/3120-1535-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3120-1558-0x0000000000590000-0x0000000000592000-memory.dmp

Filesize
8KB

Download
memory/3120-1150-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3140-1293-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3148-1386-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3412-1215-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3516-1343-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3984-1229-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3984-1254-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3988-1378-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4056-1572-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/4056-1265-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4076-1177-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4200-1294-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4200-1240-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4236-1307-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4236-1580-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4304-1564-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/4304-1196-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4408-1204-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4408-1566-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/4420-1228-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4420-1570-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/4488-1533-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/4488-1557-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/4488-1121-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4516-1283-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4516-1161-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4556-1568-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/4556-1223-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4604-1415-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4652-1447-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4684-1345-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4712-1334-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4712-1252-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4712-1119-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4776-1178-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4776-1562-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/4788-1116-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4788-1531-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/4788-1556-0x00000000004B0000-0x00000000004B2000-memory.dmp

Filesize
8KB

Download
memory/4836-1313-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4852-1162-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4852-1222-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4944-1527-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/4944-1554-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/4944-1094-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4956-1392-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5108-1399-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5140-1448-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5164-1479-0x0000000000CE0000-0x0000000000E06000-memory.dmp

Filesize
1.1MB

Download
memory/5216-1460-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5276-1480-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5292-1462-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5348-1477-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5436-1772-0x00000000002C0000-0x00000000003A8000-memory.dmp

Filesize
928KB

Download
memory/5444-1494-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5484-1495-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5548-1496-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5624-1692-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5640-1507-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5652-1536-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5748-1541-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5856-1612-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5872-1610-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5900-1788-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6068-1611-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6096-1693-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/6152-1789-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6176-1760-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6612-1785-0x0000000000400000-0x00000000006F883B-memory.dmp

Filesize
3.0MB

Download
memory/6700-1786-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6716-1787-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/7208-1790-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads