berbew | 6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc

Resubmissions

19-09-2024 12:58

240919-p7mn7szfkj 10

Analysis

max time kernel
190s
max time network
218s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 12:58

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

RatAlerts.exe
Size

36.7MB
MD5

f921e16ca321bbe2e490f036f8b99c74
SHA1

6e25638b340ba77f3e467bbbdc27c48209e193af
SHA256

6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc
SHA512

04492839ccaeeddc9090b7f6c6458294540bb3e2589108a3c459ae87a11c6cabe6548d80805f37b8bd43616d3645afdabe8b95b9f37c85c06f5c87b137a10274
SSDEEP

786432:pjE3Qtst8rW8WZ2YwUlJAdQ/2j6+s7LWB75zuXVgM3MGYS2fAMJLjvZ:a3QtIoWlZ2mlq62qHWB75ilZMGJ24MRN

Malware Config

Extracted

Family

berbew

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

metasploit_stager

38.207.133.152:15765

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mhafeb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Malgcg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Malgcg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mbenmk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mbenmk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mhafeb32.exe

Berbew
Berbew is a backdoor written in C++.
backdoor berbew

Detect Neshta payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000200000002b087-7196.dat	family_neshta

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000100000002b3fd-9477.dat	family_umbral

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/888-1258-0x0000000010000000-0x0000000010046000-memory.dmp	family_xtremerat

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000100000002b2bf-5914.dat	family_xworm

Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook

Gh0st RAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/2392-1214-0x0000000000400000-0x0000000000429000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Vobfus
A widespread worm which spreads via network drives and removable media.
worm vobfus
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Formbook payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000100000002af44-34453.dat	formbook

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000100000000002e-28965.dat	warzonerat

Command and Scripting Interpreter: PowerShell 1 TTPs 15 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
37556	Process not Found
16692	Process not Found
35256	Process not Found
37988	Process not Found
27352	Process not Found
28508	Process not Found
29932	Process not Found
34432	Process not Found
31452	Process not Found
26816	Process not Found
14356	Process not Found
37768	Process not Found
27748	Process not Found
43832	Process not Found
11364	powershell.exe

Executes dropped EXE 9 IoCs

pid	Process
808	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
2392	240919-p3xnlszdmn_eb5f281951126a5a276089dbfd9a7bd1_JaffaCakes118.exe
4352	Mbenmk32.exe
1768	Mhafeb32.exe
2440	240919-p4xd8szdrq_16837ddf96d4abc57a36ec8e37c2b22f5e18173c40efd4351d51b32ee5abc496.exe
1908	Malgcg32.exe
1716	240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe
3884	240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
4692	240919-p4akgayhpg_21a3731859d9533eb9e59375488ec550f519f39b306802a8f0087beb3f5ee808N.exe

Loads dropped DLL 44 IoCs

pid	Process
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe
4668	RatAlerts.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-1072-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000100000002b03e-2119.dat	upx
behavioral1/files/0x000100000002b1c0-3253.dat	upx
behavioral1/memory/3884-1414-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/3884-1374-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/3884-1372-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/3884-1147-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/2392-1214-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3884-1135-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/1716-1196-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1716-1159-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1716-1144-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1716-1143-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1716-1142-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1716-1141-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/files/0x000200000002b083-11800.dat	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
387	discord.com
243	discord.com
248	discord.com
368	discord.com
375	discord.com
384	discord.com
373	discord.com
1	discord.com
2	discord.com
3	discord.com
249	discord.com
370	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
261	checkip.dyndns.org
220	checkip.dyndns.org
253	ip-api.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0002000000025c9b-4704.dat	autoit_exe
behavioral1/files/0x000100000002b517-10255.dat	autoit_exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Malgcg32.exe	Mhafeb32.exe
File opened for modification	C:\Windows\SysWOW64\Malgcg32.exe	Mhafeb32.exe
File created	C:\Windows\SysWOW64\Micoed32.exe	Malgcg32.exe
File opened for modification	C:\Windows\SysWOW64\Micoed32.exe	Malgcg32.exe
File created	C:\Windows\SysWOW64\Mbenmk32.exe	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
File opened for modification	C:\Windows\SysWOW64\Mbenmk32.exe	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
File opened for modification	C:\Windows\SysWOW64\Mhafeb32.exe	Mbenmk32.exe
File created	C:\Windows\SysWOW64\Headjohq.dll	Mbenmk32.exe
File created	C:\Windows\SysWOW64\Flcmfp32.dll	Malgcg32.exe
File created	C:\Windows\SysWOW64\Nbbond32.dll	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
File created	C:\Windows\SysWOW64\Mhafeb32.exe	Mbenmk32.exe
File created	C:\Windows\SysWOW64\Mjnafk32.dll	Mhafeb32.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000200000002b6b7-18796.dat	pyinstaller

Program crash 24 IoCs

pid	pid_target	Process	procid_target
16808	16084	WerFault.exe
21976	17252	WerFault.exe
18488	16084	WerFault.exe
21948	16140	WerFault.exe
15516	15952	WerFault.exe
17976	16132	WerFault.exe
5732	7324	WerFault.exe
8036	7304	WerFault.exe
7796	2440	WerFault.exe
7280	3292	WerFault.exe
5324	1900	WerFault.exe
1292	888	WerFault.exe
22084	16140	Process not Found	702
13496	20116	Process not Found
14076	16140	Process not Found	702
33664	16140	Process not Found	702
32596	28788	Process not Found	1804
35100	13356	Process not Found	1868
34984	24024	Process not Found	1862
39984	34740	Process not Found
42000	28472	Process not Found
36444	40764	Process not Found	3221
2068	16140	Process not Found	702
30132	23528	Process not Found	3521

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-p4akgayhpg_21a3731859d9533eb9e59375488ec550f519f39b306802a8f0087beb3f5ee808N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-p3xnlszdmn_eb5f281951126a5a276089dbfd9a7bd1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mbenmk32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mhafeb32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Malgcg32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
18620	240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
38604	Process not Found

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Malgcg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Headjohq.dll"	Mbenmk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Malgcg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mbenmk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mjnafk32.dll"	Mhafeb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mbenmk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mhafeb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mhafeb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Flcmfp32.dll"	Malgcg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nbbond32.dll"	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
14304	Process not Found
24288	Process not Found
12860	Process not Found
43768	Process not Found

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	212	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	403	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 4668	2272	RatAlerts.exe	80
PID 2272 wrote to memory of 4668	2272	RatAlerts.exe	80
PID 4668 wrote to memory of 3508	4668	RatAlerts.exe	81
PID 4668 wrote to memory of 3508	4668	RatAlerts.exe	81
PID 4668 wrote to memory of 5032	4668	RatAlerts.exe	82
PID 4668 wrote to memory of 5032	4668	RatAlerts.exe	82
PID 4668 wrote to memory of 808	4668	RatAlerts.exe	83
PID 4668 wrote to memory of 808	4668	RatAlerts.exe	83
PID 4668 wrote to memory of 808	4668	RatAlerts.exe	83
PID 4668 wrote to memory of 2392	4668	RatAlerts.exe	84
PID 4668 wrote to memory of 2392	4668	RatAlerts.exe	84
PID 4668 wrote to memory of 2392	4668	RatAlerts.exe	84
PID 808 wrote to memory of 4352	808	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe	85
PID 808 wrote to memory of 4352	808	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe	85
PID 808 wrote to memory of 4352	808	240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe	85
PID 4352 wrote to memory of 1768	4352	Mbenmk32.exe	86
PID 4352 wrote to memory of 1768	4352	Mbenmk32.exe	86
PID 4352 wrote to memory of 1768	4352	Mbenmk32.exe	86
PID 4668 wrote to memory of 2440	4668	RatAlerts.exe	87
PID 4668 wrote to memory of 2440	4668	RatAlerts.exe	87
PID 1768 wrote to memory of 1908	1768	Mhafeb32.exe	88
PID 1768 wrote to memory of 1908	1768	Mhafeb32.exe	88
PID 1768 wrote to memory of 1908	1768	Mhafeb32.exe	88
PID 4668 wrote to memory of 1716	4668	RatAlerts.exe	89
PID 4668 wrote to memory of 1716	4668	RatAlerts.exe	89
PID 4668 wrote to memory of 1716	4668	RatAlerts.exe	89
PID 4668 wrote to memory of 3884	4668	RatAlerts.exe	90
PID 4668 wrote to memory of 3884	4668	RatAlerts.exe	90
PID 4668 wrote to memory of 3884	4668	RatAlerts.exe	90
PID 4668 wrote to memory of 4692	4668	RatAlerts.exe	91
PID 4668 wrote to memory of 4692	4668	RatAlerts.exe	91
PID 4668 wrote to memory of 4692	4668	RatAlerts.exe	91
PID 1908 wrote to memory of 3580	1908	Malgcg32.exe	92
PID 1908 wrote to memory of 3580	1908	Malgcg32.exe	92
PID 1908 wrote to memory of 3580	1908	Malgcg32.exe	92

C:\Users\Admin\AppData\Local\Temp\RatAlerts.exe
"C:\Users\Admin\AppData\Local\Temp\RatAlerts.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\RatAlerts.exe
  "C:\Users\Admin\AppData\Local\Temp\RatAlerts.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5032
- - C:\Users\Admin\Downloads\240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
    C:\Users\Admin\Downloads\240919-p41fwszejj_7db074cbd679e06d24756d29a2ea2a8088ca1b8e24994e3d955c476dc2a97d54N.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Windows\SysWOW64\Mbenmk32.exe
      C:\Windows\system32\Mbenmk32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Windows\SysWOW64\Mhafeb32.exe
        
        C:\Windows\system32\Mhafeb32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1768
      - C:\Windows\SysWOW64\Malgcg32.exe
        
        C:\Windows\system32\Malgcg32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\Micoed32.exe
        
        C:\Windows\system32\Micoed32.exe
        7⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\Mblcnj32.exe
        
        C:\Windows\system32\Mblcnj32.exe
        8⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\Nobdbkhf.exe
        
        C:\Windows\system32\Nobdbkhf.exe
        9⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\Noeahkfc.exe
        
        C:\Windows\system32\Noeahkfc.exe
        10⤵
        
        PID:860
        
        C:\Windows\SysWOW64\Nognnj32.exe
        
        C:\Windows\system32\Nognnj32.exe
        11⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\Nolgijpk.exe
        
        C:\Windows\system32\Nolgijpk.exe
        12⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\Oblmdhdo.exe
        
        C:\Windows\system32\Oblmdhdo.exe
        13⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\Okjnnj32.exe
        
        C:\Windows\system32\Okjnnj32.exe
        14⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\Pkogiikb.exe
        
        C:\Windows\system32\Pkogiikb.exe
        15⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\Pidabppl.exe
        
        C:\Windows\system32\Pidabppl.exe
        16⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\Qohpkf32.exe
        
        C:\Windows\system32\Qohpkf32.exe
        17⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\Afgacokc.exe
        
        C:\Windows\system32\Afgacokc.exe
        18⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\Abbkcpma.exe
        
        C:\Windows\system32\Abbkcpma.exe
        19⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\Bbiado32.exe
        
        C:\Windows\system32\Bbiado32.exe
        20⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\Ccdnjp32.exe
        
        C:\Windows\system32\Ccdnjp32.exe
        21⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\Dmalne32.exe
        
        C:\Windows\system32\Dmalne32.exe
        22⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\Dflmlj32.exe
        
        C:\Windows\system32\Dflmlj32.exe
        23⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\Ecbjkngo.exe
        
        C:\Windows\system32\Ecbjkngo.exe
        24⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\Elbhjp32.exe
        
        C:\Windows\system32\Elbhjp32.exe
        25⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\Ffaong32.exe
        
        C:\Windows\system32\Ffaong32.exe
        26⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\Hpabni32.exe
        
        C:\Windows\system32\Hpabni32.exe
        27⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\Iphioh32.exe
        
        C:\Windows\system32\Iphioh32.exe
        28⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\Ahgcjddh.exe
        
        C:\Windows\system32\Ahgcjddh.exe
        29⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\Dijbno32.exe
        
        C:\Windows\system32\Dijbno32.exe
        30⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\Efblbbqd.exe
        
        C:\Windows\system32\Efblbbqd.exe
        31⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        32⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\Iohejo32.exe
        
        C:\Windows\system32\Iohejo32.exe
        33⤵
        
        PID:14404
        
        C:\Windows\SysWOW64\Ibqnkh32.exe
        
        C:\Windows\system32\Ibqnkh32.exe
        34⤵
        
        PID:15040
        
        C:\Windows\SysWOW64\Mfkkqmiq.exe
        
        C:\Windows\system32\Mfkkqmiq.exe
        35⤵
        
        PID:19536
        
        C:\Windows\SysWOW64\Pjlcjf32.exe
        
        C:\Windows\system32\Pjlcjf32.exe
        36⤵
        
        PID:19364
        
        C:\Windows\SysWOW64\Fqbeoc32.exe
        
        C:\Windows\system32\Fqbeoc32.exe
        37⤵
        
        PID:22156
        
        C:\Windows\SysWOW64\Fjlpbb32.exe
        
        C:\Windows\system32\Fjlpbb32.exe
        38⤵
        
        PID:23004
- - C:\Users\Admin\Downloads\240919-p3xnlszdmn_eb5f281951126a5a276089dbfd9a7bd1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-p3xnlszdmn_eb5f281951126a5a276089dbfd9a7bd1_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2392
- - C:\Users\Admin\Downloads\240919-p4xd8szdrq_16837ddf96d4abc57a36ec8e37c2b22f5e18173c40efd4351d51b32ee5abc496.exe
    C:\Users\Admin\Downloads\240919-p4xd8szdrq_16837ddf96d4abc57a36ec8e37c2b22f5e18173c40efd4351d51b32ee5abc496.exe
    3⤵
    - Executes dropped EXE
    PID:2440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 8
      4⤵
      Program crash
      PID:7796
- - C:\Users\Admin\Downloads\240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzlf6szcjq_eb5cf79d246e5b528fd9c1c0e5239bbf_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1716
- - C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3884
- - C:\Users\Admin\Downloads\240919-p4akgayhpg_21a3731859d9533eb9e59375488ec550f519f39b306802a8f0087beb3f5ee808N.exe
    C:\Users\Admin\Downloads\240919-p4akgayhpg_21a3731859d9533eb9e59375488ec550f519f39b306802a8f0087beb3f5ee808N.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4692
  - - C:\Windows\SysWOW64\Mnphmkji.exe
      C:\Windows\system32\Mnphmkji.exe
      4⤵
      PID:3944
    - - C:\Windows\SysWOW64\Mhilfa32.exe
        
        C:\Windows\system32\Mhilfa32.exe
        5⤵
        
        PID:2912
      - C:\Windows\SysWOW64\Neoieenp.exe
        
        C:\Windows\system32\Neoieenp.exe
        6⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Nknobkje.exe
        
        C:\Windows\system32\Nknobkje.exe
        7⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\Nlphbnoe.exe
        
        C:\Windows\system32\Nlphbnoe.exe
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\Oocmii32.exe
        
        C:\Windows\system32\Oocmii32.exe
        9⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\Oiknlagg.exe
        
        C:\Windows\system32\Oiknlagg.exe
        10⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\Pedlgbkh.exe
        
        C:\Windows\system32\Pedlgbkh.exe
        11⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\Pcmeke32.exe
        
        C:\Windows\system32\Pcmeke32.exe
        12⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\Allpejfe.exe
        
        C:\Windows\system32\Allpejfe.exe
        13⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Ahgjejhd.exe
        
        C:\Windows\system32\Ahgjejhd.exe
        14⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\Cihclh32.exe
        
        C:\Windows\system32\Cihclh32.exe
        15⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\Ciafbg32.exe
        
        C:\Windows\system32\Ciafbg32.exe
        16⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\Dfjpfj32.exe
        
        C:\Windows\system32\Dfjpfj32.exe
        17⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\Dcpmen32.exe
        
        C:\Windows\system32\Dcpmen32.exe
        18⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\Epikpo32.exe
        
        C:\Windows\system32\Epikpo32.exe
        19⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\Eppqqn32.exe
        
        C:\Windows\system32\Eppqqn32.exe
        20⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\Fdepgkgj.exe
        
        C:\Windows\system32\Fdepgkgj.exe
        21⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\Gkmdecbg.exe
        
        C:\Windows\system32\Gkmdecbg.exe
        22⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Kcndbp32.exe
        
        C:\Windows\system32\Kcndbp32.exe
        23⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\Oeokal32.exe
        
        C:\Windows\system32\Oeokal32.exe
        24⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\Aehgnied.exe
        
        C:\Windows\system32\Aehgnied.exe
        25⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        26⤵
        
        PID:11100
- - C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    3⤵
    PID:2340
- - C:\Users\Admin\Downloads\240919-pzqe5azckl_1732-3-0x0000000000400000-0x0000000000442000-memory.dmp
    C:\Users\Admin\Downloads\240919-pzqe5azckl_1732-3-0x0000000000400000-0x0000000000442000-memory.dmp
    3⤵
    PID:1900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 8
      4⤵
      Program crash
      PID:5324
- - C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    3⤵
    PID:2144
- - C:\Users\Admin\Downloads\240919-p5rkdazalc_eb60bcd31ece01867526dcd0f411b8ea_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-p5rkdazalc_eb60bcd31ece01867526dcd0f411b8ea_JaffaCakes118.exe
    3⤵
    PID:4112
  - - C:\Users\Admin\Downloads\240919-p5rkdazalc_eb60bcd31ece01867526dcd0f411b8ea_JaffaCakes118.exe
      4⤵
      PID:888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 480
        5⤵
        Program crash
        
        PID:1292
- - C:\Users\Admin\Downloads\240919-p3vt1szdmk_2908-6-0x0000000000400000-0x000000000042F000-memory.dmp
    C:\Users\Admin\Downloads\240919-p3vt1szdmk_2908-6-0x0000000000400000-0x000000000042F000-memory.dmp
    3⤵
    PID:2476
- - C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    3⤵
    PID:1036
  - - \??\c:\uboot.bin
      "c:\uboot.bin"
      4⤵
      PID:3764
    - - C:\Windows\SysWOW64\Rundll32.exe
        
        Rundll32.exe C:\Users\Admin\AppData\Local\Temp\uboot.dll,abcLaunchEv
        5⤵
        
        PID:5336
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\uboot.bin > nul
        5⤵
        
        PID:5980
  - - \??\c:\ntboot.bin
      "c:\ntboot.bin"
      4⤵
      PID:7808
    - - C:\Windows\ntsock.exe
        
        "C:\Windows\ntsock.exe"
        5⤵
        
        PID:228
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\ntboot.bin > nul
        5⤵
        
        PID:5576
- - C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    3⤵
    PID:1016
  - - C:\Windows\SysWOW64\Nimbkc32.exe
      C:\Windows\system32\Nimbkc32.exe
      4⤵
      PID:4232
    - - C:\Windows\SysWOW64\Nhdlao32.exe
        
        C:\Windows\system32\Nhdlao32.exe
        5⤵
        
        PID:2996
      - C:\Windows\SysWOW64\Okgaijaj.exe
        
        C:\Windows\system32\Okgaijaj.exe
        6⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\Oeoblb32.exe
        
        C:\Windows\system32\Oeoblb32.exe
        7⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\Pahpfc32.exe
        
        C:\Windows\system32\Pahpfc32.exe
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\Poajkgnc.exe
        
        C:\Windows\system32\Poajkgnc.exe
        9⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\Ajndioga.exe
        
        C:\Windows\system32\Ajndioga.exe
        10⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\Afinioip.exe
        
        C:\Windows\system32\Afinioip.exe
        11⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\Bcahmb32.exe
        
        C:\Windows\system32\Bcahmb32.exe
        12⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\Cfigpm32.exe
        
        C:\Windows\system32\Cfigpm32.exe
        13⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        14⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\Dkdliame.exe
        
        C:\Windows\system32\Dkdliame.exe
        15⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\Djhimica.exe
        
        C:\Windows\system32\Djhimica.exe
        16⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\Ebejfk32.exe
        
        C:\Windows\system32\Ebejfk32.exe
        17⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\Epndknin.exe
        
        C:\Windows\system32\Epndknin.exe
        18⤵
        
        PID:832
        
        C:\Windows\SysWOW64\Fdepgkgj.exe
        
        C:\Windows\system32\Fdepgkgj.exe
        19⤵
        
        PID:580
        
        C:\Windows\SysWOW64\Hkpqkcpd.exe
        
        C:\Windows\system32\Hkpqkcpd.exe
        20⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\Kjhloj32.exe
        
        C:\Windows\system32\Kjhloj32.exe
        21⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\Njinmf32.exe
        
        C:\Windows\system32\Njinmf32.exe
        22⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\Qaalblgi.exe
        
        C:\Windows\system32\Qaalblgi.exe
        23⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\Aekddhcb.exe
        
        C:\Windows\system32\Aekddhcb.exe
        24⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\Efblbbqd.exe
        
        C:\Windows\system32\Efblbbqd.exe
        25⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        26⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\Iliinc32.exe
        
        C:\Windows\system32\Iliinc32.exe
        27⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\Ipbaol32.exe
        
        C:\Windows\system32\Ipbaol32.exe
        28⤵
        
        PID:14684
        
        C:\Windows\SysWOW64\Obqanjdb.exe
        
        C:\Windows\system32\Obqanjdb.exe
        29⤵
        
        PID:18540
        
        C:\Windows\SysWOW64\Gcghkm32.exe
        
        C:\Windows\system32\Gcghkm32.exe
        30⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\Fgkfqgce.exe
        
        C:\Windows\system32\Fgkfqgce.exe
        31⤵
        
        PID:21336
- - C:\Users\Admin\Downloads\240919-ptscjayhpm_eb595cc6a1c33055ae501957258ccc4c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ptscjayhpm_eb595cc6a1c33055ae501957258ccc4c_JaffaCakes118.exe
    3⤵
    PID:3292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 296
      4⤵
      Program crash
      PID:7280
- - C:\Users\Admin\Downloads\240919-p16hqszcql_e945f807f1294deb50fed243c01bcf11c8a16f2fcbb6f74189ee1ad4802171beN.exe
    C:\Users\Admin\Downloads\240919-p16hqszcql_e945f807f1294deb50fed243c01bcf11c8a16f2fcbb6f74189ee1ad4802171beN.exe
    3⤵
    PID:4224
  - - C:\Windows\SysWOW64\Najceeoo.exe
      C:\Windows\system32\Najceeoo.exe
      4⤵
      PID:2872
    - - C:\Windows\SysWOW64\Oekiqccc.exe
        
        C:\Windows\system32\Oekiqccc.exe
        5⤵
        
        PID:5184
      - C:\Windows\SysWOW64\Ooejohhq.exe
        
        C:\Windows\system32\Ooejohhq.exe
        6⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\Pojcjh32.exe
        
        C:\Windows\system32\Pojcjh32.exe
        7⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\Plbmokop.exe
        
        C:\Windows\system32\Plbmokop.exe
        8⤵
        
        PID:424
        
        C:\Windows\SysWOW64\Qcclld32.exe
        
        C:\Windows\system32\Qcclld32.exe
        9⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\Ahenokjf.exe
        
        C:\Windows\system32\Ahenokjf.exe
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\Bfngdn32.exe
        
        C:\Windows\system32\Bfngdn32.exe
        11⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\Ckfphc32.exe
        
        C:\Windows\system32\Ckfphc32.exe
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        13⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\Dpphjp32.exe
        
        C:\Windows\system32\Dpphjp32.exe
        14⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\Dmfeidbe.exe
        
        C:\Windows\system32\Dmfeidbe.exe
        15⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\Ejlbhh32.exe
        
        C:\Windows\system32\Ejlbhh32.exe
        16⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Ejchhgid.exe
        
        C:\Windows\system32\Ejchhgid.exe
        17⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\Fmkgkapm.exe
        
        C:\Windows\system32\Fmkgkapm.exe
        18⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\Hdokdg32.exe
        
        C:\Windows\system32\Hdokdg32.exe
        19⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\Olfghg32.exe
        
        C:\Windows\system32\Olfghg32.exe
        20⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\Bffcpg32.exe
        
        C:\Windows\system32\Bffcpg32.exe
        21⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\Enkdaepb.exe
        
        C:\Windows\system32\Enkdaepb.exe
        22⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\Fneggdhg.exe
        
        C:\Windows\system32\Fneggdhg.exe
        23⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\Ipgbdbqb.exe
        
        C:\Windows\system32\Ipgbdbqb.exe
        24⤵
        
        PID:14676
        
        C:\Windows\SysWOW64\Kngkqbgl.exe
        
        C:\Windows\system32\Kngkqbgl.exe
        25⤵
        
        PID:16672
        
        C:\Windows\SysWOW64\Ngndaccj.exe
        
        C:\Windows\system32\Ngndaccj.exe
        26⤵
        
        PID:18008
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        27⤵
        
        PID:18072
        
        C:\Windows\SysWOW64\Ehndnh32.exe
        
        C:\Windows\system32\Ehndnh32.exe
        28⤵
        
        PID:17512
        
        C:\Windows\SysWOW64\Llcghg32.exe
        
        C:\Windows\system32\Llcghg32.exe
        29⤵
        
        PID:18656
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        30⤵
        
        PID:20164
        
        C:\Windows\SysWOW64\Pmhbqbae.exe
        
        C:\Windows\system32\Pmhbqbae.exe
        31⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\Gbkdod32.exe
        
        C:\Windows\system32\Gbkdod32.exe
        32⤵
        
        PID:19064
        
        C:\Windows\SysWOW64\Gcngafol.exe
        
        C:\Windows\system32\Gcngafol.exe
        33⤵
        
        PID:12000
- - C:\Users\Admin\Downloads\240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
    C:\Users\Admin\Downloads\240919-p3cnfazdkk_c9451319c5573e54454fb409a59f138161fcdaad4cf40df19d5a7e17f59b3353N.exe
    3⤵
    PID:2028
  - - C:\Windows\SysWOW64\Olbdhn32.exe
      C:\Windows\system32\Olbdhn32.exe
      4⤵
      PID:2944
    - - C:\Windows\SysWOW64\Olgncmim.exe
        
        C:\Windows\system32\Olgncmim.exe
        5⤵
        
        PID:5436
      - C:\Windows\SysWOW64\Oafcqcea.exe
        
        C:\Windows\system32\Oafcqcea.exe
        6⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\Polppg32.exe
        
        C:\Windows\system32\Polppg32.exe
        7⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\Pkhjph32.exe
        
        C:\Windows\system32\Pkhjph32.exe
        8⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\Aeddnp32.exe
        
        C:\Windows\system32\Aeddnp32.exe
        9⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\Ahjgjj32.exe
        
        C:\Windows\system32\Ahjgjj32.exe
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\Bmlilh32.exe
        
        C:\Windows\system32\Bmlilh32.exe
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\Coiaiakf.exe
        
        C:\Windows\system32\Coiaiakf.exe
        12⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\Difpmfna.exe
        
        C:\Windows\system32\Difpmfna.exe
        13⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\Dbqqkkbo.exe
        
        C:\Windows\system32\Dbqqkkbo.exe
        14⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\Dpgnjo32.exe
        
        C:\Windows\system32\Dpgnjo32.exe
        15⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\Eidlnd32.exe
        
        C:\Windows\system32\Eidlnd32.exe
        16⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\Gdlfhj32.exe
        
        C:\Windows\system32\Gdlfhj32.exe
        17⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\Gphphj32.exe
        
        C:\Windows\system32\Gphphj32.exe
        18⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\Hdmoohbo.exe
        
        C:\Windows\system32\Hdmoohbo.exe
        19⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\Icfekc32.exe
        
        C:\Windows\system32\Icfekc32.exe
        20⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\Kqphfe32.exe
        
        C:\Windows\system32\Kqphfe32.exe
        21⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\Omgcpokp.exe
        
        C:\Windows\system32\Omgcpokp.exe
        22⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\Dkokcl32.exe
        
        C:\Windows\system32\Dkokcl32.exe
        23⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\Eiahnnph.exe
        
        C:\Windows\system32\Eiahnnph.exe
        24⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\Fijkdmhn.exe
        
        C:\Windows\system32\Fijkdmhn.exe
        25⤵
        
        PID:14808
        
        C:\Windows\SysWOW64\Ibfnqmpf.exe
        
        C:\Windows\system32\Ibfnqmpf.exe
        26⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\Kcbfcigf.exe
        
        C:\Windows\system32\Kcbfcigf.exe
        27⤵
        
        PID:16572
        
        C:\Windows\SysWOW64\Ncnofeof.exe
        
        C:\Windows\system32\Ncnofeof.exe
        28⤵
        
        PID:17444
        
        C:\Windows\SysWOW64\Akpoaj32.exe
        
        C:\Windows\system32\Akpoaj32.exe
        29⤵
        
        PID:17648
        
        C:\Windows\SysWOW64\Fooclapd.exe
        
        C:\Windows\system32\Fooclapd.exe
        30⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\Jblmgf32.exe
        
        C:\Windows\system32\Jblmgf32.exe
        31⤵
        
        PID:18640
        
        C:\Windows\SysWOW64\Nbbeml32.exe
        
        C:\Windows\system32\Nbbeml32.exe
        32⤵
        
        PID:19980
        
        C:\Windows\SysWOW64\Abhqefpg.exe
        
        C:\Windows\system32\Abhqefpg.exe
        33⤵
        
        PID:16512
        
        C:\Windows\SysWOW64\Gcpcgfmi.exe
        
        C:\Windows\system32\Gcpcgfmi.exe
        34⤵
        
        PID:19856
- - C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    3⤵
    PID:760
  - - C:\Windows\SysWOW64\Oihagaji.exe
      C:\Windows\system32\Oihagaji.exe
      4⤵
      PID:5400
    - - C:\Windows\SysWOW64\Obcceg32.exe
        
        C:\Windows\system32\Obcceg32.exe
        5⤵
        
        PID:5708
      - C:\Windows\SysWOW64\Pkadoiip.exe
        
        C:\Windows\system32\Pkadoiip.exe
        6⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\Bhoqeibl.exe
        
        C:\Windows\system32\Bhoqeibl.exe
        7⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\Bckkca32.exe
        
        C:\Windows\system32\Bckkca32.exe
        8⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\Cfcjfk32.exe
        
        C:\Windows\system32\Cfcjfk32.exe
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Dckdjomg.exe
        
        C:\Windows\system32\Dckdjomg.exe
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\Dlieda32.exe
        
        C:\Windows\system32\Dlieda32.exe
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\Eiobceef.exe
        
        C:\Windows\system32\Eiobceef.exe
        12⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\Eifhdd32.exe
        
        C:\Windows\system32\Eifhdd32.exe
        13⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\Fpjcgm32.exe
        
        C:\Windows\system32\Fpjcgm32.exe
        14⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\Gkmdecbg.exe
        
        C:\Windows\system32\Gkmdecbg.exe
        15⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\Kdkdgchl.exe
        
        C:\Windows\system32\Kdkdgchl.exe
        16⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\Odalmibl.exe
        
        C:\Windows\system32\Odalmibl.exe
        17⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Aonoao32.exe
        
        C:\Windows\system32\Aonoao32.exe
        18⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\Bakgoh32.exe
        
        C:\Windows\system32\Bakgoh32.exe
        19⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        20⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\Efeihb32.exe
        
        C:\Windows\system32\Efeihb32.exe
        21⤵
        
        PID:14452
        
        C:\Windows\SysWOW64\Gbchdp32.exe
        
        C:\Windows\system32\Gbchdp32.exe
        22⤵
        
        PID:15904
        
        C:\Windows\SysWOW64\Jiglnf32.exe
        
        C:\Windows\system32\Jiglnf32.exe
        23⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\Lqmmmmph.exe
        
        C:\Windows\system32\Lqmmmmph.exe
        24⤵
        
        PID:17320
        
        C:\Windows\SysWOW64\Mjaabq32.exe
        
        C:\Windows\system32\Mjaabq32.exe
        25⤵
        
        PID:15120
        
        C:\Windows\SysWOW64\Oaplqh32.exe
        
        C:\Windows\system32\Oaplqh32.exe
        26⤵
        
        PID:18356
        
        C:\Windows\SysWOW64\Bdojjo32.exe
        
        C:\Windows\system32\Bdojjo32.exe
        27⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\Cklhcfle.exe
        
        C:\Windows\system32\Cklhcfle.exe
        28⤵
        
        PID:15372
        
        C:\Windows\SysWOW64\Egohdegl.exe
        
        C:\Windows\system32\Egohdegl.exe
        29⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\Fdlkdhnk.exe
        
        C:\Windows\system32\Fdlkdhnk.exe
        30⤵
        
        PID:18184
        
        C:\Windows\SysWOW64\Lhgkgijg.exe
        
        C:\Windows\system32\Lhgkgijg.exe
        31⤵
        
        PID:18504
        
        C:\Windows\SysWOW64\Pcpnhl32.exe
        
        C:\Windows\system32\Pcpnhl32.exe
        32⤵
        
        PID:13568
- - C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    3⤵
    PID:5368
- - C:\Users\Admin\Downloads\240919-pzdrbsyfqh_eb5cdc1929285eb740166ef4733dc5f0_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzdrbsyfqh_eb5cdc1929285eb740166ef4733dc5f0_JaffaCakes118.exe
    3⤵
    PID:5660
- - C:\Users\Admin\Downloads\240919-pz318azcll_2880-30-0x0000000000400000-0x0000000000440000-memory.dmp
    C:\Users\Admin\Downloads\240919-pz318azcll_2880-30-0x0000000000400000-0x0000000000440000-memory.dmp
    3⤵
    PID:6004
- - C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    3⤵
    PID:4932
  - - C:\Windows\SysWOW64\Acfhad32.exe
      C:\Windows\system32\Acfhad32.exe
      4⤵
      PID:1800
    - - C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        5⤵
        
        PID:6744
      - C:\Windows\SysWOW64\Bfbaonae.exe
        
        C:\Windows\system32\Bfbaonae.exe
        6⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\Bbnkonbd.exe
        
        C:\Windows\system32\Bbnkonbd.exe
        7⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        8⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\Dpphjp32.exe
        
        C:\Windows\system32\Dpphjp32.exe
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\Dikihe32.exe
        
        C:\Windows\system32\Dikihe32.exe
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Efafgifc.exe
        
        C:\Windows\system32\Efafgifc.exe
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\Eblpgjha.exe
        
        C:\Windows\system32\Eblpgjha.exe
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\Fipkjb32.exe
        
        C:\Windows\system32\Fipkjb32.exe
        13⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\Gmdjapgb.exe
        
        C:\Windows\system32\Gmdjapgb.exe
        14⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\Knchpiom.exe
        
        C:\Windows\system32\Knchpiom.exe
        15⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\Aojefobm.exe
        
        C:\Windows\system32\Aojefobm.exe
        16⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\Emmdom32.exe
        
        C:\Windows\system32\Emmdom32.exe
        17⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        18⤵
        
        PID:15676
        
        C:\Windows\SysWOW64\Jekqmhia.exe
        
        C:\Windows\system32\Jekqmhia.exe
        19⤵
        
        PID:15812
        
        C:\Windows\SysWOW64\Mcelpggq.exe
        
        C:\Windows\system32\Mcelpggq.exe
        20⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\Pplobcpp.exe
        
        C:\Windows\system32\Pplobcpp.exe
        21⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\Enhpao32.exe
        
        C:\Windows\system32\Enhpao32.exe
        22⤵
        
        PID:17560
        
        C:\Windows\SysWOW64\Ieojgc32.exe
        
        C:\Windows\system32\Ieojgc32.exe
        23⤵
        
        PID:18448
        
        C:\Windows\SysWOW64\Kheekkjl.exe
        
        C:\Windows\system32\Kheekkjl.exe
        24⤵
        
        PID:16560
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        25⤵
        
        PID:20008
        
        C:\Windows\SysWOW64\Afcmfe32.exe
        
        C:\Windows\system32\Afcmfe32.exe
        26⤵
        
        PID:18864
        
        C:\Windows\SysWOW64\Gjcmngnj.exe
        
        C:\Windows\system32\Gjcmngnj.exe
        27⤵
        
        PID:19820
        
        C:\Windows\SysWOW64\Gjhonp32.exe
        
        C:\Windows\system32\Gjhonp32.exe
        28⤵
        
        PID:20096
- - C:\Users\Admin\Downloads\240919-pxr6yazbkk_Backdoor.Win32.Berbew.pz-20587c7622ed58ad24a75d1483aee3f5237118333e2fce8569c66d46d67a2850N
    C:\Users\Admin\Downloads\240919-pxr6yazbkk_Backdoor.Win32.Berbew.pz-20587c7622ed58ad24a75d1483aee3f5237118333e2fce8569c66d46d67a2850N
    3⤵
    PID:5520
  - - C:\Windows\SysWOW64\Akffafgg.exe
      C:\Windows\system32\Akffafgg.exe
      4⤵
      PID:6684
    - - C:\Windows\SysWOW64\Bcddcbab.exe
        
        C:\Windows\system32\Bcddcbab.exe
        5⤵
        
        PID:7376
      - C:\Windows\SysWOW64\Cjecpkcg.exe
        
        C:\Windows\system32\Cjecpkcg.exe
        6⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\Cjnffjkl.exe
        
        C:\Windows\system32\Cjnffjkl.exe
        7⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\Dbndfl32.exe
        
        C:\Windows\system32\Dbndfl32.exe
        8⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\Dpdaepai.exe
        
        C:\Windows\system32\Dpdaepai.exe
        9⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\Elnoopdj.exe
        
        C:\Windows\system32\Elnoopdj.exe
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\Embddb32.exe
        
        C:\Windows\system32\Embddb32.exe
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\Fpjcgm32.exe
        
        C:\Windows\system32\Fpjcgm32.exe
        12⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\Hmnmgnoh.exe
        
        C:\Windows\system32\Hmnmgnoh.exe
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\Hmechmip.exe
        
        C:\Windows\system32\Hmechmip.exe
        14⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\Ikpjbq32.exe
        
        C:\Windows\system32\Ikpjbq32.exe
        15⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\Ohmhmh32.exe
        
        C:\Windows\system32\Ohmhmh32.exe
        16⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\Dmohno32.exe
        
        C:\Windows\system32\Dmohno32.exe
        17⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\Efeihb32.exe
        
        C:\Windows\system32\Efeihb32.exe
        18⤵
        
        PID:14464
        
        C:\Windows\SysWOW64\Gimqajgh.exe
        
        C:\Windows\system32\Gimqajgh.exe
        19⤵
        
        PID:15912
        
        C:\Windows\SysWOW64\Jiglnf32.exe
        
        C:\Windows\system32\Jiglnf32.exe
        20⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\Lckiihok.exe
        
        C:\Windows\system32\Lckiihok.exe
        21⤵
        
        PID:17356
        
        C:\Windows\SysWOW64\Mjaabq32.exe
        
        C:\Windows\system32\Mjaabq32.exe
        22⤵
        
        PID:15184
        
        C:\Windows\SysWOW64\Phajna32.exe
        
        C:\Windows\system32\Phajna32.exe
        23⤵
        
        PID:16480
        
        C:\Windows\SysWOW64\Bhkfkmmg.exe
        
        C:\Windows\system32\Bhkfkmmg.exe
        24⤵
        
        PID:17788
        
        C:\Windows\SysWOW64\Ekcgkb32.exe
        
        C:\Windows\system32\Ekcgkb32.exe
        25⤵
        
        PID:18240
        
        C:\Windows\SysWOW64\Gokbgpeg.exe
        
        C:\Windows\system32\Gokbgpeg.exe
        26⤵
        
        PID:18032
        
        C:\Windows\SysWOW64\Ieccbbkn.exe
        
        C:\Windows\system32\Ieccbbkn.exe
        27⤵
        
        PID:18516
        
        C:\Windows\SysWOW64\Pimfpc32.exe
        
        C:\Windows\system32\Pimfpc32.exe
        28⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\Gbkdod32.exe
        
        C:\Windows\system32\Gbkdod32.exe
        29⤵
        
        PID:19180
        
        C:\Windows\SysWOW64\Gcpcgfmi.exe
        
        C:\Windows\system32\Gcpcgfmi.exe
        30⤵
        
        PID:19384
- - C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    3⤵
    PID:6652
  - - C:\Users\Admin\cuefej.exe
      "C:\Users\Admin\cuefej.exe"
      4⤵
      PID:14536
- - C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    3⤵
    PID:7296
- - C:\Users\Admin\Downloads\240919-ptyjjsydrb_53337f76e300133786b572eb4edced81d37493e20370254ab017ae96a1d541e9.exe
    C:\Users\Admin\Downloads\240919-ptyjjsydrb_53337f76e300133786b572eb4edced81d37493e20370254ab017ae96a1d541e9.exe
    3⤵
    PID:7304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 436
      4⤵
      Program crash
      PID:8036
- - C:\Users\Admin\Downloads\240919-p5lzwszakd_175116175b478ea9d8e490a40478c2773cee2893f250e0ef2ac4a6fc3eb9ea19N.exe
    C:\Users\Admin\Downloads\240919-p5lzwszakd_175116175b478ea9d8e490a40478c2773cee2893f250e0ef2ac4a6fc3eb9ea19N.exe
    3⤵
    PID:7316
- - C:\Users\Admin\Downloads\240919-pts9tsydqe_eb596018e9b4a40957408c5eb799c5e4_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pts9tsydqe_eb596018e9b4a40957408c5eb799c5e4_JaffaCakes118.exe
    3⤵
    PID:7324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 296
      4⤵
      Program crash
      PID:5732
- - C:\Users\Admin\Downloads\240919-p5sgnszell_eb60bdbee716aa55966b83c5c0093a90_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-p5sgnszell_eb60bdbee716aa55966b83c5c0093a90_JaffaCakes118.exe
    3⤵
    PID:8052
- - C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    3⤵
    PID:3912
  - - C:\Windows\SysWOW64\Dblgpl32.exe
      C:\Windows\system32\Dblgpl32.exe
      4⤵
      PID:5516
    - - C:\Windows\SysWOW64\Dcnqpo32.exe
        
        C:\Windows\system32\Dcnqpo32.exe
        5⤵
        
        PID:6776
      - C:\Windows\SysWOW64\Dlkbjqgm.exe
        
        C:\Windows\system32\Dlkbjqgm.exe
        6⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Ejalcgkg.exe
        
        C:\Windows\system32\Ejalcgkg.exe
        7⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\Fpggamqc.exe
        
        C:\Windows\system32\Fpggamqc.exe
        8⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\Gpqjglii.exe
        
        C:\Windows\system32\Gpqjglii.exe
        9⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\Ijqmhnko.exe
        
        C:\Windows\system32\Ijqmhnko.exe
        10⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\Paoollik.exe
        
        C:\Windows\system32\Paoollik.exe
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\Adkgje32.exe
        
        C:\Windows\system32\Adkgje32.exe
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        13⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\Dbbffdlq.exe
        
        C:\Windows\system32\Dbbffdlq.exe
        14⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\Fpdcag32.exe
        
        C:\Windows\system32\Fpdcag32.exe
        15⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\Ibcaknbi.exe
        
        C:\Windows\system32\Ibcaknbi.exe
        16⤵
        
        PID:14544
        
        C:\Windows\SysWOW64\Hpioin32.exe
        
        C:\Windows\system32\Hpioin32.exe
        17⤵
        
        PID:17960
        
        C:\Windows\SysWOW64\Lpochfji.exe
        
        C:\Windows\system32\Lpochfji.exe
        18⤵
        
        PID:19460
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        19⤵
        
        PID:20176
        
        C:\Windows\SysWOW64\Ppnenlka.exe
        
        C:\Windows\system32\Ppnenlka.exe
        20⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\Hbknebqi.exe
        
        C:\Windows\system32\Hbknebqi.exe
        21⤵
        
        PID:19176
        
        C:\Windows\SysWOW64\Feimadoe.exe
        
        C:\Windows\system32\Feimadoe.exe
        22⤵
        
        PID:21064
- - C:\Users\Admin\Downloads\240919-pp7awsygjp_l6E.exe
    C:\Users\Admin\Downloads\240919-pp7awsygjp_l6E.exe
    3⤵
    PID:5420
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:9788
- - C:\Users\Admin\Downloads\240919-pvestszakj_15a750c533230b02c56d241191c78d1f55c3145e80baa2d596f17c6c309cb035N.exe
    C:\Users\Admin\Downloads\240919-pvestszakj_15a750c533230b02c56d241191c78d1f55c3145e80baa2d596f17c6c309cb035N.exe
    3⤵
    PID:4608
  - - C:\Windows\System\PlDNiot.exe
      C:\Windows\System\PlDNiot.exe
      4⤵
      PID:8392
  - - C:\Windows\System\SUYwZuy.exe
      C:\Windows\System\SUYwZuy.exe
      4⤵
      PID:8408
  - - C:\Windows\System\HHGtaVV.exe
      C:\Windows\System\HHGtaVV.exe
      4⤵
      PID:8424
  - - C:\Windows\System\AvWKwEY.exe
      C:\Windows\System\AvWKwEY.exe
      4⤵
      PID:8440
  - - C:\Windows\System\pelWnHP.exe
      C:\Windows\System\pelWnHP.exe
      4⤵
      PID:8456
  - - C:\Windows\System\WRdMkKR.exe
      C:\Windows\System\WRdMkKR.exe
      4⤵
      PID:8472
  - - C:\Windows\System\dyVHmRV.exe
      C:\Windows\System\dyVHmRV.exe
      4⤵
      PID:8488
  - - C:\Windows\System\KwZTpto.exe
      C:\Windows\System\KwZTpto.exe
      4⤵
      PID:8504
  - - C:\Windows\System\EJIwKMp.exe
      C:\Windows\System\EJIwKMp.exe
      4⤵
      PID:8540
  - - C:\Windows\System\Ytpxjoo.exe
      C:\Windows\System\Ytpxjoo.exe
      4⤵
      PID:8564
  - - C:\Windows\System\WwsTymR.exe
      C:\Windows\System\WwsTymR.exe
      4⤵
      PID:8584
  - - C:\Windows\System\YZCjpFF.exe
      C:\Windows\System\YZCjpFF.exe
      4⤵
      PID:8600
  - - C:\Windows\System\UVtGVRi.exe
      C:\Windows\System\UVtGVRi.exe
      4⤵
      PID:8624
  - - C:\Windows\System\PImnIFa.exe
      C:\Windows\System\PImnIFa.exe
      4⤵
      PID:8640
  - - C:\Windows\System\PnJGedh.exe
      C:\Windows\System\PnJGedh.exe
      4⤵
      PID:8656
  - - C:\Windows\System\OGIbcBv.exe
      C:\Windows\System\OGIbcBv.exe
      4⤵
      PID:8672
  - - C:\Windows\System\XjPNcwF.exe
      C:\Windows\System\XjPNcwF.exe
      4⤵
      PID:8688
  - - C:\Windows\System\JJcrtOE.exe
      C:\Windows\System\JJcrtOE.exe
      4⤵
      PID:8708
  - - C:\Windows\System\KRdfmel.exe
      C:\Windows\System\KRdfmel.exe
      4⤵
      PID:8724
  - - C:\Windows\System\qFNjnjP.exe
      C:\Windows\System\qFNjnjP.exe
      4⤵
      PID:8744
  - - C:\Windows\System\FcnjArC.exe
      C:\Windows\System\FcnjArC.exe
      4⤵
      PID:8760
  - - C:\Windows\System\PmYzXsA.exe
      C:\Windows\System\PmYzXsA.exe
      4⤵
      PID:8776
  - - C:\Windows\System\BlHQqQB.exe
      C:\Windows\System\BlHQqQB.exe
      4⤵
      PID:8792
  - - C:\Windows\System\fBSlXbT.exe
      C:\Windows\System\fBSlXbT.exe
      4⤵
      PID:8808
  - - C:\Windows\System\XpmzjWX.exe
      C:\Windows\System\XpmzjWX.exe
      4⤵
      PID:8824
  - - C:\Windows\System\lgwVuJy.exe
      C:\Windows\System\lgwVuJy.exe
      4⤵
      PID:8840
  - - C:\Windows\System\pTBhBNq.exe
      C:\Windows\System\pTBhBNq.exe
      4⤵
      PID:8856
  - - C:\Windows\System\ufWtOtD.exe
      C:\Windows\System\ufWtOtD.exe
      4⤵
      PID:8876
  - - C:\Windows\System\YfgkUsF.exe
      C:\Windows\System\YfgkUsF.exe
      4⤵
      PID:8892
  - - C:\Windows\System\eJkgXhY.exe
      C:\Windows\System\eJkgXhY.exe
      4⤵
      PID:8908
  - - C:\Windows\System\mFkmTiS.exe
      C:\Windows\System\mFkmTiS.exe
      4⤵
      PID:8924
  - - C:\Windows\System\XncFFGM.exe
      C:\Windows\System\XncFFGM.exe
      4⤵
      PID:8956
  - - C:\Windows\System\GtyLyga.exe
      C:\Windows\System\GtyLyga.exe
      4⤵
      PID:8980
  - - C:\Windows\System\kWPGPwD.exe
      C:\Windows\System\kWPGPwD.exe
      4⤵
      PID:9016
  - - C:\Windows\System\vnoHqcd.exe
      C:\Windows\System\vnoHqcd.exe
      4⤵
      PID:9048
  - - C:\Windows\System\LzsupDE.exe
      C:\Windows\System\LzsupDE.exe
      4⤵
      PID:9068
  - - C:\Windows\System\pfUzDTb.exe
      C:\Windows\System\pfUzDTb.exe
      4⤵
      PID:9172
  - - C:\Windows\System\zzSoBdA.exe
      C:\Windows\System\zzSoBdA.exe
      4⤵
      PID:6852
  - - C:\Windows\System\vVuWUsw.exe
      C:\Windows\System\vVuWUsw.exe
      4⤵
      PID:2752
  - - C:\Windows\System\SsQXSiT.exe
      C:\Windows\System\SsQXSiT.exe
      4⤵
      PID:5616
  - - C:\Windows\System\VGmaLnR.exe
      C:\Windows\System\VGmaLnR.exe
      4⤵
      PID:8788
  - - C:\Windows\System\SaQtyQC.exe
      C:\Windows\System\SaQtyQC.exe
      4⤵
      PID:6940
  - - C:\Windows\System\tEbbOwj.exe
      C:\Windows\System\tEbbOwj.exe
      4⤵
      PID:7968
  - - C:\Windows\System\NrmiDAq.exe
      C:\Windows\System\NrmiDAq.exe
      4⤵
      PID:6980
  - - C:\Windows\System\RbdDSqx.exe
      C:\Windows\System\RbdDSqx.exe
      4⤵
      PID:7036
  - - C:\Windows\System\suJCXue.exe
      C:\Windows\System\suJCXue.exe
      4⤵
      PID:7084
  - - C:\Windows\System\OpBDGgh.exe
      C:\Windows\System\OpBDGgh.exe
      4⤵
      PID:8992
  - - C:\Windows\System\PKWpaPu.exe
      C:\Windows\System\PKWpaPu.exe
      4⤵
      PID:5796
  - - C:\Windows\System\nmdonJY.exe
      C:\Windows\System\nmdonJY.exe
      4⤵
      PID:5884
  - - C:\Windows\System\ixRECZy.exe
      C:\Windows\System\ixRECZy.exe
      4⤵
      PID:2604
  - - C:\Windows\System\IQdRZzO.exe
      C:\Windows\System\IQdRZzO.exe
      4⤵
      PID:6084
  - - C:\Windows\System\zoXDodq.exe
      C:\Windows\System\zoXDodq.exe
      4⤵
      PID:2276
  - - C:\Windows\System\lBQwMUD.exe
      C:\Windows\System\lBQwMUD.exe
      4⤵
      PID:7456
  - - C:\Windows\System\aOURiAG.exe
      C:\Windows\System\aOURiAG.exe
      4⤵
      PID:7596
  - - C:\Windows\System\DnGicxU.exe
      C:\Windows\System\DnGicxU.exe
      4⤵
      PID:7676
  - - C:\Windows\System\FSbbafX.exe
      C:\Windows\System\FSbbafX.exe
      4⤵
      PID:7200
  - - C:\Windows\System\mksJOUu.exe
      C:\Windows\System\mksJOUu.exe
      4⤵
      PID:6200
  - - C:\Windows\System\eyNroVU.exe
      C:\Windows\System\eyNroVU.exe
      4⤵
      PID:7804
  - - C:\Windows\System\rrKHQTl.exe
      C:\Windows\System\rrKHQTl.exe
      4⤵
      PID:5612
  - - C:\Windows\System\xOmFqZS.exe
      C:\Windows\System\xOmFqZS.exe
      4⤵
      PID:7912
  - - C:\Windows\System\XsmpLDk.exe
      C:\Windows\System\XsmpLDk.exe
      4⤵
      PID:8028
  - - C:\Windows\System\vLdGvNh.exe
      C:\Windows\System\vLdGvNh.exe
      4⤵
      PID:8112
  - - C:\Windows\System\fKbNhcz.exe
      C:\Windows\System\fKbNhcz.exe
      4⤵
      PID:7296
  - - C:\Windows\System\QwxVGpo.exe
      C:\Windows\System\QwxVGpo.exe
      4⤵
      PID:7344
  - - C:\Windows\System\NINFQEw.exe
      C:\Windows\System\NINFQEw.exe
      4⤵
      PID:6304
  - - C:\Windows\System\sSuXHBm.exe
      C:\Windows\System\sSuXHBm.exe
      4⤵
      PID:8496
  - - C:\Windows\System\LEaFXja.exe
      C:\Windows\System\LEaFXja.exe
      4⤵
      PID:8936
  - - C:\Windows\System\qxJQAvU.exe
      C:\Windows\System\qxJQAvU.exe
      4⤵
      PID:8268
  - - C:\Windows\System\hrioMxX.exe
      C:\Windows\System\hrioMxX.exe
      4⤵
      PID:6128
  - - C:\Windows\System\JvvVzcA.exe
      C:\Windows\System\JvvVzcA.exe
      4⤵
      PID:8732
  - - C:\Windows\System\FlHSROW.exe
      C:\Windows\System\FlHSROW.exe
      4⤵
      PID:8836
  - - C:\Windows\System\ySikayS.exe
      C:\Windows\System\ySikayS.exe
      4⤵
      PID:8940
  - - C:\Windows\System\YPWRpTX.exe
      C:\Windows\System\YPWRpTX.exe
      4⤵
      PID:9024
  - - C:\Windows\System\zSHrEpK.exe
      C:\Windows\System\zSHrEpK.exe
      4⤵
      PID:9056
  - - C:\Windows\System\RzdBOdx.exe
      C:\Windows\System\RzdBOdx.exe
      4⤵
      PID:9096
  - - C:\Windows\System\JukdJDO.exe
      C:\Windows\System\JukdJDO.exe
      4⤵
      PID:9124
  - - C:\Windows\System\ybaAdIB.exe
      C:\Windows\System\ybaAdIB.exe
      4⤵
      PID:5932
  - - C:\Windows\System\fNUjkpA.exe
      C:\Windows\System\fNUjkpA.exe
      4⤵
      PID:5852
  - - C:\Windows\System\fbCsUev.exe
      C:\Windows\System\fbCsUev.exe
      4⤵
      PID:9196
  - - C:\Windows\System\eQIbOxO.exe
      C:\Windows\System\eQIbOxO.exe
      4⤵
      PID:8152
  - - C:\Windows\System\aBNnUah.exe
      C:\Windows\System\aBNnUah.exe
      4⤵
      PID:2140
  - - C:\Windows\System\tRojmum.exe
      C:\Windows\System\tRojmum.exe
      4⤵
      PID:5208
  - - C:\Windows\System\mGUCfGG.exe
      C:\Windows\System\mGUCfGG.exe
      4⤵
      PID:5480
  - - C:\Windows\System\LZHxDPb.exe
      C:\Windows\System\LZHxDPb.exe
      4⤵
      PID:7740
  - - C:\Windows\System\uVcZWtj.exe
      C:\Windows\System\uVcZWtj.exe
      4⤵
      PID:7240
  - - C:\Windows\System\nEOyggN.exe
      C:\Windows\System\nEOyggN.exe
      4⤵
      PID:8648
  - - C:\Windows\System\sJbyfkI.exe
      C:\Windows\System\sJbyfkI.exe
      4⤵
      PID:9236
  - - C:\Windows\System\MFwBKRz.exe
      C:\Windows\System\MFwBKRz.exe
      4⤵
      PID:9264
  - - C:\Windows\System\lpanNMr.exe
      C:\Windows\System\lpanNMr.exe
      4⤵
      PID:9280
  - - C:\Windows\System\fEVgqoG.exe
      C:\Windows\System\fEVgqoG.exe
      4⤵
      PID:9304
  - - C:\Windows\System\PBMFlWt.exe
      C:\Windows\System\PBMFlWt.exe
      4⤵
      PID:9340
  - - C:\Windows\System\upSGYmW.exe
      C:\Windows\System\upSGYmW.exe
      4⤵
      PID:9368
  - - C:\Windows\System\cLSbOnF.exe
      C:\Windows\System\cLSbOnF.exe
      4⤵
      PID:9384
  - - C:\Windows\System\cOggeco.exe
      C:\Windows\System\cOggeco.exe
      4⤵
      PID:9400
  - - C:\Windows\System\MOylzap.exe
      C:\Windows\System\MOylzap.exe
      4⤵
      PID:9416
  - - C:\Windows\System\ZWYIUew.exe
      C:\Windows\System\ZWYIUew.exe
      4⤵
      PID:9440
  - - C:\Windows\System\ZKfJmyh.exe
      C:\Windows\System\ZKfJmyh.exe
      4⤵
      PID:9456
  - - C:\Windows\System\cDaoBXt.exe
      C:\Windows\System\cDaoBXt.exe
      4⤵
      PID:9472
  - - C:\Windows\System\ZGgrqNz.exe
      C:\Windows\System\ZGgrqNz.exe
      4⤵
      PID:9492
  - - C:\Windows\System\ximePMU.exe
      C:\Windows\System\ximePMU.exe
      4⤵
      PID:9508
  - - C:\Windows\System\dwzqRSH.exe
      C:\Windows\System\dwzqRSH.exe
      4⤵
      PID:9524
  - - C:\Windows\System\jzrXaJc.exe
      C:\Windows\System\jzrXaJc.exe
      4⤵
      PID:9564
  - - C:\Windows\System\HTuNilv.exe
      C:\Windows\System\HTuNilv.exe
      4⤵
      PID:9584
  - - C:\Windows\System\oYtKWbL.exe
      C:\Windows\System\oYtKWbL.exe
      4⤵
      PID:9612
  - - C:\Windows\System\Hgyziyh.exe
      C:\Windows\System\Hgyziyh.exe
      4⤵
      PID:9644
  - - C:\Windows\System\aoEkwfL.exe
      C:\Windows\System\aoEkwfL.exe
      4⤵
      PID:9660
  - - C:\Windows\System\IvmmPRK.exe
      C:\Windows\System\IvmmPRK.exe
      4⤵
      PID:9684
  - - C:\Windows\System\kApwuSx.exe
      C:\Windows\System\kApwuSx.exe
      4⤵
      PID:9700
  - - C:\Windows\System\BMKpcVF.exe
      C:\Windows\System\BMKpcVF.exe
      4⤵
      PID:9720
  - - C:\Windows\System\yzNTaSr.exe
      C:\Windows\System\yzNTaSr.exe
      4⤵
      PID:9740
  - - C:\Windows\System\XXhvCMk.exe
      C:\Windows\System\XXhvCMk.exe
      4⤵
      PID:9844
  - - C:\Windows\System\jwkutNI.exe
      C:\Windows\System\jwkutNI.exe
      4⤵
      PID:9860
  - - C:\Windows\System\bCitcWA.exe
      C:\Windows\System\bCitcWA.exe
      4⤵
      PID:9876
  - - C:\Windows\System\rkJMeIA.exe
      C:\Windows\System\rkJMeIA.exe
      4⤵
      PID:9892
  - - C:\Windows\System\qQRfxHo.exe
      C:\Windows\System\qQRfxHo.exe
      4⤵
      PID:9908
  - - C:\Windows\System\ZismSnW.exe
      C:\Windows\System\ZismSnW.exe
      4⤵
      PID:9924
  - - C:\Windows\System\JgEmTDX.exe
      C:\Windows\System\JgEmTDX.exe
      4⤵
      PID:9940
  - - C:\Windows\System\jGOaRTr.exe
      C:\Windows\System\jGOaRTr.exe
      4⤵
      PID:9960
  - - C:\Windows\System\ZCvslNp.exe
      C:\Windows\System\ZCvslNp.exe
      4⤵
      PID:9976
  - - C:\Windows\System\IchLksw.exe
      C:\Windows\System\IchLksw.exe
      4⤵
      PID:9992
  - - C:\Windows\System\zviRYXU.exe
      C:\Windows\System\zviRYXU.exe
      4⤵
      PID:10008
  - - C:\Windows\System\wjbbEyr.exe
      C:\Windows\System\wjbbEyr.exe
      4⤵
      PID:10024
  - - C:\Windows\System\xuHYYCP.exe
      C:\Windows\System\xuHYYCP.exe
      4⤵
      PID:10040
  - - C:\Windows\System\ffHqEKM.exe
      C:\Windows\System\ffHqEKM.exe
      4⤵
      PID:10056
  - - C:\Windows\System\NOgTsWd.exe
      C:\Windows\System\NOgTsWd.exe
      4⤵
      PID:10076
  - - C:\Windows\System\AsiqRoj.exe
      C:\Windows\System\AsiqRoj.exe
      4⤵
      PID:10096
  - - C:\Windows\System\FIMOTun.exe
      C:\Windows\System\FIMOTun.exe
      4⤵
      PID:10116
  - - C:\Windows\System\RIPJbjL.exe
      C:\Windows\System\RIPJbjL.exe
      4⤵
      PID:10132
  - - C:\Windows\System\FKZGpSP.exe
      C:\Windows\System\FKZGpSP.exe
      4⤵
      PID:10148
  - - C:\Windows\System\FRhREkw.exe
      C:\Windows\System\FRhREkw.exe
      4⤵
      PID:10164
  - - C:\Windows\System\vafsOYR.exe
      C:\Windows\System\vafsOYR.exe
      4⤵
      PID:10180
  - - C:\Windows\System\ZujaoPh.exe
      C:\Windows\System\ZujaoPh.exe
      4⤵
      PID:10204
  - - C:\Windows\System\BhDkqSS.exe
      C:\Windows\System\BhDkqSS.exe
      4⤵
      PID:10220
  - - C:\Windows\System\txkSWjh.exe
      C:\Windows\System\txkSWjh.exe
      4⤵
      PID:8024
  - - C:\Windows\System\vXDgfAP.exe
      C:\Windows\System\vXDgfAP.exe
      4⤵
      PID:8988
  - - C:\Windows\System\hhziFOL.exe
      C:\Windows\System\hhziFOL.exe
      4⤵
      PID:1828
  - - C:\Windows\System\RpHHUfZ.exe
      C:\Windows\System\RpHHUfZ.exe
      4⤵
      PID:5104
  - - C:\Windows\System\qYGaCSy.exe
      C:\Windows\System\qYGaCSy.exe
      4⤵
      PID:8972
  - - C:\Windows\System\TIihcIX.exe
      C:\Windows\System\TIihcIX.exe
      4⤵
      PID:7320
  - - C:\Windows\System\HPdbrNQ.exe
      C:\Windows\System\HPdbrNQ.exe
      4⤵
      PID:5764
  - - C:\Windows\System\sWLBFWR.exe
      C:\Windows\System\sWLBFWR.exe
      4⤵
      PID:3992
  - - C:\Windows\System\cVBoLii.exe
      C:\Windows\System\cVBoLii.exe
      4⤵
      PID:6988
  - - C:\Windows\System\ZzmFCdK.exe
      C:\Windows\System\ZzmFCdK.exe
      4⤵
      PID:7944
  - - C:\Windows\System\WTttWxM.exe
      C:\Windows\System\WTttWxM.exe
      4⤵
      PID:7876
  - - C:\Windows\System\XzhRnZJ.exe
      C:\Windows\System\XzhRnZJ.exe
      4⤵
      PID:7124
  - - C:\Windows\System\cTRlJJy.exe
      C:\Windows\System\cTRlJJy.exe
      4⤵
      PID:8916
  - - C:\Windows\System\VscDCut.exe
      C:\Windows\System\VscDCut.exe
      4⤵
      PID:8832
  - - C:\Windows\System\SkrLvLL.exe
      C:\Windows\System\SkrLvLL.exe
      4⤵
      PID:8716
  - - C:\Windows\System\XUdMKiW.exe
      C:\Windows\System\XUdMKiW.exe
      4⤵
      PID:8612
  - - C:\Windows\System\JdINdpe.exe
      C:\Windows\System\JdINdpe.exe
      4⤵
      PID:8464
  - - C:\Windows\System\IzdgNlk.exe
      C:\Windows\System\IzdgNlk.exe
      4⤵
      PID:7460
  - - C:\Windows\System\ZNLsHCW.exe
      C:\Windows\System\ZNLsHCW.exe
      4⤵
      PID:8020
  - - C:\Windows\System\EPpfCHQ.exe
      C:\Windows\System\EPpfCHQ.exe
      4⤵
      PID:7920
  - - C:\Windows\System\JeVxQrN.exe
      C:\Windows\System\JeVxQrN.exe
      4⤵
      PID:5760
  - - C:\Windows\System\xRIvOrO.exe
      C:\Windows\System\xRIvOrO.exe
      4⤵
      PID:9560
  - - C:\Windows\System\iaAIqEi.exe
      C:\Windows\System\iaAIqEi.exe
      4⤵
      PID:9604
  - - C:\Windows\System\kREcRuv.exe
      C:\Windows\System\kREcRuv.exe
      4⤵
      PID:9640
  - - C:\Windows\System\nHrEYZh.exe
      C:\Windows\System\nHrEYZh.exe
      4⤵
      PID:9672
  - - C:\Windows\System\nJORPDp.exe
      C:\Windows\System\nJORPDp.exe
      4⤵
      PID:9696
  - - C:\Windows\System\KStVKWy.exe
      C:\Windows\System\KStVKWy.exe
      4⤵
      PID:9728
  - - C:\Windows\System\ZeWwtCE.exe
      C:\Windows\System\ZeWwtCE.exe
      4⤵
      PID:8148
  - - C:\Windows\System\PRJVwoE.exe
      C:\Windows\System\PRJVwoE.exe
      4⤵
      PID:9004
  - - C:\Windows\System\iLFwXOY.exe
      C:\Windows\System\iLFwXOY.exe
      4⤵
      PID:7940
  - - C:\Windows\System\yJLmFrt.exe
      C:\Windows\System\yJLmFrt.exe
      4⤵
      PID:10088
  - - C:\Windows\System\IOLjkZM.exe
      C:\Windows\System\IOLjkZM.exe
      4⤵
      PID:8052
  - - C:\Windows\System\IOoiOzF.exe
      C:\Windows\System\IOoiOzF.exe
      4⤵
      PID:9948
  - - C:\Windows\System\EJYMgzz.exe
      C:\Windows\System\EJYMgzz.exe
      4⤵
      PID:10212
  - - C:\Windows\System\oRILzTp.exe
      C:\Windows\System\oRILzTp.exe
      4⤵
      PID:7108
  - - C:\Windows\System\TexkkHe.exe
      C:\Windows\System\TexkkHe.exe
      4⤵
      PID:10016
  - - C:\Windows\System\hzhBrli.exe
      C:\Windows\System\hzhBrli.exe
      4⤵
      PID:10140
  - - C:\Windows\System\HAhnWKo.exe
      C:\Windows\System\HAhnWKo.exe
      4⤵
      PID:8160
  - - C:\Windows\System\iAnqBdN.exe
      C:\Windows\System\iAnqBdN.exe
      4⤵
      PID:10260
  - - C:\Windows\System\oJYMMiK.exe
      C:\Windows\System\oJYMMiK.exe
      4⤵
      PID:10288
  - - C:\Windows\System\CXHTCwb.exe
      C:\Windows\System\CXHTCwb.exe
      4⤵
      PID:10308
  - - C:\Windows\System\JcUGxFP.exe
      C:\Windows\System\JcUGxFP.exe
      4⤵
      PID:10324
  - - C:\Windows\System\zwDFVWK.exe
      C:\Windows\System\zwDFVWK.exe
      4⤵
      PID:10348
  - - C:\Windows\System\FhCtFYw.exe
      C:\Windows\System\FhCtFYw.exe
      4⤵
      PID:10364
  - - C:\Windows\System\INWtDPK.exe
      C:\Windows\System\INWtDPK.exe
      4⤵
      PID:10384
  - - C:\Windows\System\fkNUiLo.exe
      C:\Windows\System\fkNUiLo.exe
      4⤵
      PID:10400
  - - C:\Windows\System\hSAmPiy.exe
      C:\Windows\System\hSAmPiy.exe
      4⤵
      PID:10420
  - - C:\Windows\System\qTgzYeq.exe
      C:\Windows\System\qTgzYeq.exe
      4⤵
      PID:10436
  - - C:\Windows\System\SpDbDTA.exe
      C:\Windows\System\SpDbDTA.exe
      4⤵
      PID:10452
  - - C:\Windows\System\lwvaqnn.exe
      C:\Windows\System\lwvaqnn.exe
      4⤵
      PID:10468
  - - C:\Windows\System\XYFpQUg.exe
      C:\Windows\System\XYFpQUg.exe
      4⤵
      PID:10488
  - - C:\Windows\System\JtqGtTP.exe
      C:\Windows\System\JtqGtTP.exe
      4⤵
      PID:10508
  - - C:\Windows\System\iVmGXqt.exe
      C:\Windows\System\iVmGXqt.exe
      4⤵
      PID:10524
  - - C:\Windows\System\eWJuysL.exe
      C:\Windows\System\eWJuysL.exe
      4⤵
      PID:10540
  - - C:\Windows\System\PYajKMC.exe
      C:\Windows\System\PYajKMC.exe
      4⤵
      PID:10892
  - - C:\Windows\System\iKHvScA.exe
      C:\Windows\System\iKHvScA.exe
      4⤵
      PID:9904
  - - C:\Windows\System\qpKCTJi.exe
      C:\Windows\System\qpKCTJi.exe
      4⤵
      PID:10020
  - - C:\Windows\System\ZhIwsNb.exe
      C:\Windows\System\ZhIwsNb.exe
      4⤵
      PID:9956
  - - C:\Windows\System\qhCgNwV.exe
      C:\Windows\System\qhCgNwV.exe
      4⤵
      PID:10228
  - - C:\Windows\System\awbyWMG.exe
      C:\Windows\System\awbyWMG.exe
      4⤵
      PID:8104
  - - C:\Windows\System\CaJxqFF.exe
      C:\Windows\System\CaJxqFF.exe
      4⤵
      PID:3108
  - - C:\Windows\System\SVoFKEn.exe
      C:\Windows\System\SVoFKEn.exe
      4⤵
      PID:8752
  - - C:\Windows\System\aDDATgm.exe
      C:\Windows\System\aDDATgm.exe
      4⤵
      PID:6600
  - - C:\Windows\System\wjlKWLD.exe
      C:\Windows\System\wjlKWLD.exe
      4⤵
      PID:7868
  - - C:\Windows\System\bVLHAcJ.exe
      C:\Windows\System\bVLHAcJ.exe
      4⤵
      PID:10500
  - - C:\Windows\System\fITDNeB.exe
      C:\Windows\System\fITDNeB.exe
      4⤵
      PID:7984
  - - C:\Windows\System\vMKKRtW.exe
      C:\Windows\System\vMKKRtW.exe
      4⤵
      PID:8352
  - - C:\Windows\System\LivUjJo.exe
      C:\Windows\System\LivUjJo.exe
      4⤵
      PID:7432
  - - C:\Windows\System\pUxAqNg.exe
      C:\Windows\System\pUxAqNg.exe
      4⤵
      PID:7336
  - - C:\Windows\System\ipQQACM.exe
      C:\Windows\System\ipQQACM.exe
      4⤵
      PID:8280
  - - C:\Windows\System\ryMWidG.exe
      C:\Windows\System\ryMWidG.exe
      4⤵
      PID:2612
  - - C:\Windows\System\iGxrAfA.exe
      C:\Windows\System\iGxrAfA.exe
      4⤵
      PID:3412
  - - C:\Windows\System\iQxxOAW.exe
      C:\Windows\System\iQxxOAW.exe
      4⤵
      PID:9432
  - - C:\Windows\System\QKEXoJa.exe
      C:\Windows\System\QKEXoJa.exe
      4⤵
      PID:9156
  - - C:\Windows\System\uDWFjAt.exe
      C:\Windows\System\uDWFjAt.exe
      4⤵
      PID:10480
  - - C:\Windows\System\JYlweWW.exe
      C:\Windows\System\JYlweWW.exe
      4⤵
      PID:8404
  - - C:\Windows\System\nOyitLZ.exe
      C:\Windows\System\nOyitLZ.exe
      4⤵
      PID:10900
  - - C:\Windows\System\ogguKFn.exe
      C:\Windows\System\ogguKFn.exe
      4⤵
      PID:9600
  - - C:\Windows\System\zGvRWRM.exe
      C:\Windows\System\zGvRWRM.exe
      4⤵
      PID:9716
  - - C:\Windows\System\zxHWsDo.exe
      C:\Windows\System\zxHWsDo.exe
      4⤵
      PID:10108
  - - C:\Windows\System\ZGIEFok.exe
      C:\Windows\System\ZGIEFok.exe
      4⤵
      PID:10256
  - - C:\Windows\System\qVyKhTo.exe
      C:\Windows\System\qVyKhTo.exe
      4⤵
      PID:10320
  - - C:\Windows\System\pjGNKOj.exe
      C:\Windows\System\pjGNKOj.exe
      4⤵
      PID:10360
  - - C:\Windows\System\lVKUMQp.exe
      C:\Windows\System\lVKUMQp.exe
      4⤵
      PID:10408
  - - C:\Windows\System\TsPpjAK.exe
      C:\Windows\System\TsPpjAK.exe
      4⤵
      PID:10656
  - - C:\Windows\System\eiILFyC.exe
      C:\Windows\System\eiILFyC.exe
      4⤵
      PID:11276
  - - C:\Windows\System\hmtBPPn.exe
      C:\Windows\System\hmtBPPn.exe
      4⤵
      PID:11292
  - - C:\Windows\System\zvHHyMM.exe
      C:\Windows\System\zvHHyMM.exe
      4⤵
      PID:11308
  - - C:\Windows\System\IsADSGu.exe
      C:\Windows\System\IsADSGu.exe
      4⤵
      PID:11328
  - - C:\Windows\System\fAVozFq.exe
      C:\Windows\System\fAVozFq.exe
      4⤵
      PID:11344
  - - C:\Windows\System\LgulMVA.exe
      C:\Windows\System\LgulMVA.exe
      4⤵
      PID:11368
  - - C:\Windows\System\rkQezzI.exe
      C:\Windows\System\rkQezzI.exe
      4⤵
      PID:11384
  - - C:\Windows\System\SUicpuT.exe
      C:\Windows\System\SUicpuT.exe
      4⤵
      PID:11400
  - - C:\Windows\System\vEPYSun.exe
      C:\Windows\System\vEPYSun.exe
      4⤵
      PID:11424
  - - C:\Windows\System\LvbSqDf.exe
      C:\Windows\System\LvbSqDf.exe
      4⤵
      PID:11448
  - - C:\Windows\System\jZfPFrZ.exe
      C:\Windows\System\jZfPFrZ.exe
      4⤵
      PID:11476
  - - C:\Windows\System\Lgudnuu.exe
      C:\Windows\System\Lgudnuu.exe
      4⤵
      PID:11512
  - - C:\Windows\System\CxIrCqX.exe
      C:\Windows\System\CxIrCqX.exe
      4⤵
      PID:11540
  - - C:\Windows\System\lzabCui.exe
      C:\Windows\System\lzabCui.exe
      4⤵
      PID:11560
  - - C:\Windows\System\MSmiPlD.exe
      C:\Windows\System\MSmiPlD.exe
      4⤵
      PID:11576
  - - C:\Windows\System\zzeMkiw.exe
      C:\Windows\System\zzeMkiw.exe
      4⤵
      PID:11608
  - - C:\Windows\System\VeanuZo.exe
      C:\Windows\System\VeanuZo.exe
      4⤵
      PID:11628
  - - C:\Windows\System\szjtHBC.exe
      C:\Windows\System\szjtHBC.exe
      4⤵
      PID:11644
  - - C:\Windows\System\koyKBLH.exe
      C:\Windows\System\koyKBLH.exe
      4⤵
      PID:11680
  - - C:\Windows\System\QFkcxyx.exe
      C:\Windows\System\QFkcxyx.exe
      4⤵
      PID:11696
  - - C:\Windows\System\pcCmNLP.exe
      C:\Windows\System\pcCmNLP.exe
      4⤵
      PID:11724
  - - C:\Windows\System\TwWqQTt.exe
      C:\Windows\System\TwWqQTt.exe
      4⤵
      PID:11740
  - - C:\Windows\System\EctSFTh.exe
      C:\Windows\System\EctSFTh.exe
      4⤵
      PID:11760
  - - C:\Windows\System\hCTIDBG.exe
      C:\Windows\System\hCTIDBG.exe
      4⤵
      PID:11788
  - - C:\Windows\System\sKFaSxz.exe
      C:\Windows\System\sKFaSxz.exe
      4⤵
      PID:11804
  - - C:\Windows\System\CSbbcOX.exe
      C:\Windows\System\CSbbcOX.exe
      4⤵
      PID:11824
  - - C:\Windows\System\uUIaKIX.exe
      C:\Windows\System\uUIaKIX.exe
      4⤵
      PID:11840
  - - C:\Windows\System\rXPMScD.exe
      C:\Windows\System\rXPMScD.exe
      4⤵
      PID:11856
  - - C:\Windows\System\CyJcjqu.exe
      C:\Windows\System\CyJcjqu.exe
      4⤵
      PID:11872
  - - C:\Windows\System\tEYFZIq.exe
      C:\Windows\System\tEYFZIq.exe
      4⤵
      PID:11892
  - - C:\Windows\System\USFCSce.exe
      C:\Windows\System\USFCSce.exe
      4⤵
      PID:11912
  - - C:\Windows\System\MYGSfhK.exe
      C:\Windows\System\MYGSfhK.exe
      4⤵
      PID:11936
  - - C:\Windows\System\grYrGFa.exe
      C:\Windows\System\grYrGFa.exe
      4⤵
      PID:11952
  - - C:\Windows\System\ksIprEZ.exe
      C:\Windows\System\ksIprEZ.exe
      4⤵
      PID:11972
  - - C:\Windows\System\LHGJiea.exe
      C:\Windows\System\LHGJiea.exe
      4⤵
      PID:11988
  - - C:\Windows\System\OkFdtbO.exe
      C:\Windows\System\OkFdtbO.exe
      4⤵
      PID:12004
  - - C:\Windows\System\ORiCaOs.exe
      C:\Windows\System\ORiCaOs.exe
      4⤵
      PID:12020
  - - C:\Windows\System\rDGcFca.exe
      C:\Windows\System\rDGcFca.exe
      4⤵
      PID:12068
  - - C:\Windows\System\cMpjWvn.exe
      C:\Windows\System\cMpjWvn.exe
      4⤵
      PID:12088
  - - C:\Windows\System\DwSzhSx.exe
      C:\Windows\System\DwSzhSx.exe
      4⤵
      PID:12104
  - - C:\Windows\System\ZZebDro.exe
      C:\Windows\System\ZZebDro.exe
      4⤵
      PID:12120
  - - C:\Windows\System\lCGGafo.exe
      C:\Windows\System\lCGGafo.exe
      4⤵
      PID:12160
  - - C:\Windows\System\rfgaQyL.exe
      C:\Windows\System\rfgaQyL.exe
      4⤵
      PID:12252
  - - C:\Windows\System\HZdsORH.exe
      C:\Windows\System\HZdsORH.exe
      4⤵
      PID:12268
  - - C:\Windows\System\xscarGo.exe
      C:\Windows\System\xscarGo.exe
      4⤵
      PID:12284
  - - C:\Windows\System\NpRFuoY.exe
      C:\Windows\System\NpRFuoY.exe
      4⤵
      PID:10316
  - - C:\Windows\System\vGVpdXg.exe
      C:\Windows\System\vGVpdXg.exe
      4⤵
      PID:11252
  - - C:\Windows\System\rwlEsAu.exe
      C:\Windows\System\rwlEsAu.exe
      4⤵
      PID:2312
  - - C:\Windows\System\AczcRrc.exe
      C:\Windows\System\AczcRrc.exe
      4⤵
      PID:9784
  - - C:\Windows\System\NdpYAel.exe
      C:\Windows\System\NdpYAel.exe
      4⤵
      PID:12292
  - - C:\Windows\System\fvrAwnK.exe
      C:\Windows\System\fvrAwnK.exe
      4⤵
      PID:12312
  - - C:\Windows\System\LPbStnh.exe
      C:\Windows\System\LPbStnh.exe
      4⤵
      PID:12328
  - - C:\Windows\System\hrZwxlC.exe
      C:\Windows\System\hrZwxlC.exe
      4⤵
      PID:12348
  - - C:\Windows\System\ioUXSSo.exe
      C:\Windows\System\ioUXSSo.exe
      4⤵
      PID:12368
  - - C:\Windows\System\tdjbIkL.exe
      C:\Windows\System\tdjbIkL.exe
      4⤵
      PID:12384
  - - C:\Windows\System\qyHMfAy.exe
      C:\Windows\System\qyHMfAy.exe
      4⤵
      PID:12408
  - - C:\Windows\System\XsdURDb.exe
      C:\Windows\System\XsdURDb.exe
      4⤵
      PID:12424
  - - C:\Windows\System\NXsTBnt.exe
      C:\Windows\System\NXsTBnt.exe
      4⤵
      PID:12440
  - - C:\Windows\System\vWeCvas.exe
      C:\Windows\System\vWeCvas.exe
      4⤵
      PID:12456
  - - C:\Windows\System\eNrLlLb.exe
      C:\Windows\System\eNrLlLb.exe
      4⤵
      PID:12480
  - - C:\Windows\System\yeJYGqF.exe
      C:\Windows\System\yeJYGqF.exe
      4⤵
      PID:12500
  - - C:\Windows\System\NnPIuuj.exe
      C:\Windows\System\NnPIuuj.exe
      4⤵
      PID:12516
  - - C:\Windows\System\PKqIttr.exe
      C:\Windows\System\PKqIttr.exe
      4⤵
      PID:12532
  - - C:\Windows\System\YoJqsoO.exe
      C:\Windows\System\YoJqsoO.exe
      4⤵
      PID:12552
  - - C:\Windows\System\PLRRqZA.exe
      C:\Windows\System\PLRRqZA.exe
      4⤵
      PID:12568
  - - C:\Windows\System\lRMupXo.exe
      C:\Windows\System\lRMupXo.exe
      4⤵
      PID:12588
  - - C:\Windows\System\OXntllg.exe
      C:\Windows\System\OXntllg.exe
      4⤵
      PID:12608
  - - C:\Windows\System\jbovkIU.exe
      C:\Windows\System\jbovkIU.exe
      4⤵
      PID:12624
  - - C:\Windows\System\WhLkuED.exe
      C:\Windows\System\WhLkuED.exe
      4⤵
      PID:12656
  - - C:\Windows\System\HiEnJez.exe
      C:\Windows\System\HiEnJez.exe
      4⤵
      PID:12676
  - - C:\Windows\System\qmBZNZJ.exe
      C:\Windows\System\qmBZNZJ.exe
      4⤵
      PID:12824
  - - C:\Windows\System\kcmZnSY.exe
      C:\Windows\System\kcmZnSY.exe
      4⤵
      PID:12840
  - - C:\Windows\System\YnVOmpR.exe
      C:\Windows\System\YnVOmpR.exe
      4⤵
      PID:12868
  - - C:\Windows\System\PUiCfoW.exe
      C:\Windows\System\PUiCfoW.exe
      4⤵
      PID:12884
  - - C:\Windows\System\yqoIvUQ.exe
      C:\Windows\System\yqoIvUQ.exe
      4⤵
      PID:12900
  - - C:\Windows\System\EtosmWw.exe
      C:\Windows\System\EtosmWw.exe
      4⤵
      PID:12916
  - - C:\Windows\System\qBDmjjU.exe
      C:\Windows\System\qBDmjjU.exe
      4⤵
      PID:12932
  - - C:\Windows\System\tuVxaUt.exe
      C:\Windows\System\tuVxaUt.exe
      4⤵
      PID:12964
  - - C:\Windows\System\faBLRrh.exe
      C:\Windows\System\faBLRrh.exe
      4⤵
      PID:13084
  - - C:\Windows\System\tAoBWHN.exe
      C:\Windows\System\tAoBWHN.exe
      4⤵
      PID:13184
  - - C:\Windows\System\DiTIsnf.exe
      C:\Windows\System\DiTIsnf.exe
      4⤵
      PID:11376
  - - C:\Windows\System\NNaTJbL.exe
      C:\Windows\System\NNaTJbL.exe
      4⤵
      PID:13616
  - - C:\Windows\System\yAVqUnq.exe
      C:\Windows\System\yAVqUnq.exe
      4⤵
      PID:13636
  - - C:\Windows\System\zfbljqn.exe
      C:\Windows\System\zfbljqn.exe
      4⤵
      PID:13988
  - - C:\Windows\System\vUqWALz.exe
      C:\Windows\System\vUqWALz.exe
      4⤵
      PID:14012
  - - C:\Windows\System\eGHNsyc.exe
      C:\Windows\System\eGHNsyc.exe
      4⤵
      PID:10216
  - - C:\Windows\System\pmmfRrf.exe
      C:\Windows\System\pmmfRrf.exe
      4⤵
      PID:12436
  - - C:\Windows\System\lhZmMSd.exe
      C:\Windows\System\lhZmMSd.exe
      4⤵
      PID:12976
  - - C:\Windows\System\YtjbnTN.exe
      C:\Windows\System\YtjbnTN.exe
      4⤵
      PID:13016
  - - C:\Windows\System\VFQXpoB.exe
      C:\Windows\System\VFQXpoB.exe
      4⤵
      PID:11240
  - - C:\Windows\System\JSSPWpD.exe
      C:\Windows\System\JSSPWpD.exe
      4⤵
      PID:14628
  - - C:\Windows\System\hcFCzeO.exe
      C:\Windows\System\hcFCzeO.exe
      4⤵
      PID:13956
  - - C:\Windows\System\QyeOrpB.exe
      C:\Windows\System\QyeOrpB.exe
      4⤵
      PID:15288
  - - C:\Windows\System\TupzsXk.exe
      C:\Windows\System\TupzsXk.exe
      4⤵
      PID:16460
  - - C:\Windows\System\yXmXjuC.exe
      C:\Windows\System\yXmXjuC.exe
      4⤵
      PID:16588
  - - C:\Windows\System\JUetFzF.exe
      C:\Windows\System\JUetFzF.exe
      4⤵
      PID:11572
  - - C:\Windows\System\QWPqbJs.exe
      C:\Windows\System\QWPqbJs.exe
      4⤵
      PID:18268
  - - C:\Windows\System\TPBaUdc.exe
      C:\Windows\System\TPBaUdc.exe
      4⤵
      PID:18324
  - - C:\Windows\System\gNqSLCv.exe
      C:\Windows\System\gNqSLCv.exe
      4⤵
      PID:15296
  - - C:\Windows\System\zXSdTuO.exe
      C:\Windows\System\zXSdTuO.exe
      4⤵
      PID:14712
  - - C:\Windows\System\lEvHPzq.exe
      C:\Windows\System\lEvHPzq.exe
      4⤵
      PID:15940
  - - C:\Windows\System\TKSTyQR.exe
      C:\Windows\System\TKSTyQR.exe
      4⤵
      PID:15424
  - - C:\Windows\System\dwpQWwn.exe
      C:\Windows\System\dwpQWwn.exe
      4⤵
      PID:18476
  - - C:\Windows\System\faHDzNH.exe
      C:\Windows\System\faHDzNH.exe
      4⤵
      PID:19500
  - - C:\Windows\System\jaogrGf.exe
      C:\Windows\System\jaogrGf.exe
      4⤵
      PID:20100
  - - C:\Windows\System\JJgopWD.exe
      C:\Windows\System\JJgopWD.exe
      4⤵
      PID:13204
  - - C:\Windows\System\hwXYrlx.exe
      C:\Windows\System\hwXYrlx.exe
      4⤵
      PID:19316
  - - C:\Windows\System\VwmZgPl.exe
      C:\Windows\System\VwmZgPl.exe
      4⤵
      PID:19420
  - - C:\Windows\System\EQphIHT.exe
      C:\Windows\System\EQphIHT.exe
      4⤵
      PID:16780
  - - C:\Windows\System\XXsGKVt.exe
      C:\Windows\System\XXsGKVt.exe
      4⤵
      PID:20288
  - - C:\Windows\System\ldSjSag.exe
      C:\Windows\System\ldSjSag.exe
      4⤵
      PID:1504
  - - C:\Windows\System\ZCZaTuy.exe
      C:\Windows\System\ZCZaTuy.exe
      4⤵
      PID:20348
  - - C:\Windows\System\tMSvsHm.exe
      C:\Windows\System\tMSvsHm.exe
      4⤵
      PID:1680
  - - C:\Windows\System\YDiCasE.exe
      C:\Windows\System\YDiCasE.exe
      4⤵
      PID:5268
  - - C:\Windows\System\TSPnuCn.exe
      C:\Windows\System\TSPnuCn.exe
      4⤵
      PID:4592
  - - C:\Windows\System\NowTTzi.exe
      C:\Windows\System\NowTTzi.exe
      4⤵
      PID:6032
  - - C:\Windows\System\sEhmizi.exe
      C:\Windows\System\sEhmizi.exe
      4⤵
      PID:4548
  - - C:\Windows\System\NqqrTHG.exe
      C:\Windows\System\NqqrTHG.exe
      4⤵
      PID:5312
  - - C:\Windows\System\bsTuCTl.exe
      C:\Windows\System\bsTuCTl.exe
      4⤵
      PID:14096
  - - C:\Windows\System\oLKxvxi.exe
      C:\Windows\System\oLKxvxi.exe
      4⤵
      PID:19916
  - - C:\Windows\System\hOPLcYq.exe
      C:\Windows\System\hOPLcYq.exe
      4⤵
      PID:19972
  - - C:\Windows\System\svtCQTP.exe
      C:\Windows\System\svtCQTP.exe
      4⤵
      PID:19992
  - - C:\Windows\System\SIywjAv.exe
      C:\Windows\System\SIywjAv.exe
      4⤵
      PID:9412
  - - C:\Windows\System\NkMjFYm.exe
      C:\Windows\System\NkMjFYm.exe
      4⤵
      PID:17248
  - - C:\Windows\System\YinGWra.exe
      C:\Windows\System\YinGWra.exe
      4⤵
      PID:3364
  - - C:\Windows\System\FXDSDQJ.exe
      C:\Windows\System\FXDSDQJ.exe
      4⤵
      PID:19380
  - - C:\Windows\System\EeBplIF.exe
      C:\Windows\System\EeBplIF.exe
      4⤵
      PID:20160
  - - C:\Windows\System\NlvuzQI.exe
      C:\Windows\System\NlvuzQI.exe
      4⤵
      PID:20136
  - - C:\Windows\System\DKeZgbt.exe
      C:\Windows\System\DKeZgbt.exe
      4⤵
      PID:20080
  - - C:\Windows\System\eAasBYq.exe
      C:\Windows\System\eAasBYq.exe
      4⤵
      PID:20052
  - - C:\Windows\System\tDrwlta.exe
      C:\Windows\System\tDrwlta.exe
      4⤵
      PID:20692
  - - C:\Windows\System\XRafxMT.exe
      C:\Windows\System\XRafxMT.exe
      4⤵
      PID:3428
  - - C:\Windows\System\RSzcdct.exe
      C:\Windows\System\RSzcdct.exe
      4⤵
      PID:18960
  - - C:\Windows\System\fODKbYK.exe
      C:\Windows\System\fODKbYK.exe
      4⤵
      PID:4792
  - - C:\Windows\System\vDAIvMS.exe
      C:\Windows\System\vDAIvMS.exe
      4⤵
      PID:20216
  - - C:\Windows\System\GKYUHtr.exe
      C:\Windows\System\GKYUHtr.exe
      4⤵
      PID:20244
  - - C:\Windows\System\QvsGFTG.exe
      C:\Windows\System\QvsGFTG.exe
      4⤵
      PID:19332
  - - C:\Windows\System\MsnDPuR.exe
      C:\Windows\System\MsnDPuR.exe
      4⤵
      PID:1772
  - - C:\Windows\System\sDCjrpW.exe
      C:\Windows\System\sDCjrpW.exe
      4⤵
      PID:3448
  - - C:\Windows\System\CekAaPy.exe
      C:\Windows\System\CekAaPy.exe
      4⤵
      PID:20772
  - - C:\Windows\System\kQdZcAS.exe
      C:\Windows\System\kQdZcAS.exe
      4⤵
      PID:20828
  - - C:\Windows\System\YHJIIxv.exe
      C:\Windows\System\YHJIIxv.exe
      4⤵
      PID:20888
  - - C:\Windows\System\wVANiTI.exe
      C:\Windows\System\wVANiTI.exe
      4⤵
      PID:20940
  - - C:\Windows\System\LqDcmmI.exe
      C:\Windows\System\LqDcmmI.exe
      4⤵
      PID:21512
  - - C:\Windows\System\UKZUEFJ.exe
      C:\Windows\System\UKZUEFJ.exe
      4⤵
      PID:21528
  - - C:\Windows\System\jGEeXNB.exe
      C:\Windows\System\jGEeXNB.exe
      4⤵
      PID:21544
  - - C:\Windows\System\RhAUlms.exe
      C:\Windows\System\RhAUlms.exe
      4⤵
      PID:21560
  - - C:\Windows\System\QdZyBfK.exe
      C:\Windows\System\QdZyBfK.exe
      4⤵
      PID:21576
  - - C:\Windows\System\ayRyHrw.exe
      C:\Windows\System\ayRyHrw.exe
      4⤵
      PID:21592
  - - C:\Windows\System\dFbSNZl.exe
      C:\Windows\System\dFbSNZl.exe
      4⤵
      PID:21608
  - - C:\Windows\System\YfekNpN.exe
      C:\Windows\System\YfekNpN.exe
      4⤵
      PID:22204
  - - C:\Windows\System\NcUpiaq.exe
      C:\Windows\System\NcUpiaq.exe
      4⤵
      PID:19260
  - - C:\Windows\System\RKdlNsx.exe
      C:\Windows\System\RKdlNsx.exe
      4⤵
      PID:21436
  - - C:\Windows\System\GnXrlaX.exe
      C:\Windows\System\GnXrlaX.exe
      4⤵
      PID:5580
  - - C:\Windows\System\gtPafld.exe
      C:\Windows\System\gtPafld.exe
      4⤵
      PID:2660
  - - C:\Windows\System\YYdbtFl.exe
      C:\Windows\System\YYdbtFl.exe
      4⤵
      PID:18056
  - - C:\Windows\System\VmBwbOh.exe
      C:\Windows\System\VmBwbOh.exe
      4⤵
      PID:22196
  - - C:\Windows\System\gVmIYBz.exe
      C:\Windows\System\gVmIYBz.exe
      4⤵
      PID:16008
  - - C:\Windows\System\luObHqX.exe
      C:\Windows\System\luObHqX.exe
      4⤵
      PID:21928
  - - C:\Windows\System\pOLlMgH.exe
      C:\Windows\System\pOLlMgH.exe
      4⤵
      PID:22772
  - - C:\Windows\System\FRjACto.exe
      C:\Windows\System\FRjACto.exe
      4⤵
      PID:22788
  - - C:\Windows\System\ThAQhac.exe
      C:\Windows\System\ThAQhac.exe
      4⤵
      PID:22804
  - - C:\Windows\System\YhrsWyv.exe
      C:\Windows\System\YhrsWyv.exe
      4⤵
      PID:22820
  - - C:\Windows\System\XhmWUSD.exe
      C:\Windows\System\XhmWUSD.exe
      4⤵
      PID:23412
  - - C:\Windows\System\SKzRfyo.exe
      C:\Windows\System\SKzRfyo.exe
      4⤵
      PID:21136
  - - C:\Windows\System\fOPoNmz.exe
      C:\Windows\System\fOPoNmz.exe
      4⤵
      PID:21996
  - - C:\Windows\System\TmbBlyd.exe
      C:\Windows\System\TmbBlyd.exe
      4⤵
      PID:21992
  - - C:\Windows\System\DGNZqco.exe
      C:\Windows\System\DGNZqco.exe
      4⤵
      PID:19824
  - - C:\Windows\System\lxvQIjF.exe
      C:\Windows\System\lxvQIjF.exe
      4⤵
      PID:21788
  - - C:\Windows\System\reFyjTf.exe
      C:\Windows\System\reFyjTf.exe
      4⤵
      PID:19400
  - - C:\Windows\System\XHrJAvS.exe
      C:\Windows\System\XHrJAvS.exe
      4⤵
      PID:15400
  - - C:\Windows\System\AqZnVfM.exe
      C:\Windows\System\AqZnVfM.exe
      4⤵
      PID:4880
  - - C:\Windows\System\gWANJar.exe
      C:\Windows\System\gWANJar.exe
      4⤵
      PID:22432
  - - C:\Windows\System\ViZJbik.exe
      C:\Windows\System\ViZJbik.exe
      4⤵
      PID:4208
  - - C:\Windows\System\AUuloXt.exe
      C:\Windows\System\AUuloXt.exe
      4⤵
      PID:5260
  - - C:\Windows\System\TtKikfM.exe
      C:\Windows\System\TtKikfM.exe
      4⤵
      PID:21144
  - - C:\Windows\System\zUerMSv.exe
      C:\Windows\System\zUerMSv.exe
      4⤵
      PID:22440
  - - C:\Windows\System\FXhFQbd.exe
      C:\Windows\System\FXhFQbd.exe
      4⤵
      PID:20092
  - - C:\Windows\System\ktaYBNm.exe
      C:\Windows\System\ktaYBNm.exe
      4⤵
      PID:19476
  - - C:\Windows\System\ktDoRNz.exe
      C:\Windows\System\ktDoRNz.exe
      4⤵
      PID:7028
  - - C:\Windows\System\sNXcyKI.exe
      C:\Windows\System\sNXcyKI.exe
      4⤵
      PID:5748
  - - C:\Windows\System\PetaaIO.exe
      C:\Windows\System\PetaaIO.exe
      4⤵
      PID:21160
  - - C:\Windows\System\LyqlzaA.exe
      C:\Windows\System\LyqlzaA.exe
      4⤵
      PID:14928
  - - C:\Windows\System\hldYwFN.exe
      C:\Windows\System\hldYwFN.exe
      4⤵
      PID:5504
  - - C:\Windows\System\zFxtilD.exe
      C:\Windows\System\zFxtilD.exe
      4⤵
      PID:20796
  - - C:\Windows\System\encEWkl.exe
      C:\Windows\System\encEWkl.exe
      4⤵
      PID:6060
  - - C:\Windows\System\hDCEied.exe
      C:\Windows\System\hDCEied.exe
      4⤵
      PID:21276
  - - C:\Windows\System\yWgiMii.exe
      C:\Windows\System\yWgiMii.exe
      4⤵
      PID:6856
  - - C:\Windows\System\PykUeIE.exe
      C:\Windows\System\PykUeIE.exe
      4⤵
      PID:22332
  - - C:\Windows\System\tktFniC.exe
      C:\Windows\System\tktFniC.exe
      4⤵
      PID:14644
  - - C:\Windows\System\JJimhAo.exe
      C:\Windows\System\JJimhAo.exe
      4⤵
      PID:23024
  - - C:\Windows\System\OXTYjre.exe
      C:\Windows\System\OXTYjre.exe
      4⤵
      PID:22100
  - - C:\Windows\System\cPAfsgJ.exe
      C:\Windows\System\cPAfsgJ.exe
      4⤵
      PID:20984
  - - C:\Windows\System\GGneazU.exe
      C:\Windows\System\GGneazU.exe
      4⤵
      PID:5272
  - - C:\Windows\System\vFAePon.exe
      C:\Windows\System\vFAePon.exe
      4⤵
      PID:23124
  - - C:\Windows\System\VnTMuhq.exe
      C:\Windows\System\VnTMuhq.exe
      4⤵
      PID:23220
  - - C:\Windows\System\bKekbKr.exe
      C:\Windows\System\bKekbKr.exe
      4⤵
      PID:19428
  - - C:\Windows\System\OeGQjwb.exe
      C:\Windows\System\OeGQjwb.exe
      4⤵
      PID:21232
  - - C:\Windows\System\acqLBoo.exe
      C:\Windows\System\acqLBoo.exe
      4⤵
      PID:23396
  - - C:\Windows\System\QwSSxra.exe
      C:\Windows\System\QwSSxra.exe
      4⤵
      PID:23400
  - - C:\Windows\System\kojFYwN.exe
      C:\Windows\System\kojFYwN.exe
      4⤵
      PID:22632
  - - C:\Windows\System\TbWzbhp.exe
      C:\Windows\System\TbWzbhp.exe
      4⤵
      PID:23408
  - - C:\Windows\System\qCwFJkm.exe
      C:\Windows\System\qCwFJkm.exe
      4⤵
      PID:22840
  - - C:\Windows\System\mJvfVRl.exe
      C:\Windows\System\mJvfVRl.exe
      4⤵
      PID:20660
  - - C:\Windows\System\IuNMNDc.exe
      C:\Windows\System\IuNMNDc.exe
      4⤵
      PID:6728
  - - C:\Windows\System\YJKmElQ.exe
      C:\Windows\System\YJKmElQ.exe
      4⤵
      PID:14920
  - - C:\Windows\System\iGgjjZn.exe
      C:\Windows\System\iGgjjZn.exe
      4⤵
      PID:7172
  - - C:\Windows\System\IefVMwm.exe
      C:\Windows\System\IefVMwm.exe
      4⤵
      PID:8284
  - - C:\Windows\System\Jzfalql.exe
      C:\Windows\System\Jzfalql.exe
      4⤵
      PID:5476
  - - C:\Windows\System\bfEZoBH.exe
      C:\Windows\System\bfEZoBH.exe
      4⤵
      PID:22904
  - - C:\Windows\System\vbVETcp.exe
      C:\Windows\System\vbVETcp.exe
      4⤵
      PID:8216
  - - C:\Windows\System\CRmvHNh.exe
      C:\Windows\System\CRmvHNh.exe
      4⤵
      PID:23352
  - - C:\Windows\System\DIjGtZO.exe
      C:\Windows\System\DIjGtZO.exe
      4⤵
      PID:17652
  - - C:\Windows\System\AlBCQLh.exe
      C:\Windows\System\AlBCQLh.exe
      4⤵
      PID:22852
  - - C:\Windows\System\ArgFMPc.exe
      C:\Windows\System\ArgFMPc.exe
      4⤵
      PID:9292
  - - C:\Windows\System\dVvfKxS.exe
      C:\Windows\System\dVvfKxS.exe
      4⤵
      PID:8500
  - - C:\Windows\System\AzTWKgY.exe
      C:\Windows\System\AzTWKgY.exe
      4⤵
      PID:15440
  - - C:\Windows\System\oYyYFai.exe
      C:\Windows\System\oYyYFai.exe
      4⤵
      PID:6708
  - - C:\Windows\System\DZWjSoO.exe
      C:\Windows\System\DZWjSoO.exe
      4⤵
      PID:23040
  - - C:\Windows\System\CIlAymN.exe
      C:\Windows\System\CIlAymN.exe
      4⤵
      PID:19108
  - - C:\Windows\System\GlDeGcV.exe
      C:\Windows\System\GlDeGcV.exe
      4⤵
      PID:21720
  - - C:\Windows\System\SFwGueq.exe
      C:\Windows\System\SFwGueq.exe
      4⤵
      PID:23212
  - - C:\Windows\System\VZkQfmI.exe
      C:\Windows\System\VZkQfmI.exe
      4⤵
      PID:5996
  - - C:\Windows\System\SdxoVkA.exe
      C:\Windows\System\SdxoVkA.exe
      4⤵
      PID:6548
  - - C:\Windows\System\EGHrPPz.exe
      C:\Windows\System\EGHrPPz.exe
      4⤵
      PID:7848
  - - C:\Windows\System\VGGWlhV.exe
      C:\Windows\System\VGGWlhV.exe
      4⤵
      PID:18660
  - - C:\Windows\System\MVItzlp.exe
      C:\Windows\System\MVItzlp.exe
      4⤵
      PID:22004
  - - C:\Windows\System\EuMKRME.exe
      C:\Windows\System\EuMKRME.exe
      4⤵
      PID:11320
  - - C:\Windows\System\wQtYkCL.exe
      C:\Windows\System\wQtYkCL.exe
      4⤵
      PID:13756
  - - C:\Windows\System\ynAHFQf.exe
      C:\Windows\System\ynAHFQf.exe
      4⤵
      PID:20960
  - - C:\Windows\System\CAYWlkT.exe
      C:\Windows\System\CAYWlkT.exe
      4⤵
      PID:7444
  - - C:\Windows\System\WPbRSGU.exe
      C:\Windows\System\WPbRSGU.exe
      4⤵
      PID:22224
  - - C:\Windows\System\HQnZqAS.exe
      C:\Windows\System\HQnZqAS.exe
      4⤵
      PID:9300
  - - C:\Windows\System\bXUhlhz.exe
      C:\Windows\System\bXUhlhz.exe
      4⤵
      PID:11868
  - - C:\Windows\System\xOMAGYS.exe
      C:\Windows\System\xOMAGYS.exe
      4⤵
      PID:15508
  - - C:\Windows\System\ZbbUCUD.exe
      C:\Windows\System\ZbbUCUD.exe
      4⤵
      PID:20844
  - - C:\Windows\System\fgCgVRk.exe
      C:\Windows\System\fgCgVRk.exe
      4⤵
      PID:23420
  - - C:\Windows\System\iWVOZyW.exe
      C:\Windows\System\iWVOZyW.exe
      4⤵
      PID:23484
  - - C:\Windows\System\thoLttm.exe
      C:\Windows\System\thoLttm.exe
      4⤵
      PID:708
  - - C:\Windows\System\sVYFmDh.exe
      C:\Windows\System\sVYFmDh.exe
      4⤵
      PID:16660
  - - C:\Windows\System\fiTqjcr.exe
      C:\Windows\System\fiTqjcr.exe
      4⤵
      PID:21396
  - - C:\Windows\System\YDmApHB.exe
      C:\Windows\System\YDmApHB.exe
      4⤵
      PID:22252
- - C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    3⤵
    PID:6044
  - - C:\Windows\SysWOW64\Efccmidp.exe
      C:\Windows\system32\Efccmidp.exe
      4⤵
      PID:5776
    - - C:\Windows\SysWOW64\Elgaeolp.exe
        
        C:\Windows\system32\Elgaeolp.exe
        5⤵
        
        PID:8556
      - C:\Windows\SysWOW64\Fjohde32.exe
        
        C:\Windows\system32\Fjohde32.exe
        6⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\Hdehni32.exe
        
        C:\Windows\system32\Hdehni32.exe
        7⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\Kjhloj32.exe
        
        C:\Windows\system32\Kjhloj32.exe
        8⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\Ojbacd32.exe
        
        C:\Windows\system32\Ojbacd32.exe
        9⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\Bakgoh32.exe
        
        C:\Windows\system32\Bakgoh32.exe
        10⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\Ddgplado.exe
        
        C:\Windows\system32\Ddgplado.exe
        11⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        12⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\Gmimai32.exe
        
        C:\Windows\system32\Gmimai32.exe
        13⤵
        
        PID:14884
        
        C:\Windows\SysWOW64\Iefphb32.exe
        
        C:\Windows\system32\Iefphb32.exe
        14⤵
        
        PID:18584
        
        C:\Windows\SysWOW64\Aadghn32.exe
        
        C:\Windows\system32\Aadghn32.exe
        15⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\Hnpaec32.exe
        
        C:\Windows\system32\Hnpaec32.exe
        16⤵
        
        PID:19124
        
        C:\Windows\SysWOW64\Fjeibc32.exe
        
        C:\Windows\system32\Fjeibc32.exe
        17⤵
        
        PID:6752
- - C:\Users\Admin\Downloads\240919-ptx8saydra_8aea267d26fa51fc94d8ac61f063cd6c9a9e83dcfd068c6518d5bca4289dd471.exe
    C:\Users\Admin\Downloads\240919-ptx8saydra_8aea267d26fa51fc94d8ac61f063cd6c9a9e83dcfd068c6518d5bca4289dd471.exe
    3⤵
    PID:6164
- - C:\Users\Admin\Downloads\240919-pxdzbayfjb_2580-28-0x0000000000400000-0x000000000044A000-memory.dmp
    C:\Users\Admin\Downloads\240919-pxdzbayfjb_2580-28-0x0000000000400000-0x000000000044A000-memory.dmp
    3⤵
    PID:8360
- - C:\Users\Admin\Downloads\240919-pzhqaayfrd_da382dc41f9e81d5e9079ec9cec6e5851a6bc4d7cde888665dad832c9b42ee97N.exe
    C:\Users\Admin\Downloads\240919-pzhqaayfrd_da382dc41f9e81d5e9079ec9cec6e5851a6bc4d7cde888665dad832c9b42ee97N.exe
    3⤵
    PID:5292
  - - C:\backup.exe
      \backup.exe \
      4⤵
      PID:12136
    - - C:\PerfLogs\backup.exe
        
        C:\PerfLogs\backup.exe C:\PerfLogs\
        5⤵
        
        PID:12912
    - - C:\Program Files\backup.exe
        
        "C:\Program Files\backup.exe" C:\Program Files\
        5⤵
        
        PID:4400
      - C:\Program Files\7-Zip\backup.exe
        
        "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
        6⤵
        
        PID:17084
        
        C:\Program Files\7-Zip\Lang\backup.exe
        
        "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
        7⤵
        
        PID:19920
      - C:\Program Files\Common Files\backup.exe
        
        "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
        6⤵
        
        PID:21812
    - - C:\Program Files (x86)\update.exe
        
        "C:\Program Files (x86)\update.exe" C:\Program Files (x86)\
        5⤵
        
        PID:19612
    - - C:\Users\update.exe
        
        C:\Users\update.exe C:\Users\
        5⤵
        
        PID:17764
- - C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    3⤵
    PID:9152
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup nomoreransom.bit dns1.soprodns.ru
      4⤵
      PID:19512
- - C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    3⤵
    PID:7532
  - - C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      4⤵
      PID:10776
- - C:\Users\Admin\Downloads\240919-p3rscsyhna_b550ec1b5072820ba37cb382a842587e51a42042243afb365a671a2d6510a721N.exe
    C:\Users\Admin\Downloads\240919-p3rscsyhna_b550ec1b5072820ba37cb382a842587e51a42042243afb365a671a2d6510a721N.exe
    3⤵
    PID:9764
  - - C:\Windows\SysWOW64\Pkegpb32.exe
      C:\Windows\system32\Pkegpb32.exe
      4⤵
      PID:12048
    - - C:\Windows\SysWOW64\Aehgnied.exe
        
        C:\Windows\system32\Aehgnied.exe
        5⤵
        
        PID:13172
      - C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        6⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\Dngjff32.exe
        
        C:\Windows\system32\Dngjff32.exe
        7⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\Fmfgek32.exe
        
        C:\Windows\system32\Fmfgek32.exe
        8⤵
        
        PID:14840
        
        C:\Windows\SysWOW64\Iomoenej.exe
        
        C:\Windows\system32\Iomoenej.exe
        9⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\Lgpoihnl.exe
        
        C:\Windows\system32\Lgpoihnl.exe
        10⤵
        
        PID:16744
        
        C:\Windows\SysWOW64\Pplobcpp.exe
        
        C:\Windows\system32\Pplobcpp.exe
        11⤵
        
        PID:16532
        
        C:\Windows\SysWOW64\Bkibgh32.exe
        
        C:\Windows\system32\Bkibgh32.exe
        12⤵
        
        PID:17796
        
        C:\Windows\SysWOW64\Hemmac32.exe
        
        C:\Windows\system32\Hemmac32.exe
        13⤵
        
        PID:17736
        
        C:\Windows\SysWOW64\Ojnfihmo.exe
        
        C:\Windows\system32\Ojnfihmo.exe
        14⤵
        
        PID:20352
- - C:\Users\Admin\Downloads\240919-pwffrayemh_6f13d973410a7304f1ba62b13b0235627a8f1778616bb0e145f804387954297aN.exe
    C:\Users\Admin\Downloads\240919-pwffrayemh_6f13d973410a7304f1ba62b13b0235627a8f1778616bb0e145f804387954297aN.exe
    3⤵
    PID:9772
  - - C:\Windows\SysWOW64\Oacoqnci.exe
      C:\Windows\system32\Oacoqnci.exe
      4⤵
      PID:10172
    - - C:\Windows\SysWOW64\Anaomkdb.exe
        
        C:\Windows\system32\Anaomkdb.exe
        5⤵
        
        PID:13072
      - C:\Windows\SysWOW64\Bahkih32.exe
        
        C:\Windows\system32\Bahkih32.exe
        6⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\Dkhnjk32.exe
        
        C:\Windows\system32\Dkhnjk32.exe
        7⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\Eeelnp32.exe
        
        C:\Windows\system32\Eeelnp32.exe
        8⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\Gfjkjo32.exe
        
        C:\Windows\system32\Gfjkjo32.exe
        9⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\Jghpbk32.exe
        
        C:\Windows\system32\Jghpbk32.exe
        10⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\Lmaamn32.exe
        
        C:\Windows\system32\Lmaamn32.exe
        11⤵
        
        PID:17264
        
        C:\Windows\SysWOW64\Npepkf32.exe
        
        C:\Windows\system32\Npepkf32.exe
        12⤵
        
        PID:17680
        
        C:\Windows\SysWOW64\Qfmmplad.exe
        
        C:\Windows\system32\Qfmmplad.exe
        13⤵
        
        PID:17436
        
        C:\Windows\SysWOW64\Cocjiehd.exe
        
        C:\Windows\system32\Cocjiehd.exe
        14⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\Hnbeeiji.exe
        
        C:\Windows\system32\Hnbeeiji.exe
        15⤵
        
        PID:17092
- - C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    3⤵
    PID:5060
  - - C:\Windows\SysWOW64\Lqikmc32.exe
      C:\Windows\system32\Lqikmc32.exe
      4⤵
      PID:9468
    - - C:\Windows\SysWOW64\Ohkkhhmh.exe
        
        C:\Windows\system32\Ohkkhhmh.exe
        5⤵
        
        PID:9332
      - C:\Windows\SysWOW64\Dkahilkl.exe
        
        C:\Windows\system32\Dkahilkl.exe
        6⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\Enkdaepb.exe
        
        C:\Windows\system32\Enkdaepb.exe
        7⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\Fpbflg32.exe
        
        C:\Windows\system32\Fpbflg32.exe
        8⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\Igfclkdj.exe
        
        C:\Windows\system32\Igfclkdj.exe
        9⤵
        
        PID:14836
        
        C:\Windows\SysWOW64\Llmhaold.exe
        
        C:\Windows\system32\Llmhaold.exe
        10⤵
        
        PID:16840
        
        C:\Windows\SysWOW64\Moipoh32.exe
        
        C:\Windows\system32\Moipoh32.exe
        11⤵
        
        PID:16364
        
        C:\Windows\SysWOW64\Pfandnla.exe
        
        C:\Windows\system32\Pfandnla.exe
        12⤵
        
        PID:14932
- - C:\Users\Admin\Downloads\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe
    C:\Users\Admin\Downloads\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe
    3⤵
    PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe"
      4⤵
      PID:18420
- - C:\Users\Admin\Downloads\240919-p2hhaszcqq_0d3e489345fcb6e2c7ed9a7c9171fe7d24f5eb22913bbeae5b88c3fe36854947N.exe
    C:\Users\Admin\Downloads\240919-p2hhaszcqq_0d3e489345fcb6e2c7ed9a7c9171fe7d24f5eb22913bbeae5b88c3fe36854947N.exe
    3⤵
    PID:10356
- - C:\Users\Admin\Downloads\240919-pzqqwsygjf_813a0d08212efc73e6570227bede27f6a902862772d57485685cfbe5f8465e4eN.exe
    C:\Users\Admin\Downloads\240919-pzqqwsygjf_813a0d08212efc73e6570227bede27f6a902862772d57485685cfbe5f8465e4eN.exe
    3⤵
    PID:12952
  - - C:\Windows\SysWOW64\Bnoknihb.exe
      C:\Windows\system32\Bnoknihb.exe
      4⤵
      PID:12084
    - - C:\Windows\SysWOW64\Dfnbgc32.exe
        
        C:\Windows\system32\Dfnbgc32.exe
        5⤵
        
        PID:12212
      - C:\Windows\SysWOW64\Ennqfenp.exe
        
        C:\Windows\system32\Ennqfenp.exe
        6⤵
        
        PID:14416
        
        C:\Windows\SysWOW64\Jghpbk32.exe
        
        C:\Windows\system32\Jghpbk32.exe
        7⤵
        
        PID:15792
        
        C:\Windows\SysWOW64\Lmaamn32.exe
        
        C:\Windows\system32\Lmaamn32.exe
        8⤵
        
        PID:17276
        
        C:\Windows\SysWOW64\Nmfcok32.exe
        
        C:\Windows\system32\Nmfcok32.exe
        9⤵
        
        PID:17608
        
        C:\Windows\SysWOW64\Qodeajbg.exe
        
        C:\Windows\system32\Qodeajbg.exe
        10⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\Fgmdec32.exe
        
        C:\Windows\system32\Fgmdec32.exe
        11⤵
        
        PID:17412
        
        C:\Windows\SysWOW64\Jemfhacc.exe
        
        C:\Windows\system32\Jemfhacc.exe
        12⤵
        
        PID:18688
        
        C:\Windows\SysWOW64\Adepji32.exe
        
        C:\Windows\system32\Adepji32.exe
        13⤵
        
        PID:18720
        
        C:\Windows\SysWOW64\Gglpgd32.exe
        
        C:\Windows\system32\Gglpgd32.exe
        14⤵
        
        PID:1608
- - C:\Users\Admin\Downloads\240919-p4lmqszdql_50b2f50c91a1e5b057d7e3c48f17595bcafb60d376c689444250a5b0c1646242N.exe
    C:\Users\Admin\Downloads\240919-p4lmqszdql_50b2f50c91a1e5b057d7e3c48f17595bcafb60d376c689444250a5b0c1646242N.exe
    3⤵
    PID:13524
  - - C:\Windows\SysWOW64\Fbpchb32.exe
      C:\Windows\system32\Fbpchb32.exe
      4⤵
      PID:14720
    - - C:\Windows\SysWOW64\Jpaekqhh.exe
        
        C:\Windows\system32\Jpaekqhh.exe
        5⤵
        
        PID:10560
      - C:\Windows\SysWOW64\Mgphpe32.exe
        
        C:\Windows\system32\Mgphpe32.exe
        6⤵
        
        PID:14916
        
        C:\Windows\SysWOW64\Qdoacabq.exe
        
        C:\Windows\system32\Qdoacabq.exe
        7⤵
        
        PID:672
        
        C:\Windows\SysWOW64\Cgifbhid.exe
        
        C:\Windows\system32\Cgifbhid.exe
        8⤵
        
        PID:18152
        
        C:\Windows\SysWOW64\Fiqjke32.exe
        
        C:\Windows\system32\Fiqjke32.exe
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\Lfiokmkc.exe
        
        C:\Windows\system32\Lfiokmkc.exe
        10⤵
        
        PID:17428
        
        C:\Windows\SysWOW64\Qfmfefni.exe
        
        C:\Windows\system32\Qfmfefni.exe
        11⤵
        
        PID:14008
        
        C:\Windows\SysWOW64\Clgmkbna.exe
        
        C:\Windows\system32\Clgmkbna.exe
        12⤵
        
        PID:23472
- - C:\Users\Admin\Downloads\240919-p1nypazcnl_066692a03f240a40c237f5ec3270d27cac1fda40630dd29f40db006b79a542a8.exe
    C:\Users\Admin\Downloads\240919-p1nypazcnl_066692a03f240a40c237f5ec3270d27cac1fda40630dd29f40db006b79a542a8.exe
    3⤵
    PID:6020
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\RUNTIM~1.EXE"
      4⤵
      PID:5632
    - - C:\Users\Admin\RUNTIM~1.EXE
        
        C:\Users\Admin\RUNTIM~1.EXE
        5⤵
        
        PID:22508
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\RUSTAN~1.EXE"
      4⤵
      PID:22108
- - C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe
    "C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe"
    3⤵
    PID:15924
- - C:\Users\Admin\Downloads\240919-pxkrvsyfka_2832-6-0x0000000000400000-0x000000000044A000-memory.dmp
    C:\Users\Admin\Downloads\240919-pxkrvsyfka_2832-6-0x0000000000400000-0x000000000044A000-memory.dmp
    3⤵
    PID:15944
- - C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    3⤵
    PID:15952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15952 -s 380
      4⤵
      Program crash
      PID:15516
- - C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    3⤵
    PID:15960
  - - C:\Windows\SysWOW64\Iomoenej.exe
      C:\Windows\system32\Iomoenej.exe
      4⤵
      PID:1480
    - - C:\Windows\SysWOW64\Ljnlecmp.exe
        
        C:\Windows\system32\Ljnlecmp.exe
        5⤵
        
        PID:16776
      - C:\Windows\SysWOW64\Nnafno32.exe
        
        C:\Windows\system32\Nnafno32.exe
        6⤵
        
        PID:13164
- - C:\Users\Admin\Downloads\240919-ptxl9ayhqk_Backdoor.Win32.Berbew.AA.MTB-3d059422e990a2f465442636f0884b52620c9e3beb626b42d46e660458aae7e4N
    C:\Users\Admin\Downloads\240919-ptxl9ayhqk_Backdoor.Win32.Berbew.AA.MTB-3d059422e990a2f465442636f0884b52620c9e3beb626b42d46e660458aae7e4N
    3⤵
    PID:15968
  - - C:\Windows\SysWOW64\Ipgbdbqb.exe
      C:\Windows\system32\Ipgbdbqb.exe
      4⤵
      PID:1516
    - - C:\Windows\SysWOW64\Kgnbdh32.exe
        
        C:\Windows\system32\Kgnbdh32.exe
        5⤵
        
        PID:16616
      - C:\Windows\SysWOW64\Nqpcjj32.exe
        
        C:\Windows\system32\Nqpcjj32.exe
        6⤵
        
        PID:14624
        
        C:\Windows\SysWOW64\Qpcecb32.exe
        
        C:\Windows\system32\Qpcecb32.exe
        7⤵
        
        PID:14704
        
        C:\Windows\SysWOW64\Cammjakm.exe
        
        C:\Windows\system32\Cammjakm.exe
        8⤵
        
        PID:16448
        
        C:\Windows\SysWOW64\Ebdlangb.exe
        
        C:\Windows\system32\Ebdlangb.exe
        9⤵
        
        PID:17740
        
        C:\Windows\SysWOW64\Hnnljj32.exe
        
        C:\Windows\system32\Hnnljj32.exe
        10⤵
        
        PID:14664
        
        C:\Windows\SysWOW64\Lfiokmkc.exe
        
        C:\Windows\system32\Lfiokmkc.exe
        11⤵
        
        PID:18700
        
        C:\Windows\SysWOW64\Njjmni32.exe
        
        C:\Windows\system32\Njjmni32.exe
        12⤵
        
        PID:20044
        
        C:\Windows\SysWOW64\Omfekbdh.exe
        
        C:\Windows\system32\Omfekbdh.exe
        13⤵
        
        PID:18508
- - C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    3⤵
    PID:15976
- - C:\Users\Admin\Downloads\240919-pzkvmsygja_eb5cf6d6717307d5eaa965b807a9e240_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzkvmsygja_eb5cf6d6717307d5eaa965b807a9e240_JaffaCakes118.exe
    3⤵
    PID:15988
- - C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    3⤵
    PID:15996
  - - C:\Windows\SysWOW64\Ibfnqmpf.exe
      C:\Windows\system32\Ibfnqmpf.exe
      4⤵
      PID:14672
    - - C:\Windows\SysWOW64\Kfpcoefj.exe
        
        C:\Windows\system32\Kfpcoefj.exe
        5⤵
        
        PID:16644
      - C:\Windows\SysWOW64\Nfaemp32.exe
        
        C:\Windows\system32\Nfaemp32.exe
        6⤵
        
        PID:18396
        
        C:\Windows\SysWOW64\Aogbfi32.exe
        
        C:\Windows\system32\Aogbfi32.exe
        7⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\Cglbhhga.exe
        
        C:\Windows\system32\Cglbhhga.exe
        8⤵
        
        PID:16268
        
        C:\Windows\SysWOW64\Fnfmbmbi.exe
        
        C:\Windows\system32\Fnfmbmbi.exe
        9⤵
        
        PID:18740
        
        C:\Windows\SysWOW64\Njedbjej.exe
        
        C:\Windows\system32\Njedbjej.exe
        10⤵
        
        PID:19876
        
        C:\Windows\SysWOW64\Oqoefand.exe
        
        C:\Windows\system32\Oqoefand.exe
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\Gggfme32.exe
        
        C:\Windows\system32\Gggfme32.exe
        12⤵
        
        PID:6956
- - C:\Users\Admin\Downloads\240919-pzx5zaygkf_eb5d25e57d93a06a9b1fe1170d52ac35_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzx5zaygkf_eb5d25e57d93a06a9b1fe1170d52ac35_JaffaCakes118.exe
    3⤵
    PID:16004
- - C:\Users\Admin\Downloads\240919-p5jjrszaka_2328-3-0x0000000000400000-0x0000000000482000-memory.dmp
    C:\Users\Admin\Downloads\240919-p5jjrszaka_2328-3-0x0000000000400000-0x0000000000482000-memory.dmp
    3⤵
    PID:16012
- - C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    3⤵
    PID:16020
- - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    3⤵
    PID:16028
  - - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe"
      4⤵
      PID:12432
- - C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    3⤵
    PID:16036
  - - C:\ProgramData\aWffiRBXKTIX.exe
      C:\ProgramData\aWffiRBXKTIX.exe
      4⤵
      PID:12340
- - C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    3⤵
    PID:16044
  - - C:\Windows\SysWOW64\Ipjoja32.exe
      C:\Windows\system32\Ipjoja32.exe
      4⤵
      PID:15464
    - - C:\Windows\SysWOW64\Lcdciiec.exe
        
        C:\Windows\system32\Lcdciiec.exe
        5⤵
        
        PID:16716
      - C:\Windows\SysWOW64\Nfjola32.exe
        
        C:\Windows\system32\Nfjola32.exe
        6⤵
        
        PID:17372
        
        C:\Windows\SysWOW64\Pdhkcb32.exe
        
        C:\Windows\system32\Pdhkcb32.exe
        7⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\Cponen32.exe
        
        C:\Windows\system32\Cponen32.exe
        8⤵
        
        PID:15376
        
        C:\Windows\SysWOW64\Gacepg32.exe
        
        C:\Windows\system32\Gacepg32.exe
        9⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\Ljdkll32.exe
        
        C:\Windows\system32\Ljdkll32.exe
        10⤵
        
        PID:19012
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        11⤵
        
        PID:20152
        
        C:\Windows\SysWOW64\Padnaq32.exe
        
        C:\Windows\system32\Padnaq32.exe
        12⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Enhifi32.exe
        
        C:\Windows\system32\Enhifi32.exe
        13⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\Egmjpi32.exe
        
        C:\Windows\system32\Egmjpi32.exe
        14⤵
        
        PID:8704
- - C:\Users\Admin\Downloads\240919-pvsdxszalq_c18257cd9fbca49a1748093a8401b0313747181d6db99b4647b64d36bb5c38f7N.exe
    C:\Users\Admin\Downloads\240919-pvsdxszalq_c18257cd9fbca49a1748093a8401b0313747181d6db99b4647b64d36bb5c38f7N.exe
    3⤵
    PID:16052
  - - C:\Windows\SysWOW64\Ipjoja32.exe
      C:\Windows\system32\Ipjoja32.exe
      4⤵
      PID:16348
    - - C:\Windows\SysWOW64\Lcdciiec.exe
        
        C:\Windows\system32\Lcdciiec.exe
        5⤵
        
        PID:16700
      - C:\Windows\SysWOW64\Nmdgikhi.exe
        
        C:\Windows\system32\Nmdgikhi.exe
        6⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\Qhhpop32.exe
        
        C:\Windows\system32\Qhhpop32.exe
        7⤵
        
        PID:15604
- - C:\Users\Admin\Downloads\240919-pt73zszajk_155883bbf2e724284ceaba37e0df36ed91296574b308964dbc3c33dbdd05c8db.exe
    C:\Users\Admin\Downloads\240919-pt73zszajk_155883bbf2e724284ceaba37e0df36ed91296574b308964dbc3c33dbdd05c8db.exe
    3⤵
    PID:16060
- - C:\Users\Admin\Downloads\240919-p69scazfjj_2976-8-0x0000000000400000-0x0000000000442000-memory.dmp
    C:\Users\Admin\Downloads\240919-p69scazfjj_2976-8-0x0000000000400000-0x0000000000442000-memory.dmp
    3⤵
    PID:16068
- - C:\Users\Admin\Downloads\240919-pzadxayfqe_eb5cc00c030e8d22ffb8fada31c6ef5a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzadxayfqe_eb5cc00c030e8d22ffb8fada31c6ef5a_JaffaCakes118.exe
    3⤵
    PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\data.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\data.exe
      4⤵
      PID:12260
- - C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    3⤵
    PID:16084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16084 -s 400
      4⤵
      Program crash
      PID:16808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16084 -s 400
      4⤵
      Program crash
      PID:18488
- - C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    3⤵
    PID:16092
  - - C:\Windows\SysWOW64\Jcoaglhk.exe
      C:\Windows\system32\Jcoaglhk.exe
      4⤵
      PID:14528
    - - C:\Windows\SysWOW64\Lnjgfb32.exe
        
        C:\Windows\system32\Lnjgfb32.exe
        5⤵
        
        PID:16812
      - C:\Windows\SysWOW64\Npbceggm.exe
        
        C:\Windows\system32\Npbceggm.exe
        6⤵
        
        PID:14620
- - C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe
    "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
    3⤵
    PID:16100
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
      4⤵
      PID:3468
- - C:\Users\Admin\Downloads\240919-ps571aydna_eb58de7532ef82b22d424649e776ec12_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ps571aydna_eb58de7532ef82b22d424649e776ec12_JaffaCakes118.exe
    3⤵
    PID:16108
- - C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    3⤵
    PID:16124
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:16452
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:7812
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:15664
- - C:\Users\Admin\Downloads\240919-p7jybazaqg_2096-3-0x0000000000400000-0x000000000044A000-memory.dmp
    C:\Users\Admin\Downloads\240919-p7jybazaqg_2096-3-0x0000000000400000-0x000000000044A000-memory.dmp
    3⤵
    PID:16132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16132 -s 8
      4⤵
      Program crash
      PID:17976
- - C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    3⤵
    PID:16140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16140 -s 1160
      4⤵
      Program crash
      PID:21948
- - C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe
    "C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe"
    3⤵
    PID:16148
- - C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe
    "C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe"
    3⤵
    PID:16156
- - C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
    3⤵
    PID:16164
- - C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    3⤵
    PID:16176
- - C:\Users\Admin\Downloads\240919-p7sv8azarf_2732-17-0x0000000000400000-0x0000000000452000-memory.dmp
    C:\Users\Admin\Downloads\240919-p7sv8azarf_2732-17-0x0000000000400000-0x0000000000452000-memory.dmp
    3⤵
    PID:10380
- - C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    3⤵
    PID:16784
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Overtippling=Get-Content 'C:\Users\Admin\AppData\Local\Temp\boilinglike\vaporarium\Salvelsesfuld\Belabored.Pra75';$Grundkursets=$Overtippling.SubString(55723,3);.$Grundkursets($Overtippling)
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:11364
- - C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    3⤵
    PID:14948
- - C:\Users\Admin\Downloads\240919-p273yszdjr_541e604156eec44e30df18c71219e67303e2500654e9e06566d5572b889c5325N.exe
    C:\Users\Admin\Downloads\240919-p273yszdjr_541e604156eec44e30df18c71219e67303e2500654e9e06566d5572b889c5325N.exe
    3⤵
    PID:17920
  - - \??\c:\9btnnh.exe
      c:\9btnnh.exe
      4⤵
      PID:18200
    - - \??\c:\1rxffll.exe
        
        c:\1rxffll.exe
        5⤵
        
        PID:16056
      - \??\c:\vdvjv.exe
        
        c:\vdvjv.exe
        6⤵
        
        PID:18572
        
        \??\c:\rrrlxxl.exe
        
        c:\rrrlxxl.exe
        7⤵
        
        PID:17660
        
        \??\c:\jjjjd.exe
        
        c:\jjjjd.exe
        8⤵
        
        PID:19004
        
        \??\c:\dpddd.exe
        
        c:\dpddd.exe
        9⤵
        
        PID:18672
- - C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
    3⤵
    PID:3684
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
      4⤵
      PID:19388
- - C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe
    "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
    3⤵
    PID:16392
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
      4⤵
      PID:8040
- - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
    "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
    3⤵
    PID:17596
- - C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    3⤵
    PID:11636
  - - C:\Windows\SysWOW64\mspeupx.exe
      C:\Windows\system32\mspeupx.exe
      4⤵
      PID:5536
  - - C:\Windows\SysWOW64\netpass.exe
      C:\Windows\system32\netpass.exe
      4⤵
      PID:19308
- - C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    3⤵
    PID:18260
- - C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
    3⤵
    PID:18912
- - C:\Users\Admin\Downloads\240919-p5n49azelj_3dcc77c1a803288bf33a382eeacd5986361cf1448002c59d47c6a4758325ad67N.exe
    C:\Users\Admin\Downloads\240919-p5n49azelj_3dcc77c1a803288bf33a382eeacd5986361cf1448002c59d47c6a4758325ad67N.exe
    3⤵
    PID:10844
- - C:\Users\Admin\Downloads\240919-p5a8dszajd_42f82b2da39bbe450d9295bb74cfd25ccc06b545e145b82639ea52a2bf6c41beN.exe
    C:\Users\Admin\Downloads\240919-p5a8dszajd_42f82b2da39bbe450d9295bb74cfd25ccc06b545e145b82639ea52a2bf6c41beN.exe
    3⤵
    PID:17968
  - - C:\Windows\SysWOW64\Ofgdcipq.exe
      C:\Windows\system32\Ofgdcipq.exe
      4⤵
      PID:19144
    - - C:\Windows\SysWOW64\Fjocbhbo.exe
        
        C:\Windows\system32\Fjocbhbo.exe
        5⤵
        
        PID:21216
      - C:\Windows\SysWOW64\Hqimlihn.exe
        
        C:\Windows\system32\Hqimlihn.exe
        6⤵
        
        PID:17160
- - C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    3⤵
    PID:12972
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      PID:19684
- - C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    3⤵
    PID:15024
  - - C:\Windows\SysWOW64\Mlofcf32.exe
      C:\Windows\system32\Mlofcf32.exe
      4⤵
      PID:19712
    - - C:\Windows\SysWOW64\Aabkbono.exe
        
        C:\Windows\system32\Aabkbono.exe
        5⤵
        
        PID:5560
      - C:\Windows\SysWOW64\Gkalbj32.exe
        
        C:\Windows\system32\Gkalbj32.exe
        6⤵
        
        PID:16544
        
        C:\Windows\SysWOW64\Hdicggla.exe
        
        C:\Windows\system32\Hdicggla.exe
        7⤵
        
        PID:23500
- - C:\Users\Admin\Downloads\240919-p7gg7azfjl_2668-36-0x0000000000400000-0x000000000047F000-memory.dmp
    C:\Users\Admin\Downloads\240919-p7gg7azfjl_2668-36-0x0000000000400000-0x000000000047F000-memory.dmp
    3⤵
    PID:17252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 17252 -s 8
      4⤵
      Program crash
      PID:21976
- - C:\Users\Admin\Downloads\240919-ptc8lsyhmp_6bfda052f5e26b18303ca3f9b8724f3a565bb769fdef657907a216fb1f930532N.exe
    C:\Users\Admin\Downloads\240919-ptc8lsyhmp_6bfda052f5e26b18303ca3f9b8724f3a565bb769fdef657907a216fb1f930532N.exe
    3⤵
    PID:17780
  - - C:\Windows\SysWOW64\Nfgklkoc.exe
      C:\Windows\system32\Nfgklkoc.exe
      4⤵
      PID:19756
    - - C:\Windows\SysWOW64\Oonlfo32.exe
        
        C:\Windows\system32\Oonlfo32.exe
        5⤵
        
        PID:20416
      - C:\Windows\SysWOW64\Gnohnffc.exe
        
        C:\Windows\system32\Gnohnffc.exe
        6⤵
        
        PID:21604
        
        C:\Windows\SysWOW64\Hnehdo32.exe
        
        C:\Windows\system32\Hnehdo32.exe
        7⤵
        
        PID:13372
- - C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe
    "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
    3⤵
    PID:17820
- - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    3⤵
    PID:13876
- - C:\Users\Admin\Downloads\240919-p3a5lsyhlg_eb5ec6b933066249950cd4d9f06c05ee_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-p3a5lsyhlg_eb5ec6b933066249950cd4d9f06c05ee_JaffaCakes118.exe
    3⤵
    PID:18856
- - C:\Users\Admin\Downloads\240919-pyzbmszbqk_eb5c919afd904cf62615161c2c83720f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pyzbmszbqk_eb5c919afd904cf62615161c2c83720f_JaffaCakes118.exe
    3⤵
    PID:18568
  - - \??\c:\Windows\svchest425075242507520.exe
      c:\Windows\svchest425075242507520.exe
      4⤵
      PID:16112
- - C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe
    "C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe"
    3⤵
    PID:18500
- - C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    3⤵
    PID:8968
- - C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    3⤵
    PID:16212
- - C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe
    "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
    3⤵
    PID:7824
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
      4⤵
      PID:5976
- - C:\Users\Admin\Downloads\240919-psckpayhjn_eb586fb27c1340840b93eada3a4e640d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-psckpayhjn_eb586fb27c1340840b93eada3a4e640d_JaffaCakes118.exe
    3⤵
    PID:18604
- - C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:18620
  - - C:\Users\Admin\AppData\Local\lustring\reindulgence.exe
      "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
      4⤵
      PID:21244
- - C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    3⤵
    PID:20376
- - C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    3⤵
    PID:19644
- - C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    3⤵
    PID:5572
  - - C:\Windows\SysWOW64\Hnokjm32.exe
      C:\Windows\system32\Hnokjm32.exe
      4⤵
      PID:23032
- - C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    3⤵
    PID:22364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1900 -ip 1900
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 888 -ip 888
1⤵
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3292 -ip 3292
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2440 -ip 2440
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6004 -ip 6004
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7304 -ip 7304
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7324 -ip 7324
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 8052 -ip 8052
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6164 -ip 6164
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 8360 -ip 8360
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6164 -ip 6164
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5980 -ip 5980
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1036 -ip 1036
1⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 16012 -ip 16012
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 16068 -ip 16068
1⤵
PID:16496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 16132 -ip 16132
1⤵
PID:17328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 15952 -ip 15952
1⤵
PID:15664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 16060 -ip 16060
1⤵
PID:17632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 15944 -ip 15944
1⤵
PID:18316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 16084 -ip 16084
1⤵
PID:17912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 10380 -ip 10380
1⤵
PID:17092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5336 -ip 5336
1⤵
PID:17860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 16140 -ip 16140
1⤵
PID:17884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 17252 -ip 17252
1⤵
PID:20424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2144 -ip 2144
1⤵
PID:19172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 16140 -ip 16140
1⤵
PID:21428

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:20460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 16124 -ip 16124
1⤵
PID:21444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3684 -ip 3684
1⤵
PID:20876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 16392 -ip 16392
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 16140 -ip 16140
1⤵
PID:22980

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
1⤵
PID:23144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 16140 -ip 16140
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 16140 -ip 16140
1⤵
PID:15804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Network Share Discovery

T1135

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1rfxrlf.exe.tmp

Filesize
524KB

MD5
479cb6484b4f498f668822d7a0b83dc0

SHA1
ed89814808660399577d154ca8bc748378df6dd2

SHA256
c4f2fd2ce93c50477d1e8829eff0476cb0303e3bf9095ded44ccb9d5a77387ee

SHA512
472a3bf536824b3150175862c3267e1ddd97c85719dc5e240998888a5861ba9754f18a082b5fe91ba66da0bae38c488d8ba9db37bcf566fdf2e56ee5a0d791ca

Download Submit
C:\1rxffll.exe

Filesize
453KB

MD5
03a6369d8a808cb07d4fb5bb5cf668c9

SHA1
deac7882366826930ed6661075220ecfedb0d969

SHA256
589c256b6054077a4cc5e3c72d249d9ddf0b78d573c0e749f8524e5bbaee6f63

SHA512
cb644863c53bda987c059602fcd74cf7676cf92ce287208968ac7177d8fdb28b66e75f874703f757498324667c8053559ddab230f11e0231c0277ba9f0b09503

Download Submit
C:\Program Files (x86)\b8326b13\jusched.exe

Filesize
4.7MB

MD5
de19ecd4d312d1b0c961ebcec8864e45

SHA1
97e6433875f2c6af5c8b08558b0eb6e853cdbc41

SHA256
0fa7599f5575a2740e8355f10f0927b7dd63af41058b53dc6d82815c999037c0

SHA512
172c7a8933e23ea07ec2a5870567d2bb443afd889263e40503a244aa59274bc1053daffe8f2a1117228208809973ad1c24a09aaf76f9aa207dad4f8ba515839f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\240919-pwj4yayenc_9064f1a15c6f733a95d9a074868cc3584d0576f29867fb7e5e687431a847d43eN.exe

Filesize
310KB

MD5
f7b77010d8665724bca77d3a580da8fe

SHA1
e87495e14e73a6e6a86b36b9077f613c817c0365

SHA256
04c65c93b0bcd2ba9a1e7da9ef61e5cae5e16f9f96922bfa683325918a875a3d

SHA512
00e2173f767b745728bb6bb3b1a910a8140c602aee51574c891270a60f43bcb1f950417ead0b89e0944869be8ea35d46b3c528335ad0a2d2e0105ea5b8258800

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_asyncio.pyd

Filesize
62KB

MD5
2859c39887921dad2ff41feda44fe174

SHA1
fae62faf96223ce7a3e6f7389a9b14b890c24789

SHA256
aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9

SHA512
790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_multiprocessing.pyd

Filesize
32KB

MD5
1386dbc6dcc5e0be6fef05722ae572ec

SHA1
470f2715fafd5cafa79e8f3b0a5434a6da78a1ba

SHA256
0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007

SHA512
ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_overlapped.pyd

Filesize
48KB

MD5
01ad7ca8bc27f92355fd2895fc474157

SHA1
15948cd5a601907ff773d0b48e493adf0d38a1a6

SHA256
a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b

SHA512
8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_tcl_data\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\_tkinter.pyd

Filesize
61KB

MD5
442304ce4ad2d40e0d85a89b52b6d272

SHA1
5b5add527dd6fea47d4caa923694eee8d741b488

SHA256
6ff6cc788f1ab19de383810ddbd15ecd5fc8216faf5e1e406bbf9a608fbb9991

SHA512
df5a47780a6642c310417c2d2e8c439eb2a324d9318ef1ea5af36c5657cc34a8aa950edbe5f91869bf0d50cccebcb7a08447dbcfdc75e29acc8c72327f231e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\numpy\core\_multiarray_umath.cp311-win_amd64.pyd

Filesize
2.7MB

MD5
ea2e696dd221290a44fc7f095c4f185b

SHA1
dd5ae42ae6d2678d65b003ba4ca8286a80586869

SHA256
c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e

SHA512
7a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22722\zstandard\backend_c.cp311-win_amd64.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI291802\_tcl_data\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI291802\zstandard\_cffi.cp311-win_amd64.pyd

Filesize
640KB

MD5
4327027d7cb61f547e22c4f668eb7bf7

SHA1
22f413d03a90d04d571526687e43eb255f427435

SHA256
e681900aeb771e57bc063e44b303293e11df32f1b1fecdcbc00574c00e75626c

SHA512
16a2e2e262c0246906d48ea67ee17d38c07712a1b97eb18c4f8f656f39eb187e18da3edc6d2fdf49dc9e35b92f6ba6bde0f00948c3e68e146f7edcd1e9c9404a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_x33ywmm3.3wt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc1FCE.tmp

Filesize
39B

MD5
3e930ca30f900b15da4ef96902f9b347

SHA1
92c4cd5b76b9be895152fdb3adcd165192daa552

SHA256
688f5bdbcde116a168af5f0ea57296f14181abe8fb92292eaf11febd498e3d42

SHA512
40bcbeea8dcf22201d275e68be32deadc953a2383f11788947d10aabf4469d61d8e3b86ded7e7369a9d413974d90e628aa1a4a6e6bc2b60c2de20bbd896fd489

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc20EE.tmp

Filesize
60B

MD5
bb74b974c055f06d8349a66d42243f76

SHA1
70d8f81ca24ed1c409581235879e51eb8d964d09

SHA256
a5c868bbf4874d5d4b84cf33944d4a68076bf6fa024beb262e25fcd203264e88

SHA512
5c36db7b0f5306d92426c0b7d1419bc30e1b76f80b44ffd491f364a96ac81ee7169ca5c56db7e5e6a6bb372b52072fa6a0389d95e890306648b5414b93b914ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh1F06.tmp\tube.ini

Filesize
43B

MD5
5e433ed09dfa632361014948c66be57f

SHA1
9e9fcae5383d03e86db445dd4aa9e5183a5da9cf

SHA256
d515acdd79f4d6ecdab751d81af7f7498cd20db87b2d722fe6130826bedc4901

SHA512
1cab0b789ad08672ab49264cdd83d3219a49b45cb67c3203a4137830586a318e44aee953de282b10e99cec71c2ef6a5e8d46e8cacd9cfe070503d11c4262655c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi230C.tmp

Filesize
13B

MD5
f6dd1b23c7a68545a2c2dbf678cf8683

SHA1
43eeed66236b1b5868671abdc138051daa64fd16

SHA256
38e0646749072dd0bfa54e9cc2884b454d7ea22b08d816599d86f7f162e1c7e8

SHA512
a23ad3fc2ca9259a0641bc445eb71848c5e824694f844dea4d35d985aa65fa6a882af3d4f873042df9da564e0ec4afd0ad2bc6911c00a70f9e82171d53fb76d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi230C.tmp

Filesize
30B

MD5
f15bfdebb2df02d02c8491bde1b4e9bd

SHA1
93bd46f57c3316c27cad2605ddf81d6c0bde9301

SHA256
c87f2ff45bb530577fb8856df1760edaf1060ae4ee2934b17fdd21b7d116f043

SHA512
1757ed4ae4d47d0c839511c18be5d75796224d4a3049e2d8853650ace2c5057c42040de6450bf90dd4969862e9ebb420cd8a34f8dd9c970779ed2e5459e8f2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso3214.tmp

Filesize
56B

MD5
1aa8e74ed9d6739503ae5f18738184ea

SHA1
b7337245fa89766422c1c3d4405a3a06735f0a0d

SHA256
286763af18d34cd1ca5cce897b0b06b62f6ce157036de1d28199dfa44688a72b

SHA512
8dfb77f91d2b5f4743036072566d9433752ca59b1aa552cd2ed79a81b81169004ff55f88c66f6a326f87789644c2ee4d438cb4fe06972de1bd8a416e91e64a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss2F36.tmp

Filesize
60B

MD5
61c718f795f4dffee17772308a95cf28

SHA1
dcf44f582185c2080d04466014f85b3023a0420e

SHA256
e66f275d189c5cce43ece0a29c27b4e975b50d6cb8a155cd52b49f0d81c93ef8

SHA512
879bd3f6f1bc9da2f2499591c5ec39145ce516672c1e6e204db3d894719c11b2dfb1d2aba8b35b775ee6abc0b0f4d9ab06f1b0b7cd0d37a919d90d99ae17f6ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw1D41.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx204B.tmp

Filesize
52B

MD5
5d04a35d3950677049c7a0cf17e37125

SHA1
cafdd49a953864f83d387774b39b2657a253470f

SHA256
a9493973dd293917f3ebb932ab255f8cac40121707548de100d5969956bb1266

SHA512
c7b1afd95299c0712bdbc67f9d2714926d6ec9f71909af615affc400d8d2216ab76f6ac35057088836435de36e919507e1b25be87b07c911083f964eb67e003b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx21A9.tmp

Filesize
56B

MD5
6a540314daf25efae124e97f9e381c1d

SHA1
d4fe7146c3212b76e94bfd8045f29f5e8aa7f10e

SHA256
2972a0da5ef987d2aa10c624f1207ed88d2c302f2992a87da7c0c0a535c51063

SHA512
3819a7f7c35a44fc211cc4d49685e1f986180fc03d95eb7a93bbf885f1f7aecc8ac1e8218747773fcc858bb014dd2d7c8e8750cdbece51065b2afd125cdd6334

Download Submit
C:\Users\Admin\AppData\Local\Temp\wardg.exe

Filesize
105KB

MD5
f8a04412979a043be037683c36edf9f3

SHA1
6a22ba4e1e97e72605fb2422f7e3d3241a13fa85

SHA256
ea10d74f126929fa7dc1cfe9c8c4624ef3fdd0f23b1fec66eec974b87ed8eba7

SHA512
d048d08158598d3f5f535b770a16e9501d9f073b0b77235e5ba918d48477d80857de4f71919cc1d3b23dced41983c9cd6757feb28fc7dea55f9462fe361a6f96

Download Submit
C:\Users\Admin\AppData\Local\totted\sacculation.exe

Filesize
1.1MB

MD5
e0b036ea8f826bc6d8bb3cb3aaaedead

SHA1
071958138342ea8e068969b0af526e8f25f08eec

SHA256
5bad9df94dcc60bb8e5c4137f2d1026c84787aed707ec9e95f5e6f05e70e290b

SHA512
df196b63bbbd333fed0f6278d30b8b8c2d19c219cf219121d5d3f04f1e5063059490a0f8d02c068aedd458bfec7b43f286ab22265ad997bc2c73417d62053c33

Download Submit
C:\Users\Admin\AppData\Roaming\BtEYlavlla.exe

Filesize
599KB

MD5
8f430690b8710fa451e213dd0b2ec9ab

SHA1
de4b9701915a96ab28ad39dd5bc13be1941bc095

SHA256
c0972bed1bf730f5247f0ee2db6fe2f15b97217b6cfb42a024dc3aad4ec20341

SHA512
eda0d36ba72eec1b1cb5f95e7e7c676a89338f11cd7f2134fe114ac353447aabf4cc54276795dcd46a668dfadd597d143d2e2749fbb0f8b35d78df11da91aea2

Download Submit
C:\Users\Admin\AppData\Roaming\GwTIUBUaZCliF.exe

Filesize
912KB

MD5
365de72e3ea8c233861d9a80f7d7c1be

SHA1
ba20d0609fe16e3f9e61a34928853c00184be26b

SHA256
bb982ea4dad990c5c393a7f1fb85a4daf85be97edcb1e1473cdd0703596ecd6d

SHA512
9c856fee64c4179865b9ae968b706fddd5151c3c405fa5b18d699801133dfde28250fdbcd16e31a8cbdcfb98ec8fe2efa6f769a921f54e505e5c5e1bc6822ed4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F42L3ZT0ED5XPXI0RJTK.temp

Filesize
6KB

MD5
f1d09ceae1279344203eaf973468f7ab

SHA1
bc064569a933324d84a7e85b06362aee7a6384dd

SHA256
89f9908b79edbdd531573835b290050b39ccd3be9dca50c637014797ccdcdaba

SHA512
278bf6258d82b4526ca6fe1826f7d03a61c39722744be75456b5a2baca006655ee2803e010d217cbba0a5356f6246c0e7337acb4176c3a888298be823edcd16a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NN0KIZMRUJ7HW2BIZ5YQ.temp

Filesize
6KB

MD5
188aa728c96d127d636fb62e054a3fa2

SHA1
dea1c6b708eca908b2d1d4ce3835d3e875a3b015

SHA256
592aabf9b67e2574e79a2bda92c2038b13ecb6331cfaed5d00523886428e8059

SHA512
a089dfd3c8670dee6fe4543bbdfc523e79c5e1397165d28ab0a2f3eb2f7f102eec4c3567229ae0a9527b31232dc12b3e5e65eb9531b09b0e649d53da8c7cde3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
98e7440ad8dc407763dd0d6b00f4b40c

SHA1
a73a694383ac2e645094509c9cc18603ed72ddfe

SHA256
6e372490366cd49d2c63ce65736217a801423159ad9f87a110f72996743e08d5

SHA512
a314b5c31cac5e723264a488dcfac4656c434d5000d43a8f21fcc893c0ff72a3ddb054798fb68fa19b3737854ccb116b0c94a5d8c10f5ddab227af0a14dcbbb0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
0f041a2c0693a53df8d148fd0b11477c

SHA1
045bae9751bd7b80a149050ba7c949e1fa9d8aa5

SHA256
51fd213eff10a1e669de0f4d36550d5c937643e1d027481cf28c315496aa9145

SHA512
5b229179e2fe4937cf07cf3cc5764022b95f5b26ce6794d396c48f537fef94448e9cda5085cafca989b6127445ef42bf3e5755b76c06250ee4a13f64ede08e47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
28f3fac90c986bb1311bfe143f040613

SHA1
9a92dc9da8ee295edaa1f772a34c67fa2a2e146b

SHA256
87b275a1b580775743367518e0cb64e7355686d9da68ae03fd31b45432ce50dd

SHA512
28d33e082eb643326433034756dbc94202d77b94372b91bbe67a54d6f74cf7e3754a926d2db906096234e1570c90d52d2c9fc53875ae07294090a35d3fd30b4a

Download Submit
C:\Users\Admin\AppData\Roaming\TJPffvUZe.exe

Filesize
674KB

MD5
880d6cba6bde2ce8c5893678462f99ea

SHA1
6df631b43160ca2c62576c65645208f8a14a1813

SHA256
be2b337b492d73d7a55401d8a3d70ef961a3b023e6c182bad9607627a0a6d38d

SHA512
a930bd16d12f94b69f0167ae742bec1350eb674a3de25df087d18d98b7c779abbdb4f67004be04892af0e667eb8ccde3a44701d5a45cfce282393ef6153a7f3a

Download Submit
C:\Users\Admin\AppData\Roaming\YHWyXapflg.exe

Filesize
988KB

MD5
dc6296c1f5ec3b6e4dcbc33d0fcf3616

SHA1
64c81ccb99415efe3aaffcfeea93d15fc08b735b

SHA256
d776f6152105609e96a665bf681b71c945da8341b326410ee20e6a31b234d4c9

SHA512
e28695c316d1b5d2d35726ed3f68ebccc1d07083d3b533b90ac9a1cf697ebbee8794278625107f305e22b55c68a1a820a73103f208f6f6a0f40ecf24f4b5db98

Download Submit
C:\Users\Admin\AppData\Roaming\orayjpgjlSJ.exe

Filesize
712KB

MD5
ac479057116a68ee8f38b431195ef055

SHA1
c5606141d06d0521b77a4abc36eb7cf1d227b1c5

SHA256
ea3924235164ac07fad6964220f412a07829d4e972eb6278365cc8dd4cf50b6f

SHA512
93057f2171071362126a9c666eb65e8e67ab820f361848d921a780be515e395835043fcb8377f853399a5c91f3ec72e30b65a31cf8dcc591eb18bb6f5621f344

Download Submit
C:\Users\Admin\Downloads\240919-p469fazejn_463eb63cf11b8547651f550cc6f112acfca63ffa21a0018a8103f9b04908e740.exe

Filesize
39.2MB

MD5
ff0d33a53e3e91a66c4d1249fe606687

SHA1
20b2675e8c89170bda4081c5b0091f1755b4bbfe

SHA256
463eb63cf11b8547651f550cc6f112acfca63ffa21a0018a8103f9b04908e740

SHA512
bb1f8079b92999aceb6b547e7df8ae6ef93b67b0187d31ee4e51ada9bbbff78b3a21555bf424e939a98e8053e89c714b5d38711c22891008533903b2f2ab0ff7

Download Submit
C:\Users\Admin\Downloads\240919-p5n49azelj_3dcc77c1a803288bf33a382eeacd5986361cf1448002c59d47c6a4758325ad67N.dat

Filesize
1001B

MD5
f9575614387b2862d4e678197b9a7226

SHA1
fc892009f6cd21dab879a2d8856fcb4e835f1534

SHA256
d50d12d8bc3d004db64660548b9562d0eafa8ef37892d8ffb5c042c5ab9ed98f

SHA512
7ce759088c4f939de6ac4b8b526d96fd928c98f08d8c23254d9ed9e3f2ef2b39a2b46b89d0b32efebc19485c09b543ad0a7e7529fa6e75ef5a98d7b05be14b10

Download Submit
C:\Users\Admin\Downloads\240919-p5pe1szakh_2116-12-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

MD5
65b7044dbd0c14d18e19f5c8a2e9c1ee

SHA1
03473a3a62d8cd81f933c99fa22ff21f1d6a9ff6

SHA256
c61bb2bd088ee04b43278c7ae50208aa45436e9726675783c39dfbb51e8b2295

SHA512
1d2abefca2c9e881df87fc06f1f6206c981416e8af42bd9d65012ead7c678eeecb741531a4e0598e56d5c20a95bf61fdaae6ec1c9477cb85ffc87d30b17d4070

Download Submit
C:\Users\Admin\Downloads\240919-p6bkjszenl_mipsel.exe

Filesize
67KB

MD5
a882500de497e282f4b6a80888a790b4

SHA1
e1c6e00644359672a455c49207ded4780af3232d

SHA256
e3785343a1fbb0f87c29404ecbc9481b8df307d60a0a4e9605a3de08b316bff2

SHA512
1fc5f8e37321392d236032c6323d9e02ef7ad2d95068d8a9dfd9d79d5f7f5c650e388b49bccbd6075901ce8c15836fa77930cdafd59da352718bd755bb3ac987

Download Submit
C:\Users\Admin\Downloads\240919-p7mn7szarb_2460-30-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

MD5
c6037d90821ac08c7db72069f73dddb8

SHA1
d7b9d72faf5cb5ac3b28eeb0bc9296099de39b96

SHA256
66806b848af77d25c12604732d7bafbbbc58e8dc7113377f7f3d127f57332823

SHA512
ff7b78048502fb189fcdf539481bc0081588b5da691690a562b8bdc1569a8cccc36198e7c5a56ea39ba2cbc19f95709f6d7dcc179f0e93ba5d84e869b781d576

Download Submit
C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe

Filesize
1.2MB

MD5
1646d90b7d541f487805f0a2a33c8e86

SHA1
2dcaf8f3005b0753c11fa5578ea19fec126ad3bc

SHA256
317f3c3a07c6bcdc77df7d4123fa26774d8d78ac808528cd2264d4931e84a98a

SHA512
b0fd9d114658fc9effd2261dfb568759a0851f7aa60cc64dec69eef6aa810b79345f81a814589dfd16d44029bacaa8fbd75f09387c2c8930f3b28db533c34391

Download Submit
C:\Users\Admin\Downloads\240919-psa2vsyhjm_dd55f6b1efb8fc7d44a90e690a14fabce76551814eefb859e80a1fb2e44cb4f9N.exe

Filesize
1.3MB

MD5
ce5ef7cd26b8752dadd1c17dd0a1b360

SHA1
09bddc3d7772f0fe17e13757505610c1c360bbaf

SHA256
dd55f6b1efb8fc7d44a90e690a14fabce76551814eefb859e80a1fb2e44cb4f9

SHA512
9991eed082e0838b6fcb5f3fe32c191c95373aa22cbafeef23d96ea71195b9413280c4f75b9f715808b1ee28233fa5edc6b3af43d50b2fddeb38ec7b6f1007b8

Download Submit
C:\Users\Admin\Downloads\240919-py4w5ayfqb_magic.exe

Filesize
36.7MB

MD5
f921e16ca321bbe2e490f036f8b99c74

SHA1
6e25638b340ba77f3e467bbbdc27c48209e193af

SHA256
6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc

SHA512
04492839ccaeeddc9090b7f6c6458294540bb3e2589108a3c459ae87a11c6cabe6548d80805f37b8bd43616d3645afdabe8b95b9f37c85c06f5c87b137a10274

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
41KB

MD5
7a82d3395f33073576a940b5fdb5c3f2

SHA1
a98d65d3fc6870f2daca45d88fe09d4d51e63eec

SHA256
dd42cb1c5feb0339e4157fcb03785e273627ad2cd35425260213970146e89532

SHA512
9b833c2f063f592985b6636baf5f5ba640a5cdf2c8d46ec898ec8f4f3ee7d870c70ea39e54a5483e63415b79e0bcd4ae2cf26addcb09c7db6b6459d86b2ba096

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
41KB

MD5
55adcd939b5951949035804c4694f2c4

SHA1
f95ec8b36036f7a5508927b76deaba0faa6f46fb

SHA256
52a9942e2d9a9949430e2606ec523c68c689e622b9466202d99129e687910c68

SHA512
2edcad618b4e5e1ef4cfe93db2f2a3477cfff23e555ff14d7bc56d8a573181457d8cd37404daf69829b129bb699def50532526cefcf4238c3abefd45e0edd154

Download Submit
C:\Users\Admin\RuntimeBroker.exe

Filesize
84KB

MD5
98ccb6806d126e3a211b963d3341efd7

SHA1
108dfe1979c04c588f87d6fc2bb57c3ac10f6742

SHA256
11f00d48ecd890e9b8658c652a6283ead05dea9bcd641d89d0bd7f0f618f3cd2

SHA512
373caadac1ad290d60ea41663482946889ae9e0fea96115e21ba38d19d2bf6123c47501190c3fb33ef51aa07f6dbddc4eab43b82cbc008c4f83684707e1d3510

Download Submit
C:\Users\Admin\RustAntich1eat.exe

Filesize
827KB

MD5
eefb801774c5ccb44153268a9357f5f1

SHA1
b1906b22e14edd142c52808ab3e5ba9346b85de5

SHA256
677aeb1981c58cba41a5d53ccbbf5b471e62dc49dc326570767da940560d840d

SHA512
1cf162fe6184d68dca514059d2de1123e80d0faac401765a54224aa5a987c9454bc92263fbec566835aa7b402f1f63ba59bb425ccc139e0a7391e66991f270b7

Download Submit
C:\Users\Admin\Umbral.exe

Filesize
230KB

MD5
4647720ef8607199527cb3b0bc793587

SHA1
0728b0cc0fc7e0a1a8ed14c0861f8757780e4163

SHA256
349bfc065bf0580379be8c6e0d0dca592deec1bfc104d8d28c70454436de6337

SHA512
906baf94232c9f76d193021345259d01e23d81b3d9a948067035979235fd45e739e89b8047148f61d2f210c40e561067a040100ccacebbf8921050f12a0281f8

Download Submit
C:\Users\Admin\cuefej.exe

Filesize
156KB

MD5
d296c0684b897521d7b70ab922dd4397

SHA1
8e44c0b7bf01a713e512b57b47eab3be89b2caf7

SHA256
6be69d181ae8c4213efbc2456cdd63028d1a6183c25e7fdf953f45db8e173faa

SHA512
13f2420b148e643024eabf72a0545aa739c60433f34647bc464b951112e6e9d1a29a2fe399d09a3cefad806d40b36cc1bff76e78b374f262e258e3f82178014a

Download Submit
C:\Users\Admin\lufus.exe

Filesize
140KB

MD5
39475484c591e206f6a74de100f011ed

SHA1
74380b9f24fc27a73fc9f3bedf5dfe616a1b7a51

SHA256
09162b2a337d8ce2102e45a7c4d8c6097e9120414d05036da50b0d68779daa73

SHA512
7a2e504e2c4c86db683934cb05fc8e08980cd644928e7429c0e1e936db74de55f91a9637096280682102c2c4c01b72c966d171800707dee95fc7853486420037

Download Submit
C:\Users\Admin\toeiy.exe

Filesize
156KB

MD5
06b8854f09cec98814965ad108e6b57b

SHA1
7bc7989ad5186b13627527c649bfaf0a50d0cd82

SHA256
ba82d5c86b192b73c0a3be4ba20722ffd5a5b2338eceeae7ed5477dfeab6c45e

SHA512
9d3e7ead19084ff9b23458e80fda10b32dbf5816fd580b34241652815af340a788b27ba3921a399e2a4819f5d8d9516eced26512eb3bb9d3ecc8a6f72279517f

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
206KB

MD5
841ea61b171fad6849a3a0369633345b

SHA1
8adcb09de7d5c185e5bef4346e85cf0a75904b58

SHA256
96f4570b3ba2c313463f7c462d4d1f96c91b5724238cb2f3b787965b8d232621

SHA512
a76accc8e0c152ff3c4ed31e81015cacd8db3050f30373bcbbc7f3698ff4bec2b0990893628a55132965d2a6228adbdfc611dacd8e702dea3c88f7d61c6a2497

Download Submit
C:\Windows\SysWOW64\Bfbojnff.exe

Filesize
664KB

MD5
94f405b739f88a6fe673f2cfbfc5d7e1

SHA1
38be8d0f8caa2308d23fd02ce2d4dc03e34478f4

SHA256
dd63979aaeeb592dd59fcb02637ff2524a47b6ba0cf862c823be3571a706a410

SHA512
d8e9e0d8f325032a54b243568d6fc3c69c7735562c00ee05bc97ab3b3382a5a715b14e05815c855fd8f82e2259ed3ae7a6677403225e04d3efa3c0f3ece3ac6e

Download Submit
C:\Windows\SysWOW64\Gbkdod32.exe

Filesize
94KB

MD5
a6e426d51291924e4d3e51fdbed6fc8a

SHA1
b1c7256ef475d8f2b0b6eeb137764a9478207535

SHA256
dc69863077c3e7b96074aeca9992486ca383c9d6b1477fa56821245fd07de7a2

SHA512
f28982ca1758b43726c71cdc41c9fc55b65621abfa07a9091d7001a1afe8e82e3dfad10f0ea9266377175afca467d4facbd9efaaf0c515a054798280cad6abe8

Download Submit
C:\Windows\SysWOW64\Hgdlcm32.exe

Filesize
63KB

MD5
ca7581c51f77eae83441271e0e8d6a1a

SHA1
62c0864e6db22d53ee40689e0dd58d9c146c6fbe

SHA256
9018b0a33edf5cd8f798f43f05149fe5da30bbab2d522f802f544c6303d3593d

SHA512
aa2d6b01352bc3968f03ed8881ddcec0d2230467cd93b5ffdd45b3f1ab9d043cf441718340327098815772f5b01580f2057b217f6dcd10ca2a0e2a5d84a2e577

Download Submit
C:\Windows\SysWOW64\Jcbiffko.dll

Filesize
7KB

MD5
68759f06a2a1a277a29ee30b2c768e02

SHA1
2689ccaa70023f2dac597f0cdf663bb5bec9c962

SHA256
244644b2c964dc1a371893b16db65281034e8aaa4b95a4a5ebcea14f1c95a9df

SHA512
d78b82e7423b1e6e2d4225571d6ac72711cb99f961aa20d470e1f6aee7ffb23f035a533899b058ca6b4f38035a801d08a7e95fed1726619ff88c91960bed2b0b

Download Submit
C:\Windows\SysWOW64\Khoeok32.exe

Filesize
264KB

MD5
a71308b21711b45ef8b34f8b0c59ce40

SHA1
5a82e5fedecc45ceacf9d760f6b286f2e4bfd7e9

SHA256
c71f73ecc04e61f988c35a95584341dcdd7f6df9670e02578cd1466401488466

SHA512
651e36db1a6b35025474c4c3355dd459e1b11d4f5a114a527810cbda24d33bcacd319ff09c56e6493471848aeb7a52de725335f3058552146998601073f138bf

Download Submit
C:\Windows\SysWOW64\Ljobiofi.exe

Filesize
96KB

MD5
96cee06203e942cf4193bd644617ca4c

SHA1
9556b6781e4b830102a137cd8acc4aa5d2d50d52

SHA256
a5fe42649ee0bc5b63889040ae55d4b24d6fedb29775f6f9a63d4da57c1016b4

SHA512
958686bb80ecfa42e8664ca9e6953d0f0fb4aebec95a96e56a3d9e7a19b845120018ebe87c2c1666a3a0f00beea874860178df879f420bcd0ca8f1b3c77abd5a

Download Submit
C:\Windows\SysWOW64\Lqfpoope.exe

Filesize
664KB

MD5
1ea3d0774a0d7b6bedbb514fbc462258

SHA1
32028db3694552de986e81c50424ead57034b49c

SHA256
99dd90ab3d2d56e6f54d850e2709199c96e09400d4529da8c6f018da4cde495f

SHA512
5a94919986a179fad978dd12bfb75e3e2522ff8d899660015251aa8e1a605f9a0f98b90f107aeebacffc300440241239df53ee4504828bdfce67f7b09d16548d

Download Submit
C:\Windows\SysWOW64\Opcjno32.exe

Filesize
664KB

MD5
81d532c453d03ba905e22b5746464bbc

SHA1
a6e0e99069b802e67b2906dfb2564d47a3f05d4e

SHA256
283c790c943864185060630be65b2403878314f3a1324abbc95a1f14c1c076be

SHA512
ca556100d7e7ece23ed4c3f045e7124648e6000d9902ec6585f3b31c53bb90f130127684475f8fe28cbbbf8cbf3e5202f994d0c15fa62bcff53dc4597abb0cdc

Download Submit
C:\Windows\SysWOW64\Oqpakfgb.dll

Filesize
7KB

MD5
03e54cfe058728d56cd2e9441d582c2b

SHA1
947c9cb1c21d744f9f548a458a0a9ec895d7b11d

SHA256
29b71b87049bd8716af9fa64a9fb55038be60210883f1f958a5d0171f6f5d0d3

SHA512
84fd8c69dd03522f7d389679429672fb7471fbf10bd46b8b263e5f59e8df4316158619ab8853b9bd51cb543961bcee2281b7fdbfdbec4219ab6fa39bdabc9d7b

Download Submit
C:\Windows\SysWOW64\Qagdia32.exe

Filesize
96KB

MD5
82857d9f23c2357cfc261a43998efcf6

SHA1
b6282202c9494700176d91518a5ac7d592db7b0d

SHA256
9ec38976acbb14f275b10040e6012a96a818e5e59fdd8c6bd07a8ca3922efd89

SHA512
d8c871b02a6ee2b6d6c6149cd760292faa4bf11bd5e33f1941a1f99eeb5e3a9ca2ae8d0d5644f1703a792591a3dfa770d9ac5f4238d57f1beabdc38e100fd268

Download Submit
C:\Windows\SysWOW64\Qnlkllcf.exe

Filesize
96KB

MD5
f8f8472fca6ea6e07baa43a5d5303a40

SHA1
336e6be7bf5bb58cca5ae2283ecbc726908445e5

SHA256
d5261f2b429764d6e144347ed793f261096364fb33b61ea73227c801cabd5d70

SHA512
9ebee63dc3a3caeec7c5667dc26ebe99e4951d3f0d7df773c5c8a9cd931e87603fed07eabbc313a354414b626c5671cdcfd5f592d581b5bc6cdb9fa3df862d5c

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
83KB

MD5
c7b0904d1821c51d135628c408f00528

SHA1
62ad2f037eb6bcbbe486e5bd9d4636ff2bd7a31f

SHA256
22108a39ef810b411eb541f19084601c42993c9c492fed60e7b8d1bfe7079aa9

SHA512
4bd690e9b155ab382ac386461c3a12bedb3a63ceb47385fa952f4bf0c677ec2ddbbbcf808dc1cf4c97d6faf053fc5d3936cec1ddedef2d719c51589cfe2c9dc4

Download Submit
C:\Windows\SysWOW64\twex.exe

Filesize
245KB

MD5
1e6abdb0fba664271cb901c9a2fae780

SHA1
42479e2d71a48bc81a9007fcada6a0b2774914ef

SHA256
5a5379808808db0ab73f473d9e9c52b52f23084dd929a47786f0682ec662c228

SHA512
2d0bde8c7d2194fb209d2cef6cc51fb3a3f3350ff8f96aa100e1eb381516529ef68819786fe554802b5fc0151bbdc0614f52dcc44ef840c0349eaf1244c74bf8

Download Submit
C:\Windows\SysWOW64\ztrfbtno.nls

Filesize
428B

MD5
534cda6b48a4f4eeba156fae0d91da91

SHA1
ee02d7d2b5f6d35d717c818ca9751af162d39795

SHA256
66180bbde64bd522c568ee505c86f8757942a6d7cbe969b7240660c1ff31bba9

SHA512
e4be76b12a415264990f8e9767356b66676f4d2ddd478c6765d0a614032e9a57547f040c6d86cdbcf5b2bca32857850843d7550611cf1e6ea8a2179ae6996c7a

Download Submit
C:\Windows\SysWOW64\ztrfbtno.tmp

Filesize
2.4MB

MD5
dcb3ea8f24000f381a78b65dab130ec9

SHA1
f30ebb8c51b831dd94ca098e34794aec8fe09398

SHA256
d2756c1e00bda999afda508ca0d2c66df31afa94b8055113145ae4939580daca

SHA512
f6736c02d9c1abbea5d3f812e5f732fb08897fca8098f64c9d402e28d25abe3b5d49ce2b458f53773e6d846859c9c01aa69e67057ba92fdc9a9f482ae94a565a

Download Submit
C:\Windows\System\SUYwZuy.exe

Filesize
586KB

MD5
7551e36ff8bc25871585dd21c82a7aaa

SHA1
12ccbc81167746048aeb0ff7cfc9b7c76b107583

SHA256
47cec43b1d07ac9a8b157bc42d7c8ba2aea1f22862a99176b3f60b4651c1019d

SHA512
7e41e5a914a424d88c9557201c83ba772daee0fda5e455a5e0f370acb273bbaac4bc06822bbf51e534da8fca07547ec4fd7d2078f0bd5ccd0b49c69caf2f371e

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
206KB

MD5
d9ac0691fdb04d3292b1e32ed1798f33

SHA1
0881eb5b23f28c71f9c6ee7da249220dd970aa80

SHA256
ccd2aacad592f500da1acc19531d6c829aee3e735f19f0b478de764e628cc5fe

SHA512
e35e35c928273133d449e7ce5b246a0d208a78d075f1770f18d8437e54b670ed59e1083678cada884f97d747d1351614fc926718472dcfea5feb97993a4431f9

Download Submit
C:\Windows\directx.sys

Filesize
85B

MD5
a860e793aa3d9203cbb63e292cc69ad1

SHA1
60d7c624faf8d9d0c0e6efb7e078c35d7f663a05

SHA256
6373e114bc714c339c0e2f2a34ffdec67c0f0c9b9054b7b99d66bd4d04953031

SHA512
90e89365f759f6953dce809616d35a5a503d9f03cc858c6954785adaad2ad9e72cf15e2222943a7a302ef14112a98ceb734bfeea603ed8e0592d3074a39084ca

Download Submit
C:\Windows\directx.sys

Filesize
208B

MD5
81d23dc7a6d73f1d90c0e8170c901238

SHA1
a6e02ae6fb1be9478688402cbd7f8439b1a333a7

SHA256
445bc404671034a65889bc515fea14616e794d64bfc172ea342953b8e4b41a34

SHA512
d4e72627f4facb7014ef4002ded38bbee196b4ce6f092517c2ddda520f493d48f89a9878f0e55fcbe4c498f14fb6855bd1f5a95136ce7fe12e7bc0dd9cbf2fd3

Download Submit
C:\Windows\directx.sys

Filesize
255B

MD5
a583902a275ac4ac670c54c5e93279e4

SHA1
f4433a0bb1c0dadae24245956bb0d81b1cd4238c

SHA256
6709e075e08ee3bc6f2e3172571c67a9b2e3faf12431bd0bcadda5cdaf8de316

SHA512
57c99153893be3d29f313c83c8b0fc126dcb7d7b985fa4a059cc54df7476061949afb7fbde6f657b8aaf81786627efcf36f1233e42282792b5dae33f8faf2542

Download Submit
C:\Windows\directx.sys

Filesize
327B

MD5
56563f25e598b2384c73b669f005901d

SHA1
241ca65b624bd14bec51dcd2365f13846b26c178

SHA256
48ee7435dbe1c8970b195ccad6e2218fb13765a5b7f5f8083b996b12af4e5af7

SHA512
f8acbe7a62ceff40eea3e5e65177bf201a73dcba89efc1a8055568be2f4c7ed53e46623a5f3f9b2eee9c0078b45c9c5dffb4d1894b3d411aa665ca65c520e6fc

Download Submit
C:\Windows\directx.sys

Filesize
302B

MD5
dbc786a328970211b8dcdf7a11813e1a

SHA1
ed1af7a5465ab5532b2a433ddc01e9ad719bd23b

SHA256
b1d53218d02e45c53af630a5d4abbf438d03620b1599e7e66f3bd58e80753d67

SHA512
9c791f033fb16683e8d5c5ec46e226720e7ee1aaa43ce199fa4d2ab154c1c72e9d57447dcae94b69aec9741b0fab653fa8d79fbacfb450a6adc883655a1cceef

Download Submit
C:\Windows\directx.sys

Filesize
268B

MD5
59b573902292c013561dc5ca8278c8b1

SHA1
6fa7ee1fe3264d62abf522e98c301055a36fa35a

SHA256
08d7acf858a13faac9a2c4c40ebff259904e2fb2c291c9dc7209c9149ff4ed14

SHA512
2a328a16a7dfc58efbed5687e8b3b55c71ee1fdecdd1af9f3bfc6a0414d3230f900ddb957beea0b4dfc45f76437947f9bde5d2a070f3fb304c1d3a417dd95d26

Download Submit
C:\Windows\directx.sys

Filesize
484B

MD5
9aa25c774c03ef5f6e76c5cf853b0024

SHA1
1baac6c516c3933a5d1b141a2ce70f5324fcdebf

SHA256
7c645ef4d9dddcff0f455294c1bee1cc9dd4a99c4466d7d5f46ccc7979868b58

SHA512
c8e66b8a8e9bc2d52dde9101fd4da194a4c8568f2c49827a62b92395624dec1739f6abc7d7f230e0aecb078d4f1b3af84208ec65fdf9c3ce27c9e5efe2a2847d

Download Submit
C:\Windows\directx.sys

Filesize
598B

MD5
06954bea6946054b45a685427a26f13c

SHA1
b9ec7b3bc8ba4e0fdf33c11a6354cab55a95a782

SHA256
0bcec2922afc3502910e5fe2a34425bb537e492dab8bd7ca819d792d4a5c6e23

SHA512
311aa6439cf89dcf0c11c77a88e28dfa04ff7c42abd6630975d3baa39f7d40675bb931ec68a1a8c2ffdb57122b14dcdee7667120f29f3bafeb0b26d8cde97c0c

Download Submit
C:\Windows\directx.sys

Filesize
511B

MD5
cfe88d9e46e0a2e82f7a1708499860e8

SHA1
5d8354be9bdfb961d41e067a5c2b0b9795a8b535

SHA256
0a23aecceae6b96bbb48da93fa31126ab6d73150eaa8c5c99e02c587e52f29b0

SHA512
b5354588a6f77f07c8f64d21da2e6c76ecd794b052ad3e5979d190f42db01e7a44f89211851376fcc11e71b6afca7b92218523743e063b590380444ea2ff8999

Download Submit
C:\Windows\directx.sys

Filesize
545B

MD5
51fc3d0905405e434e3e3679618b2119

SHA1
d59ea183169281b40f07145d9c8ee021840172ad

SHA256
4f72b36953b0ab88ffd805529a6c9ed22262d7ef5ee39a4c1c96ba9143fd9a4d

SHA512
226ec461e827a3a020228a78e04c5750d00fb49f571ac2daa9d0ce1efe110dcbf1f28c4349a8f0140528aab654947cc51c24c4a4a6d6965726bbe493c92373fc

Download Submit
C:\Windows\directx.sys

Filesize
570B

MD5
8bfcc505e42d7a0fde61d1c45ae40151

SHA1
0ab0160f86a60f9c730c1471784ac0d20c6c842c

SHA256
56808c2fb959262a04d082de5e7c2b6cc8184fded62de7f8fa181369b1703a13

SHA512
f1a777f66a7bf6f502cf4518169f21bf809ea5f6bd4a6870b640873bd0deeefd1dcbf79d499760fecdf6f94e0326512d5612333d5cd3c3a8067843e7d82bea32

Download Submit
C:\Windows\directx.sys

Filesize
556B

MD5
b3339a5fa41e96ea60526aaf3d583ac6

SHA1
83e4cda241d31c78efb22d739b82dccebecdad32

SHA256
d07da47c75cab0f707a02fa6f1655b43152be96970817511a7fbef99681273ef

SHA512
b4b474d846a61e625d8ec21f42101909c0d77c3119c2b5adfa4c5e0a3aab0a6b477d9d545ce1197932620bc7a77434bd49211e549f6fedee5088b31c0eb3baa8

Download Submit
C:\Windows\directx.sys

Filesize
644B

MD5
51c480ed54bcd82d2f0f1f4cac9366c4

SHA1
ccf59f9a139897fb3fcca577158d307f1bac463c

SHA256
29d16706148f1e419dc3ff9951093a5f7d57c4226c9c6fc8a7d8092c7a1dddb6

SHA512
732c26387e303d97875b7185fadbab4a710e713a5e4d10f770e49f63e82a2e618e2fffc134dbfe4919bdb298995997e62bc22eec4d360b3fd8e2436ba520bcaa

Download Submit
C:\Windows\directx.sys

Filesize
615B

MD5
3d11f063463d89bdfad123fd5654bcd7

SHA1
5daadcdbd6f026eb21f3a277a3dc38acaa51e65b

SHA256
9cc1c9eb1af8f4c1d9059e114c5971a578da292f13cdceccba080250d535548e

SHA512
6ef8bc81bf465af4ec94c486d4188b683a42304f8430a9677c08aef330f56a255c879d49989899b777283270ed51ef97de0676f96bb5b2198ea585afa997ed27

Download Submit
C:\Windows\directx.sys

Filesize
590B

MD5
f63856e8ed15805b3e4eac5ba18df274

SHA1
75be783f3536db79777744cf3fec56dff94aa774

SHA256
808acfce700ec372b07686986c013b53f4dd9bfd03e72103059e9bc72ac95f05

SHA512
7523e66119d62869c9dede6fbc08e81f3ae3620a1d336b89b2741ef9f3fbb3914b455353d805f07f88b25a4d880d15214f35c64c087ec79a4e640c26592c1ea0

Download Submit
C:\Windows\directx.sys

Filesize
706B

MD5
363404de70429900c8834ddad3d8826f

SHA1
2188b17c6dffc6086477006952d99780307a2202

SHA256
bbf5e35458d0435ee9f8085ebd41e56e63810c7a3f8c45f36eea2ccf659f05ed

SHA512
319a4ca8be4645a0a433f303300b1b171664ca70ed5320587eac85ca6f79bd71dc0ba956484642f234f6a88899f61365b3f1ff99c743a91db9a5f94c2b463bea

Download Submit
C:\Windows\directx.sys

Filesize
637B

MD5
35e4bae523fe42f00fbc86f4904a4623

SHA1
f60ee5a55572cb7f73e93fbdcf94eb76eb863f5a

SHA256
59b1b31c96da589c13d95060dd020984f0844814f49cfbca3b012ec91ab2250e

SHA512
8d6550cdf147ef9400e19c6964253416b2abd69e67b9f2754f772b3a961ccf3237e15665db70c3a85428d332a55e838752e7b0f482e17ddf438a913a084c9279

Download Submit
C:\Windows\directx.sys

Filesize
58B

MD5
2b4067bd533f206816a8797f591fce67

SHA1
c55e0aae56da884a806074acb6457dbfff01b085

SHA256
a776bde23c3349435aa69df7a5a49af08480dba53d0b38e870341592ac8964f9

SHA512
07c36731c9975b473640e2e8bcd7f7d8687017e74c6a2402f65f0b4ff8d7fcfe94f3bd2b296e6745853b53eb5cfb0f2dd2b88eab624b27b68e2f9c2a734081d6

Download Submit
C:\Windows\ntsys.exe

Filesize
37KB

MD5
4e7e317afb3e551168b1a699b5ad4106

SHA1
838c66d355a6c48a952f60d5542b068c3dd1725f

SHA256
4fd40653c90ebea8b73968654cbe1e9307896d7a651eb93802a8801dc6d7e090

SHA512
479ad7d289964a103354be967e9b5a35b74809ca261d2142e72cca6d18a80df3124badbb78952b7cf7ee7a0a3eb0377266f8681637d97735c6f59a072e59af3a

Download Submit
C:\Windows\svchest425075242507520.exe

Filesize
376KB

MD5
eb5c919afd904cf62615161c2c83720f

SHA1
9365bb524d789108ad53b9182717bf4215e8368b

SHA256
6a5591070d201485ed848d8240f70aca37cbaf95d192c08b4f0b0a9a1c23e970

SHA512
504a8c36f3424cb0afa38fe43d0b81b513c5947131e282e7f8083429155c3bf15ade86f732a1cde15104cb24f9cd10e4dd53edb44705c826016b30e81e74908c

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
9384ac226294504bcd047d8eaf718fd5

SHA1
6239e25ecf5fc1e658109187a2d5cf4455c4f555

SHA256
2cd1f780b029ae898c366360dc85de52016707faaaedcc0ec73873d64c79afb8

SHA512
32afce7c9842d8e7b7ab38c9d93a1261e76030a79cb921714fcd09037188b4e8bcc956c8ad5cdc4bfddc025cec04dc959e9f37d209468d81c50a85b23aff64c8

Download Submit
C:\autorun.inf

Filesize
126B

MD5
163e20cbccefcdd42f46e43a94173c46

SHA1
4c7b5048e8608e2a75799e00ecf1bbb4773279ae

SHA256
7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

SHA512
e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

Download Submit
C:\backup.exe

Filesize
122KB

MD5
91645eaa3b5a9ab6822c1aace8f21d90

SHA1
2cb07b67e990de113772a2b03d9f5b89760783ab

SHA256
4a4fae2e269230ffabd64db95ec6924f4c7653badb7255099a725f8ef38f10de

SHA512
43f1782705c7bf4a81962662e8a27fec7d1a137cd8556d4a8061063b6acc99cffdd8509e6e8be10637985f084f0bb898ca4a0a215a15e087f6c34d5605d81f1e

Download Submit
C:\zPharaoh.exe

Filesize
151KB

MD5
09786645b832b3fd6e9262605459dd69

SHA1
ded097b9d019a6d3bcac668401528930b0a6b23d

SHA256
a25589496ed3bc3f45f7854209d7095762cd6f391a826e9e67d23b76c1faa69d

SHA512
629e4d0e00753d54437c3d160a137a55d29deb7c2f486880d22770a3d70e4a8614565db416a065a4cc405467d79593f4a48e0134b6163567d79be54f138cfec8

Download Submit
F:\240919-pswnkaydlh_9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744.exe

Filesize
2.9MB

MD5
890414cf6d3c0b753dd9807304b290b7

SHA1
682df45ea445da17cb28f151885de4982586bbdb

SHA256
9bdb64d85228b74e670c5768d020bcf4586e69aa0e95d0a2b3a17c7a38c6c744

SHA512
63942faaa6759f1e7367e00ea37aecc5b876b192bdfb3829f221f51b451efe41b74bdf085a0eb00016e386f5058390329d44e9e8c3d543dd1c518a60a544e615

Download Submit
F:\zPharaoh.exe

Filesize
151KB

MD5
27e19fff51949a9640e96af6036aa481

SHA1
6fd16d7b1aad774d2a14338d9b1341c3030337a0

SHA256
d3406dad9c39df341cf5ffb7e13d590ef376c69a31fee98def14e6a13970aa76

SHA512
828aad15c3fa347eb3694df5da7cc5242db28e39ccfbed5351ab11b03559dce2984621cc65663658dc8fae29ee2a5c62ce84dcd7565dc5e7c791031cd8f58228

Download Submit
memory/424-1590-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/760-1368-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/808-1069-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/808-1460-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/808-1459-0x0000000002290000-0x0000000002292000-memory.dmp

Filesize
8KB

Download
memory/808-1540-0x0000000002290000-0x0000000002292000-memory.dmp

Filesize
8KB

Download
memory/860-1561-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/860-1212-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/888-1258-0x0000000010000000-0x0000000010046000-memory.dmp

Filesize
280KB

Download
memory/888-1270-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1016-1213-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1036-1152-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1036-1495-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1036-1555-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1716-1142-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1144-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1141-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1196-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1159-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1143-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1716-1113-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1768-1084-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1768-1466-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1768-1544-0x0000000002150000-0x0000000002152000-memory.dmp

Filesize
8KB

Download
memory/1800-1695-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1888-1942-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1900-1484-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1908-1112-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1908-1470-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1908-1545-0x00000000007B0000-0x00000000007B2000-memory.dmp

Filesize
8KB

Download
memory/2012-1173-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2012-1559-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/2028-1271-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2060-1941-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2144-1486-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2144-1553-0x00000000006C0000-0x00000000006C2000-memory.dmp

Filesize
8KB

Download
memory/2240-1838-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2340-1482-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2340-1552-0x0000000000650000-0x0000000000652000-memory.dmp

Filesize
8KB

Download
memory/2392-1072-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2392-1541-0x0000000002260000-0x0000000002262000-memory.dmp

Filesize
8KB

Download
memory/2392-1462-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2392-1214-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2440-1468-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2472-1323-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2516-1940-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2620-1589-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2872-1364-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2912-1557-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2912-1153-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2924-1210-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2944-1369-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2996-1365-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3336-1269-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3376-1591-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3508-1688-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3564-1690-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3580-1548-0x00000000006B0000-0x00000000006B2000-memory.dmp

Filesize
8KB

Download
memory/3580-1134-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3580-1476-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/3720-1837-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3764-1367-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3884-1472-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/3884-1374-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3884-1414-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3884-1372-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3884-1147-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3884-1135-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3884-1114-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3884-1546-0x00000000039A0000-0x00000000039A2000-memory.dmp

Filesize
8KB

Download
memory/3912-1939-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3920-1943-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3944-1150-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3944-1549-0x0000000000550000-0x0000000000552000-memory.dmp

Filesize
8KB

Download
memory/3944-1478-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/4112-1443-0x0000000010000000-0x000000001006C000-memory.dmp

Filesize
432KB

Download
memory/4112-1446-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4112-1151-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4224-1267-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4232-1268-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4352-1542-0x0000000002050000-0x0000000002052000-memory.dmp

Filesize
8KB

Download
memory/4352-1464-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/4352-1083-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-1551-0x0000000000620000-0x0000000000622000-memory.dmp

Filesize
8KB

Download
memory/4444-1172-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4444-1480-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/4692-1115-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4692-1547-0x0000000002040000-0x0000000002042000-memory.dmp

Filesize
8KB

Download
memory/4692-1474-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/4764-1266-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4836-1366-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4932-1689-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/5132-1379-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5184-1370-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5248-1697-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5264-1371-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5300-1375-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5308-1691-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5368-1854-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/5368-1376-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/5400-1377-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5432-1692-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5436-1378-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5484-1693-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5488-1418-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5520-1694-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5532-1419-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5568-1420-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5620-1488-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5708-1416-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5716-1696-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5740-1489-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5856-1496-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5888-1490-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5924-1491-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5972-1492-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6052-1494-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6088-1493-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/6532-1781-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6564-1782-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/6604-1783-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6640-1784-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6684-1785-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6744-1786-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/6796-1787-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/7232-1839-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7268-1840-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/7304-1841-0x0000000000400000-0x00000000006EE83B-memory.dmp

Filesize
2.9MB

Download
memory/7376-1842-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/7416-1843-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/7808-1855-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/7884-1846-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/7896-1847-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/7948-1848-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7960-1849-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/8000-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/8064-1851-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/8076-1852-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/8088-1853-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads