berbew | 0e4c7ea1381577829677372822f13f5332f04047156d2e719e499c1546d0781e

Analysis

max time kernel
76s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magic.exe
Size

11.2MB
MD5

2b6fa0f9cbe3f952fdb8177496461b53
SHA1

64e03359c3dc40288fb3755dc3eb28f6c4e5090e
SHA256

0e4c7ea1381577829677372822f13f5332f04047156d2e719e499c1546d0781e
SHA512

e235cbab4dca4b9b11c6596670c8972c562129dfe44c4000cf3a3707d2f1dd7af6cccfe04527249de74cadb7483cc6d464d5b812fab9924dd4f0d59dcf1a52a8
SSDEEP

196608:Vf3v86gVYibQQOOl2szsHFUK2r7UyTAdQmR8dA6lS8Qnf2ODjMnGydS8M9UprBOb:pWVHhZ2YsHFUK2JAdQJlaF3MnG38M9E

Score

10^/10

berbew emotet floxif gandcrab modiloader vobfus epoch2 backdoor banker defense_evasion discovery execution persistence privilege_escalation ransomware trojan upx worm

Malware Config

Extracted

Family

berbew

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Extracted

Family

emotet

Botnet

Epoch2

75.80.124.4:80

134.209.36.254:8080

104.156.59.7:8080

120.138.30.150:8080

107.5.122.110:80

195.251.213.56:80

91.211.88.52:7080

79.98.24.39:8080

75.139.38.211:80

82.225.49.121:80

162.241.242.173:8080

94.1.108.190:443

85.105.205.77:8080

181.169.34.190:80

24.179.13.119:80

139.59.67.118:443

82.80.155.43:80

50.91.114.38:80

93.147.212.206:80

153.232.188.106:80

rsa_pubkey.plain

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbaixsyo.dll = "{D3112B69-A745-4805-874E-ABD480EA1299}"	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

GandCrab payload 2 IoCs

resource	yara_rule
behavioral1/memory/5784-882-0x0000000002160000-0x0000000002177000-memory.dmp	family_gandcrab
behavioral1/memory/5784-881-0x0000000000400000-0x0000000000455000-memory.dmp	family_gandcrab

Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Vobfus
A widespread worm which spreads via network drives and removable media.
worm vobfus

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
behavioral1/memory/4868-395-0x0000000000400000-0x0000000000417000-memory.dmp	Nirsoft
behavioral1/memory/4868-294-0x0000000000400000-0x0000000000417000-memory.dmp	Nirsoft

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x0007000000023700-3954.dat	floxif

Emotet payload 2 IoCs

Detects Emotet payload in memory.

trojan banker

resource	yara_rule
behavioral1/memory/2884-563-0x0000000002140000-0x0000000002150000-memory.dmp	emotet
behavioral1/memory/2884-559-0x0000000002120000-0x0000000002132000-memory.dmp	emotet

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/4884-711-0x0000000000400000-0x000000000044F000-memory.dmp	modiloader_stage2

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
9148	powershell.exe
8484	powershell.exe
4692	powershell.exe
11760	powershell.exe
11492	powershell.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000023700-3954.dat	acprotect

Executes dropped EXE 5 IoCs

pid	Process
4192	240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
2392	240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
2984	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2760	Fdkpma32.exe

Loads dropped DLL 21 IoCs

pid	Process
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
1080	magic.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4884-711-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/4884-695-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/4884-710-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/436-648-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/5856-555-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/5796-553-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0007000000023634-957.dat	upx
behavioral1/memory/4868-395-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/436-394-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/436-387-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/436-386-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0008000000023685-1576.dat	upx
behavioral1/memory/4868-294-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/3516-293-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/files/0x0007000000023700-3954.dat	upx
behavioral1/files/0x00070000000237eb-5472.dat	upx
behavioral1/files/0x0009000000023a98-8721.dat	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	discord.com
7	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
182	checkip.dyndns.org
188	checkip.dyndns.org

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x00070000000235ca-704.dat	autoit_exe
behavioral1/files/0x0007000000023779-4274.dat	autoit_exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Fdkpma32.exe	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
File opened for modification	C:\Windows\SysWOW64\Fdkpma32.exe	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
File created	C:\Windows\SysWOW64\Pqfkck32.dll	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
File created	C:\Windows\SysWOW64\vbaixsyo.tmp	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\vbaixsyo.tmp	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\vbaixsyo.nls	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Program crash 16 IoCs

pid	pid_target	Process	procid_target
5640	3056	WerFault.exe
8116	5796	WerFault.exe
7044	5772	WerFault.exe
7008	5784	WerFault.exe
11200	2884	WerFault.exe	113
11204	2992	WerFault.exe	88
11424	9428	WerFault.exe	371
11964	8256	WerFault.exe	336
11524	5424	WerFault.exe
7480	6776	WerFault.exe
6804	10016	WerFault.exe	583
2124	8256	WerFault.exe	336
13824	8256	WerFault.exe	336
1328	5116	WerFault.exe	608
4992	8256	WerFault.exe	336
14500	5808	WerFault.exe	163

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fdkpma32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6540	cmd.exe
7412	240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe

System Time Discovery 1 TTPs 1 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
14344	net.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}\InProcServer32\ThreadingModel = "Apartment"	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pqfkck32.dll"	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}\InProcServer32	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}\InProcServer32\ = "C:\\Windows\\SysWow64\\vbaixsyo.dll"	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Runs net.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2276	schtasks.exe
3564	schtasks.exe
10036	schtasks.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	147	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4192	240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
4192	240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2992	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 1080	544	magic.exe	83
PID 544 wrote to memory of 1080	544	magic.exe	83
PID 1080 wrote to memory of 4748	1080	magic.exe	84
PID 1080 wrote to memory of 4748	1080	magic.exe	84
PID 1080 wrote to memory of 4192	1080	magic.exe	86
PID 1080 wrote to memory of 4192	1080	magic.exe	86
PID 1080 wrote to memory of 4192	1080	magic.exe	86
PID 1080 wrote to memory of 2392	1080	magic.exe	87
PID 1080 wrote to memory of 2392	1080	magic.exe	87
PID 1080 wrote to memory of 2392	1080	magic.exe	87
PID 1080 wrote to memory of 2984	1080	magic.exe	85
PID 1080 wrote to memory of 2984	1080	magic.exe	85
PID 1080 wrote to memory of 2984	1080	magic.exe	85
PID 1080 wrote to memory of 2992	1080	magic.exe	88
PID 1080 wrote to memory of 2992	1080	magic.exe	88
PID 1080 wrote to memory of 2992	1080	magic.exe	88
PID 2984 wrote to memory of 2760	2984	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe	89
PID 2984 wrote to memory of 2760	2984	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe	89
PID 2984 wrote to memory of 2760	2984	240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe	89

C:\Users\Admin\AppData\Local\Temp\magic.exe
"C:\Users\Admin\AppData\Local\Temp\magic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Users\Admin\AppData\Local\Temp\magic.exe
  "C:\Users\Admin\AppData\Local\Temp\magic.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4748
- - C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Windows\SysWOW64\Fdkpma32.exe
      C:\Windows\system32\Fdkpma32.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2760
    - - C:\Windows\SysWOW64\Ggilil32.exe
        
        C:\Windows\system32\Ggilil32.exe
        5⤵
        
        PID:4140
      - C:\Windows\SysWOW64\Gmcdffmq.exe
        
        C:\Windows\system32\Gmcdffmq.exe
        6⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\Gpaqbbld.exe
        
        C:\Windows\system32\Gpaqbbld.exe
        7⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\Ghhhcomg.exe
        
        C:\Windows\system32\Ghhhcomg.exe
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\Gkgeoklj.exe
        
        C:\Windows\system32\Gkgeoklj.exe
        9⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\Gdoihpbk.exe
        
        C:\Windows\system32\Gdoihpbk.exe
        10⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\Ggnedlao.exe
        
        C:\Windows\system32\Ggnedlao.exe
        11⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\Gnhnaf32.exe
        
        C:\Windows\system32\Gnhnaf32.exe
        12⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\Ghmbno32.exe
        
        C:\Windows\system32\Ghmbno32.exe
        13⤵
        
        PID:744
        
        C:\Windows\SysWOW64\Gphgbafl.exe
        
        C:\Windows\system32\Gphgbafl.exe
        14⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\Giqkkf32.exe
        
        C:\Windows\system32\Giqkkf32.exe
        15⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\Hgelek32.exe
        
        C:\Windows\system32\Hgelek32.exe
        16⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\Hdkidohn.exe
        
        C:\Windows\system32\Hdkidohn.exe
        17⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Haafcb32.exe
        
        C:\Windows\system32\Haafcb32.exe
        18⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\Iqipio32.exe
        
        C:\Windows\system32\Iqipio32.exe
        19⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\Iggaah32.exe
        
        C:\Windows\system32\Iggaah32.exe
        20⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\Jkhgmf32.exe
        
        C:\Windows\system32\Jkhgmf32.exe
        21⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\Kiggbhda.exe
        
        C:\Windows\system32\Kiggbhda.exe
        22⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\Kbbhqn32.exe
        
        C:\Windows\system32\Kbbhqn32.exe
        23⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\Pedlgbkh.exe
        
        C:\Windows\system32\Pedlgbkh.exe
        24⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\Qcclld32.exe
        
        C:\Windows\system32\Qcclld32.exe
        25⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        26⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Cbeapmll.exe
        
        C:\Windows\system32\Cbeapmll.exe
        27⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Mgaokl32.exe
        
        C:\Windows\system32\Mgaokl32.exe
        28⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\Nhahaiec.exe
        
        C:\Windows\system32\Nhahaiec.exe
        29⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\Fpgpgfmh.exe
        
        C:\Windows\system32\Fpgpgfmh.exe
        30⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\Gmdcfidg.exe
        
        C:\Windows\system32\Gmdcfidg.exe
        31⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Hlpfhe32.exe
        
        C:\Windows\system32\Hlpfhe32.exe
        32⤵
        
        PID:7536
- - C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4192
  - - \??\c:\uboot.bin
      "c:\uboot.bin"
      4⤵
      PID:4112
    - - C:\Windows\SysWOW64\Rundll32.exe
        
        Rundll32.exe C:\Users\Admin\AppData\Local\Temp\uboot.dll,abcLaunchEv
        5⤵
        
        PID:432
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\uboot.bin > nul
        5⤵
        
        PID:1020
  - - \??\c:\ntboot.bin
      "c:\ntboot.bin"
      4⤵
      PID:4308
    - - C:\Windows\ntsock.exe
        
        "C:\Windows\ntsock.exe"
        5⤵
        
        PID:6400
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del c:\ntboot.bin > nul
        5⤵
        
        PID:6412
- - C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2392
- - C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 360
      4⤵
      Program crash
      PID:11204
- - C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    3⤵
    PID:1532
- - C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    3⤵
    PID:2000
  - - C:\Windows\SysWOW64\Ggpbjkpl.exe
      C:\Windows\system32\Ggpbjkpl.exe
      4⤵
      PID:4808
    - - C:\Windows\SysWOW64\Gddbcp32.exe
        
        C:\Windows\system32\Gddbcp32.exe
        5⤵
        
        PID:2408
      - C:\Windows\SysWOW64\Gnlgleef.exe
        
        C:\Windows\system32\Gnlgleef.exe
        6⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\Hjchaf32.exe
        
        C:\Windows\system32\Hjchaf32.exe
        7⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\Hgiepjga.exe
        
        C:\Windows\system32\Hgiepjga.exe
        8⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\Hdpbon32.exe
        
        C:\Windows\system32\Hdpbon32.exe
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\Iddljmpc.exe
        
        C:\Windows\system32\Iddljmpc.exe
        10⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Ikcmbfcj.exe
        
        C:\Windows\system32\Ikcmbfcj.exe
        11⤵
        
        PID:392
        
        C:\Windows\SysWOW64\Jnfcia32.exe
        
        C:\Windows\system32\Jnfcia32.exe
        12⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\Kkfcndce.exe
        
        C:\Windows\system32\Kkfcndce.exe
        13⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\Kniieo32.exe
        
        C:\Windows\system32\Kniieo32.exe
        14⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\Lgffic32.exe
        
        C:\Windows\system32\Lgffic32.exe
        15⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Leopnglc.exe
        
        C:\Windows\system32\Leopnglc.exe
        16⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\Phedhmhi.exe
        
        C:\Windows\system32\Phedhmhi.exe
        17⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        18⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\Ckfphc32.exe
        
        C:\Windows\system32\Ckfphc32.exe
        19⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\Mkmkkjko.exe
        
        C:\Windows\system32\Mkmkkjko.exe
        20⤵
        
        PID:3004
- - C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    3⤵
    PID:4932
  - - C:\Windows\SysWOW64\mspeupx.exe
      C:\Windows\system32\mspeupx.exe
      4⤵
      PID:3516
  - - C:\Windows\SysWOW64\netpass.exe
      C:\Windows\system32\netpass.exe
      4⤵
      PID:4868
- - C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    3⤵
    PID:2356
  - - C:\Windows\SysWOW64\Gahcmd32.exe
      C:\Windows\system32\Gahcmd32.exe
      4⤵
      PID:3716
    - - C:\Windows\SysWOW64\Hdilnojp.exe
        
        C:\Windows\system32\Hdilnojp.exe
        5⤵
        
        PID:1956
      - C:\Windows\SysWOW64\Hncmmd32.exe
        
        C:\Windows\system32\Hncmmd32.exe
        6⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\Hgnoki32.exe
        
        C:\Windows\system32\Hgnoki32.exe
        7⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\Jbaojpgb.exe
        
        C:\Windows\system32\Jbaojpgb.exe
        8⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\Kndojobi.exe
        
        C:\Windows\system32\Kndojobi.exe
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\Kjpijpdg.exe
        
        C:\Windows\system32\Kjpijpdg.exe
        10⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\Ljdceo32.exe
        
        C:\Windows\system32\Ljdceo32.exe
        11⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\Llhikacp.exe
        
        C:\Windows\system32\Llhikacp.exe
        12⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\Pchlpfjb.exe
        
        C:\Windows\system32\Pchlpfjb.exe
        13⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\Papfgbmg.exe
        
        C:\Windows\system32\Papfgbmg.exe
        14⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\Qebhhp32.exe
        
        C:\Windows\system32\Qebhhp32.exe
        15⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\Abponp32.exe
        
        C:\Windows\system32\Abponp32.exe
        16⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\Cjecpkcg.exe
        
        C:\Windows\system32\Cjecpkcg.exe
        17⤵
        
        PID:6860
- - C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    3⤵
    PID:5044
- - C:\Users\Admin\Downloads\240919-prg4saycnf_eb57bc34b923b43ab02a7fca45fe2c5d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-prg4saycnf_eb57bc34b923b43ab02a7fca45fe2c5d_JaffaCakes118.exe
    3⤵
    PID:2884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 1076
      4⤵
      Program crash
      PID:11200
- - C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    3⤵
    PID:3448
- - C:\Users\Admin\Downloads\240919-prn74aycpb_eb57ee819c3e9840314784fb48e53c74_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-prn74aycpb_eb57ee819c3e9840314784fb48e53c74_JaffaCakes118.exe
    3⤵
    PID:3056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 316
      4⤵
      Program crash
      PID:5640
- - C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    3⤵
    PID:4212
- - C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    C:\Users\Admin\Downloads\240919-prcjasygnj_5e2395dce1bb61098d55c6df2541071ca8f8c825b5aa9ce3b8afabcdeff4c504N.exe
    3⤵
    PID:812
  - - C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
      4⤵
      PID:436
- - C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    3⤵
    PID:3888
  - - C:\Windows\SysWOW64\Kjhcjq32.exe
      C:\Windows\system32\Kjhcjq32.exe
      4⤵
      PID:880
    - - C:\Windows\SysWOW64\Kecabifp.exe
        
        C:\Windows\system32\Kecabifp.exe
        5⤵
        
        PID:5292
      - C:\Windows\SysWOW64\Lkabjbih.exe
        
        C:\Windows\system32\Lkabjbih.exe
        6⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\Lijlof32.exe
        
        C:\Windows\system32\Lijlof32.exe
        7⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\Pibdmp32.exe
        
        C:\Windows\system32\Pibdmp32.exe
        8⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\Pkhjph32.exe
        
        C:\Windows\system32\Pkhjph32.exe
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\Aeddnp32.exe
        
        C:\Windows\system32\Aeddnp32.exe
        10⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\Cfqmpl32.exe
        
        C:\Windows\system32\Cfqmpl32.exe
        12⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\Mcecjmkl.exe
        
        C:\Windows\system32\Mcecjmkl.exe
        13⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\Nlmdbh32.exe
        
        C:\Windows\system32\Nlmdbh32.exe
        14⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\Fbelcblk.exe
        
        C:\Windows\system32\Fbelcblk.exe
        15⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        16⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\Hidgai32.exe
        
        C:\Windows\system32\Hidgai32.exe
        17⤵
        
        PID:7628
- - C:\Users\Admin\Downloads\240919-prr9raygpm_4d6281b866aeaf5b5c58f3fe792e2b9ff4a022b449a48e2b417fb045a353dbcaN.exe
    C:\Users\Admin\Downloads\240919-prr9raygpm_4d6281b866aeaf5b5c58f3fe792e2b9ff4a022b449a48e2b417fb045a353dbcaN.exe
    3⤵
    PID:2084
  - - C:\Windows\SysWOW64\Kgjgne32.exe
      C:\Windows\system32\Kgjgne32.exe
      4⤵
      PID:4364
    - - C:\Windows\SysWOW64\Kilpmh32.exe
        
        C:\Windows\system32\Kilpmh32.exe
        5⤵
        
        PID:5224
      - C:\Windows\SysWOW64\Licfngjd.exe
        
        C:\Windows\system32\Licfngjd.exe
        6⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\Lacdmh32.exe
        
        C:\Windows\system32\Lacdmh32.exe
        7⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\Piphgq32.exe
        
        C:\Windows\system32\Piphgq32.exe
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\Pcmeke32.exe
        
        C:\Windows\system32\Pcmeke32.exe
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\Ahqddk32.exe
        
        C:\Windows\system32\Ahqddk32.exe
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        11⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\Bbiado32.exe
        
        C:\Windows\system32\Bbiado32.exe
        12⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\Cbeapmll.exe
        
        C:\Windows\system32\Cbeapmll.exe
        13⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\Mcecjmkl.exe
        
        C:\Windows\system32\Mcecjmkl.exe
        14⤵
        
        PID:6784
- - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    3⤵
    PID:5372
  - - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe"
      4⤵
      PID:4884
- - C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    3⤵
    PID:5772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 292
      4⤵
      Program crash
      PID:7044
- - C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqjk8ayglj_eb570ed04b1fda0e2af8e6a6a6a10308_JaffaCakes118.exe
    3⤵
    PID:5784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 496
      4⤵
      Program crash
      PID:7008
- - C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    C:\Users\Admin\Downloads\240919-pqmmwayckc_5306f0823fad7858bdc518ece0ac66f72b41a6f49b3112c38d196be1f6d36894N.exe
    3⤵
    PID:5796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 916
      4⤵
      Program crash
      PID:8116
- - C:\Users\Admin\Downloads\240919-pkxwnaydrk_eb5363b7ca57a204edb30b1c54ac938a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pkxwnaydrk_eb5363b7ca57a204edb30b1c54ac938a_JaffaCakes118.exe
    3⤵
    PID:5808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 1392
      4⤵
      Program crash
      PID:14500
- - C:\Users\Admin\Downloads\240919-pqzx7sycmb_eb5761c410b5139f23235e9b67964495_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqzx7sycmb_eb5761c410b5139f23235e9b67964495_JaffaCakes118.exe
    3⤵
    PID:5820
- - C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    3⤵
    PID:5832
  - - C:\Windows\SysWOW64\Plejdkmm.exe
      C:\Windows\system32\Plejdkmm.exe
      4⤵
      PID:5508
    - - C:\Windows\SysWOW64\Aeddnp32.exe
        
        C:\Windows\system32\Aeddnp32.exe
        5⤵
        
        PID:5724
      - C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        6⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\Cobkhb32.exe
        
        C:\Windows\system32\Cobkhb32.exe
        7⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\Mjokgg32.exe
        
        C:\Windows\system32\Mjokgg32.exe
        8⤵
        
        PID:6892
- - C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    3⤵
    PID:5844
- - C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    3⤵
    PID:5856
- - C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    C:\Users\Admin\Downloads\240919-ppsshaybqa_858833a927e756d5248ebd4fed75efc9aad9787e3fa148d8f307222bd0e0fdeeN.exe
    3⤵
    PID:5868
  - - C:\Windows\SysWOW64\Pabblb32.exe
      C:\Windows\system32\Pabblb32.exe
      4⤵
      PID:3464
    - - C:\Windows\SysWOW64\Ahcajk32.exe
        
        C:\Windows\system32\Ahcajk32.exe
        5⤵
        
        PID:5924
      - C:\Windows\SysWOW64\Acmobchj.exe
        
        C:\Windows\system32\Acmobchj.exe
        6⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\Bbiado32.exe
        
        C:\Windows\system32\Bbiado32.exe
        7⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\Cbeapmll.exe
        
        C:\Windows\system32\Cbeapmll.exe
        8⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\Mebcop32.exe
        
        C:\Windows\system32\Mebcop32.exe
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\Nlmdbh32.exe
        
        C:\Windows\system32\Nlmdbh32.exe
        10⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Gemkelcd.exe
        
        C:\Windows\system32\Gemkelcd.exe
        11⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\Hfcnpn32.exe
        
        C:\Windows\system32\Hfcnpn32.exe
        12⤵
        
        PID:7452
- - C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    3⤵
    PID:5880
- - C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pp7xesygjr_eb56c71e6ce918530c18b4680355953f_JaffaCakes118.exe
    3⤵
    PID:5892
  - - C:\ProgramData\aWffiRBXKTIX.exe
      C:\ProgramData\aWffiRBXKTIX.exe
      4⤵
      PID:6916
- - C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    C:\Users\Admin\Downloads\240919-pnzvesyfnn_VtkzI2DleKAWijQ.exe
    3⤵
    PID:5904
- - C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
    C:\Users\Admin\Downloads\240919-pnl9bsybjf_19f17c78dffb74e7acc35cf715689b8157b04b833e522b427b7eda1cc7324696.exe
    3⤵
    PID:5916
- - C:\Users\Admin\Downloads\240919-pnzjnayfnk_Quotation_pdf.exe
    C:\Users\Admin\Downloads\240919-pnzjnayfnk_Quotation_pdf.exe
    3⤵
    PID:5928
- - C:\Users\Admin\Downloads\240919-pnyx5ayfmn_Pedido_52038923_CotizacionS_max2024.bat.exe
    C:\Users\Admin\Downloads\240919-pnyx5ayfmn_Pedido_52038923_CotizacionS_max2024.bat.exe
    3⤵
    PID:5940
- - C:\Users\Admin\Downloads\240919-pk9v8ayejk_a7911b68254b2f30702a9bb1ba9f01afd684a5c7e63ab844a1963c554a7f5a10N.exe
    C:\Users\Admin\Downloads\240919-pk9v8ayejk_a7911b68254b2f30702a9bb1ba9f01afd684a5c7e63ab844a1963c554a7f5a10N.exe
    3⤵
    PID:5952
  - - C:\Windows\SysWOW64\Pocfpf32.exe
      C:\Windows\system32\Pocfpf32.exe
      4⤵
      PID:652
    - - C:\Windows\SysWOW64\Achegd32.exe
        
        C:\Windows\system32\Achegd32.exe
        5⤵
        
        PID:3552
      - C:\Windows\SysWOW64\Bhoqeibl.exe
        
        C:\Windows\system32\Bhoqeibl.exe
        6⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\Cjjlkk32.exe
        
        C:\Windows\system32\Cjjlkk32.exe
        7⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\Dkbocbog.exe
        
        C:\Windows\system32\Dkbocbog.exe
        8⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\Maggnali.exe
        
        C:\Windows\system32\Maggnali.exe
        9⤵
        
        PID:6728
- - C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
    3⤵
    PID:5964
- - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    3⤵
    PID:5976
- - C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    3⤵
    PID:5992
  - - C:\Windows\SysWOW64\Qlggjk32.exe
      C:\Windows\system32\Qlggjk32.exe
      4⤵
      PID:5112
    - - C:\Windows\SysWOW64\Aakebqbj.exe
        
        C:\Windows\system32\Aakebqbj.exe
        5⤵
        
        PID:2608
      - C:\Windows\SysWOW64\Bjlpjm32.exe
        
        C:\Windows\system32\Bjlpjm32.exe
        6⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Ccpdoqgd.exe
        
        C:\Windows\system32\Ccpdoqgd.exe
        7⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\Dkbocbog.exe
        
        C:\Windows\system32\Dkbocbog.exe
        8⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\Mnkggfkb.exe
        
        C:\Windows\system32\Mnkggfkb.exe
        9⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\Nhahaiec.exe
        
        C:\Windows\system32\Nhahaiec.exe
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\Fihnomjp.exe
        
        C:\Windows\system32\Fihnomjp.exe
        11⤵
        
        PID:8060
- - C:\Users\Admin\Downloads\240919-pnr5ksyfmj_Overdoers.exe
    C:\Users\Admin\Downloads\240919-pnr5ksyfmj_Overdoers.exe
    3⤵
    PID:6004
- - C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    3⤵
    PID:6012
- - C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
    3⤵
    PID:6020
- - C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    3⤵
    PID:6028
- - C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    3⤵
    PID:6120
  - - C:\Windows\SysWOW64\Bhldpj32.exe
      C:\Windows\system32\Bhldpj32.exe
      4⤵
      PID:6468
    - - C:\Windows\SysWOW64\Bombmcec.exe
        
        C:\Windows\system32\Bombmcec.exe
        5⤵
        
        PID:6736
      - C:\Windows\SysWOW64\Cijpahho.exe
        
        C:\Windows\system32\Cijpahho.exe
        6⤵
        
        PID:7000
- - C:\Users\Admin\Downloads\240919-pk2vlsxhqb_2024-09-19_2b8b375eff2b900f9dca0c980fca5b9f_avoslocker_floxif_hijackloader.exe
    C:\Users\Admin\Downloads\240919-pk2vlsxhqb_2024-09-19_2b8b375eff2b900f9dca0c980fca5b9f_avoslocker_floxif_hijackloader.exe
    3⤵
    PID:1616
- - C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    3⤵
    PID:5208
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:6420
- - C:\Users\Admin\Downloads\240919-pnhk5syfkl_KZ710-0038.exe
    C:\Users\Admin\Downloads\240919-pnhk5syfkl_KZ710-0038.exe
    3⤵
    PID:5560
- - C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe
    "C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe"
    3⤵
    PID:3384
  - - C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe
      "C:\Users\Admin\Downloads\240919-pncd5ayarb_DHL documents_PDF.exe"
      4⤵
      PID:9012
- - C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe
    "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
    3⤵
    PID:5324
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:11492
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\orayjpgjlSJ.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:8484
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\orayjpgjlSJ" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6E65.tmp"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:2276
  - - C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe
      "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
      4⤵
      PID:11584
- - C:\Users\Admin\Downloads\240919-pllj1syekn_SPW AW25 - PO.010.exe
    "C:\Users\Admin\Downloads\240919-pllj1syekn_SPW AW25 - PO.010.exe"
    3⤵
    PID:6408
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\240919-pllj1syekn_SPW AW25 - PO.010.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:9148
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\SLfjwrYOuWuupJ.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4692
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SLfjwrYOuWuupJ" /XML "C:\Users\Admin\AppData\Local\Temp\tmp749E.tmp"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:10036
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      4⤵
      PID:15516
- - C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    C:\Users\Admin\Downloads\240919-pnd8qayarf_a8238b5f28d80eefc6e0c0169c4e7c55c1f482c432571737190215cd16507bc2N.exe
    3⤵
    PID:5192
  - - C:\Windows\SysWOW64\Ahdged32.exe
      C:\Windows\system32\Ahdged32.exe
      4⤵
      PID:3276
    - - C:\Windows\SysWOW64\Flfkkhid.exe
        
        C:\Windows\system32\Flfkkhid.exe
        5⤵
        
        PID:8088
      - C:\Windows\SysWOW64\Gojiiafp.exe
        
        C:\Windows\system32\Gojiiafp.exe
        6⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\Joahqn32.exe
        
        C:\Windows\system32\Joahqn32.exe
        7⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\Kgdpni32.exe
        
        C:\Windows\system32\Kgdpni32.exe
        8⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\Mcbpjg32.exe
        
        C:\Windows\system32\Mcbpjg32.exe
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\Nmfcok32.exe
        
        C:\Windows\system32\Nmfcok32.exe
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\Fqeioiam.exe
        
        C:\Windows\system32\Fqeioiam.exe
        11⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\Mhjhmhhd.exe
        
        C:\Windows\system32\Mhjhmhhd.exe
        12⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        13⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\Ppgomnai.exe
        
        C:\Windows\system32\Ppgomnai.exe
        14⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\Cajjjk32.exe
        
        C:\Windows\system32\Cajjjk32.exe
        15⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\Kongmo32.exe
        
        C:\Windows\system32\Kongmo32.exe
        16⤵
        
        PID:4208
- - C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe
    "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
    3⤵
    PID:2076
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
      4⤵
      PID:6376
- - C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    3⤵
    PID:6628
- - C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
    C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Hymenophyllaceae\nonsubmerged.exe
      C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
      4⤵
      PID:9332
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        
        C:\Users\Admin\Downloads\240919-pny8wsyfmq_PO-A1702108.exe
        5⤵
        
        PID:5328
- - C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    3⤵
    PID:6736
  - - C:\Windows\SysWOW64\Gidnkkpc.exe
      C:\Windows\system32\Gidnkkpc.exe
      4⤵
      PID:4832
    - - C:\Windows\SysWOW64\Hfaajnfb.exe
        
        C:\Windows\system32\Hfaajnfb.exe
        5⤵
        
        PID:7404
      - C:\Windows\SysWOW64\Iedjmioj.exe
        
        C:\Windows\system32\Iedjmioj.exe
        6⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\Jngbjd32.exe
        
        C:\Windows\system32\Jngbjd32.exe
        7⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\Kcidmkpq.exe
        
        C:\Windows\system32\Kcidmkpq.exe
        8⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\Njhgbp32.exe
        
        C:\Windows\system32\Njhgbp32.exe
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\Agimkk32.exe
        
        C:\Windows\system32\Agimkk32.exe
        10⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\Gejhef32.exe
        
        C:\Windows\system32\Gejhef32.exe
        11⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\Nbphglbe.exe
        
        C:\Windows\system32\Nbphglbe.exe
        12⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\Pqbala32.exe
        
        C:\Windows\system32\Pqbala32.exe
        13⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\Afockelf.exe
        
        C:\Windows\system32\Afockelf.exe
        14⤵
        
        PID:7028
- - C:\Users\Admin\Downloads\240919-pmpm3ayanh_6de62e421f9a46f1c1576bdd3ea88a71599957ecdbf52b393c8a68d258bd871bN.exe
    C:\Users\Admin\Downloads\240919-pmpm3ayanh_6de62e421f9a46f1c1576bdd3ea88a71599957ecdbf52b393c8a68d258bd871bN.exe
    3⤵
    PID:7984
- - C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    3⤵
    PID:7244
- - C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe
    "C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe"
    3⤵
    PID:7468
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnbslayern_ARIZONA GROUP PO_017633180924.exe"
      4⤵
      PID:10632
- - C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    3⤵
    PID:7488
- - C:\Users\Admin\Downloads\240919-pny8wsybld_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pny8wsybld_PO-27893493.exe
    3⤵
    PID:7492
- - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
    "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
    3⤵
    PID:7500
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\GwTIUBUaZCliF.exe"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:11760
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GwTIUBUaZCliF" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7068.tmp"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:3564
  - - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
      "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
      4⤵
      PID:16360
  - - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
      "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
      4⤵
      PID:3996
- - C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe
    "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
    3⤵
    PID:7544
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
      4⤵
      PID:680
- - C:\Users\Admin\Downloads\240919-pmgx8ayenp_24a81e1b909c4155a7a4d818e281dc6f183501204300661b55ec404b94020b25N.exe
    C:\Users\Admin\Downloads\240919-pmgx8ayenp_24a81e1b909c4155a7a4d818e281dc6f183501204300661b55ec404b94020b25N.exe
    3⤵
    PID:7556
- - C:\Users\Admin\Downloads\240919-pr49baycrh_906d63ab68e041593fb8b5fa3ceb09c50aafd486c85dadf8a74d007ba6288b80N.exe
    C:\Users\Admin\Downloads\240919-pr49baycrh_906d63ab68e041593fb8b5fa3ceb09c50aafd486c85dadf8a74d007ba6288b80N.exe
    3⤵
    PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!
      4⤵
      PID:7448
- - C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    3⤵
    PID:7580
  - - C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
      C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
      4⤵
      PID:9884
- - C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    3⤵
    PID:7592
  - - C:\Windows\System32\SCYEWtq.exe
      C:\Windows\System32\SCYEWtq.exe
      4⤵
      PID:7716
  - - C:\Windows\System32\oddyvlk.exe
      C:\Windows\System32\oddyvlk.exe
      4⤵
      PID:6904
  - - C:\Windows\System32\FeuIDPV.exe
      C:\Windows\System32\FeuIDPV.exe
      4⤵
      PID:6744
  - - C:\Windows\System32\BsHbWmG.exe
      C:\Windows\System32\BsHbWmG.exe
      4⤵
      PID:6120
  - - C:\Windows\System32\hUWyLmR.exe
      C:\Windows\System32\hUWyLmR.exe
      4⤵
      PID:8020
  - - C:\Windows\System32\lvGYawm.exe
      C:\Windows\System32\lvGYawm.exe
      4⤵
      PID:3636
  - - C:\Windows\System32\mCgHvTu.exe
      C:\Windows\System32\mCgHvTu.exe
      4⤵
      PID:3456
  - - C:\Windows\System32\ZOswJcl.exe
      C:\Windows\System32\ZOswJcl.exe
      4⤵
      PID:2448
  - - C:\Windows\System32\ZbbiteP.exe
      C:\Windows\System32\ZbbiteP.exe
      4⤵
      PID:908
  - - C:\Windows\System32\CitRAxK.exe
      C:\Windows\System32\CitRAxK.exe
      4⤵
      PID:7788
  - - C:\Windows\System32\IdjSRVn.exe
      C:\Windows\System32\IdjSRVn.exe
      4⤵
      PID:8936
  - - C:\Windows\System32\TdLpDfG.exe
      C:\Windows\System32\TdLpDfG.exe
      4⤵
      PID:8956
  - - C:\Windows\System32\dstzxNc.exe
      C:\Windows\System32\dstzxNc.exe
      4⤵
      PID:2700
  - - C:\Windows\System32\dvgwadD.exe
      C:\Windows\System32\dvgwadD.exe
      4⤵
      PID:9936
  - - C:\Windows\System32\DhgDEfK.exe
      C:\Windows\System32\DhgDEfK.exe
      4⤵
      PID:540
  - - C:\Windows\System32\cJHuKtu.exe
      C:\Windows\System32\cJHuKtu.exe
      4⤵
      PID:5460
  - - C:\Windows\System32\YDsAAdt.exe
      C:\Windows\System32\YDsAAdt.exe
      4⤵
      PID:3168
  - - C:\Windows\System32\DYLsylM.exe
      C:\Windows\System32\DYLsylM.exe
      4⤵
      PID:11144
  - - C:\Windows\System32\DRxXudw.exe
      C:\Windows\System32\DRxXudw.exe
      4⤵
      PID:11164
  - - C:\Windows\System32\gFjpUhQ.exe
      C:\Windows\System32\gFjpUhQ.exe
      4⤵
      PID:11216
  - - C:\Windows\System32\cODeIMO.exe
      C:\Windows\System32\cODeIMO.exe
      4⤵
      PID:6684
  - - C:\Windows\System32\SOZIEKa.exe
      C:\Windows\System32\SOZIEKa.exe
      4⤵
      PID:10440
  - - C:\Windows\System32\wwiSKLA.exe
      C:\Windows\System32\wwiSKLA.exe
      4⤵
      PID:10456
  - - C:\Windows\System32\QFHqKuI.exe
      C:\Windows\System32\QFHqKuI.exe
      4⤵
      PID:10472
  - - C:\Windows\System32\GQCdYbZ.exe
      C:\Windows\System32\GQCdYbZ.exe
      4⤵
      PID:10484
  - - C:\Windows\System32\eLdjmFF.exe
      C:\Windows\System32\eLdjmFF.exe
      4⤵
      PID:10500
  - - C:\Windows\System32\tSZerRT.exe
      C:\Windows\System32\tSZerRT.exe
      4⤵
      PID:6492
  - - C:\Windows\System32\AFAJJAL.exe
      C:\Windows\System32\AFAJJAL.exe
      4⤵
      PID:5180
  - - C:\Windows\System32\JqQmxLG.exe
      C:\Windows\System32\JqQmxLG.exe
      4⤵
      PID:6416
  - - C:\Windows\System32\frVhKxs.exe
      C:\Windows\System32\frVhKxs.exe
      4⤵
      PID:7828
  - - C:\Windows\System32\hKHcMbd.exe
      C:\Windows\System32\hKHcMbd.exe
      4⤵
      PID:7052
  - - C:\Windows\System32\huouCBh.exe
      C:\Windows\System32\huouCBh.exe
      4⤵
      PID:10804
  - - C:\Windows\System32\ouvAURD.exe
      C:\Windows\System32\ouvAURD.exe
      4⤵
      PID:5376
  - - C:\Windows\System32\kvjYtMX.exe
      C:\Windows\System32\kvjYtMX.exe
      4⤵
      PID:5656
  - - C:\Windows\System32\uQrDsdY.exe
      C:\Windows\System32\uQrDsdY.exe
      4⤵
      PID:7184
  - - C:\Windows\System32\uAhfFqo.exe
      C:\Windows\System32\uAhfFqo.exe
      4⤵
      PID:11172
  - - C:\Windows\System32\MmyIiCz.exe
      C:\Windows\System32\MmyIiCz.exe
      4⤵
      PID:10248
  - - C:\Windows\System32\BkpAXnz.exe
      C:\Windows\System32\BkpAXnz.exe
      4⤵
      PID:10292
  - - C:\Windows\System32\oGTljYL.exe
      C:\Windows\System32\oGTljYL.exe
      4⤵
      PID:9296
  - - C:\Windows\System32\ykgapSN.exe
      C:\Windows\System32\ykgapSN.exe
      4⤵
      PID:10852
  - - C:\Windows\System32\VCJIcgn.exe
      C:\Windows\System32\VCJIcgn.exe
      4⤵
      PID:10876
  - - C:\Windows\System32\XSaJffA.exe
      C:\Windows\System32\XSaJffA.exe
      4⤵
      PID:10900
  - - C:\Windows\System32\uvmGkTE.exe
      C:\Windows\System32\uvmGkTE.exe
      4⤵
      PID:10916
  - - C:\Windows\System32\JKIaDTG.exe
      C:\Windows\System32\JKIaDTG.exe
      4⤵
      PID:10944
  - - C:\Windows\System32\IGsyjCL.exe
      C:\Windows\System32\IGsyjCL.exe
      4⤵
      PID:8200
  - - C:\Windows\System32\zYajIjm.exe
      C:\Windows\System32\zYajIjm.exe
      4⤵
      PID:9876
  - - C:\Windows\System32\lHFkSYb.exe
      C:\Windows\System32\lHFkSYb.exe
      4⤵
      PID:9144
  - - C:\Windows\System32\vYNjQZt.exe
      C:\Windows\System32\vYNjQZt.exe
      4⤵
      PID:8144
  - - C:\Windows\System32\bnosooN.exe
      C:\Windows\System32\bnosooN.exe
      4⤵
      PID:7636
  - - C:\Windows\System32\tsUGtVw.exe
      C:\Windows\System32\tsUGtVw.exe
      4⤵
      PID:5332
  - - C:\Windows\System32\ycmnNRw.exe
      C:\Windows\System32\ycmnNRw.exe
      4⤵
      PID:3192
  - - C:\Windows\System32\leceOMK.exe
      C:\Windows\System32\leceOMK.exe
      4⤵
      PID:3468
  - - C:\Windows\System32\FVVdfSY.exe
      C:\Windows\System32\FVVdfSY.exe
      4⤵
      PID:528
  - - C:\Windows\System32\QrpECMW.exe
      C:\Windows\System32\QrpECMW.exe
      4⤵
      PID:3972
  - - C:\Windows\System32\AIXOAlE.exe
      C:\Windows\System32\AIXOAlE.exe
      4⤵
      PID:11064
  - - C:\Windows\System32\SyKwrVI.exe
      C:\Windows\System32\SyKwrVI.exe
      4⤵
      PID:2412
  - - C:\Windows\System32\XcNmTJR.exe
      C:\Windows\System32\XcNmTJR.exe
      4⤵
      PID:4244
  - - C:\Windows\System32\XmbzsBS.exe
      C:\Windows\System32\XmbzsBS.exe
      4⤵
      PID:11020
  - - C:\Windows\System32\sEBmxxq.exe
      C:\Windows\System32\sEBmxxq.exe
      4⤵
      PID:10048
  - - C:\Windows\System32\CWhaxPH.exe
      C:\Windows\System32\CWhaxPH.exe
      4⤵
      PID:5636
  - - C:\Windows\System32\iQmKcWh.exe
      C:\Windows\System32\iQmKcWh.exe
      4⤵
      PID:10164
  - - C:\Windows\System32\oOZqCVb.exe
      C:\Windows\System32\oOZqCVb.exe
      4⤵
      PID:7020
  - - C:\Windows\System32\aoulkuJ.exe
      C:\Windows\System32\aoulkuJ.exe
      4⤵
      PID:3684
  - - C:\Windows\System32\OGtAtUn.exe
      C:\Windows\System32\OGtAtUn.exe
      4⤵
      PID:4792
  - - C:\Windows\System32\XpKtzJr.exe
      C:\Windows\System32\XpKtzJr.exe
      4⤵
      PID:8176
  - - C:\Windows\System32\JwMrriH.exe
      C:\Windows\System32\JwMrriH.exe
      4⤵
      PID:1532
  - - C:\Windows\System32\HizHYGA.exe
      C:\Windows\System32\HizHYGA.exe
      4⤵
      PID:2096
  - - C:\Windows\System32\GKvXsdp.exe
      C:\Windows\System32\GKvXsdp.exe
      4⤵
      PID:7832
  - - C:\Windows\System32\eSfRWdS.exe
      C:\Windows\System32\eSfRWdS.exe
      4⤵
      PID:3528
  - - C:\Windows\System32\uLYwYtI.exe
      C:\Windows\System32\uLYwYtI.exe
      4⤵
      PID:2328
  - - C:\Windows\System32\eUiWfnm.exe
      C:\Windows\System32\eUiWfnm.exe
      4⤵
      PID:9084
  - - C:\Windows\System32\tnkrpKJ.exe
      C:\Windows\System32\tnkrpKJ.exe
      4⤵
      PID:6348
  - - C:\Windows\System32\cMNWoap.exe
      C:\Windows\System32\cMNWoap.exe
      4⤵
      PID:7924
  - - C:\Windows\System32\ZyiqCyU.exe
      C:\Windows\System32\ZyiqCyU.exe
      4⤵
      PID:4284
  - - C:\Windows\System32\wbhVYho.exe
      C:\Windows\System32\wbhVYho.exe
      4⤵
      PID:10464
  - - C:\Windows\System32\jkXufsn.exe
      C:\Windows\System32\jkXufsn.exe
      4⤵
      PID:10448
  - - C:\Windows\System32\zIyWXrf.exe
      C:\Windows\System32\zIyWXrf.exe
      4⤵
      PID:7936
  - - C:\Windows\System32\cEFfaSF.exe
      C:\Windows\System32\cEFfaSF.exe
      4⤵
      PID:10624
  - - C:\Windows\System32\cwLLHuZ.exe
      C:\Windows\System32\cwLLHuZ.exe
      4⤵
      PID:10548
  - - C:\Windows\System32\wHCZRVd.exe
      C:\Windows\System32\wHCZRVd.exe
      4⤵
      PID:10616
  - - C:\Windows\System32\KsLquNi.exe
      C:\Windows\System32\KsLquNi.exe
      4⤵
      PID:6764
  - - C:\Windows\System32\VPtWqfW.exe
      C:\Windows\System32\VPtWqfW.exe
      4⤵
      PID:7800
  - - C:\Windows\System32\czkVdHL.exe
      C:\Windows\System32\czkVdHL.exe
      4⤵
      PID:5508
  - - C:\Windows\System32\CRXUiJZ.exe
      C:\Windows\System32\CRXUiJZ.exe
      4⤵
      PID:6592
  - - C:\Windows\System32\SsPhOSs.exe
      C:\Windows\System32\SsPhOSs.exe
      4⤵
      PID:6688
  - - C:\Windows\System32\hhIyLoD.exe
      C:\Windows\System32\hhIyLoD.exe
      4⤵
      PID:5988
  - - C:\Windows\System32\MbhfkUl.exe
      C:\Windows\System32\MbhfkUl.exe
      4⤵
      PID:10480
  - - C:\Windows\System32\NSfDiIB.exe
      C:\Windows\System32\NSfDiIB.exe
      4⤵
      PID:2988
  - - C:\Windows\System32\FtCLthr.exe
      C:\Windows\System32\FtCLthr.exe
      4⤵
      PID:10940
  - - C:\Windows\System32\XvKSJLT.exe
      C:\Windows\System32\XvKSJLT.exe
      4⤵
      PID:7428
  - - C:\Windows\System32\HhgYqqv.exe
      C:\Windows\System32\HhgYqqv.exe
      4⤵
      PID:8612
  - - C:\Windows\System32\bAaQLyc.exe
      C:\Windows\System32\bAaQLyc.exe
      4⤵
      PID:9240
  - - C:\Windows\System32\katfMen.exe
      C:\Windows\System32\katfMen.exe
      4⤵
      PID:7584
  - - C:\Windows\System32\mkEqAEr.exe
      C:\Windows\System32\mkEqAEr.exe
      4⤵
      PID:464
  - - C:\Windows\System32\VIcNpuQ.exe
      C:\Windows\System32\VIcNpuQ.exe
      4⤵
      PID:7180
  - - C:\Windows\System32\CjXlEpZ.exe
      C:\Windows\System32\CjXlEpZ.exe
      4⤵
      PID:3648
  - - C:\Windows\System32\vChJqsR.exe
      C:\Windows\System32\vChJqsR.exe
      4⤵
      PID:3392
  - - C:\Windows\System32\SIrObUk.exe
      C:\Windows\System32\SIrObUk.exe
      4⤵
      PID:12272
  - - C:\Windows\System32\RiJfjTk.exe
      C:\Windows\System32\RiJfjTk.exe
      4⤵
      PID:4840
  - - C:\Windows\System32\TrivfbB.exe
      C:\Windows\System32\TrivfbB.exe
      4⤵
      PID:12016
  - - C:\Windows\System32\IJWyQaV.exe
      C:\Windows\System32\IJWyQaV.exe
      4⤵
      PID:12064
  - - C:\Windows\System32\lQHQKXb.exe
      C:\Windows\System32\lQHQKXb.exe
      4⤵
      PID:12132
  - - C:\Windows\System32\yMnixUa.exe
      C:\Windows\System32\yMnixUa.exe
      4⤵
      PID:12164
  - - C:\Windows\System32\PjNDSDn.exe
      C:\Windows\System32\PjNDSDn.exe
      4⤵
      PID:12220
  - - C:\Windows\System32\CqdmehY.exe
      C:\Windows\System32\CqdmehY.exe
      4⤵
      PID:4376
  - - C:\Windows\System32\pmZsJdW.exe
      C:\Windows\System32\pmZsJdW.exe
      4⤵
      PID:9176
  - - C:\Windows\System32\BRPUJgF.exe
      C:\Windows\System32\BRPUJgF.exe
      4⤵
      PID:12252
  - - C:\Windows\System32\SYaJKwi.exe
      C:\Windows\System32\SYaJKwi.exe
      4⤵
      PID:5748
  - - C:\Windows\System32\HECyHrw.exe
      C:\Windows\System32\HECyHrw.exe
      4⤵
      PID:3620
  - - C:\Windows\System32\EExDCxE.exe
      C:\Windows\System32\EExDCxE.exe
      4⤵
      PID:6388
  - - C:\Windows\System32\SToIHVo.exe
      C:\Windows\System32\SToIHVo.exe
      4⤵
      PID:10056
  - - C:\Windows\System32\SWHsPSE.exe
      C:\Windows\System32\SWHsPSE.exe
      4⤵
      PID:11324
  - - C:\Windows\System32\umPSbrS.exe
      C:\Windows\System32\umPSbrS.exe
      4⤵
      PID:11376
  - - C:\Windows\System32\wqTdDuP.exe
      C:\Windows\System32\wqTdDuP.exe
      4⤵
      PID:11404
  - - C:\Windows\System32\dQaBSOd.exe
      C:\Windows\System32\dQaBSOd.exe
      4⤵
      PID:9008
  - - C:\Windows\System32\rITpEkM.exe
      C:\Windows\System32\rITpEkM.exe
      4⤵
      PID:11616
  - - C:\Windows\System32\hvkzoxz.exe
      C:\Windows\System32\hvkzoxz.exe
      4⤵
      PID:9548
  - - C:\Windows\System32\nsgVrQN.exe
      C:\Windows\System32\nsgVrQN.exe
      4⤵
      PID:8168
  - - C:\Windows\System32\aOkBlLs.exe
      C:\Windows\System32\aOkBlLs.exe
      4⤵
      PID:7524
  - - C:\Windows\System32\QanCwGH.exe
      C:\Windows\System32\QanCwGH.exe
      4⤵
      PID:10724
  - - C:\Windows\System32\scnOLUH.exe
      C:\Windows\System32\scnOLUH.exe
      4⤵
      PID:5524
  - - C:\Windows\System32\HrzZGMb.exe
      C:\Windows\System32\HrzZGMb.exe
      4⤵
      PID:3252
  - - C:\Windows\System32\lDvDkkG.exe
      C:\Windows\System32\lDvDkkG.exe
      4⤵
      PID:11676
  - - C:\Windows\System32\vhVHOJc.exe
      C:\Windows\System32\vhVHOJc.exe
      4⤵
      PID:11696
  - - C:\Windows\System32\eyATkEI.exe
      C:\Windows\System32\eyATkEI.exe
      4⤵
      PID:11720
  - - C:\Windows\System32\cjSsKwd.exe
      C:\Windows\System32\cjSsKwd.exe
      4⤵
      PID:9420
  - - C:\Windows\System32\loCWmEi.exe
      C:\Windows\System32\loCWmEi.exe
      4⤵
      PID:11784
  - - C:\Windows\System32\ZqyaCtU.exe
      C:\Windows\System32\ZqyaCtU.exe
      4⤵
      PID:11812
  - - C:\Windows\System32\elYKBZC.exe
      C:\Windows\System32\elYKBZC.exe
      4⤵
      PID:11084
  - - C:\Windows\System32\PfBmyCH.exe
      C:\Windows\System32\PfBmyCH.exe
      4⤵
      PID:6840
  - - C:\Windows\System32\vGqrQkC.exe
      C:\Windows\System32\vGqrQkC.exe
      4⤵
      PID:9072
  - - C:\Windows\System32\ifYbDMz.exe
      C:\Windows\System32\ifYbDMz.exe
      4⤵
      PID:9108
  - - C:\Windows\System32\kiXeIBY.exe
      C:\Windows\System32\kiXeIBY.exe
      4⤵
      PID:2620
  - - C:\Windows\System32\SIiEccQ.exe
      C:\Windows\System32\SIiEccQ.exe
      4⤵
      PID:10664
  - - C:\Windows\System32\iFPZPgE.exe
      C:\Windows\System32\iFPZPgE.exe
      4⤵
      PID:8308
  - - C:\Windows\System32\PpjtouM.exe
      C:\Windows\System32\PpjtouM.exe
      4⤵
      PID:10564
  - - C:\Windows\System32\TPzjRYW.exe
      C:\Windows\System32\TPzjRYW.exe
      4⤵
      PID:2996
  - - C:\Windows\System32\CCggrpi.exe
      C:\Windows\System32\CCggrpi.exe
      4⤵
      PID:8172
  - - C:\Windows\System32\xNCeZDx.exe
      C:\Windows\System32\xNCeZDx.exe
      4⤵
      PID:6000
  - - C:\Windows\System32\SrSFjNW.exe
      C:\Windows\System32\SrSFjNW.exe
      4⤵
      PID:12236
  - - C:\Windows\System32\qhBnOQU.exe
      C:\Windows\System32\qhBnOQU.exe
      4⤵
      PID:5564
  - - C:\Windows\System32\bJRXhLz.exe
      C:\Windows\System32\bJRXhLz.exe
      4⤵
      PID:10316
  - - C:\Windows\System32\etdKnZr.exe
      C:\Windows\System32\etdKnZr.exe
      4⤵
      PID:11772
  - - C:\Windows\System32\wWUKfVa.exe
      C:\Windows\System32\wWUKfVa.exe
      4⤵
      PID:9252
  - - C:\Windows\System32\DQfClnW.exe
      C:\Windows\System32\DQfClnW.exe
      4⤵
      PID:9356
  - - C:\Windows\System32\uYLKkXJ.exe
      C:\Windows\System32\uYLKkXJ.exe
      4⤵
      PID:11704
  - - C:\Windows\System32\ICpaHwi.exe
      C:\Windows\System32\ICpaHwi.exe
      4⤵
      PID:7056
  - - C:\Windows\System32\ppCnRVF.exe
      C:\Windows\System32\ppCnRVF.exe
      4⤵
      PID:7660
  - - C:\Windows\System32\zeKjvJI.exe
      C:\Windows\System32\zeKjvJI.exe
      4⤵
      PID:6856
  - - C:\Windows\System32\ZsMSNoj.exe
      C:\Windows\System32\ZsMSNoj.exe
      4⤵
      PID:5108
  - - C:\Windows\System32\kXlMCMc.exe
      C:\Windows\System32\kXlMCMc.exe
      4⤵
      PID:7080
  - - C:\Windows\System32\KQqicpw.exe
      C:\Windows\System32\KQqicpw.exe
      4⤵
      PID:6528
  - - C:\Windows\System32\BjpZvCc.exe
      C:\Windows\System32\BjpZvCc.exe
      4⤵
      PID:4188
  - - C:\Windows\System32\qdKEZDz.exe
      C:\Windows\System32\qdKEZDz.exe
      4⤵
      PID:6256
  - - C:\Windows\System32\gqjhJRY.exe
      C:\Windows\System32\gqjhJRY.exe
      4⤵
      PID:7836
  - - C:\Windows\System32\BoLcGkK.exe
      C:\Windows\System32\BoLcGkK.exe
      4⤵
      PID:5532
  - - C:\Windows\System32\yQQPaWX.exe
      C:\Windows\System32\yQQPaWX.exe
      4⤵
      PID:5076
  - - C:\Windows\System32\Hvnsnzx.exe
      C:\Windows\System32\Hvnsnzx.exe
      4⤵
      PID:3616
  - - C:\Windows\System32\jGEXCUr.exe
      C:\Windows\System32\jGEXCUr.exe
      4⤵
      PID:4328
  - - C:\Windows\System32\iGkbsTr.exe
      C:\Windows\System32\iGkbsTr.exe
      4⤵
      PID:9544
  - - C:\Windows\System32\pcEQtSo.exe
      C:\Windows\System32\pcEQtSo.exe
      4⤵
      PID:11804
  - - C:\Windows\System32\rQqfiKW.exe
      C:\Windows\System32\rQqfiKW.exe
      4⤵
      PID:11928
  - - C:\Windows\System32\MkECnCb.exe
      C:\Windows\System32\MkECnCb.exe
      4⤵
      PID:6368
  - - C:\Windows\System32\MNoOFal.exe
      C:\Windows\System32\MNoOFal.exe
      4⤵
      PID:9268
  - - C:\Windows\System32\nsbgbzh.exe
      C:\Windows\System32\nsbgbzh.exe
      4⤵
      PID:11304
  - - C:\Windows\System32\CNZLIPJ.exe
      C:\Windows\System32\CNZLIPJ.exe
      4⤵
      PID:3308
  - - C:\Windows\System32\xLrWIhx.exe
      C:\Windows\System32\xLrWIhx.exe
      4⤵
      PID:10320
  - - C:\Windows\System32\iPxTOJS.exe
      C:\Windows\System32\iPxTOJS.exe
      4⤵
      PID:4508
  - - C:\Windows\System32\rSKyIir.exe
      C:\Windows\System32\rSKyIir.exe
      4⤵
      PID:10956
  - - C:\Windows\System32\XAZmgGX.exe
      C:\Windows\System32\XAZmgGX.exe
      4⤵
      PID:7872
  - - C:\Windows\System32\kVZkgWN.exe
      C:\Windows\System32\kVZkgWN.exe
      4⤵
      PID:5092
  - - C:\Windows\System32\XLrJpOG.exe
      C:\Windows\System32\XLrJpOG.exe
      4⤵
      PID:7040
  - - C:\Windows\System32\ruVDlcS.exe
      C:\Windows\System32\ruVDlcS.exe
      4⤵
      PID:7108
  - - C:\Windows\System32\fRISQsD.exe
      C:\Windows\System32\fRISQsD.exe
      4⤵
      PID:6664
  - - C:\Windows\System32\HjPGIQd.exe
      C:\Windows\System32\HjPGIQd.exe
      4⤵
      PID:7940
  - - C:\Windows\System32\QaLClWw.exe
      C:\Windows\System32\QaLClWw.exe
      4⤵
      PID:7620
  - - C:\Windows\System32\FUpCHMJ.exe
      C:\Windows\System32\FUpCHMJ.exe
      4⤵
      PID:6248
  - - C:\Windows\System32\UVGyoLH.exe
      C:\Windows\System32\UVGyoLH.exe
      4⤵
      PID:6928
  - - C:\Windows\System32\KXkSktW.exe
      C:\Windows\System32\KXkSktW.exe
      4⤵
      PID:5308
  - - C:\Windows\System32\XrsAUNV.exe
      C:\Windows\System32\XrsAUNV.exe
      4⤵
      PID:6300
  - - C:\Windows\System32\VnkjsIv.exe
      C:\Windows\System32\VnkjsIv.exe
      4⤵
      PID:4452
  - - C:\Windows\System32\opIdFpm.exe
      C:\Windows\System32\opIdFpm.exe
      4⤵
      PID:9616
  - - C:\Windows\System32\ZdosZXu.exe
      C:\Windows\System32\ZdosZXu.exe
      4⤵
      PID:1484
  - - C:\Windows\System32\sJMLNxk.exe
      C:\Windows\System32\sJMLNxk.exe
      4⤵
      PID:6224
  - - C:\Windows\System32\VXwIrQI.exe
      C:\Windows\System32\VXwIrQI.exe
      4⤵
      PID:964
  - - C:\Windows\System32\wtFOGGA.exe
      C:\Windows\System32\wtFOGGA.exe
      4⤵
      PID:8360
  - - C:\Windows\System32\DXpEnSJ.exe
      C:\Windows\System32\DXpEnSJ.exe
      4⤵
      PID:9624
  - - C:\Windows\System32\QlBFtwH.exe
      C:\Windows\System32\QlBFtwH.exe
      4⤵
      PID:4728
  - - C:\Windows\System32\UJobDgq.exe
      C:\Windows\System32\UJobDgq.exe
      4⤵
      PID:8344
  - - C:\Windows\System32\vVnVTvl.exe
      C:\Windows\System32\vVnVTvl.exe
      4⤵
      PID:7652
  - - C:\Windows\System32\TlPGGHw.exe
      C:\Windows\System32\TlPGGHw.exe
      4⤵
      PID:6376
  - - C:\Windows\System32\zanaeyj.exe
      C:\Windows\System32\zanaeyj.exe
      4⤵
      PID:2224
  - - C:\Windows\System32\jHkvllh.exe
      C:\Windows\System32\jHkvllh.exe
      4⤵
      PID:11472
  - - C:\Windows\System32\iMNBizo.exe
      C:\Windows\System32\iMNBizo.exe
      4⤵
      PID:7780
  - - C:\Windows\System32\lDAovqh.exe
      C:\Windows\System32\lDAovqh.exe
      4⤵
      PID:8572
  - - C:\Windows\System32\DlQVUGh.exe
      C:\Windows\System32\DlQVUGh.exe
      4⤵
      PID:7596
  - - C:\Windows\System32\fNuSoNu.exe
      C:\Windows\System32\fNuSoNu.exe
      4⤵
      PID:10104
  - - C:\Windows\System32\VZIGyxe.exe
      C:\Windows\System32\VZIGyxe.exe
      4⤵
      PID:2300
  - - C:\Windows\System32\qPuXKdE.exe
      C:\Windows\System32\qPuXKdE.exe
      4⤵
      PID:1624
  - - C:\Windows\System32\JlAEPlA.exe
      C:\Windows\System32\JlAEPlA.exe
      4⤵
      PID:11528
  - - C:\Windows\System32\HOebHIU.exe
      C:\Windows\System32\HOebHIU.exe
      4⤵
      PID:9328
  - - C:\Windows\System32\cQnWQjT.exe
      C:\Windows\System32\cQnWQjT.exe
      4⤵
      PID:10588
  - - C:\Windows\System32\WnCBrTt.exe
      C:\Windows\System32\WnCBrTt.exe
      4⤵
      PID:11456
  - - C:\Windows\System32\QSEYaNr.exe
      C:\Windows\System32\QSEYaNr.exe
      4⤵
      PID:2872
  - - C:\Windows\System32\ryPhYsI.exe
      C:\Windows\System32\ryPhYsI.exe
      4⤵
      PID:5052
  - - C:\Windows\System32\HEZpenF.exe
      C:\Windows\System32\HEZpenF.exe
      4⤵
      PID:5196
  - - C:\Windows\System32\QLnlIjn.exe
      C:\Windows\System32\QLnlIjn.exe
      4⤵
      PID:6588
  - - C:\Windows\System32\GGVyHmN.exe
      C:\Windows\System32\GGVyHmN.exe
      4⤵
      PID:7964
  - - C:\Windows\System32\mutpekH.exe
      C:\Windows\System32\mutpekH.exe
      4⤵
      PID:1512
  - - C:\Windows\System32\EppeIyb.exe
      C:\Windows\System32\EppeIyb.exe
      4⤵
      PID:6948
  - - C:\Windows\System32\UUZLjCY.exe
      C:\Windows\System32\UUZLjCY.exe
      4⤵
      PID:6220
  - - C:\Windows\System32\WklSehu.exe
      C:\Windows\System32\WklSehu.exe
      4⤵
      PID:11476
  - - C:\Windows\System32\NHreZnp.exe
      C:\Windows\System32\NHreZnp.exe
      4⤵
      PID:10356
  - - C:\Windows\System32\PMZnCJp.exe
      C:\Windows\System32\PMZnCJp.exe
      4⤵
      PID:11464
  - - C:\Windows\System32\zZLAotf.exe
      C:\Windows\System32\zZLAotf.exe
      4⤵
      PID:12512
  - - C:\Windows\System32\KDpepPz.exe
      C:\Windows\System32\KDpepPz.exe
      4⤵
      PID:12528
  - - C:\Windows\System32\MwPJfYW.exe
      C:\Windows\System32\MwPJfYW.exe
      4⤵
      PID:13284
  - - C:\Windows\System32\teOVhVE.exe
      C:\Windows\System32\teOVhVE.exe
      4⤵
      PID:13300
  - - C:\Windows\System32\swekocH.exe
      C:\Windows\System32\swekocH.exe
      4⤵
      PID:7480
  - - C:\Windows\System32\SMkxWzT.exe
      C:\Windows\System32\SMkxWzT.exe
      4⤵
      PID:5932
  - - C:\Windows\System32\GLPqndv.exe
      C:\Windows\System32\GLPqndv.exe
      4⤵
      PID:7992
  - - C:\Windows\System32\wXlftiy.exe
      C:\Windows\System32\wXlftiy.exe
      4⤵
      PID:10364
  - - C:\Windows\System32\SsUPzLB.exe
      C:\Windows\System32\SsUPzLB.exe
      4⤵
      PID:4472
  - - C:\Windows\System32\xPkvfpE.exe
      C:\Windows\System32\xPkvfpE.exe
      4⤵
      PID:6776
  - - C:\Windows\System32\CDblShg.exe
      C:\Windows\System32\CDblShg.exe
      4⤵
      PID:9360
  - - C:\Windows\System32\IRFJXiT.exe
      C:\Windows\System32\IRFJXiT.exe
      4⤵
      PID:12808
  - - C:\Windows\System32\wWYtLRa.exe
      C:\Windows\System32\wWYtLRa.exe
      4⤵
      PID:12864
  - - C:\Windows\System32\kqpUksr.exe
      C:\Windows\System32\kqpUksr.exe
      4⤵
      PID:12920
  - - C:\Windows\System32\LuLioML.exe
      C:\Windows\System32\LuLioML.exe
      4⤵
      PID:13000
  - - C:\Windows\System32\xUUxLYk.exe
      C:\Windows\System32\xUUxLYk.exe
      4⤵
      PID:5212
  - - C:\Windows\System32\KsueTLM.exe
      C:\Windows\System32\KsueTLM.exe
      4⤵
      PID:12656
  - - C:\Windows\System32\avjJBwu.exe
      C:\Windows\System32\avjJBwu.exe
      4⤵
      PID:12888
  - - C:\Windows\System32\ECMrYZX.exe
      C:\Windows\System32\ECMrYZX.exe
      4⤵
      PID:12492
  - - C:\Windows\System32\mqrGHil.exe
      C:\Windows\System32\mqrGHil.exe
      4⤵
      PID:12680
  - - C:\Windows\System32\mXxxsnK.exe
      C:\Windows\System32\mXxxsnK.exe
      4⤵
      PID:13192
  - - C:\Windows\System32\CsJpqWK.exe
      C:\Windows\System32\CsJpqWK.exe
      4⤵
      PID:13032
  - - C:\Windows\System32\KVifAwy.exe
      C:\Windows\System32\KVifAwy.exe
      4⤵
      PID:11536
  - - C:\Windows\System32\tluTSfy.exe
      C:\Windows\System32\tluTSfy.exe
      4⤵
      PID:12480
  - - C:\Windows\System32\ChRDDEP.exe
      C:\Windows\System32\ChRDDEP.exe
      4⤵
      PID:13324
  - - C:\Windows\System32\CoICVpd.exe
      C:\Windows\System32\CoICVpd.exe
      4⤵
      PID:13340
  - - C:\Windows\System32\uijrGXm.exe
      C:\Windows\System32\uijrGXm.exe
      4⤵
      PID:13364
  - - C:\Windows\System32\qrYikRy.exe
      C:\Windows\System32\qrYikRy.exe
      4⤵
      PID:13384
  - - C:\Windows\System32\usRAJWe.exe
      C:\Windows\System32\usRAJWe.exe
      4⤵
      PID:13448
  - - C:\Windows\System32\lZsAyAk.exe
      C:\Windows\System32\lZsAyAk.exe
      4⤵
      PID:13480
  - - C:\Windows\System32\zRZSqZl.exe
      C:\Windows\System32\zRZSqZl.exe
      4⤵
      PID:13500
  - - C:\Windows\System32\JWztlff.exe
      C:\Windows\System32\JWztlff.exe
      4⤵
      PID:13724
  - - C:\Windows\System32\FDETqDZ.exe
      C:\Windows\System32\FDETqDZ.exe
      4⤵
      PID:12856
  - - C:\Windows\System32\xDqNTcg.exe
      C:\Windows\System32\xDqNTcg.exe
      4⤵
      PID:13996
  - - C:\Windows\System32\PipMJLV.exe
      C:\Windows\System32\PipMJLV.exe
      4⤵
      PID:14036
  - - C:\Windows\System32\eRLpOWp.exe
      C:\Windows\System32\eRLpOWp.exe
      4⤵
      PID:14056
  - - C:\Windows\System32\DKqfCpV.exe
      C:\Windows\System32\DKqfCpV.exe
      4⤵
      PID:14072
  - - C:\Windows\System32\ysfkAgL.exe
      C:\Windows\System32\ysfkAgL.exe
      4⤵
      PID:14180
  - - C:\Windows\System32\UlwhUSi.exe
      C:\Windows\System32\UlwhUSi.exe
      4⤵
      PID:14196
  - - C:\Windows\System32\xtnAVDA.exe
      C:\Windows\System32\xtnAVDA.exe
      4⤵
      PID:14228
  - - C:\Windows\System32\fKmpjdj.exe
      C:\Windows\System32\fKmpjdj.exe
      4⤵
      PID:14248
  - - C:\Windows\System32\JLZbmvP.exe
      C:\Windows\System32\JLZbmvP.exe
      4⤵
      PID:12312
  - - C:\Windows\System32\spOXRsc.exe
      C:\Windows\System32\spOXRsc.exe
      4⤵
      PID:3552
  - - C:\Windows\System32\COYfqde.exe
      C:\Windows\System32\COYfqde.exe
      4⤵
      PID:6208
  - - C:\Windows\System32\FXfWGil.exe
      C:\Windows\System32\FXfWGil.exe
      4⤵
      PID:8120
  - - C:\Windows\System32\gwVeOLg.exe
      C:\Windows\System32\gwVeOLg.exe
      4⤵
      PID:4392
  - - C:\Windows\System32\DmstLGY.exe
      C:\Windows\System32\DmstLGY.exe
      4⤵
      PID:10188
  - - C:\Windows\System32\mlLqSAy.exe
      C:\Windows\System32\mlLqSAy.exe
      4⤵
      PID:5364
  - - C:\Windows\System32\RelDubI.exe
      C:\Windows\System32\RelDubI.exe
      4⤵
      PID:452
  - - C:\Windows\System32\ZxRyedp.exe
      C:\Windows\System32\ZxRyedp.exe
      4⤵
      PID:13988
  - - C:\Windows\System32\glLzuJg.exe
      C:\Windows\System32\glLzuJg.exe
      4⤵
      PID:7156
  - - C:\Windows\System32\vaqemwI.exe
      C:\Windows\System32\vaqemwI.exe
      4⤵
      PID:9320
  - - C:\Windows\System32\NSQkziK.exe
      C:\Windows\System32\NSQkziK.exe
      4⤵
      PID:13496
  - - C:\Windows\System32\AAocVcp.exe
      C:\Windows\System32\AAocVcp.exe
      4⤵
      PID:12688
  - - C:\Windows\System32\UllPlsh.exe
      C:\Windows\System32\UllPlsh.exe
      4⤵
      PID:14304
  - - C:\Windows\System32\Ceysrvz.exe
      C:\Windows\System32\Ceysrvz.exe
      4⤵
      PID:9204
  - - C:\Windows\System32\wUjKgnl.exe
      C:\Windows\System32\wUjKgnl.exe
      4⤵
      PID:12944
  - - C:\Windows\System32\PYjufln.exe
      C:\Windows\System32\PYjufln.exe
      4⤵
      PID:13076
  - - C:\Windows\System32\oWUTemI.exe
      C:\Windows\System32\oWUTemI.exe
      4⤵
      PID:14116
  - - C:\Windows\System32\goJFpaT.exe
      C:\Windows\System32\goJFpaT.exe
      4⤵
      PID:14088
  - - C:\Windows\System32\vOGNKeG.exe
      C:\Windows\System32\vOGNKeG.exe
      4⤵
      PID:5152
  - - C:\Windows\System32\iAvfKic.exe
      C:\Windows\System32\iAvfKic.exe
      4⤵
      PID:6800
  - - C:\Windows\System32\eMfwxNo.exe
      C:\Windows\System32\eMfwxNo.exe
      4⤵
      PID:9044
  - - C:\Windows\System32\YwBRCvP.exe
      C:\Windows\System32\YwBRCvP.exe
      4⤵
      PID:2324
  - - C:\Windows\System32\PwpKrFt.exe
      C:\Windows\System32\PwpKrFt.exe
      4⤵
      PID:12744
  - - C:\Windows\System32\hlBHAAQ.exe
      C:\Windows\System32\hlBHAAQ.exe
      4⤵
      PID:7996
  - - C:\Windows\System32\NMrmDqa.exe
      C:\Windows\System32\NMrmDqa.exe
      4⤵
      PID:6392
  - - C:\Windows\System32\sTqFOat.exe
      C:\Windows\System32\sTqFOat.exe
      4⤵
      PID:9000
  - - C:\Windows\System32\OWTIXCk.exe
      C:\Windows\System32\OWTIXCk.exe
      4⤵
      PID:2532
  - - C:\Windows\System32\eyFCyoT.exe
      C:\Windows\System32\eyFCyoT.exe
      4⤵
      PID:13784
  - - C:\Windows\System32\VEmfwAt.exe
      C:\Windows\System32\VEmfwAt.exe
      4⤵
      PID:11436
  - - C:\Windows\System32\JZeVwdt.exe
      C:\Windows\System32\JZeVwdt.exe
      4⤵
      PID:14068
  - - C:\Windows\System32\clSJjxo.exe
      C:\Windows\System32\clSJjxo.exe
      4⤵
      PID:14616
  - - C:\Windows\System32\TXUCeET.exe
      C:\Windows\System32\TXUCeET.exe
      4⤵
      PID:12100
  - - C:\Windows\System32\Utmehzb.exe
      C:\Windows\System32\Utmehzb.exe
      4⤵
      PID:2908
  - - C:\Windows\System32\OsKGWzv.exe
      C:\Windows\System32\OsKGWzv.exe
      4⤵
      PID:10312
  - - C:\Windows\System32\wSgEuCW.exe
      C:\Windows\System32\wSgEuCW.exe
      4⤵
      PID:12584
  - - C:\Windows\System32\svmNwmk.exe
      C:\Windows\System32\svmNwmk.exe
      4⤵
      PID:15060
  - - C:\Windows\System32\tGmdcaZ.exe
      C:\Windows\System32\tGmdcaZ.exe
      4⤵
      PID:12616
  - - C:\Windows\System32\jPtOcIC.exe
      C:\Windows\System32\jPtOcIC.exe
      4⤵
      PID:16228
  - - C:\Windows\System32\IecCazF.exe
      C:\Windows\System32\IecCazF.exe
      4⤵
      PID:16272
  - - C:\Windows\System32\KwnqMSE.exe
      C:\Windows\System32\KwnqMSE.exe
      4⤵
      PID:408
  - - C:\Windows\System32\pNkfghv.exe
      C:\Windows\System32\pNkfghv.exe
      4⤵
      PID:15488
  - - C:\Windows\System32\kZCYpAP.exe
      C:\Windows\System32\kZCYpAP.exe
      4⤵
      PID:15188
  - - C:\Windows\System32\qTEUgeG.exe
      C:\Windows\System32\qTEUgeG.exe
      4⤵
      PID:15240
  - - C:\Windows\System32\kZwPkKd.exe
      C:\Windows\System32\kZwPkKd.exe
      4⤵
      PID:16056
  - - C:\Windows\System32\dEtfnva.exe
      C:\Windows\System32\dEtfnva.exe
      4⤵
      PID:8932
  - - C:\Windows\System32\gRAbGFz.exe
      C:\Windows\System32\gRAbGFz.exe
      4⤵
      PID:9172
  - - C:\Windows\System32\ftSpdvU.exe
      C:\Windows\System32\ftSpdvU.exe
      4⤵
      PID:16340
  - - C:\Windows\System32\YLKACop.exe
      C:\Windows\System32\YLKACop.exe
      4⤵
      PID:10196
  - - C:\Windows\System32\vyCExDR.exe
      C:\Windows\System32\vyCExDR.exe
      4⤵
      PID:15140
  - - C:\Windows\System32\tmTDykz.exe
      C:\Windows\System32\tmTDykz.exe
      4⤵
      PID:15232
  - - C:\Windows\System32\FlzREBJ.exe
      C:\Windows\System32\FlzREBJ.exe
      4⤵
      PID:7336
  - - C:\Windows\System32\eFppUZT.exe
      C:\Windows\System32\eFppUZT.exe
      4⤵
      PID:12520
  - - C:\Windows\System32\FrxyTLP.exe
      C:\Windows\System32\FrxyTLP.exe
      4⤵
      PID:12712
  - - C:\Windows\System32\IEvYvgQ.exe
      C:\Windows\System32\IEvYvgQ.exe
      4⤵
      PID:14212
  - - C:\Windows\System32\zzozWCq.exe
      C:\Windows\System32\zzozWCq.exe
      4⤵
      PID:15072
  - - C:\Windows\System32\SCLjqcp.exe
      C:\Windows\System32\SCLjqcp.exe
      4⤵
      PID:17064
  - - C:\Windows\System32\eVpYoSk.exe
      C:\Windows\System32\eVpYoSk.exe
      4⤵
      PID:4804
  - - C:\Windows\System32\IFIMPHD.exe
      C:\Windows\System32\IFIMPHD.exe
      4⤵
      PID:16416
  - - C:\Windows\System32\JRzPSmN.exe
      C:\Windows\System32\JRzPSmN.exe
      4⤵
      PID:16924
- - C:\Users\Admin\Downloads\240919-pmtl1syapd_eb54d97463126d2c847af3d180f96770_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pmtl1syapd_eb54d97463126d2c847af3d180f96770_JaffaCakes118.exe
    3⤵
    PID:6192
- - C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:7412
  - - C:\Users\Admin\AppData\Local\lustring\reindulgence.exe
      "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
      4⤵
      PID:9428
    - - C:\Windows\SysWOW64\svchost.exe
        
        "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
        5⤵
        
        PID:10980
      - C:\Windows\SysWOW64\help.exe
        
        "C:\Windows\SysWOW64\help.exe"
        6⤵
        
        PID:11340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 672
        5⤵
        Program crash
        
        PID:11424
- - C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    3⤵
    PID:7728
  - - \??\c:\tttnnt.exe
      c:\tttnnt.exe
      4⤵
      PID:5208
    - - \??\c:\ddjjp.exe
        
        c:\ddjjp.exe
        5⤵
        
        PID:2640
      - \??\c:\lffxrrl.exe
        
        c:\lffxrrl.exe
        6⤵
        
        PID:10796
        
        \??\c:\vjjjd.exe
        
        c:\vjjjd.exe
        7⤵
        
        PID:10056
        
        \??\c:\tttnhh.exe
        
        c:\tttnhh.exe
        8⤵
        
        PID:7700
        
        \??\c:\djpjv.exe
        
        c:\djpjv.exe
        9⤵
        
        PID:1616
        
        \??\c:\9fxlfrl.exe
        
        c:\9fxlfrl.exe
        10⤵
        
        PID:64
        
        \??\c:\frxxrrr.exe
        
        c:\frxxrrr.exe
        11⤵
        
        PID:12268
        
        \??\c:\rffxrxr.exe
        
        c:\rffxrxr.exe
        12⤵
        
        PID:9328
        
        \??\c:\jdppp.exe
        
        c:\jdppp.exe
        13⤵
        
        PID:11588
        
        \??\c:\1jdvp.exe
        
        c:\1jdvp.exe
        14⤵
        
        PID:8520
        
        \??\c:\lxffrrr.exe
        
        c:\lxffrrr.exe
        15⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 272
        16⤵
        Program crash
        
        PID:11524
- - C:\Users\Admin\Downloads\240919-pkgjnsydpp_9c0fdea0cf6777b2223471c85231b0be7b6c250b8bbf8a4262331fcb2483fef4N.exe
    C:\Users\Admin\Downloads\240919-pkgjnsydpp_9c0fdea0cf6777b2223471c85231b0be7b6c250b8bbf8a4262331fcb2483fef4N.exe
    3⤵
    PID:7744
- - C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    C:\Users\Admin\Downloads\240919-pr1acsygql_ce02184d0d3c906e141508a5b94069cd84a2d361abb0fba9b4c1dadf64fe9d2dN.exe
    3⤵
    PID:7756
  - - C:\Windows\SysWOW64\Mgnlkfal.exe
      C:\Windows\system32\Mgnlkfal.exe
      4⤵
      PID:7256
    - - C:\Windows\SysWOW64\Njjdho32.exe
        
        C:\Windows\system32\Njjdho32.exe
        5⤵
        
        PID:7292
      - C:\Windows\SysWOW64\Pnfiplog.exe
        
        C:\Windows\system32\Pnfiplog.exe
        6⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\Dkhgod32.exe
        
        C:\Windows\system32\Dkhgod32.exe
        7⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\Ilnlom32.exe
        
        C:\Windows\system32\Ilnlom32.exe
        8⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\Nmcpoedn.exe
        
        C:\Windows\system32\Nmcpoedn.exe
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Ojhiogdd.exe
        
        C:\Windows\system32\Ojhiogdd.exe
        10⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\Dgdncplk.exe
        
        C:\Windows\system32\Dgdncplk.exe
        11⤵
        
        PID:812
        
        C:\Windows\SysWOW64\Hnpaec32.exe
        
        C:\Windows\system32\Hnpaec32.exe
        12⤵
        
        PID:6528
- - C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    3⤵
    PID:7792
- - C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe
    "C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe"
    3⤵
    PID:3164
- - C:\Users\Admin\Downloads\240919-pkm2fsxhnc_68ac9ad3a9d617aa87f0abaf98fc9afab3712c6999b72e7ba2d1ad8d27a0a146N.exe
    C:\Users\Admin\Downloads\240919-pkm2fsxhnc_68ac9ad3a9d617aa87f0abaf98fc9afab3712c6999b72e7ba2d1ad8d27a0a146N.exe
    3⤵
    PID:8228
  - - \??\c:\tbhtht.exe
      c:\tbhtht.exe
      4⤵
      PID:8904
    - - \??\c:\rffrxxl.exe
        
        c:\rffrxxl.exe
        5⤵
        
        PID:6348
      - \??\c:\9hbtnh.exe
        
        c:\9hbtnh.exe
        6⤵
        
        PID:6412
        
        \??\c:\bhnnhn.exe
        
        c:\bhnnhn.exe
        7⤵
        
        PID:2624
        
        \??\c:\ppvpv.exe
        
        c:\ppvpv.exe
        8⤵
        
        PID:8972
        
        \??\c:\rxffxfx.exe
        
        c:\rxffxfx.exe
        9⤵
        
        PID:2300
        
        \??\c:\xfxrlfl.exe
        
        c:\xfxrlfl.exe
        10⤵
        
        PID:11996
        
        \??\c:\pddpj.exe
        
        c:\pddpj.exe
        11⤵
        
        PID:9992
- - C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
    3⤵
    PID:8244
  - - C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
      C:\Users\Admin\Downloads\240919-pr2hesycra_eb582fbba1ba45b49018eecfe0682f3d_JaffaCakes118.exe
      4⤵
      PID:6776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 208
        5⤵
        Program crash
        
        PID:7480
- - C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    3⤵
    PID:8256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 1076
      4⤵
      Program crash
      PID:11964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 1084
      4⤵
      Program crash
      PID:2124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 1168
      4⤵
      Program crash
      PID:13824
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 1176
      4⤵
      Program crash
      PID:4992
- - C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe
    "C:\Users\Admin\Downloads\240919-pnzvesyfnl_ROC ORDER.exe"
    3⤵
    PID:8264
- - C:\Users\Admin\Downloads\240919-pjswbaydnk_61cee45a58d56be4750ee0ef1a81c0a31abd658cd41d6be52510a440f7dcfdfbN.exe
    C:\Users\Admin\Downloads\240919-pjswbaydnk_61cee45a58d56be4750ee0ef1a81c0a31abd658cd41d6be52510a440f7dcfdfbN.exe
    3⤵
    PID:8276
  - - C:\Windows\SysWOW64\Qpcecb32.exe
      C:\Windows\system32\Qpcecb32.exe
      4⤵
      PID:1900
    - - C:\Windows\SysWOW64\Filapfbo.exe
        
        C:\Windows\system32\Filapfbo.exe
        5⤵
        
        PID:11252
      - C:\Windows\SysWOW64\Oihmedma.exe
        
        C:\Windows\system32\Oihmedma.exe
        6⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\Qikbaaml.exe
        
        C:\Windows\system32\Qikbaaml.exe
        7⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\Ckbncapd.exe
        
        C:\Windows\system32\Ckbncapd.exe
        8⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\Jdmcdhhe.exe
        
        C:\Windows\system32\Jdmcdhhe.exe
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\Kalcik32.exe
        
        C:\Windows\system32\Kalcik32.exe
        10⤵
        
        PID:1524
- - C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
    3⤵
    PID:8288
  - - C:\Users\Admin\AppData\Local\totted\sacculation.exe
      C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
      4⤵
      PID:4032
- - C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    3⤵
    PID:8300
  - - C:\Windows\SysWOW64\Edeeci32.exe
      C:\Windows\system32\Edeeci32.exe
      4⤵
      PID:11036
    - - C:\Windows\SysWOW64\Glfmgp32.exe
        
        C:\Windows\system32\Glfmgp32.exe
        5⤵
        
        PID:10208
      - C:\Windows\SysWOW64\Mjggal32.exe
        
        C:\Windows\system32\Mjggal32.exe
        6⤵
        
        PID:9560
- - C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    3⤵
    PID:8312
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
      4⤵
      PID:5500
- - C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    3⤵
    PID:8324
- - C:\Users\Admin\Downloads\240919-pjbl2aydmj_file.exe
    C:\Users\Admin\Downloads\240919-pjbl2aydmj_file.exe
    3⤵
    PID:8336
- - C:\Users\Admin\Downloads\240919-pjqqysydnj_eb52a85af6c9d34ae4faa120e2ca0b40_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pjqqysydnj_eb52a85af6c9d34ae4faa120e2ca0b40_JaffaCakes118.exe
    3⤵
    PID:8348
- - C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    3⤵
    PID:8356
  - - C:\Windows\SysWOW64\Eomffaag.exe
      C:\Windows\system32\Eomffaag.exe
      4⤵
      PID:11100
    - - C:\Windows\SysWOW64\Mjggal32.exe
        
        C:\Windows\system32\Mjggal32.exe
        5⤵
        
        PID:8660
- - C:\Users\Admin\Downloads\240919-pkhrqsydpr_2024-09-19_2902f742fd97d91cdf9709d16c17f224_floxif_mafia.exe
    C:\Users\Admin\Downloads\240919-pkhrqsydpr_2024-09-19_2902f742fd97d91cdf9709d16c17f224_floxif_mafia.exe
    3⤵
    PID:8372
- - C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
    3⤵
    PID:8384
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
      4⤵
      PID:11180
- - C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe
    "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
    3⤵
    PID:8396
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
      4⤵
      PID:6064
- - C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    3⤵
    PID:8404
  - - \??\c:\hhbtnn.exe
      c:\hhbtnn.exe
      4⤵
      PID:2996
    - - \??\c:\vpvdd.exe
        
        c:\vpvdd.exe
        5⤵
        
        PID:2372
      - \??\c:\htbtnh.exe
        
        c:\htbtnh.exe
        6⤵
        
        PID:11564
        
        \??\c:\jvjjd.exe
        
        c:\jvjjd.exe
        7⤵
        
        PID:1020
        
        \??\c:\tnnhbt.exe
        
        c:\tnnhbt.exe
        8⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 264
        9⤵
        Program crash
        
        PID:6804
- - C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
    C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
    3⤵
    PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\onefile_8412_133712230879085142\Stub.exe
      C:\Users\Admin\Downloads\240919-pkv23axhpd_Lustig.exe
      4⤵
      PID:5416
- - C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    3⤵
    PID:8432
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
      4⤵
      PID:11948
- - C:\Users\Admin\Downloads\240919-pjw8qsxhjh_eb52da90f75ae832560266690ab5eb46_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pjw8qsxhjh_eb52da90f75ae832560266690ab5eb46_JaffaCakes118.exe
    3⤵
    PID:8444
- - C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    3⤵
    PID:8456
- - C:\Users\Admin\Downloads\240919-plnz5syekq_Trojan.Win64.CoinMiner-bf525f074f45084861de521cd654982b3f3ebcecef76194bce8a4bcd4f161ff7N
    C:\Users\Admin\Downloads\240919-plnz5syekq_Trojan.Win64.CoinMiner-bf525f074f45084861de521cd654982b3f3ebcecef76194bce8a4bcd4f161ff7N
    3⤵
    PID:8468
- - C:\Users\Admin\Downloads\240919-pjlr1aydmq_acc757f9e622414863768fa14bc6cc0d149308440e5deaf176149385f6edc5e6N.exe
    C:\Users\Admin\Downloads\240919-pjlr1aydmq_acc757f9e622414863768fa14bc6cc0d149308440e5deaf176149385f6edc5e6N.exe
    3⤵
    PID:8480
  - - C:\Windows\SysWOW64\Akdilipp.exe
      C:\Windows\system32\Akdilipp.exe
      4⤵
      PID:9920
    - - C:\Windows\SysWOW64\Fbgbnkfm.exe
        
        C:\Windows\system32\Fbgbnkfm.exe
        5⤵
        
        PID:8836
      - C:\Windows\SysWOW64\Kcjjhdjb.exe
        
        C:\Windows\system32\Kcjjhdjb.exe
        6⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\Njjmni32.exe
        
        C:\Windows\system32\Njjmni32.exe
        7⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\Pcbkml32.exe
        
        C:\Windows\system32\Pcbkml32.exe
        8⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\Cajjjk32.exe
        
        C:\Windows\system32\Cajjjk32.exe
        9⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\Hgcmbj32.exe
        
        C:\Windows\system32\Hgcmbj32.exe
        10⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\Kdhbpf32.exe
        
        C:\Windows\system32\Kdhbpf32.exe
        11⤵
        
        PID:6520
- - C:\Users\Admin\Downloads\240919-pjdfmaydmk_eb52744d02d2a375f10baedd5a8917c6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pjdfmaydmk_eb52744d02d2a375f10baedd5a8917c6_JaffaCakes118.exe
    3⤵
    PID:8488
- - C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    3⤵
    PID:8500
- - C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe
    "C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe"
    3⤵
    PID:8512
- - C:\Users\Admin\Downloads\240919-pjenpaxgra_2689f2f29cecfa11ea326d2f0405c21a3854cdaf5b7762c64fbd027291860c13N.exe
    C:\Users\Admin\Downloads\240919-pjenpaxgra_2689f2f29cecfa11ea326d2f0405c21a3854cdaf5b7762c64fbd027291860c13N.exe
    3⤵
    PID:8524
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XdqHr.bat" "
      4⤵
      PID:2788
- - C:\Users\Admin\Downloads\240919-pnb4csyaqh_Comprobante_98756.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqh_Comprobante_98756.exe
    3⤵
    PID:8536
- - C:\Users\Admin\Downloads\240919-pndbesyfjl_Estado de Cuenta.exe
    "C:\Users\Admin\Downloads\240919-pndbesyfjl_Estado de Cuenta.exe"
    3⤵
    PID:8556
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pndbesyfjl_Estado de Cuenta.exe"
      4⤵
      PID:4900
- - C:\Users\Admin\Downloads\240919-pnet9ayarh_Facturas de pago 003839,72011,030184.bat.exe
    "C:\Users\Admin\Downloads\240919-pnet9ayarh_Facturas de pago 003839,72011,030184.bat.exe"
    3⤵
    PID:8564
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnet9ayarh_Facturas de pago 003839,72011,030184.bat.exe"
      4⤵
      PID:11604
- - C:\Users\Admin\Downloads\240919-pja1haydlq_ed009b0a52915c37539da85f6b5700745d374502163662ccd02e6baa4fefda3fN.exe
    C:\Users\Admin\Downloads\240919-pja1haydlq_ed009b0a52915c37539da85f6b5700745d374502163662ccd02e6baa4fefda3fN.exe
    3⤵
    PID:10328
- - C:\Users\Admin\Downloads\240919-ph86xaydln_3c6ceafaa6fcc8a58aa971065e2fda4954521abb67d1174740b5445f9c29e96aN.exe
    C:\Users\Admin\Downloads\240919-ph86xaydln_3c6ceafaa6fcc8a58aa971065e2fda4954521abb67d1174740b5445f9c29e96aN.exe
    3⤵
    PID:2388
  - - C:\Windows\SysWOW64\Nmhijd32.exe
      C:\Windows\system32\Nmhijd32.exe
      4⤵
      PID:3388
    - - C:\Windows\SysWOW64\Cpljehpo.exe
        
        C:\Windows\system32\Cpljehpo.exe
        5⤵
        
        PID:11412
      - C:\Windows\SysWOW64\Hegmlnbp.exe
        
        C:\Windows\system32\Hegmlnbp.exe
        6⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\Lcjldk32.exe
        
        C:\Windows\system32\Lcjldk32.exe
        7⤵
        
        PID:3512
- - C:\Users\Admin\Downloads\240919-phrlvsxgnf_eb5216dcc8e84937ead46858a881df03_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-phrlvsxgnf_eb5216dcc8e84937ead46858a881df03_JaffaCakes118.exe
    3⤵
    PID:5520
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\Option.bat
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe start schedule /y
      4⤵
      PID:5184
  - - C:\Windows\SysWOW64\At.exe
      At.exe 12:41:20 PM C:\Windows\Help\HelpCat.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c at 12:40:27 PM C:\Windows\Sysinf.bat
      4⤵
      PID:7648
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c at 12:43:27 PM C:\Windows\Sysinf.bat
      4⤵
      PID:3512
    - - C:\Windows\SysWOW64\at.exe
        
        at 12:43:27 PM C:\Windows\Sysinf.bat
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop wscsvc /y
      4⤵
      PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop sharedaccess /y
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop wuauserv /y
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop srservice /y
      4⤵
      PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop 360timeprot /y
      4⤵
      System Time Discovery
      PID:14344
- - C:\Users\Admin\Downloads\240919-phy1yaydkq_3b187a1ef8611e8a7da72a604d2b539615de0525547948c57398b9b2532b0d2fN.exe
    C:\Users\Admin\Downloads\240919-phy1yaydkq_3b187a1ef8611e8a7da72a604d2b539615de0525547948c57398b9b2532b0d2fN.exe
    3⤵
    PID:6740
  - - C:\Windows\SysWOW64\Afappe32.exe
      C:\Windows\system32\Afappe32.exe
      4⤵
      PID:6824
    - - C:\Windows\SysWOW64\Cgfbbb32.exe
        
        C:\Windows\system32\Cgfbbb32.exe
        5⤵
        
        PID:11476
      - C:\Windows\SysWOW64\Hgeihiac.exe
        
        C:\Windows\system32\Hgeihiac.exe
        6⤵
        
        PID:5168
- - C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe
    3⤵
    PID:11656
  - - C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe"
      4⤵
      PID:7280
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe" +s +h
        5⤵
        
        PID:856
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Downloads" +s +h
        5⤵
        
        PID:11956
    - - C:\Windudt\svchost.exe
        
        "C:\Windudt\svchost.exe"
        5⤵
        
        PID:3552
      - C:\Windudt\svchost.exe
        
        "C:\Windudt\svchost.exe"
        6⤵
        
        PID:3540
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 5 > NUL&del "C:\Users\Admin\Downloads\240919-phmb5sxgna_eb5201dcd95b09712a75aeaa7ef68665_JaffaCakes118.exe"
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6540
- - C:\Users\Admin\Downloads\240919-phk43sxgmg_2f73df717dd9f21cb74ad5d597d278d2971abde5685774850405f01d40cc8f1dN.exe
    C:\Users\Admin\Downloads\240919-phk43sxgmg_2f73df717dd9f21cb74ad5d597d278d2971abde5685774850405f01d40cc8f1dN.exe
    3⤵
    PID:10392
  - - C:\Windows\SysWOW64\Nlnpio32.exe
      C:\Windows\system32\Nlnpio32.exe
      4⤵
      PID:11804
- - C:\Users\Admin\Downloads\240919-phbkmsycrp_eb51b37bc20a3f98e353157b71276994_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-phbkmsycrp_eb51b37bc20a3f98e353157b71276994_JaffaCakes118.exe
    3⤵
    PID:6924
  - - C:\Users\Admin\beeaw.exe
      "C:\Users\Admin\beeaw.exe"
      4⤵
      PID:12340
- - C:\Users\Admin\Downloads\240919-phgfwsxgmb_62b90ce3f59add9857236552ab768bcf494caa244303d0c7d39950bbb1640f75N.exe
    C:\Users\Admin\Downloads\240919-phgfwsxgmb_62b90ce3f59add9857236552ab768bcf494caa244303d0c7d39950bbb1640f75N.exe
    3⤵
    PID:9036
- - C:\Users\Admin\Downloads\240919-pg9faaxgle_94e188775252441f9cd9aa64ee365e69708e3ff8a6b2c2b4917aea1d5e3bb217N.exe
    C:\Users\Admin\Downloads\240919-pg9faaxgle_94e188775252441f9cd9aa64ee365e69708e3ff8a6b2c2b4917aea1d5e3bb217N.exe
    3⤵
    PID:11564
- - C:\Users\Admin\Downloads\240919-pgpe4sycnr_eb512b5a4afe18facfab7be5b8c7a3b1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pgpe4sycnr_eb512b5a4afe18facfab7be5b8c7a3b1_JaffaCakes118.exe
    3⤵
    PID:5116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 1400
      4⤵
      Program crash
      PID:1328
- - C:\Users\Admin\Downloads\240919-pgv8naxgka_6df79ac78d6221a4436fdd943d0f0cd0dd72f46ded4a3762329ff85e89e5c79aN.exe
    C:\Users\Admin\Downloads\240919-pgv8naxgka_6df79ac78d6221a4436fdd943d0f0cd0dd72f46ded4a3762329ff85e89e5c79aN.exe
    3⤵
    PID:6340
  - - C:\Windows\SysWOW64\Edlann32.exe
      C:\Windows\system32\Edlann32.exe
      4⤵
      PID:1128
    - - C:\Windows\SysWOW64\Elolco32.exe
        
        C:\Windows\system32\Elolco32.exe
        5⤵
        
        PID:6600
      - C:\Windows\SysWOW64\Ggicbe32.exe
        
        C:\Windows\system32\Ggicbe32.exe
        6⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\Hfhbipdb.exe
        
        C:\Windows\system32\Hfhbipdb.exe
        7⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Icnphd32.exe
        
        C:\Windows\system32\Icnphd32.exe
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\Iebfmfdg.exe
        
        C:\Windows\system32\Iebfmfdg.exe
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\Jghhjq32.exe
        
        C:\Windows\system32\Jghhjq32.exe
        10⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\Kfanflne.exe
        
        C:\Windows\system32\Kfanflne.exe
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\Keghocao.exe
        
        C:\Windows\system32\Keghocao.exe
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\Ldanloba.exe
        
        C:\Windows\system32\Ldanloba.exe
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\Mmcfkc32.exe
        
        C:\Windows\system32\Mmcfkc32.exe
        14⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\Mhppik32.exe
        
        C:\Windows\system32\Mhppik32.exe
        15⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Oogdfc32.exe
        
        C:\Windows\system32\Oogdfc32.exe
        16⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\Pklamb32.exe
        
        C:\Windows\system32\Pklamb32.exe
        17⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\Aofjoo32.exe
        
        C:\Windows\system32\Aofjoo32.exe
        18⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\Cbnbhfde.exe
        
        C:\Windows\system32\Cbnbhfde.exe
        19⤵
        
        PID:6208
- - C:\Users\Admin\Downloads\240919-pgx29aycqk_0b1adb319785d69e05d9d883b77c473fb55e94536dbd6e7e8ad70a908ed1afdbN.exe
    C:\Users\Admin\Downloads\240919-pgx29aycqk_0b1adb319785d69e05d9d883b77c473fb55e94536dbd6e7e8ad70a908ed1afdbN.exe
    3⤵
    PID:6448
- - C:\Users\Admin\Downloads\240919-pf3lcaxfqc_eb50cd921d5d7f17159c9272ad768c80_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pf3lcaxfqc_eb50cd921d5d7f17159c9272ad768c80_JaffaCakes118.exe
    3⤵
    PID:10348
- - C:\Users\Admin\Downloads\240919-pgekxaxfrg_5fac61e9b3d3c27a6e8df0df86f0ea92082c0e10b0f48227165d94800f642d9aN.exe
    C:\Users\Admin\Downloads\240919-pgekxaxfrg_5fac61e9b3d3c27a6e8df0df86f0ea92082c0e10b0f48227165d94800f642d9aN.exe
    3⤵
    PID:3504
  - - C:\Windows\SysWOW64\Knifging.exe
      C:\Windows\system32\Knifging.exe
      4⤵
      PID:5124
    - - C:\Windows\SysWOW64\Lhmjlm32.exe
        
        C:\Windows\system32\Lhmjlm32.exe
        5⤵
        
        PID:12348
      - C:\Windows\SysWOW64\Meadlo32.exe
        
        C:\Windows\system32\Meadlo32.exe
        6⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\Nkgoke32.exe
        
        C:\Windows\system32\Nkgoke32.exe
        7⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\Okqbac32.exe
        
        C:\Windows\system32\Okqbac32.exe
        8⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\Pnmjomlg.exe
        
        C:\Windows\system32\Pnmjomlg.exe
        9⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\Qnbdjl32.exe
        
        C:\Windows\system32\Qnbdjl32.exe
        10⤵
        
        PID:13676
- - C:\Users\Admin\Downloads\240919-pf6m1axfqf_eb50df52431dd31be71931588f00b5c7_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pf6m1axfqf_eb50df52431dd31be71931588f00b5c7_JaffaCakes118.exe
    3⤵
    PID:5952
- - C:\Users\Admin\Downloads\240919-pgalysycmm_ddda15207b2349f7c50278b6b60381dba430a49566b492a3997c2a647c4483ddN.exe
    C:\Users\Admin\Downloads\240919-pgalysycmm_ddda15207b2349f7c50278b6b60381dba430a49566b492a3997c2a647c4483ddN.exe
    3⤵
    PID:3760
  - - C:\Windows\SysWOW64\Kccbjq32.exe
      C:\Windows\system32\Kccbjq32.exe
      4⤵
      PID:5172
    - - C:\Windows\SysWOW64\Kdjhkp32.exe
        
        C:\Windows\system32\Kdjhkp32.exe
        5⤵
        
        PID:7880
      - C:\Windows\SysWOW64\Ldanloba.exe
        
        C:\Windows\system32\Ldanloba.exe
        6⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\Mopeofjl.exe
        
        C:\Windows\system32\Mopeofjl.exe
        7⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\Mdddhlbl.exe
        
        C:\Windows\system32\Mdddhlbl.exe
        8⤵
        
        PID:5424
- - C:\Users\Admin\Downloads\240919-pfwg2axfpf_eb5094d0ae1db9c13d2ed30ade8f4d0a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pfwg2axfpf_eb5094d0ae1db9c13d2ed30ade8f4d0a_JaffaCakes118.exe
    3⤵
    PID:11816
  - - C:\Windows\SysWOW64\ddraw\mfdvdec.exe
      "C:\Windows\SysWOW64\ddraw\mfdvdec.exe"
      4⤵
      PID:13944
- - C:\Users\Admin\Downloads\240919-pft9zaxfpe_eb5094c9b19a94c9169175f7f12ce661_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pft9zaxfpe_eb5094c9b19a94c9169175f7f12ce661_JaffaCakes118.exe
    3⤵
    PID:11992
- - C:\Users\Admin\Downloads\240919-pf37wayclr_4369ff548f4abf63072ce48f85c5f7af422d0d9cfa6c64801c2b53fc1deeacb7N.exe
    C:\Users\Admin\Downloads\240919-pf37wayclr_4369ff548f4abf63072ce48f85c5f7af422d0d9cfa6c64801c2b53fc1deeacb7N.exe
    3⤵
    PID:12484
  - - C:\Windows\SysWOW64\Mmcfkc32.exe
      C:\Windows\system32\Mmcfkc32.exe
      4⤵
      PID:13236
    - - C:\Windows\SysWOW64\Mhppik32.exe
        
        C:\Windows\system32\Mhppik32.exe
        5⤵
        
        PID:12520
      - C:\Windows\SysWOW64\Oeamcmmo.exe
        
        C:\Windows\system32\Oeamcmmo.exe
        6⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\Anijjkbj.exe
        
        C:\Windows\system32\Anijjkbj.exe
        7⤵
        
        PID:13816
- - C:\Users\Admin\Downloads\240919-pfw4kaxfpg_HackTool.Win32.CobaltStrike.pz-1671e4cd8dab3d329995047cb173cc013b2ddea9f050d03136108f11a0dffacbN
    C:\Users\Admin\Downloads\240919-pfw4kaxfpg_HackTool.Win32.CobaltStrike.pz-1671e4cd8dab3d329995047cb173cc013b2ddea9f050d03136108f11a0dffacbN
    3⤵
    PID:13352
- - C:\Users\Admin\Downloads\240919-pfcd6axfme_eb5040f815d76e8c11c6c0d3c426246d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pfcd6axfme_eb5040f815d76e8c11c6c0d3c426246d_JaffaCakes118.exe
    3⤵
    PID:13468
- - C:\Users\Admin\Downloads\240919-pgkrxsycnl_385012a7809b8d9f2036d1bf378d59240ca1408584bc21b77edad1858f1cf1ecN.exe
    C:\Users\Admin\Downloads\240919-pgkrxsycnl_385012a7809b8d9f2036d1bf378d59240ca1408584bc21b77edad1858f1cf1ecN.exe
    3⤵
    PID:13520
- - C:\Users\Admin\Downloads\240919-petl2sxfkh_9b14fe8f92b42bd889c6594b002440f096281ab29ccbcdb9e2c426adf38667f6N.exe
    C:\Users\Admin\Downloads\240919-petl2sxfkh_9b14fe8f92b42bd889c6594b002440f096281ab29ccbcdb9e2c426adf38667f6N.exe
    3⤵
    PID:5744
  - - C:\Windows\SysWOW64\Gcmpgpkp.exe
      C:\Windows\system32\Gcmpgpkp.exe
      4⤵
      PID:12648
    - - C:\Windows\SysWOW64\Mdlgmgdh.exe
        
        C:\Windows\system32\Mdlgmgdh.exe
        5⤵
        
        PID:14412
      - C:\Windows\SysWOW64\Ndhgie32.exe
        
        C:\Windows\system32\Ndhgie32.exe
        6⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Oiqomj32.exe
        
        C:\Windows\system32\Oiqomj32.exe
        7⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\Pahpee32.exe
        
        C:\Windows\system32\Pahpee32.exe
        8⤵
        
        PID:15296
        
        C:\Windows\SysWOW64\Aqpika32.exe
        
        C:\Windows\system32\Aqpika32.exe
        9⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\Agqhik32.exe
        
        C:\Windows\system32\Agqhik32.exe
        10⤵
        
        PID:15852
        
        C:\Windows\SysWOW64\Bgodjiio.exe
        
        C:\Windows\system32\Bgodjiio.exe
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\Ckfofe32.exe
        
        C:\Windows\system32\Ckfofe32.exe
        12⤵
        
        PID:16008
        
        C:\Windows\SysWOW64\Dbgndoho.exe
        
        C:\Windows\system32\Dbgndoho.exe
        13⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\Ebejem32.exe
        
        C:\Windows\system32\Ebejem32.exe
        14⤵
        
        PID:16168
        
        C:\Windows\SysWOW64\Gbjlgj32.exe
        
        C:\Windows\system32\Gbjlgj32.exe
        15⤵
        
        PID:14840
        
        C:\Windows\SysWOW64\Icdhdfcj.exe
        
        C:\Windows\system32\Icdhdfcj.exe
        16⤵
        
        PID:11124
- - C:\Users\Admin\Downloads\240919-pergpaybqq_10683d758f2eda6028c3f22095acca15d9fd27229d1a910975de790678f383eaN.exe
    C:\Users\Admin\Downloads\240919-pergpaybqq_10683d758f2eda6028c3f22095acca15d9fd27229d1a910975de790678f383eaN.exe
    3⤵
    PID:13596
  - - C:\Windows\SysWOW64\Hcommoin.exe
      C:\Windows\system32\Hcommoin.exe
      4⤵
      PID:14236
    - - C:\Windows\SysWOW64\Hphfac32.exe
        
        C:\Windows\system32\Hphfac32.exe
        5⤵
        
        PID:10080
      - C:\Windows\SysWOW64\Kciaqi32.exe
        
        C:\Windows\system32\Kciaqi32.exe
        6⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\Najjmjkg.exe
        
        C:\Windows\system32\Najjmjkg.exe
        7⤵
        
        PID:15320
        
        C:\Windows\SysWOW64\Ogbbqo32.exe
        
        C:\Windows\system32\Ogbbqo32.exe
        8⤵
        
        PID:16208
        
        C:\Windows\SysWOW64\Pkgaglpp.exe
        
        C:\Windows\system32\Pkgaglpp.exe
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\Qkqdnkge.exe
        
        C:\Windows\system32\Qkqdnkge.exe
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\Adbkmo32.exe
        
        C:\Windows\system32\Adbkmo32.exe
        11⤵
        
        PID:15764
        
        C:\Windows\SysWOW64\Bilcol32.exe
        
        C:\Windows\system32\Bilcol32.exe
        12⤵
        
        PID:16356
- - C:\Users\Admin\Downloads\240919-pepm4aybqm_1452d3b9cd9c6a82a76158252ba0f9660b33f610cbe0b1207f13728f4e79f3deN.exe
    C:\Users\Admin\Downloads\240919-pepm4aybqm_1452d3b9cd9c6a82a76158252ba0f9660b33f610cbe0b1207f13728f4e79f3deN.exe
    3⤵
    PID:4532
- - C:\Users\Admin\Downloads\240919-pej3lsybpq_4817fdc4dbcbaafbd1e1c5af769f56e25afdfb2510c5cdc27c54de8eb118ebfeN.exe
    C:\Users\Admin\Downloads\240919-pej3lsybpq_4817fdc4dbcbaafbd1e1c5af769f56e25afdfb2510c5cdc27c54de8eb118ebfeN.exe
    3⤵
    PID:14696
  - - C:\Windows\SysWOW64\Nmpkakak.exe
      C:\Windows\system32\Nmpkakak.exe
      4⤵
      PID:11668
    - - C:\Windows\SysWOW64\Ohaokbfd.exe
        
        C:\Windows\system32\Ohaokbfd.exe
        5⤵
        
        PID:15048
      - C:\Windows\SysWOW64\Pdofpb32.exe
        
        C:\Windows\system32\Pdofpb32.exe
        6⤵
        
        PID:15504
        
        C:\Windows\SysWOW64\Qajlje32.exe
        
        C:\Windows\system32\Qajlje32.exe
        7⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\Ahngmnnd.exe
        
        C:\Windows\system32\Ahngmnnd.exe
        8⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\Bggnijof.exe
        
        C:\Windows\system32\Bggnijof.exe
        9⤵
        
        PID:15224
        
        C:\Windows\SysWOW64\Bgodjiio.exe
        
        C:\Windows\system32\Bgodjiio.exe
        10⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\Ehklmd32.exe
        
        C:\Windows\system32\Ehklmd32.exe
        11⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\Fblpflfg.exe
        
        C:\Windows\system32\Fblpflfg.exe
        12⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\Gbecljnl.exe
        
        C:\Windows\system32\Gbecljnl.exe
        13⤵
        
        PID:17312
        
        C:\Windows\SysWOW64\Koiejemn.exe
        
        C:\Windows\system32\Koiejemn.exe
        14⤵
        
        PID:14552
- - C:\Users\Admin\Downloads\240919-pdyjlsybmm_eb4f597447731ef8aaef2a11c61edc4f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pdyjlsybmm_eb4f597447731ef8aaef2a11c61edc4f_JaffaCakes118.exe
    3⤵
    PID:15112
- - C:\Users\Admin\Downloads\240919-pd6vzsybnn_9425950536d5b9e19f87066696da009c13c31d6afa0f36830a82849e6bf08e38N.exe
    C:\Users\Admin\Downloads\240919-pd6vzsybnn_9425950536d5b9e19f87066696da009c13c31d6afa0f36830a82849e6bf08e38N.exe
    3⤵
    PID:15736
  - - \??\c:\5tthnh.exe
      c:\5tthnh.exe
      4⤵
      PID:15152
    - - \??\c:\hbbbtb.exe
        
        c:\hbbbtb.exe
        5⤵
        
        PID:15412
      - \??\c:\nnnhbt.exe
        
        c:\nnnhbt.exe
        6⤵
        
        PID:9764
        
        \??\c:\ntbnhh.exe
        
        c:\ntbnhh.exe
        7⤵
        
        PID:12568
        
        \??\c:\llfxffr.exe
        
        c:\llfxffr.exe
        8⤵
        
        PID:17176
        
        \??\c:\bnnhhh.exe
        
        c:\bnnhhh.exe
        9⤵
        
        PID:12108
- - C:\Users\Admin\Downloads\240919-pd42dsybnk_TrojanDownloader.Win32.Berbew.pz-e0a95f3226824914981a22b1183b3545e952ea0e7fe7c8b340b7dc095a24fdc1N
    C:\Users\Admin\Downloads\240919-pd42dsybnk_TrojanDownloader.Win32.Berbew.pz-e0a95f3226824914981a22b1183b3545e952ea0e7fe7c8b340b7dc095a24fdc1N
    3⤵
    PID:14628
  - - C:\Windows\SysWOW64\Daeddlco.exe
      C:\Windows\system32\Daeddlco.exe
      4⤵
      PID:5336
    - - C:\Windows\SysWOW64\Djpfbahm.exe
        
        C:\Windows\system32\Djpfbahm.exe
        5⤵
        
        PID:15732
      - C:\Windows\SysWOW64\Elkbhbeb.exe
        
        C:\Windows\system32\Elkbhbeb.exe
        6⤵
        
        PID:16112
        
        C:\Windows\SysWOW64\Facjlhil.exe
        
        C:\Windows\system32\Facjlhil.exe
        7⤵
        
        PID:16840
- - C:\Users\Admin\Downloads\240919-pdzrnsybmn_0a47d206564e0cce05e8e9278ed3d11c5e650a7995710dd984d542e52c89f52aN.exe
    C:\Users\Admin\Downloads\240919-pdzrnsybmn_0a47d206564e0cce05e8e9278ed3d11c5e650a7995710dd984d542e52c89f52aN.exe
    3⤵
    PID:14596
  - - C:\Windows\SysWOW64\Deqqek32.exe
      C:\Windows\system32\Deqqek32.exe
      4⤵
      PID:11828
    - - C:\Windows\SysWOW64\Eangjkkd.exe
        
        C:\Windows\system32\Eangjkkd.exe
        5⤵
        
        PID:12260
      - C:\Windows\SysWOW64\Fkehdnee.exe
        
        C:\Windows\system32\Fkehdnee.exe
        6⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\Gknkkmmj.exe
        
        C:\Windows\system32\Gknkkmmj.exe
        7⤵
        
        PID:17224
        
        C:\Windows\SysWOW64\Kblkap32.exe
        
        C:\Windows\system32\Kblkap32.exe
        8⤵
        
        PID:15372
- - C:\Users\Admin\Downloads\240919-pdplpsxeqg_5be56a365a6205f79afd477feefbfc72b780440f1771df21efe634aa39e2e6d2.exe
    C:\Users\Admin\Downloads\240919-pdplpsxeqg_5be56a365a6205f79afd477feefbfc72b780440f1771df21efe634aa39e2e6d2.exe
    3⤵
    PID:13228
- - C:\Users\Admin\Downloads\240919-pdt67axere_c16a305ad9261cea7f2ee4cd602bcfff416ffbe632927c87c746755e81d8fdaaN.exe
    C:\Users\Admin\Downloads\240919-pdt67axere_c16a305ad9261cea7f2ee4cd602bcfff416ffbe632927c87c746755e81d8fdaaN.exe
    3⤵
    PID:16296
  - - C:\Windows\SysWOW64\Ifphkbep.exe
      C:\Windows\system32\Ifphkbep.exe
      4⤵
      PID:2572
- - C:\Users\Admin\Downloads\240919-pdpayaxeqf_2b05c4a36ab6245b80384d16424f6b51eef7998253a860004efabee8303997c4N.exe
    C:\Users\Admin\Downloads\240919-pdpayaxeqf_2b05c4a36ab6245b80384d16424f6b51eef7998253a860004efabee8303997c4N.exe
    3⤵
    PID:16412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3056 -ip 3056
1⤵
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5772 -ip 5772
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5784 -ip 5784
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4192 -ip 4192
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5796 -ip 5796
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 432 -ip 432
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3448 -ip 3448
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1532 -ip 1532
1⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4212 -ip 4212
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4192 -ip 4192
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2884 -ip 2884
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6020 -ip 6020
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2884 -ip 2884
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5880 -ip 5880
1⤵
PID:8896

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2076 -ip 2076
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2992 -ip 2992
1⤵
PID:4772

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 8256 -ip 8256
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9428 -ip 9428
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10016 -ip 10016
1⤵
PID:8132

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 8256 -ip 8256
1⤵
PID:2624

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ias
1⤵
PID:11312

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5044 -ip 5044
1⤵
PID:13096

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5116 -ip 5116
1⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 8256 -ip 8256
1⤵
PID:10308

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
PID:16260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5808 -ip 5808
1⤵
PID:14992

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
PID:14724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 8256 -ip 8256
1⤵
PID:16564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Network Share Discovery

T1135

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\4acacee3-cefe-4dab-b6f1-01f9a63ec79a\e.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\XdqHr.txt

Filesize
152B

MD5
130a1ad614bfc1851533b7a02e302622

SHA1
6cd68d0bacb7b24ca9baedc80d90f1bfca3bb92c

SHA256
4620f5f49d3f3c3fcb10d7dd83e5fdc0b2efd44ae429ee5a8dc3e64d76e6bc9a

SHA512
16b5e40deb2e66287b86bbff11ac986f36b94a5849fbe2ed7124296e95d563ec0e9b00cbd6008c993c383d1610d371177faf5a9cd5da77a34a778e901f9e7a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5442\zstandard\backend_c.cp311-win_amd64.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vlydd0go.3r3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbAEDF.tmp

Filesize
56B

MD5
1aa8e74ed9d6739503ae5f18738184ea

SHA1
b7337245fa89766422c1c3d4405a3a06735f0a0d

SHA256
286763af18d34cd1ca5cce897b0b06b62f6ce157036de1d28199dfa44688a72b

SHA512
8dfb77f91d2b5f4743036072566d9433752ca59b1aa552cd2ed79a81b81169004ff55f88c66f6a326f87789644c2ee4d438cb4fe06972de1bd8a416e91e64a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA9AC.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA9AC.tmp\tube.ini

Filesize
43B

MD5
5e433ed09dfa632361014948c66be57f

SHA1
9e9fcae5383d03e86db445dd4aa9e5183a5da9cf

SHA256
d515acdd79f4d6ecdab751d81af7f7498cd20db87b2d722fe6130826bedc4901

SHA512
1cab0b789ad08672ab49264cdd83d3219a49b45cb67c3203a4137830586a318e44aee953de282b10e99cec71c2ef6a5e8d46e8cacd9cfe070503d11c4262655c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnCCC7.tmp

Filesize
56B

MD5
6a540314daf25efae124e97f9e381c1d

SHA1
d4fe7146c3212b76e94bfd8045f29f5e8aa7f10e

SHA256
2972a0da5ef987d2aa10c624f1207ed88d2c302f2992a87da7c0c0a535c51063

SHA512
3819a7f7c35a44fc211cc4d49685e1f986180fc03d95eb7a93bbf885f1f7aecc8ac1e8218747773fcc858bb014dd2d7c8e8750cdbece51065b2afd125cdd6334

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspA99A.tmp

Filesize
74B

MD5
16d513397f3c1f8334e8f3e4fc49828f

SHA1
4ee15afca81ca6a13af4e38240099b730d6931f0

SHA256
d3c781a1855c8a70f5aca88d9e2c92afffa80541334731f62caa9494aa8a0c36

SHA512
4a350b790fdd2fe957e9ab48d5969b217ab19fc7f93f3774f1121a5f140ff9a9eaaa8fa30e06a9ef40ad776e698c2e65a05323c3adf84271da1716e75f5183c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqAB6E.tmp

Filesize
52B

MD5
5d04a35d3950677049c7a0cf17e37125

SHA1
cafdd49a953864f83d387774b39b2657a253470f

SHA256
a9493973dd293917f3ebb932ab255f8cac40121707548de100d5969956bb1266

SHA512
c7b1afd95299c0712bdbc67f9d2714926d6ec9f71909af615affc400d8d2216ab76f6ac35057088836435de36e919507e1b25be87b07c911083f964eb67e003b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB061.tmp

Filesize
30B

MD5
f15bfdebb2df02d02c8491bde1b4e9bd

SHA1
93bd46f57c3316c27cad2605ddf81d6c0bde9301

SHA256
c87f2ff45bb530577fb8856df1760edaf1060ae4ee2934b17fdd21b7d116f043

SHA512
1757ed4ae4d47d0c839511c18be5d75796224d4a3049e2d8853650ace2c5057c42040de6450bf90dd4969862e9ebb420cd8a34f8dd9c970779ed2e5459e8f2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvAD49.tmp

Filesize
60B

MD5
61c718f795f4dffee17772308a95cf28

SHA1
dcf44f582185c2080d04466014f85b3023a0420e

SHA256
e66f275d189c5cce43ece0a29c27b4e975b50d6cb8a155cd52b49f0d81c93ef8

SHA512
879bd3f6f1bc9da2f2499591c5ec39145ce516672c1e6e204db3d894719c11b2dfb1d2aba8b35b775ee6abc0b0f4d9ab06f1b0b7cd0d37a919d90d99ae17f6ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxC96D.tmp

Filesize
60B

MD5
bb74b974c055f06d8349a66d42243f76

SHA1
70d8f81ca24ed1c409581235879e51eb8d964d09

SHA256
a5c868bbf4874d5d4b84cf33944d4a68076bf6fa024beb262e25fcd203264e88

SHA512
5c36db7b0f5306d92426c0b7d1419bc30e1b76f80b44ffd491f364a96ac81ee7169ca5c56db7e5e6a6bb372b52072fa6a0389d95e890306648b5414b93b914ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.exe

Filesize
113KB

MD5
75aa54c418909a6ae194c388037920b9

SHA1
3c444bf2ca87f3daef464c2bd64cb8d520024d73

SHA256
a9fe7ada766712d704403d7e9720a23c44cf57addb006c08946609344a61eff8

SHA512
64ccc333b9c43d4e99cff8c0afd85138c3e890e59c0d4946e109c9671c249fe744827c80608136f710669ae5282d7dd3d7678ea039b73f3ea0f17d42f9aeae6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\uboot.dll

Filesize
44KB

MD5
c8f3fab600270ceeba7929513f4f21cd

SHA1
bb84b1c51bb80e3ec430f8111b39301636d30dd9

SHA256
a936525d0a2afdabf26eb03039180f21bcfe02cf25e3db29d97a4f33e2c91174

SHA512
4bff4e30229f78647698d405a97868e4e02f3a6f2d1307d6cfc3af061264be5bfa3a72ccfcf324387d3ca8aabaaeeedb99339264bc3c2cff6936653a936b2ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\uboot.dll

Filesize
120KB

MD5
fa3629df4d744c3957a531978ade6060

SHA1
3f71edb20152703a27d36ced34b806d098d98ccf

SHA256
abce4217ec873744eabe44bb87c24ab41fbf822028422143251275b4ed7d0dda

SHA512
8790c7bfad4acd1792481cb7dca00595f31ce97126f475677b49c60eb031b2ad6784991b95c637473e51c7d1f936bff481dd8da1c6b730d4b5aa1d93edf848a2

Download Submit
C:\Users\Admin\AppData\Local\totted\sacculation.exe

Filesize
1.1MB

MD5
e0b036ea8f826bc6d8bb3cb3aaaedead

SHA1
071958138342ea8e068969b0af526e8f25f08eec

SHA256
5bad9df94dcc60bb8e5c4137f2d1026c84787aed707ec9e95f5e6f05e70e290b

SHA512
df196b63bbbd333fed0f6278d30b8b8c2d19c219cf219121d5d3f04f1e5063059490a0f8d02c068aedd458bfec7b43f286ab22265ad997bc2c73417d62053c33

Download Submit
C:\Users\Admin\AppData\Roaming\GwTIUBUaZCliF.exe

Filesize
912KB

MD5
365de72e3ea8c233861d9a80f7d7c1be

SHA1
ba20d0609fe16e3f9e61a34928853c00184be26b

SHA256
bb982ea4dad990c5c393a7f1fb85a4daf85be97edcb1e1473cdd0703596ecd6d

SHA512
9c856fee64c4179865b9ae968b706fddd5151c3c405fa5b18d699801133dfde28250fdbcd16e31a8cbdcfb98ec8fe2efa6f769a921f54e505e5c5e1bc6822ed4

Download Submit
C:\Users\Admin\AppData\Roaming\SLfjwrYOuWuupJ.exe

Filesize
836KB

MD5
64d78850bcb1730279f0221558cfbf73

SHA1
c7aa58c22c4941eebc0663cedf20d3ec5d0373e4

SHA256
4568453d8e6838ec1f2e1dd9cfe87b257aa7bcbebb888c3b3c8c0514afb74b91

SHA512
54f998f313f80194be851781e8ad76017a0ecb374fc4e5af3b345baa6af913e7b2bc62bd1a9d18f9c842a6247eaebfd41c1b3066e771b6b2fd60539570da2b8e

Download Submit
C:\Users\Admin\AppData\Roaming\orayjpgjlSJ.exe

Filesize
712KB

MD5
ac479057116a68ee8f38b431195ef055

SHA1
c5606141d06d0521b77a4abc36eb7cf1d227b1c5

SHA256
ea3924235164ac07fad6964220f412a07829d4e972eb6278365cc8dd4cf50b6f

SHA512
93057f2171071362126a9c666eb65e8e67ab820f361848d921a780be515e395835043fcb8377f853399a5c91f3ec72e30b65a31cf8dcc591eb18bb6f5621f344

Download Submit
C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe

Filesize
2.7MB

MD5
30d50961baa2a27e3c0504f905c4e6cc

SHA1
234c7e2ff3036cb094d5d1dd41a84c80b6a96ffd

SHA256
8183f171e3866f1cc615918d2205010b8475ecb923df47bd5582d7c22aa38190

SHA512
a2a7dd85f3582fd5f7440da46eee7cd65c5bda1c9d96ef48025adf4c815e008e92b137775bb04e0cdbd74db3fe2d257a1504d13cfa76a336f8c539371907debd

Download Submit
C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe

Filesize
1.2MB

MD5
1646d90b7d541f487805f0a2a33c8e86

SHA1
2dcaf8f3005b0753c11fa5578ea19fec126ad3bc

SHA256
317f3c3a07c6bcdc77df7d4123fa26774d8d78ac808528cd2264d4931e84a98a

SHA512
b0fd9d114658fc9effd2261dfb568759a0851f7aa60cc64dec69eef6aa810b79345f81a814589dfd16d44029bacaa8fbd75f09387c2c8930f3b28db533c34391

Download Submit
C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Filesize
14KB

MD5
eb5750de6eccda96659216821bc7b7cc

SHA1
51ba8c45eb579db9f3a7e210e4a3babad24e9838

SHA256
e015c74bdf8e5a2b2feebdc4274c07ae6e7a4e55405c3642c37914495153ee0f

SHA512
2f67276c951fca7190e295b138367303f2c4c0c766c59c4472e0ca99720c0dd5c60f9abcb1c701fde69486859e628bbbeb18edbd6838b59dd26fcec519d08f51

Download Submit
C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe

Filesize
93KB

MD5
fc76f1449362bd2710664b577b0c96f0

SHA1
9e5b2e6caff0df465d8181b463be7048535a5b3b

SHA256
b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6

SHA512
d368db8ad519908d0ef3f0e99319d03154ed0843e1ea5f3024d2aec83ce1c933ed970b22c2d40f62c3993a77d78cf1076333bce7300a80060e766082119aad11

Download Submit
C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe

Filesize
268KB

MD5
eb583ccf1753294e7660d26e433fd6eb

SHA1
905860021057759fb40588d72cff97fa64581f77

SHA256
7987d38599c2c43980e243895acb88b6091120e1ab590f418038cf50d1396dc5

SHA512
bbc4571dc285d69cbb649de7df96032d0e6c297ca7f1ae8ce7da70daab20c0a8bfe222929780a815223306199466967f7459a3a95996fbea1fc21b7aa9bcfd5e

Download Submit
C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe.tmp

Filesize
344KB

MD5
19ce481231c91e5269b4bcd25b936aea

SHA1
900363c95d01657a21cbbe4f336df380bd5fffc6

SHA256
9a4932ced410c1a45711091261eef38550d79e6ad297b279ce473f4cf3543600

SHA512
28e8d9f0d10d39d43f3955178a968b68cafc01e1a5b36e06a30e9bca9794aaf48ad89eb439057b72cf6d1871ad53e39fde6c79c57536303f5fd17ec9d4c96955

Download Submit
C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe

Filesize
44KB

MD5
eb581de89b19fc1429482bc501a6b935

SHA1
5a3d64feaf10f9ce7f5c94036ed3bc93b53c76f5

SHA256
0057f319d37ebd8d7ab8dfbe13c0dee7a6e72df6c11de429329ceeb181b2c289

SHA512
b89ddf20d194ea57187a1d2a8507d5f1d908302199c99258b7c2b8b23af5c2a4433cb8515ebeda8f0c60405856039679da280703c54068a45435d0fc71c78298

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
68KB

MD5
4804ec41ed1f48c80c299bc77ed545de

SHA1
126875c02e4f035f507e5b7817f406c5c25a440a

SHA256
430ee48c7d58fe4d85a832d65fbd507aac822587241dad86511292c0f579a7e7

SHA512
ba78c742af379fef1e608a3316c1e9afe5dacb0202102ad434b6af67f3c9f0d5f16a33299745197a63678b5122d028783b51def1c2d18e4ce266b328f9cbdf6e

Download Submit
C:\Users\Admin\beeaw.exe

Filesize
96KB

MD5
b3e3fc6a4926a6c94ca3739700a0f600

SHA1
de3bb1390b4579ba60f3a3a3d53a4df96dac9f24

SHA256
1bd392c2448440e3d6934434f71dd4a60adeffe66393563dec04ac94f8c8eb26

SHA512
173d6b1a5102ed2a30489a6204ec43185649f77132c478c45feb5d016de8b540c43ffcb800d521081baf4caed09a3cca34ea8e1e06dc3d8c9eaadc2e77165b73

Download Submit
C:\Users\Admin\limit.exe

Filesize
128KB

MD5
6416cce5d0a8c217612128c492b392e1

SHA1
9fbfa51e90a3247791a87e7e08dbce6a8e034d89

SHA256
bb9f7a4bee7ba32f60f24b2891ebfc293e548e5dca52190164bb28160620f967

SHA512
a58cda6160e5fdd9c818a9faac7bfba1b9b6043221100d41b4ca39e8cf2493564ea2060e3758e0a3859b0334f274b28c1694e5f06f435d3338de5ef305060f6b

Download Submit
C:\Users\Public\Videos\fusers.ini

Filesize
29B

MD5
cee49033273b092c851160e7204cedbf

SHA1
d4ad17c0ca9e74dbbbb22671cbb50df33300c336

SHA256
39b2567da92d394d9575eb443f883b761f0f5da3b1ebd7b7e834e8f292f4d5e2

SHA512
fce4090c83fef2f95dfdafe347fe36b872c55404062110f797b578ba352a7ad17fe1c29d891e9de86bc31688faa1baccf45fe3071d13a995731062d82411ea4f

Download Submit
C:\Windows\SysWOW64\Aeddnp32.exe

Filesize
80KB

MD5
c7308e021fcb2850a65f4a94256d322e

SHA1
2d7c4981f7191f99adf09345fb704970eae5b9af

SHA256
c4918643ea1e71b202a6b5d79812b2b278a12b14d9ea24715a98fbeeab4db633

SHA512
9dc9f4c7d242abe4f16cb6ac63a94911411d12e46b2df529a916b7057a338aabb9f9bd5a30fe11a3d46ddc432421dff4b2c93cfd30747f3b302803b63cf66771

Download Submit
C:\Windows\SysWOW64\Cfqmpl32.exe

Filesize
291KB

MD5
b8b59d13e6d3d6c39b5a5c1ffdbb2ddb

SHA1
abcba781c6e4628fbeb7edf7f910342d57262c48

SHA256
641a2754bf88b9871ccdecc478f053e7bcd4a6c855948e48ff19e6c0b94ef0f2

SHA512
b052a3cd0f888a2e9b3a7d54592cad721ee11a334e78a4ac92fea78725094dcbef39fd788ce4eeb06659570488a1885c867dbf8d834c3c9d16d78ab5235ae9b8

Download Submit
C:\Windows\SysWOW64\Dkbocbog.exe

Filesize
64KB

MD5
4282f9ddf6f9bea7ae31a1c4b922302c

SHA1
327dec0b0311599dfab9c429bcee2547b982d621

SHA256
af0d8d6fa99acdb316cefa51ffb3d1fdd70601510dcdfc2676b04f96a59877a8

SHA512
4ebdcf22a39e2b73151e8a633ca68c6a5fd996edaa285591748f6a4f0e2829d299167740cd990674659e2e2fd41063bc0abda9ad817a914de4c4bc4d8841de3e

Download Submit
C:\Windows\SysWOW64\Fdkpma32.exe

Filesize
93KB

MD5
2d2f30b17d0695563bc163a1e9f8b323

SHA1
27c209ca0a5b8f176c373d2a35a9bedc24de4037

SHA256
28fb58f6d33c49887d45cbdb17f2c4a0355132e297fa06535ab469c7efa05d80

SHA512
b308d115abcdf3a1818a342bf4995f6be1a341aa0faea57546511c51e2004e28e8b434996a2240cb7e40e0cade9bfcea97e10d971e1eaa27be29b4e34c0b1925

Download Submit
C:\Windows\SysWOW64\Fplbgk32.dll

Filesize
7KB

MD5
accf9c66718948324442524d80ba95f9

SHA1
5e0cd1ae6e8a71fe5d2cf0f235cdec18cc7dc48f

SHA256
e770bc16a693e0067b7998bb6911093bf5547450aba909e4769e968dea2fbf49

SHA512
aed199f093c1a74006bdc817ee61f337a3472de9e49e3ea6adeefe539a0c4e58d1e58d22f5190a881268b82f387fc52f37d263277a907c6a3ef5b5f28a5b23f6

Download Submit
C:\Windows\SysWOW64\Ggilil32.exe

Filesize
93KB

MD5
e1b8021138071d1357534fe19cb2729b

SHA1
105daa610c9d8637bc1ebfe458bf0fa1d8e1c028

SHA256
08771257c5ebfdde79ccafa42c25e9dc6728d5cc6aac749940ecbff8df98a564

SHA512
12157f3906e4f5b3eca2fdb01e70089c3b3cccff3ea9325cf21cc278482abbc4890b24f9da81415e99807111f3b0e9502bb9b76d2296767c7aa82f6301101967

Download Submit
C:\Windows\SysWOW64\Gmcdffmq.exe

Filesize
93KB

MD5
180e270ccc6e4ceaaa96c5f8576493cb

SHA1
ac001bedbfc8142f31267272a05e51707e349c8f

SHA256
b8841b5f0affab15f522453cfd44f8b0be435d4a146464a9846654756238a8d6

SHA512
102fe403ebf578cba44851f90fe9d47a967bfaac709d221fd8457382fa71d5cd4754436a5bd729c6cc68966f649849bdfaf181b755e63de4b4c2575a7a8a6567

Download Submit
C:\Windows\SysWOW64\Gpaqbbld.exe

Filesize
93KB

MD5
f98f200ce0decd0a5a333ec2bff319fa

SHA1
cf778d0497193eedd4688f70d3045c4e20c82b46

SHA256
2d835e242d3ac082d1c0b52e6bd4d3604d433a1b026c1b4aa2db056097baf1d5

SHA512
a0f37780d25dd9c06dbb4414b118b096f6ac21c3d67ddcc703ff4ffea6ad003cc56eb4bd76f762d1974ce4ff5ea7ea788efaa27c5fd02ba957f627d8f01f9545

Download Submit
C:\Windows\SysWOW64\Iedjmioj.exe

Filesize
385KB

MD5
0783c0c28879b6d47f660976a5560338

SHA1
c1c3f24a9ca7dda244a673be7f75ee81f6d5fe8f

SHA256
04a8642e5f365e5bc01d9d4b1058f0f4ed9b30ed06962590250e3d7dd7b450ec

SHA512
9b4d316e2c3c0a12f1918b8524331a290631adf9c3d298229248e319674a27aecba2d7791e8844f53246da6f962e877e6343c82fe6dfecbd89b3c377350cf0e6

Download Submit
C:\Windows\SysWOW64\Lblldc32.dll

Filesize
6KB

MD5
60a66684227a67887d7cfb1ce6bac45c

SHA1
f13a71d0515eeb02e2d1af848541d4d51bb09936

SHA256
03d0dbc2f6a957101f6f5a3d2b38ce12f485935d84bf0b523b7fa8823a00671c

SHA512
c2371bb84fdafaec2ff5edf52d298ee3cb44ac72216c0f06481cf76991ea17c0212809e355720f1c5dea6d466799a7cf7633e5e88b4751aaf0b897cfe1088220

Download Submit
C:\Windows\SysWOW64\Ldanloba.exe

Filesize
290KB

MD5
7b7a9693c25254ff927c3daf8deca419

SHA1
742405ceba4e689173f2ab0ee1ad4c569753737d

SHA256
6b53e23576f404af5a1cf0e9aa050d2b0d795297ac86b97095f46e39404932b1

SHA512
6ee0d5fe1bb81682fdb44e42d558c594354cd7182d27b90cedfcb32373c63b64e464e9ba4d76b2e66921252450d277b17834d1a7b56012c830f8d5e4d441a714

Download Submit
C:\Windows\SysWOW64\Lhpnlclc.exe

Filesize
305KB

MD5
f3b7ea63d8d520e6371beadab17c9a1b

SHA1
5d78f91a3e7f06cb37a8ddce94d5384821d38d81

SHA256
763074f2d9c3df7cd3cec730dd2fb06b4f360b42c460cb4ab86a6137edf637a0

SHA512
578ac3618150406915b679a520190112c733f6a4cae7314105a8601005b798e46ede29133c8244a113e3f8c4ecc71ae27dec20cb6cd9aa266633baf15132c87e

Download Submit
C:\Windows\SysWOW64\Mcnggo32.dll

Filesize
7KB

MD5
edfe931b507cf924b0184221b9ce381c

SHA1
b966a807bc6de85803d3c9ca23fe776c0d39d330

SHA256
745adc50c0d00eed49164156bff141af16795eb38898e5d84ba6ea0eab12ca63

SHA512
f7f5c2117dfa7bbfaccf81f555210c58f7fb5fca886bb62af4f3a16f0bb6f89c46eb488177bf058163310915f2c50d1086654571c46d738978b01bfcedfa0cf5

Download Submit
C:\Windows\SysWOW64\Mdpagc32.exe

Filesize
219KB

MD5
9b8110bbde33f39fc3d4cb4e13608bc2

SHA1
21cf1486a12037136de6971f0d4361df5929dea0

SHA256
831318de90ff0ddd0c8f6f86d10369b760da78e4e9fafaec31d912f5d3f6d52e

SHA512
2138ba1afd7e85c0959310dd9f5f9dd23269a4d4856b51ae77687563ca86141eb59c65ddb5e69b73a10959a1bca3febd2ef31f2a81035ab6fc08c0c86e752817

Download Submit
C:\Windows\SysWOW64\Mjggal32.exe

Filesize
80KB

MD5
04f0f614f969c9011b5db3e13298eff3

SHA1
ea39a4a0e6f9127f6c3c48de0b53b3b2db0dccce

SHA256
9cfe768e3cc386d142f030a11b109c094f25a5c7f313284249daeb6cffa78223

SHA512
4fae9b9f58c4774244f19c6698346aa85c82ae2a23d2ff203656b0a3a4309fa3307424ea3b0c2c92cf87cb69aee3ea03ef8dd64298fe344785c82ae8685c050b

Download Submit
C:\Windows\SysWOW64\Ntmssvcex.dll

Filesize
200KB

MD5
150a2c1b800c6370f9c8a3781568ef83

SHA1
6cc2aed29b672b7026c0fabd3285984488aaeaf3

SHA256
e5f0e0a014e19a8aef99286e6bfd04b7c1258f5a2a5ce2b3ef5d96ec0ac60be3

SHA512
54ffa28ccfcfe3f16078a4a7eaf8f9b10718082bbdb5148c0a2219ff556002105e49c3e88605ef11bbab45f0a704777c10195bfbe93179d6d27c616ea7b37538

Download Submit
C:\Windows\SysWOW64\Oogdfc32.exe

Filesize
290KB

MD5
b2302da1cfd7bb7e0cade4661bcade38

SHA1
395f419e15365b7f9d003b8874e979eec4d04334

SHA256
9e78945e90f96b21327c16d6be8cfb850d2d02bc0ffd393af25a17abf11f3ccf

SHA512
f94b9b6a1802cba486509ca2e1ea682a57326eb3291c4692251467c7f57acb155c639e45cb7b56e4aa6232f3d04d341f8b69ee2d34536d46237791c6c64fec7a

Download Submit
C:\Windows\SysWOW64\Oqpakfgb.dll

Filesize
6KB

MD5
1f6eca6366a9f50ff6e10649fae606fd

SHA1
70fb75634225487f9c219b6c7f3ac725cd340e82

SHA256
45580f1073034a3951d7baa08cc283ff26e8f98e9378f0da28bcdbb6ec263234

SHA512
08c864f5baafab51068c156e5961e7c5074af6426b16b8c8b46f31811a482df9f3f2b101833fe15fcd9ad1643c650375f4d77d1f055c87b3c0c7cf092f516976

Download Submit
C:\Windows\SysWOW64\svchost.log

Filesize
606B

MD5
a13d18709783c1a5df019647299536f2

SHA1
6510b036e05a9cfa15d6d2cb6296c3e80e9c4246

SHA256
7e89013baabb007f99bcef5c5eee594be9e07357e5c7fd06a303404cd6b03c56

SHA512
4a7deee005aaa5f1455788a9ec69dbcfc5b6642dc2b7ee3687ddf2549eeccf82cabe6bac6d5a1f60cb54d6c3a09bfd8a91733c4e4d1060a711a4a88296898bec

Download Submit
C:\Windows\SysWOW64\svchost.log

Filesize
157KB

MD5
aed6c70cb88d926e67e205347232ed78

SHA1
5a621c70a30be5108a2552b26188b884b1a9aaea

SHA256
b779124e6ee44eca19e685966d7cc8b0a613ed87d7bd3974adb9066922191065

SHA512
ab6b22eebc8f60afee05cda7ac8f5c9de547fd701115c9081909c0eed74b497895dd4edc6e050087f1d5f7208cd187ecdf00015b8b4b2be8bbe8af45fe7e3a15

Download Submit
C:\Windows\SysWOW64\twex.exe

Filesize
571KB

MD5
a4e835dfee8281c3011b5fbd8490693b

SHA1
766b310f72184689c7d07ee958633e9bf4ff8b28

SHA256
623ee3495f49537331e5f2bb1db96f565fea310ab8d19f12cafa06ba9ef7b1a6

SHA512
2b09121d7bad88c3052ebb7ffb98067ae22ba85008ffeeaa02f46a15ede9c798d0e923cb1bd2adccea50de3cc4d4f342e5123de7493be9592a12e278d1307cbc

Download Submit
C:\Windows\SysWOW64\vbaixsyo.dll

Filesize
2.4MB

MD5
a5ef95b801e7a63f45438ed5c56cd1c3

SHA1
0dcf44051b185e7a8f3f6966b7115db6c4e58566

SHA256
d5b2f8a573384059380dbc6525c347ad2c8d7c92d2087799b48c89e95955f63c

SHA512
0f230359f39c2053061c6bc766053eac43ac1a9f42f0b96a963d5bf22215dbe0e58bc18cb218b4132f13a789cd0948dd96e03b923e43db1dd6a5fc6dd0f39ee5

Download Submit
C:\Windows\SysWOW64\vbaixsyo.nls

Filesize
428B

MD5
534cda6b48a4f4eeba156fae0d91da91

SHA1
ee02d7d2b5f6d35d717c818ca9751af162d39795

SHA256
66180bbde64bd522c568ee505c86f8757942a6d7cbe969b7240660c1ff31bba9

SHA512
e4be76b12a415264990f8e9767356b66676f4d2ddd478c6765d0a614032e9a57547f040c6d86cdbcf5b2bca32857850843d7550611cf1e6ea8a2179ae6996c7a

Download Submit
C:\Windows\System32\SCYEWtq.exe

Filesize
1.9MB

MD5
5629b3db5a00426ce6104779dacddc99

SHA1
97f2a98efddd9fd7ea30d19daa60cca4602279c8

SHA256
601b9c133e03da1e0dca28335b866fb939ebdeb83e0cb0eacd0901b3c746b2fa

SHA512
78baffbd2793c74780068a05e46c3c5935ea5935320629a843dfad68f3d40da22e39fd7604ab3dad001c1207dcd37d711039fa8e0ff8e619b638f3ade40b5653

Download Submit
C:\Windows\System\config_t.dat

Filesize
153B

MD5
0583b9eb06a2f91a33b6f8455ce6253f

SHA1
9cf34c585f0621cd245fad4da3b2fadbbc4e494d

SHA256
3647dad1ded63cc990800e32a48d24c2bf561cead0f5a5e7b9626b9e3656caac

SHA512
48e1feda33104f6e1dd915d38292374b3367f0fc88897e340242eb9691e11799b0000c5ea79a6bee93de1d430ef112ed5d8ac802b66f5bc518e6c9cf8cb283f8

Download Submit
C:\Windows\ntsys.exe

Filesize
37KB

MD5
c8424e73014df5398a1f45eb7b3b0098

SHA1
c0a0ffe088414c43106f39128a330a3f3df0d144

SHA256
b4b13a5b911333139f0b5bebbe4f4faa3a3a9a2a4e8c57db983f96958c0320c1

SHA512
320ffad58c7b9680c1148af3a889837bf30405e7c962f28d2284336c0bc22feac987afa7cba9cd28981ec0267885fab76755207e9aca9c61aa4468e83eb82f93

Download Submit
C:\Windudt\svchost.exe

Filesize
700KB

MD5
eb5201dcd95b09712a75aeaa7ef68665

SHA1
6ec14122ce9f91718b7ed88ddf02df11cf2b1ea3

SHA256
565551b51c1ec7a82ce0b53c2e6a284cd7ca0ca28d2cafd4a3d8e9575839379a

SHA512
4d1a72e38f15e30b64de7b3aaa79112bb0b6bac982b34d1e5226152f6b60101d9449f58ea4c29aaf0861b69a72604a3db411669213d1231d1139b7b4e7d2ce7d

Download Submit
C:\hbbbtb.exe

Filesize
96KB

MD5
0a75eb6f94c256c40fc55b59bf7fcb50

SHA1
43ca13ce16f7f5358be7bac00a45c1a9e01cdc68

SHA256
162f576c6b56d8ea99ab5acbe4320c037af29b0d4286b8a81e2c7790f96877a7

SHA512
ef9ee74fd498d5abb48e2388297d34548ad848bc772c1bbe19c32e12913eac352e7074791b6252259f68f3b29640ef27c8d3e42da12e424c75d884c352dec063

Download Submit
C:\njkww.pif

Filesize
97KB

MD5
97b2134af6b60e2be19c05597cc44c2d

SHA1
66250771a0a97d0c9b7a2def03d1f9c92641f6db

SHA256
98deb626a2f8320c10602dbfa88ba55211aa5ef8c61ca957dd08b1f68169b6d6

SHA512
c2b8fc503a558dbd7d38667b5b1c3b1597a58edd16c8f1eeb2ee34e4dabd8e5a84a922c05ae1a60b2f864cab612d1b0732ffa11e266185dbb357c0fb7eae0ad1

Download Submit
C:\ntldr~8

Filesize
1.1MB

MD5
eb5216dcc8e84937ead46858a881df03

SHA1
cacabf69c11b5d716654349fd3b368e780c0a6df

SHA256
e71f4574fdab90b01db5afed81a45a3c5a1f45e2961b996482414edbbe97fb6b

SHA512
bab84ac304ae8c482968388daf2db98f0428f9945a143358bd626d9e590322946cea37c194d1caf36a33046add88ff1225f0eb71c264b119569c7a876d2cac63

Download Submit
C:\tttnnt.exe

Filesize
73KB

MD5
2b23d2bd0a63876d07ac68a23a6f3460

SHA1
ecbdf25fd488ef74d6ce1780a8e788679b3406fc

SHA256
b2691bdcd9e9fbf852641cf633dd2eb7cd7a43d53e06c1b6b29487a7700dca4c

SHA512
4ea33c3a807addceb3260d957a412cbe26f3fb0c44a56b9d4c7df4b19d23a008d5ce04ec9870768f3df818092efae2923c2c6dc73460b196767e2bee7978d6d9

Download Submit
\??\c:\uboot.bin

Filesize
13KB

MD5
40ad1473316cdb04db3e1564cedc0301

SHA1
bb5d44d621428e1c785caf4cab75e867e2b14ebc

SHA256
0b31e87a04df4d9897373005acc3171d9327febf84a2759c81f332c4747742f8

SHA512
a3af62773641397ad83c3829d8deb7453341007cc34d2ae40633fe46ed2288adff6afc6144f3218c7b8dc2784dde8dcebc647834174e957b08b8b53ee93bd0b5

Download Submit
memory/392-382-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/432-946-0x00000000013B0000-0x000000000141C000-memory.dmp

Filesize
432KB

Download
memory/436-648-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/436-394-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/436-386-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/436-387-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/744-235-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/880-465-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1036-381-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1048-647-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1048-391-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1124-183-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1164-354-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1196-172-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1504-190-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1516-655-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1516-396-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1532-947-0x0000000002910000-0x000000000297C000-memory.dmp

Filesize
432KB

Download
memory/1608-650-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1900-651-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1956-295-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2000-207-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2084-390-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2248-206-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2280-312-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2356-238-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2376-353-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2392-182-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2392-83-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2392-944-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2408-237-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2760-123-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2800-653-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2884-1003-0x0000000002090000-0x00000000020FC000-memory.dmp

Filesize
432KB

Download
memory/2884-563-0x0000000002140000-0x0000000002150000-memory.dmp

Filesize
64KB

Download
memory/2884-559-0x0000000002120000-0x0000000002132000-memory.dmp

Filesize
72KB

Download
memory/2984-799-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/2984-835-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/2984-91-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2984-205-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2992-945-0x0000000010000000-0x000000001006C000-memory.dmp

Filesize
432KB

Download
memory/3032-654-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3056-315-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3056-330-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3056-467-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3056-328-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/3056-329-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3448-309-0x0000000001300000-0x0000000001308000-memory.dmp

Filesize
32KB

Download
memory/3448-290-0x0000000000A00000-0x0000000000A34000-memory.dmp

Filesize
208KB

Download
memory/3508-393-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3516-293-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3524-311-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3640-239-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3692-156-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3716-270-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3848-334-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3888-392-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3924-464-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3932-163-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4112-147-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4140-133-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4192-82-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4192-943-0x0000000010000000-0x000000001006C000-memory.dmp

Filesize
432KB

Download
memory/4192-180-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4228-313-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4232-383-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4308-751-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4308-750-0x0000000002060000-0x00000000020CC000-memory.dmp

Filesize
432KB

Download
memory/4308-649-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4312-291-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4364-463-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4480-268-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4672-292-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4680-462-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4808-236-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4852-335-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4868-294-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4868-395-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4884-711-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4884-695-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4884-710-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4892-148-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4900-652-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4932-975-0x0000000002030000-0x000000000209C000-memory.dmp

Filesize
432KB

Download
memory/5028-697-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5044-1002-0x0000000005150000-0x00000000051BC000-memory.dmp

Filesize
432KB

Download
memory/5044-397-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/5044-331-0x0000000000860000-0x00000000008CC000-memory.dmp

Filesize
432KB

Download
memory/5044-754-0x0000000006990000-0x0000000006A2C000-memory.dmp

Filesize
624KB

Download
memory/5044-352-0x0000000005280000-0x0000000005312000-memory.dmp

Filesize
584KB

Download
memory/5044-761-0x0000000005540000-0x000000000554A000-memory.dmp

Filesize
40KB

Download
memory/5044-351-0x0000000005770000-0x0000000005D14000-memory.dmp

Filesize
5.6MB

Download
memory/5080-269-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5128-466-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5224-492-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5252-698-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5256-493-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5292-494-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5328-495-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5372-942-0x0000000002000000-0x000000000206C000-memory.dmp

Filesize
432KB

Download
memory/5448-540-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5484-541-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5516-542-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5552-543-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5592-548-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5648-549-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5680-550-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5716-551-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5752-552-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5784-882-0x0000000002160000-0x0000000002177000-memory.dmp

Filesize
92KB

Download
memory/5784-881-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/5796-553-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5808-1031-0x0000000071FB0000-0x0000000072039000-memory.dmp

Filesize
548KB

Download
memory/5808-1055-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1032-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1033-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1035-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1037-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1039-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1061-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1059-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-753-0x00000000004D0000-0x0000000000534000-memory.dmp

Filesize
400KB

Download
memory/5808-1057-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1041-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1043-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1045-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1053-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1051-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1049-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5808-1047-0x0000000004E10000-0x0000000004E35000-memory.dmp

Filesize
148KB

Download
memory/5832-554-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5856-555-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5868-556-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5952-557-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5992-558-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6028-774-0x0000000000DF0000-0x00000000012C9000-memory.dmp

Filesize
4.8MB

Download
memory/6120-775-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6420-964-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download