berbew | fd111c335073ae9b9f33d1f3e348bcbc46dd0b90de333156c2dbbee62412374b

Analysis

max time kernel
55s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 14:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Dispam.exe
Size

12.1MB
MD5

a89b5a734cced64ae3cc202bdfac8759
SHA1

81a4254491dd554a5113f63ad7849d93cc30d3d7
SHA256

fd111c335073ae9b9f33d1f3e348bcbc46dd0b90de333156c2dbbee62412374b
SHA512

68ac8b1e4739fb444f1ef055015455094a3c768c84e96279996a11a9e1a4e7ae2192acb862cd896844c01cbed24e3fc0868fa8891d4806a46e70e2e3e2175e73
SSDEEP

393216:0GV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:TYQZ2YwUlJn1QtIm28IKzo

Malware Config

Extracted

Family

berbew

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

emotet

Botnet

Epoch2

38.18.235.242:80

5.196.108.189:8080

121.124.124.40:7080

104.236.246.93:8080

113.61.66.94:80

120.150.60.189:80

91.211.88.52:7080

47.144.21.12:443

108.46.29.236:80

139.162.108.71:8080

134.209.36.254:8080

139.59.60.244:8080

66.65.136.14:80

76.175.162.101:80

174.106.122.139:80

95.213.236.64:8080

174.45.13.118:80

50.35.17.13:80

209.141.54.221:8080

87.106.139.101:8080

rsa_pubkey.plain

Extracted

Family

metasploit

Version

metasploit_stager

196.168.58.4:4444

Extracted

Family

xworm

93.183.95.210:5552

Mutex

CyuqAZZVNkR3PuCK

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000700000002365d-1794.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detect Blackmoon payload 6 IoCs

resource	yara_rule
behavioral2/memory/5896-915-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral2/memory/5832-841-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral2/memory/1944-764-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral2/memory/4216-755-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral2/memory/4148-661-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral2/memory/2308-372-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x00070000000240df-9726.dat	family_xworm
behavioral2/memory/1932-374-0x0000000000490000-0x00000000004A0000-memory.dmp	family_xworm

Detects MyDoom family 1 IoCs

resource	yara_rule
behavioral2/memory/3736-221-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

GandCrab payload 2 IoCs

resource	yara_rule
behavioral2/memory/5300-683-0x0000000002E00000-0x0000000002E16000-memory.dmp	family_gandcrab
behavioral2/memory/5424-667-0x00000000011F0000-0x0000000001206000-memory.dmp	family_gandcrab

Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab

Gh0st RAT payload 2 IoCs

resource	yara_rule
behavioral2/memory/5708-734-0x0000000010000000-0x0000000010362000-memory.dmp	family_gh0strat
behavioral2/memory/5708-733-0x0000000010000000-0x0000000010362000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral2/memory/5600-743-0x00000000002E0000-0x00000000003A6000-memory.dmp	family_sectoprat

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Emotet payload 2 IoCs

Detects Emotet payload in memory.

trojan banker

resource	yara_rule
behavioral2/memory/5788-584-0x00000000004A0000-0x00000000004B0000-memory.dmp	emotet
behavioral2/memory/5788-580-0x0000000000480000-0x0000000000492000-memory.dmp	emotet

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/files/0x000700000002365d-1794.dat	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
11052	powershell.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0007000000023a43-6337.dat	aspack_v212_v242

Executes dropped EXE 2 IoCs

pid	Process
3736	240919-recdwasckd7608abb395d160067a3b704c525435d5071a1e6b57856294dfea883f494c278fN.exe
3548	240919-rd7hmasgqlbbef91a98d0c41e9a09b3c1f77189e8f48582eec2b72bf4073671384786c9772N.exe

Loads dropped DLL 20 IoCs

pid	Process
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe
4908	Dispam.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/5456-533-0x0000000000400000-0x0000000000744000-memory.dmp	themida

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3736-139-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1588-162-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3736-221-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1588-264-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/files/0x0007000000023595-704.dat	upx
behavioral2/files/0x00070000000235c4-2980.dat	upx
behavioral2/files/0x0007000000023676-1892.dat	upx
behavioral2/files/0x000700000002365d-1794.dat	upx
behavioral2/memory/5896-915-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5832-841-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6396-779-0x00007FF7BFBD0000-0x00007FF7BFFC1000-memory.dmp	upx
behavioral2/memory/1944-764-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4216-755-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5252-752-0x0000000000810000-0x000000000189E000-memory.dmp	upx
behavioral2/memory/5708-734-0x0000000010000000-0x0000000010362000-memory.dmp	upx
behavioral2/memory/5708-733-0x0000000010000000-0x0000000010362000-memory.dmp	upx
behavioral2/memory/5708-730-0x0000000010000000-0x0000000010362000-memory.dmp	upx
behavioral2/memory/4148-661-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/files/0x0007000000023ecb-8246.dat	upx
behavioral2/memory/5772-572-0x00007FF6E4460000-0x00007FF6E4851000-memory.dmp	upx
behavioral2/memory/5740-571-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral2/memory/2308-372-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	pastebin.com
9	pastebin.com
254	pastebin.com

Program crash 15 IoCs

pid	pid_target	Process	procid_target
8800	6920	WerFault.exe
10412	8600	WerFault.exe
8308	5664	WerFault.exe
6340	5788	WerFault.exe	167
764	10892	WerFault.exe	463
13596	6324	WerFault.exe	508
10908	2516	Process not Found	595
11416	8264	Process not Found	591
4344	11592	Process not Found	566
3616	5804	Process not Found	519
2996	11272	Process not Found	531
7760	13088	Process not Found	643
8612	5976	Process not Found	186
4056	11852	Process not Found	627
14076	3884	Process not Found	594

Runs net.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 4908	852	Dispam.exe	83
PID 852 wrote to memory of 4908	852	Dispam.exe	83
PID 4908 wrote to memory of 2340	4908	Dispam.exe	84
PID 4908 wrote to memory of 2340	4908	Dispam.exe	84
PID 4908 wrote to memory of 3736	4908	Dispam.exe	85
PID 4908 wrote to memory of 3736	4908	Dispam.exe	85
PID 4908 wrote to memory of 3736	4908	Dispam.exe	85
PID 4908 wrote to memory of 3548	4908	Dispam.exe	86
PID 4908 wrote to memory of 3548	4908	Dispam.exe	86
PID 4908 wrote to memory of 3548	4908	Dispam.exe	86

C:\Users\Admin\AppData\Local\Temp\Dispam.exe
"C:\Users\Admin\AppData\Local\Temp\Dispam.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Users\Admin\AppData\Local\Temp\Dispam.exe
  "C:\Users\Admin\AppData\Local\Temp\Dispam.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2340
- - C:\Users\Admin\Downloads\240919-recdwasckd7608abb395d160067a3b704c525435d5071a1e6b57856294dfea883f494c278fN.exe
    C:\Users\Admin\Downloads\240919-recdwasckd7608abb395d160067a3b704c525435d5071a1e6b57856294dfea883f494c278fN.exe
    3⤵
    - Executes dropped EXE
    PID:3736
  - - C:\Windows\services.exe
      "C:\Windows\services.exe"
      4⤵
      PID:1588
- - C:\Users\Admin\Downloads\240919-rd7hmasgqlbbef91a98d0c41e9a09b3c1f77189e8f48582eec2b72bf4073671384786c9772N.exe
    C:\Users\Admin\Downloads\240919-rd7hmasgqlbbef91a98d0c41e9a09b3c1f77189e8f48582eec2b72bf4073671384786c9772N.exe
    3⤵
    - Executes dropped EXE
    PID:3548
- - C:\Users\Admin\Downloads\240919-rg5hfasdqa7b27b2baa927e3ff07ba81122c9903f41d19dae9df1666a2e6581c23dca64c57N.exe
    C:\Users\Admin\Downloads\240919-rg5hfasdqa7b27b2baa927e3ff07ba81122c9903f41d19dae9df1666a2e6581c23dca64c57N.exe
    3⤵
    PID:2696
  - - C:\Windows\SysWOW64\Pdpmpdbd.exe
      C:\Windows\system32\Pdpmpdbd.exe
      4⤵
      PID:3508
    - - C:\Windows\SysWOW64\Qfcfml32.exe
        
        C:\Windows\system32\Qfcfml32.exe
        5⤵
        
        PID:3920
      - C:\Windows\SysWOW64\Qgcbgo32.exe
        
        C:\Windows\system32\Qgcbgo32.exe
        6⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\Bjddphlq.exe
        
        C:\Windows\system32\Bjddphlq.exe
        7⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\Cjbpaf32.exe
        
        C:\Windows\system32\Cjbpaf32.exe
        8⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\Fhgbhfbe.exe
        
        C:\Windows\system32\Fhgbhfbe.exe
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\Ikcdlmgf.exe
        
        C:\Windows\system32\Ikcdlmgf.exe
        10⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\Lnnikdnj.exe
        
        C:\Windows\system32\Lnnikdnj.exe
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\Niniei32.exe
        
        C:\Windows\system32\Niniei32.exe
        12⤵
        
        PID:6688
- - C:\Users\Admin\Downloads\240919-rhbxhssdqhf0e735c5ac83d41ca939505df51c274500b2c09b9ae8d6c0ca0417d6be81885fN.exe
    C:\Users\Admin\Downloads\240919-rhbxhssdqhf0e735c5ac83d41ca939505df51c274500b2c09b9ae8d6c0ca0417d6be81885fN.exe
    3⤵
    PID:3520
- - C:\Users\Admin\Downloads\240919-rbl4xasfpk74a03295a7de230258a2f48b7c0a218707c5cd9b4efbda27d4df4d09702d1da5N.exe
    C:\Users\Admin\Downloads\240919-rbl4xasfpk74a03295a7de230258a2f48b7c0a218707c5cd9b4efbda27d4df4d09702d1da5N.exe
    3⤵
    PID:4972
  - - C:\Windows\SysWOW64\Qgqeappe.exe
      C:\Windows\system32\Qgqeappe.exe
      4⤵
      PID:1924
    - - C:\Windows\SysWOW64\Anmjcieo.exe
        
        C:\Windows\system32\Anmjcieo.exe
        5⤵
        
        PID:1472
      - C:\Windows\SysWOW64\Bfhhoi32.exe
        
        C:\Windows\system32\Bfhhoi32.exe
        6⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\Chcddk32.exe
        
        C:\Windows\system32\Chcddk32.exe
        7⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\Famjkl32.exe
        
        C:\Windows\system32\Famjkl32.exe
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\Idgojc32.exe
        
        C:\Windows\system32\Idgojc32.exe
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\Mpieqeko.exe
        
        C:\Windows\system32\Mpieqeko.exe
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\Pcpikkge.exe
        
        C:\Windows\system32\Pcpikkge.exe
        11⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\Bqmeal32.exe
        
        C:\Windows\system32\Bqmeal32.exe
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\Dcogje32.exe
        
        C:\Windows\system32\Dcogje32.exe
        13⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\Ghhhcomg.exe
        
        C:\Windows\system32\Ghhhcomg.exe
        14⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\Jgadgf32.exe
        
        C:\Windows\system32\Jgadgf32.exe
        15⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\Lieccf32.exe
        
        C:\Windows\system32\Lieccf32.exe
        16⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\Neccpd32.exe
        
        C:\Windows\system32\Neccpd32.exe
        17⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\Ooqqdi32.exe
        
        C:\Windows\system32\Ooqqdi32.exe
        18⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\Oohgdhfn.exe
        
        C:\Windows\system32\Oohgdhfn.exe
        19⤵
        
        PID:9664
- - C:\Users\Admin\Downloads\240919-rcl6assgkk862f764e295f6d0b7b9d70423d97f2bdda9e4a8625d9dc1147ffd7cb22b23f87N.exe
    C:\Users\Admin\Downloads\240919-rcl6assgkk862f764e295f6d0b7b9d70423d97f2bdda9e4a8625d9dc1147ffd7cb22b23f87N.exe
    3⤵
    PID:5096
  - - C:\Windows\SysWOW64\Qqijje32.exe
      C:\Windows\system32\Qqijje32.exe
      4⤵
      PID:3616
    - - C:\Windows\SysWOW64\Ajanck32.exe
        
        C:\Windows\system32\Ajanck32.exe
        5⤵
        
        PID:4056
      - C:\Windows\SysWOW64\Bjddphlq.exe
        
        C:\Windows\system32\Bjddphlq.exe
        6⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\Cnnlaehj.exe
        
        C:\Windows\system32\Cnnlaehj.exe
        7⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\Fgjccb32.exe
        
        C:\Windows\system32\Fgjccb32.exe
        8⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\Ikcdlmgf.exe
        
        C:\Windows\system32\Ikcdlmgf.exe
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\Lbjelc32.exe
        
        C:\Windows\system32\Lbjelc32.exe
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\Oenlqi32.exe
        
        C:\Windows\system32\Oenlqi32.exe
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 396
        12⤵
        Program crash
        
        PID:8800
- - C:\Users\Admin\Downloads\240919-rdmhfssgnpeb7d3cc0a874f6612aeaf34cc1204ae8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rdmhfssgnpeb7d3cc0a874f6612aeaf34cc1204ae8_JaffaCakes118.exe
    3⤵
    PID:3672
- - C:\Users\Admin\Downloads\240919-rbkabasapfeb7b9880c5bca3e54858a9f328468ded_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rbkabasapfeb7b9880c5bca3e54858a9f328468ded_JaffaCakes118.exe
    3⤵
    PID:1536
  - - C:\Users\Admin\Downloads\240919-rbkabasapfeb7b9880c5bca3e54858a9f328468ded_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-rbkabasapfeb7b9880c5bca3e54858a9f328468ded_JaffaCakes118.exe"
      4⤵
      PID:5272
- - C:\Users\Admin\Downloads\240919-rc3s2ssbna0c1d68d13f7d0d7860cbff96e891f4409f3c8f70d48c8902c16d61b84f51b718N.exe
    C:\Users\Admin\Downloads\240919-rc3s2ssbna0c1d68d13f7d0d7860cbff96e891f4409f3c8f70d48c8902c16d61b84f51b718N.exe
    3⤵
    PID:4292
  - - C:\Windows\SysWOW64\Bcjlcn32.exe
      C:\Windows\system32\Bcjlcn32.exe
      4⤵
      PID:4252
    - - C:\Windows\SysWOW64\Ceehho32.exe
        
        C:\Windows\system32\Ceehho32.exe
        5⤵
        
        PID:4296
      - C:\Windows\SysWOW64\Dodbbdbb.exe
        
        C:\Windows\system32\Dodbbdbb.exe
        6⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\Gkglja32.exe
        
        C:\Windows\system32\Gkglja32.exe
        7⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\Iiehpahb.exe
        
        C:\Windows\system32\Iiehpahb.exe
        8⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\Lidmhmnp.exe
        
        C:\Windows\system32\Lidmhmnp.exe
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\Molelb32.exe
        
        C:\Windows\system32\Molelb32.exe
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\Ocamjm32.exe
        
        C:\Windows\system32\Ocamjm32.exe
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Pjgebf32.exe
        
        C:\Windows\system32\Pjgebf32.exe
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\Cglgjeci.exe
        
        C:\Windows\system32\Cglgjeci.exe
        13⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\Eipinkib.exe
        
        C:\Windows\system32\Eipinkib.exe
        14⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\Eiildjag.exe
        
        C:\Windows\system32\Eiildjag.exe
        15⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\Gacjadad.exe
        
        C:\Windows\system32\Gacjadad.exe
        16⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\Jklphekp.exe
        
        C:\Windows\system32\Jklphekp.exe
        17⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\Kjmmepfj.exe
        
        C:\Windows\system32\Kjmmepfj.exe
        18⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\Mnlnbl32.exe
        
        C:\Windows\system32\Mnlnbl32.exe
        19⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\Nlphbnoe.exe
        
        C:\Windows\system32\Nlphbnoe.exe
        20⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\Obcceg32.exe
        
        C:\Windows\system32\Obcceg32.exe
        21⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\Akoqpg32.exe
        
        C:\Windows\system32\Akoqpg32.exe
        22⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\Aodogdmn.exe
        
        C:\Windows\system32\Aodogdmn.exe
        23⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\Cfcjfk32.exe
        
        C:\Windows\system32\Cfcjfk32.exe
        24⤵
        
        PID:3864
- - C:\Users\Admin\Downloads\240919-reyxwascncddbe86ec420170fff4ab51a87cfe369413424aacc906db98683e7fc9dbf31a70N.exe
    C:\Users\Admin\Downloads\240919-reyxwascncddbe86ec420170fff4ab51a87cfe369413424aacc906db98683e7fc9dbf31a70N.exe
    3⤵
    PID:4500
- - C:\Users\Admin\Downloads\240919-ra3ehasflq7b262c1306b3616fd303df83e91eee4f8249dcc8fab0485595e354f8d5f25307N.exe
    C:\Users\Admin\Downloads\240919-ra3ehasflq7b262c1306b3616fd303df83e91eee4f8249dcc8fab0485595e354f8d5f25307N.exe
    3⤵
    PID:4148
  - - \??\c:\hbtnbt.exe
      c:\hbtnbt.exe
      4⤵
      PID:5832
    - - \??\c:\pjdvp.exe
        
        c:\pjdvp.exe
        5⤵
        
        PID:4516
      - \??\c:\flrlfxr.exe
        
        c:\flrlfxr.exe
        6⤵
        
        PID:6092
        
        \??\c:\vdjdv.exe
        
        c:\vdjdv.exe
        7⤵
        
        PID:8556
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        8⤵
        
        PID:10580
        
        \??\c:\nbtnbb.exe
        
        c:\nbtnbb.exe
        9⤵
        
        PID:11000
        
        \??\c:\bnhbnh.exe
        
        c:\bnhbnh.exe
        10⤵
        
        PID:8480
        
        \??\c:\hbhbtn.exe
        
        c:\hbhbtn.exe
        11⤵
        
        PID:7240
        
        \??\c:\bttnnn.exe
        
        c:\bttnnn.exe
        12⤵
        
        PID:10056
        
        \??\c:\ddvpj.exe
        
        c:\ddvpj.exe
        13⤵
        
        PID:11160
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        14⤵
        
        PID:7464
        
        \??\c:\xfxxlxl.exe
        
        c:\xfxxlxl.exe
        15⤵
        
        PID:5412
        
        \??\c:\lfxxlff.exe
        
        c:\lfxxlff.exe
        16⤵
        
        PID:9272
        
        \??\c:\jvvjd.exe
        
        c:\jvvjd.exe
        17⤵
        
        PID:12040
        
        \??\c:\llllfxr.exe
        
        c:\llllfxr.exe
        18⤵
        
        PID:12628
        
        \??\c:\7xrlxrf.exe
        
        c:\7xrlxrf.exe
        19⤵
        
        PID:12384
        
        \??\c:\9llfxxx.exe
        
        c:\9llfxxx.exe
        20⤵
        
        PID:10948
        
        \??\c:\nbbhhh.exe
        
        c:\nbbhhh.exe
        21⤵
        
        PID:5528
        
        \??\c:\llrrffl.exe
        
        c:\llrrffl.exe
        22⤵
        
        PID:6944
        
        \??\c:\tnhbtt.exe
        
        c:\tnhbtt.exe
        23⤵
        
        PID:14420
        
        \??\c:\vjvvv.exe
        
        c:\vjvvv.exe
        24⤵
        
        PID:1624
        
        \??\c:\lrrlfxr.exe
        
        c:\lrrlfxr.exe
        25⤵
        
        PID:15168
        
        \??\c:\hhhhht.exe
        
        c:\hhhhht.exe
        26⤵
        
        PID:8352
        
        \??\c:\9jjvj.exe
        
        c:\9jjvj.exe
        27⤵
        
        PID:16312
        
        \??\c:\lrrlxxr.exe
        
        c:\lrrlxxr.exe
        28⤵
        
        PID:12136
        
        \??\c:\xffxrlf.exe
        
        c:\xffxrlf.exe
        29⤵
        
        PID:11500
        
        \??\c:\nbbnhh.exe
        
        c:\nbbnhh.exe
        30⤵
        
        PID:1676
        
        \??\c:\pdvpj.exe
        
        c:\pdvpj.exe
        31⤵
        
        PID:15660
- - C:\Users\Admin\Downloads\240919-re76jsshkjb8dc513a1e5380d0242caeaddad9090bbdb2f78ab4dfee6efdd62c5e63ed4629N.exe
    C:\Users\Admin\Downloads\240919-re76jsshkjb8dc513a1e5380d0242caeaddad9090bbdb2f78ab4dfee6efdd62c5e63ed4629N.exe
    3⤵
    PID:4276
  - - C:\Windows\SysWOW64\Bjddphlq.exe
      C:\Windows\system32\Bjddphlq.exe
      4⤵
      PID:2100
    - - C:\Windows\SysWOW64\Cffdpghg.exe
        
        C:\Windows\system32\Cffdpghg.exe
        5⤵
        
        PID:3112
      - C:\Windows\SysWOW64\Fdkggg32.exe
        
        C:\Windows\system32\Fdkggg32.exe
        6⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\Ighhln32.exe
        
        C:\Windows\system32\Ighhln32.exe
        7⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\Lidmhmnp.exe
        
        C:\Windows\system32\Lidmhmnp.exe
        8⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\Mpieqeko.exe
        
        C:\Windows\system32\Mpieqeko.exe
        9⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\Cgndoeag.exe
        
        C:\Windows\system32\Cgndoeag.exe
        10⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\Fmnkkg32.exe
        
        C:\Windows\system32\Fmnkkg32.exe
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\Ihbdplfi.exe
        
        C:\Windows\system32\Ihbdplfi.exe
        12⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\Jkomneim.exe
        
        C:\Windows\system32\Jkomneim.exe
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\Meefofek.exe
        
        C:\Windows\system32\Meefofek.exe
        14⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\Niooqcad.exe
        
        C:\Windows\system32\Niooqcad.exe
        15⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\Oaompd32.exe
        
        C:\Windows\system32\Oaompd32.exe
        16⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\Pchlpfjb.exe
        
        C:\Windows\system32\Pchlpfjb.exe
        17⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\Alqjpi32.exe
        
        C:\Windows\system32\Alqjpi32.exe
        18⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\Cmmbbejp.exe
        
        C:\Windows\system32\Cmmbbejp.exe
        19⤵
        
        PID:1316
- - C:\Users\Admin\Downloads\240919-rccxmasfrr01822d2b3907477a54c7e11d5c4c6139505220025736949bc2d13406284fb7e4N.exe
    C:\Users\Admin\Downloads\240919-rccxmasfrr01822d2b3907477a54c7e11d5c4c6139505220025736949bc2d13406284fb7e4N.exe
    3⤵
    PID:2308
  - - \??\c:\ffxrffx.exe
      c:\ffxrffx.exe
      4⤵
      PID:4216
    - - \??\c:\pjjvj.exe
        
        c:\pjjvj.exe
        5⤵
        
        PID:5896
      - \??\c:\pjdpd.exe
        
        c:\pjdpd.exe
        6⤵
        
        PID:6356
        
        \??\c:\ntthbb.exe
        
        c:\ntthbb.exe
        7⤵
        
        PID:7124
        
        \??\c:\nbbthb.exe
        
        c:\nbbthb.exe
        8⤵
        
        PID:7888
        
        \??\c:\1dpjv.exe
        
        c:\1dpjv.exe
        9⤵
        
        PID:6232
        
        \??\c:\pdpvp.exe
        
        c:\pdpvp.exe
        10⤵
        
        PID:10112
        
        \??\c:\9ddjv.exe
        
        c:\9ddjv.exe
        11⤵
        
        PID:11120
        
        \??\c:\5nbtnn.exe
        
        c:\5nbtnn.exe
        12⤵
        
        PID:9096
        
        \??\c:\5xfrlfx.exe
        
        c:\5xfrlfx.exe
        13⤵
        
        PID:11176
        
        \??\c:\flrlllf.exe
        
        c:\flrlllf.exe
        14⤵
        
        PID:9476
        
        \??\c:\jjdvd.exe
        
        c:\jjdvd.exe
        15⤵
        
        PID:10376
        
        \??\c:\dpjdd.exe
        
        c:\dpjdd.exe
        16⤵
        
        PID:6316
        
        \??\c:\jpdvv.exe
        
        c:\jpdvv.exe
        17⤵
        
        PID:9104
        
        \??\c:\ddvpj.exe
        
        c:\ddvpj.exe
        18⤵
        
        PID:8576
        
        \??\c:\frflfrf.exe
        
        c:\frflfrf.exe
        19⤵
        
        PID:10072
        
        \??\c:\jpjdv.exe
        
        c:\jpjdv.exe
        20⤵
        
        PID:13484
        
        \??\c:\nhbbbb.exe
        
        c:\nhbbbb.exe
        21⤵
        
        PID:6104
        
        \??\c:\jpjdj.exe
        
        c:\jpjdj.exe
        22⤵
        
        PID:15324
        
        \??\c:\1pppd.exe
        
        c:\1pppd.exe
        23⤵
        
        PID:6156
        
        \??\c:\1ddvj.exe
        
        c:\1ddvj.exe
        24⤵
        
        PID:12244
        
        \??\c:\llrlrrx.exe
        
        c:\llrlrrx.exe
        25⤵
        
        PID:7252
        
        \??\c:\bntnnh.exe
        
        c:\bntnnh.exe
        26⤵
        
        PID:1476
        
        \??\c:\tnbtht.exe
        
        c:\tnbtht.exe
        27⤵
        
        PID:12244
        
        \??\c:\jddvj.exe
        
        c:\jddvj.exe
        28⤵
        
        PID:16140
        
        \??\c:\tnnthn.exe
        
        c:\tnnthn.exe
        29⤵
        
        PID:15116
        
        \??\c:\vjjjv.exe
        
        c:\vjjjv.exe
        30⤵
        
        PID:13368
        
        \??\c:\jjjdv.exe
        
        c:\jjjdv.exe
        31⤵
        
        PID:1920
        
        \??\c:\rlrfxrl.exe
        
        c:\rlrfxrl.exe
        32⤵
        
        PID:5208
        
        \??\c:\rllrfff.exe
        
        c:\rllrfff.exe
        33⤵
        
        PID:11944
- - C:\Users\Admin\Downloads\240919-rc975asbngccc5f52cd83f6362f35cd839444b19e3e43c4b241b4f0ae8a05736c5b846b512N.exe
    C:\Users\Admin\Downloads\240919-rc975asbngccc5f52cd83f6362f35cd839444b19e3e43c4b241b4f0ae8a05736c5b846b512N.exe
    3⤵
    PID:5000
  - - C:\Windows\SysWOW64\Cmqmma32.exe
      C:\Windows\system32\Cmqmma32.exe
      4⤵
      PID:3636
    - - C:\Windows\SysWOW64\Fkeodaai.exe
        
        C:\Windows\system32\Fkeodaai.exe
        5⤵
        
        PID:6044
      - C:\Windows\SysWOW64\Ikcdlmgf.exe
        
        C:\Windows\system32\Ikcdlmgf.exe
        6⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\Lpkiph32.exe
        
        C:\Windows\system32\Lpkiph32.exe
        7⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Npedmdab.exe
        
        C:\Windows\system32\Npedmdab.exe
        8⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\Pjjahe32.exe
        
        C:\Windows\system32\Pjjahe32.exe
        9⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\Bmbiamhi.exe
        
        C:\Windows\system32\Bmbiamhi.exe
        10⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\Diicml32.exe
        
        C:\Windows\system32\Diicml32.exe
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\Fielph32.exe
        
        C:\Windows\system32\Fielph32.exe
        12⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\Inmpcc32.exe
        
        C:\Windows\system32\Inmpcc32.exe
        13⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\Kbddfmgl.exe
        
        C:\Windows\system32\Kbddfmgl.exe
        14⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\Llflea32.exe
        
        C:\Windows\system32\Llflea32.exe
        15⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\Nognnj32.exe
        
        C:\Windows\system32\Nognnj32.exe
        16⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\Oocmii32.exe
        
        C:\Windows\system32\Oocmii32.exe
        17⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\Poomegpf.exe
        
        C:\Windows\system32\Poomegpf.exe
        18⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\Akhcfe32.exe
        
        C:\Windows\system32\Akhcfe32.exe
        19⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\Emkndc32.exe
        
        C:\Windows\system32\Emkndc32.exe
        20⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\Nnfgcd32.exe
        
        C:\Windows\system32\Nnfgcd32.exe
        21⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\Oobfob32.exe
        
        C:\Windows\system32\Oobfob32.exe
        22⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\Qmepam32.exe
        
        C:\Windows\system32\Qmepam32.exe
        23⤵
        
        PID:15240
        
        C:\Windows\SysWOW64\Adikdfna.exe
        
        C:\Windows\system32\Adikdfna.exe
        24⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\Coadnlnb.exe
        
        C:\Windows\system32\Coadnlnb.exe
        25⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Dkhnjk32.exe
        
        C:\Windows\system32\Dkhnjk32.exe
        26⤵
        
        PID:15944
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        27⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\Fligqhga.exe
        
        C:\Windows\system32\Fligqhga.exe
        28⤵
        
        PID:15396
        
        C:\Windows\SysWOW64\Gemkelcd.exe
        
        C:\Windows\system32\Gemkelcd.exe
        29⤵
        
        PID:14764
        
        C:\Windows\SysWOW64\Jpaekqhh.exe
        
        C:\Windows\system32\Jpaekqhh.exe
        30⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\Klcekpdo.exe
        
        C:\Windows\system32\Klcekpdo.exe
        31⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\Mcpcdg32.exe
        
        C:\Windows\system32\Mcpcdg32.exe
        32⤵
        
        PID:9748
- - C:\Users\Admin\Downloads\240919-rcbpkasfrp0f31af1d245985b35812b932bc00f3ff1da17214589ddc964f76adee5f1212adN.exe
    C:\Users\Admin\Downloads\240919-rcbpkasfrp0f31af1d245985b35812b932bc00f3ff1da17214589ddc964f76adee5f1212adN.exe
    3⤵
    PID:4640
  - - C:\Windows\SysWOW64\Calhnpgn.exe
      C:\Windows\system32\Calhnpgn.exe
      4⤵
      PID:1208
    - - C:\Windows\SysWOW64\Foqkdp32.exe
        
        C:\Windows\system32\Foqkdp32.exe
        5⤵
        
        PID:6076
      - C:\Windows\SysWOW64\Ikcdlmgf.exe
        
        C:\Windows\system32\Ikcdlmgf.exe
        6⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\Kfqgab32.exe
        
        C:\Windows\system32\Kfqgab32.exe
        7⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\Opadhb32.exe
        
        C:\Windows\system32\Opadhb32.exe
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\Podmkm32.exe
        
        C:\Windows\system32\Podmkm32.exe
        9⤵
        
        PID:8436
- - C:\Users\Admin\Downloads\240919-rcmrtssble7a41b429cdfed8b9ce653df8ce0725ca85be3bf676ce491e5b83a26608d31239.exe
    C:\Users\Admin\Downloads\240919-rcmrtssble7a41b429cdfed8b9ce653df8ce0725ca85be3bf676ce491e5b83a26608d31239.exe
    3⤵
    PID:4964
- - C:\Users\Admin\Downloads\240919-rfk3eascra2e64f2243e27e3dcd76ab57287fffbdde3376027cfeb2d28776be1804d5c902eN.exe
    C:\Users\Admin\Downloads\240919-rfk3eascra2e64f2243e27e3dcd76ab57287fffbdde3376027cfeb2d28776be1804d5c902eN.exe
    3⤵
    PID:316
  - - C:\Windows\SysWOW64\Chagok32.exe
      C:\Windows\system32\Chagok32.exe
      4⤵
      PID:3144
    - - C:\Windows\SysWOW64\Dhkjej32.exe
        
        C:\Windows\system32\Dhkjej32.exe
        5⤵
        
        PID:4952
      - C:\Windows\SysWOW64\Ghipne32.exe
        
        C:\Windows\system32\Ghipne32.exe
        6⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Ikcdlmgf.exe
        
        C:\Windows\system32\Ikcdlmgf.exe
        7⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        8⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\Npgabc32.exe
        
        C:\Windows\system32\Npgabc32.exe
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\Pjjahe32.exe
        
        C:\Windows\system32\Pjjahe32.exe
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\Cfogeb32.exe
        
        C:\Windows\system32\Cfogeb32.exe
        11⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\Fmnkkg32.exe
        
        C:\Windows\system32\Fmnkkg32.exe
        12⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\Ijadbdoj.exe
        
        C:\Windows\system32\Ijadbdoj.exe
        13⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\Jhpqaiji.exe
        
        C:\Windows\system32\Jhpqaiji.exe
        14⤵
        
        PID:5380
- - C:\Users\Admin\Downloads\240919-rdb2qasgmm67c39e6fb5f131130861d7946ef4c8d7e9328f67e3b1fe96e97ee9b2956178dcN.exe
    C:\Users\Admin\Downloads\240919-rdb2qasgmm67c39e6fb5f131130861d7946ef4c8d7e9328f67e3b1fe96e97ee9b2956178dcN.exe
    3⤵
    PID:4936
- - C:\Users\Admin\Downloads\240919-ravpnasfljeb7b27e8b4d58dda90915cb285ff1c94_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ravpnasfljeb7b27e8b4d58dda90915cb285ff1c94_JaffaCakes118.exe
    3⤵
    PID:5016
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\Option.bat
      4⤵
      PID:5632
  - - C:\Windows\SysWOW64\net.exe
      net.exe start schedule /y
      4⤵
      PID:5976
  - - C:\Windows\SysWOW64\At.exe
      At.exe 2:16:30 PM C:\Windows\Help\HelpCat.exe
      4⤵
      PID:5240
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c at 2:15:34 PM C:\Windows\Sysinf.bat
      4⤵
      PID:7120
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c at 2:18:34 PM C:\Windows\Sysinf.bat
      4⤵
      PID:7728
  - - C:\Windows\SysWOW64\net.exe
      net.exe stop wscsvc /y
      4⤵
      PID:1328
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop wscsvc /y
        5⤵
        
        PID:3164
- - C:\Users\Admin\Downloads\240919-qly1sa1djrWizClient.exe
    C:\Users\Admin\Downloads\240919-qly1sa1djrWizClient.exe
    3⤵
    PID:1932
- - C:\Users\Admin\Downloads\240919-q7lmkssdpkeb78b7662b57c4f9cab3ae28336f4995_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q7lmkssdpkeb78b7662b57c4f9cab3ae28336f4995_JaffaCakes118.exe
    3⤵
    PID:2724
  - - C:\Users\Admin\AppData\Roaming\iexplorer.exe
      "C:\Users\Admin\AppData\Roaming\iexplorer.exe"
      4⤵
      PID:7656
- - C:\Users\Admin\Downloads\240919-q3mn3ssbrq139d8933b09bb64939cc7c5c4c7823c2addf99b739333c1cccbb0a6ae3f971b6N.exe
    C:\Users\Admin\Downloads\240919-q3mn3ssbrq139d8933b09bb64939cc7c5c4c7823c2addf99b739333c1cccbb0a6ae3f971b6N.exe
    3⤵
    PID:1944
  - - \??\c:\jvvpj.exe
      c:\jvvpj.exe
      4⤵
      PID:6096
    - - \??\c:\djddp.exe
        
        c:\djddp.exe
        5⤵
        
        PID:4184
      - \??\c:\dppjd.exe
        
        c:\dppjd.exe
        6⤵
        
        PID:5860
        
        \??\c:\xffrlfx.exe
        
        c:\xffrlfx.exe
        7⤵
        
        PID:10080
        
        \??\c:\pjjvp.exe
        
        c:\pjjvp.exe
        8⤵
        
        PID:10956
        
        \??\c:\lrxrllf.exe
        
        c:\lrxrllf.exe
        9⤵
        
        PID:8308
        
        \??\c:\hbhbtn.exe
        
        c:\hbhbtn.exe
        10⤵
        
        PID:9768
        
        \??\c:\pjjdv.exe
        
        c:\pjjdv.exe
        11⤵
        
        PID:10172
        
        \??\c:\jjjdd.exe
        
        c:\jjjdd.exe
        12⤵
        
        PID:6628
        
        \??\c:\ddjdv.exe
        
        c:\ddjdv.exe
        13⤵
        
        PID:11176
        
        \??\c:\nhhbnh.exe
        
        c:\nhhbnh.exe
        14⤵
        
        PID:11172
        
        \??\c:\xlxrfxr.exe
        
        c:\xlxrfxr.exe
        15⤵
        
        PID:11808
        
        \??\c:\dpvpj.exe
        
        c:\dpvpj.exe
        16⤵
        
        PID:10876
        
        \??\c:\bthbnn.exe
        
        c:\bthbnn.exe
        17⤵
        
        PID:12080
        
        \??\c:\httnhh.exe
        
        c:\httnhh.exe
        18⤵
        
        PID:13616
        
        \??\c:\bhnhtt.exe
        
        c:\bhnhtt.exe
        19⤵
        
        PID:12108
        
        \??\c:\pvdvj.exe
        
        c:\pvdvj.exe
        20⤵
        
        PID:13260
        
        \??\c:\fxfffff.exe
        
        c:\fxfffff.exe
        21⤵
        
        PID:1348
        
        \??\c:\rlxlffl.exe
        
        c:\rlxlffl.exe
        22⤵
        
        PID:14648
        
        \??\c:\7bhbtt.exe
        
        c:\7bhbtt.exe
        23⤵
        
        PID:1528
        
        \??\c:\7jjjd.exe
        
        c:\7jjjd.exe
        24⤵
        
        PID:16060
        
        \??\c:\rxxrfxr.exe
        
        c:\rxxrfxr.exe
        25⤵
        
        PID:12048
        
        \??\c:\hhhhbb.exe
        
        c:\hhhhbb.exe
        26⤵
        
        PID:10088
        
        \??\c:\7vddd.exe
        
        c:\7vddd.exe
        27⤵
        
        PID:9688
        
        \??\c:\fffxffr.exe
        
        c:\fffxffr.exe
        28⤵
        
        PID:16256
- - C:\Users\Admin\Downloads\240919-rb1bjasarg94307e536bc90165a9e59c1595030820614385193f94f7a8289cf9ef11163d0aN.exe
    C:\Users\Admin\Downloads\240919-rb1bjasarg94307e536bc90165a9e59c1595030820614385193f94f7a8289cf9ef11163d0aN.exe
    3⤵
    PID:5232
  - - C:\Windows\SysWOW64\Goedpofl.exe
      C:\Windows\system32\Goedpofl.exe
      4⤵
      PID:336
    - - C:\Windows\SysWOW64\Jodjhkkj.exe
        
        C:\Windows\system32\Jodjhkkj.exe
        5⤵
        
        PID:6320
      - C:\Windows\SysWOW64\Kfcdfbqo.exe
        
        C:\Windows\system32\Kfcdfbqo.exe
        6⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\Ngmpcn32.exe
        
        C:\Windows\system32\Ngmpcn32.exe
        7⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Ohjlgefb.exe
        
        C:\Windows\system32\Ohjlgefb.exe
        8⤵
        
        PID:6312
- - C:\Users\Admin\Downloads\240919-rb96qssfrmeb7c41cbf783d385566f1b546cd43bb6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rb96qssfrmeb7c41cbf783d385566f1b546cd43bb6_JaffaCakes118.exe
    3⤵
    PID:5252
- - C:\Users\Admin\Downloads\240919-q7pn8ssdppd7bca653bae060597eabf3c7369115baa85a06ebe564fc0145b30b59ba84c74dN.exe
    C:\Users\Admin\Downloads\240919-q7pn8ssdppd7bca653bae060597eabf3c7369115baa85a06ebe564fc0145b30b59ba84c74dN.exe
    3⤵
    PID:5260
- - C:\Users\Admin\Downloads\240919-q8h8vasekjfde2daa5be4cfd5505d9fa4f5fb0a0f0d115b127144e0880843216dd4e511f06N.exe
    C:\Users\Admin\Downloads\240919-q8h8vasekjfde2daa5be4cfd5505d9fa4f5fb0a0f0d115b127144e0880843216dd4e511f06N.exe
    3⤵
    PID:5288
- - C:\Users\Admin\Downloads\240919-q6esmssdjp2024-09-19_96e02ad2ed30e7ad206655aa48f498c4_bkransomware_karagany_metamorfo.exe
    C:\Users\Admin\Downloads\240919-q6esmssdjp2024-09-19_96e02ad2ed30e7ad206655aa48f498c4_bkransomware_karagany_metamorfo.exe
    3⤵
    PID:5300
- - C:\Users\Admin\Downloads\240919-q61p4s1gngeb784f224b2a3a748c402cd9888c5975_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q61p4s1gngeb784f224b2a3a748c402cd9888c5975_JaffaCakes118.exe
    3⤵
    PID:5324
- - C:\Users\Admin\Downloads\240919-rgft3ssdmbf10d80437ced4c6a7501dc5e267ad3e788011ed123a52ca7bab14b655a3bb0a6N.exe
    C:\Users\Admin\Downloads\240919-rgft3ssdmbf10d80437ced4c6a7501dc5e267ad3e788011ed123a52ca7bab14b655a3bb0a6N.exe
    3⤵
    PID:5332
  - - C:\Windows\SysWOW64\Ibpiogmp.exe
      C:\Windows\system32\Ibpiogmp.exe
      4⤵
      PID:6264
    - - C:\Windows\SysWOW64\Kefdbo32.exe
        
        C:\Windows\system32\Kefdbo32.exe
        5⤵
        
        PID:1648
      - C:\Windows\SysWOW64\Neppokal.exe
        
        C:\Windows\system32\Neppokal.exe
        6⤵
        
        PID:7992
- - C:\Users\Admin\Downloads\240919-qyrgga1hrneb72e7b17e21e8599b96791e295cabfa_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qyrgga1hrneb72e7b17e21e8599b96791e295cabfa_JaffaCakes118.exe
    3⤵
    PID:5340
- - C:\Users\Admin\Downloads\240919-rbhfqasapdeb7b918603725dbcd44917716d6ec40b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rbhfqasapdeb7b918603725dbcd44917716d6ec40b_JaffaCakes118.exe
    3⤵
    PID:5352
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\ProgramData\Media\rdb.bat
      4⤵
      PID:6240
- - C:\Users\Admin\Downloads\240919-q8v8easelleb79e1157f523008c8f90f1d50605347_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q8v8easelleb79e1157f523008c8f90f1d50605347_JaffaCakes118.exe
    3⤵
    PID:5372
  - - C:\Users\Admin\Downloads\240919-q8v8easelleb79e1157f523008c8f90f1d50605347_JaffaCakes118.exe
      C:\Users\Admin\Downloads\240919-q8v8easelleb79e1157f523008c8f90f1d50605347_JaffaCakes118.exe
      4⤵
      PID:5296
- - C:\Users\Admin\Downloads\240919-rehwnasgrm5c6ff5340700194b1ec369d0fa8c4d03320a3e7379903d19a7c1fce628ee73bc.exe
    C:\Users\Admin\Downloads\240919-rehwnasgrm5c6ff5340700194b1ec369d0fa8c4d03320a3e7379903d19a7c1fce628ee73bc.exe
    3⤵
    PID:5384
- - C:\Users\Admin\Downloads\240919-rgm86ashppfae2d480101662cf76a3be830ce237c6bc7c392372a5b1cbbc7f483e413ae397N.exe
    C:\Users\Admin\Downloads\240919-rgm86ashppfae2d480101662cf76a3be830ce237c6bc7c392372a5b1cbbc7f483e413ae397N.exe
    3⤵
    PID:5396
  - - C:\Windows\SysWOW64\Ikfabm32.exe
      C:\Windows\system32\Ikfabm32.exe
      4⤵
      PID:6220
    - - C:\Windows\SysWOW64\Lhdqnj32.exe
        
        C:\Windows\system32\Lhdqnj32.exe
        5⤵
        
        PID:5820
      - C:\Windows\SysWOW64\Nlihle32.exe
        
        C:\Windows\system32\Nlihle32.exe
        6⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Pgkelj32.exe
        
        C:\Windows\system32\Pgkelj32.exe
        7⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\Bifmqo32.exe
        
        C:\Windows\system32\Bifmqo32.exe
        8⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\Ejpfhnpe.exe
        
        C:\Windows\system32\Ejpfhnpe.exe
        9⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\Fmgejhgn.exe
        
        C:\Windows\system32\Fmgejhgn.exe
        10⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\Iafonaao.exe
        
        C:\Windows\system32\Iafonaao.exe
        11⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\Lejgch32.exe
        
        C:\Windows\system32\Lejgch32.exe
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\Mlbkap32.exe
        
        C:\Windows\system32\Mlbkap32.exe
        13⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\Okedcjcm.exe
        
        C:\Windows\system32\Okedcjcm.exe
        14⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Pedlgbkh.exe
        
        C:\Windows\system32\Pedlgbkh.exe
        15⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\Akamff32.exe
        
        C:\Windows\system32\Akamff32.exe
        16⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\Bokehc32.exe
        
        C:\Windows\system32\Bokehc32.exe
        17⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\Dpphjp32.exe
        
        C:\Windows\system32\Dpphjp32.exe
        18⤵
        
        PID:11944
- - C:\Users\Admin\Downloads\240919-q27mvs1fjaf99a20f61eab675b4a92ebd2c4adf11eef6b5992da70ff08284d5e7f989fd97fN.exe
    C:\Users\Admin\Downloads\240919-q27mvs1fjaf99a20f61eab675b4a92ebd2c4adf11eef6b5992da70ff08284d5e7f989fd97fN.exe
    3⤵
    PID:5408
  - - C:\Windows\SysWOW64\Igjeanmj.exe
      C:\Windows\system32\Igjeanmj.exe
      4⤵
      PID:6196
    - - C:\Windows\SysWOW64\Llpmoiof.exe
        
        C:\Windows\system32\Llpmoiof.exe
        5⤵
        
        PID:5864
- - C:\Users\Admin\Downloads\240919-q6h53a1gmc2024-09-19_972a1e759e3fec4b26cc2d9af7ae81cd_bkransomware_karagany_metamorfo.exe
    C:\Users\Admin\Downloads\240919-q6h53a1gmc2024-09-19_972a1e759e3fec4b26cc2d9af7ae81cd_bkransomware_karagany_metamorfo.exe
    3⤵
    PID:5424
- - C:\Users\Admin\Downloads\240919-re517ascpa1d6e0981b49f6f7ab773b88bac4ac2d71ce6f18fac4ad7d402a3ed159893edf7N.exe
    C:\Users\Admin\Downloads\240919-re517ascpa1d6e0981b49f6f7ab773b88bac4ac2d71ce6f18fac4ad7d402a3ed159893edf7N.exe
    3⤵
    PID:5440
  - - C:\Windows\SysWOW64\Iigdfa32.exe
      C:\Windows\system32\Iigdfa32.exe
      4⤵
      PID:6172
    - - C:\Windows\SysWOW64\Llpmoiof.exe
        
        C:\Windows\system32\Llpmoiof.exe
        5⤵
        
        PID:6488
      - C:\Windows\SysWOW64\Nhpiafnm.exe
        
        C:\Windows\system32\Nhpiafnm.exe
        6⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\Pfnegggi.exe
        
        C:\Windows\system32\Pfnegggi.exe
        7⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\Cgndoeag.exe
        
        C:\Windows\system32\Cgndoeag.exe
        8⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\Hgghjjid.exe
        
        C:\Windows\system32\Hgghjjid.exe
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\Jdpkflfe.exe
        
        C:\Windows\system32\Jdpkflfe.exe
        10⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\Lbkkgl32.exe
        
        C:\Windows\system32\Lbkkgl32.exe
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\Nbqmiinl.exe
        
        C:\Windows\system32\Nbqmiinl.exe
        12⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\Ooqqdi32.exe
        
        C:\Windows\system32\Ooqqdi32.exe
        13⤵
        
        PID:8728
- - C:\Users\Admin\Downloads\240919-rb2jlasarheb7bf7a6ec04b305fbbf40c8065ce21c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rb2jlasarheb7bf7a6ec04b305fbbf40c8065ce21c_JaffaCakes118.exe
    3⤵
    PID:5456
- - C:\Users\Admin\Downloads\240919-ranlcasfjr39d9da0b920edce9b3ddfeb8ee3909280c040fefd4d47d92ec253f34fbaa2952N.exe
    C:\Users\Admin\Downloads\240919-ranlcasfjr39d9da0b920edce9b3ddfeb8ee3909280c040fefd4d47d92ec253f34fbaa2952N.exe
    3⤵
    PID:5476
  - - C:\Windows\SysWOW64\Hheoid32.exe
      C:\Windows\system32\Hheoid32.exe
      4⤵
      PID:4632
    - - C:\Windows\SysWOW64\Jeqbpb32.exe
        
        C:\Windows\system32\Jeqbpb32.exe
        5⤵
        
        PID:6348
      - C:\Windows\SysWOW64\Kbghfc32.exe
        
        C:\Windows\system32\Kbghfc32.exe
        6⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\Npchgdcd.exe
        
        C:\Windows\system32\Npchgdcd.exe
        7⤵
        
        PID:7928
- - C:\Users\Admin\Downloads\240919-rghzfasdmge804cc979c988b240a0db554d178f606a0cc5b54690913d822b877af0c3a731cN.exe
    C:\Users\Admin\Downloads\240919-rghzfasdmge804cc979c988b240a0db554d178f606a0cc5b54690913d822b877af0c3a731cN.exe
    3⤵
    PID:5484
  - - C:\Windows\SysWOW64\Hdicienl.exe
      C:\Windows\system32\Hdicienl.exe
      4⤵
      PID:3336
    - - C:\Windows\SysWOW64\Mfcmmp32.exe
        
        C:\Windows\system32\Mfcmmp32.exe
        5⤵
        
        PID:7740
      - C:\Windows\SysWOW64\Pgdokkfg.exe
        
        C:\Windows\system32\Pgdokkfg.exe
        6⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\Bifmqo32.exe
        
        C:\Windows\system32\Bifmqo32.exe
        7⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\Djfcaohp.exe
        
        C:\Windows\system32\Djfcaohp.exe
        8⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\Fdhcgaic.exe
        
        C:\Windows\system32\Fdhcgaic.exe
        9⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\Jhpqaiji.exe
        
        C:\Windows\system32\Jhpqaiji.exe
        10⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\Lbpdblmo.exe
        
        C:\Windows\system32\Lbpdblmo.exe
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\Nijeec32.exe
        
        C:\Windows\system32\Nijeec32.exe
        12⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Oekiqccc.exe
        
        C:\Windows\system32\Oekiqccc.exe
        13⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\Pkcadhgm.exe
        
        C:\Windows\system32\Pkcadhgm.exe
        14⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\Ahenokjf.exe
        
        C:\Windows\system32\Ahenokjf.exe
        15⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\Bcfahbpo.exe
        
        C:\Windows\system32\Bcfahbpo.exe
        16⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\Ciafbg32.exe
        
        C:\Windows\system32\Ciafbg32.exe
        17⤵
        
        PID:8264
- - C:\Users\Admin\Downloads\240919-qzvwaa1dnheb73a0dec72868aba5388d55d5a5ea68_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qzvwaa1dnheb73a0dec72868aba5388d55d5a5ea68_JaffaCakes118.exe
    3⤵
    PID:5492
- - C:\Users\Admin\Downloads\240919-q8rj8asekrde891129a9f17663e802d767108ca40b8e7d7f3ac58fc4c13719010388edf865N.exe
    C:\Users\Admin\Downloads\240919-q8rj8asekrde891129a9f17663e802d767108ca40b8e7d7f3ac58fc4c13719010388edf865N.exe
    3⤵
    PID:5500
- - C:\Users\Admin\Downloads\240919-rbdgrssapbd58891f9f33c5853e6a15a958e2f6364e1f07dcc68235cd622dd654b22a32a0cN.exe
    C:\Users\Admin\Downloads\240919-rbdgrssapbd58891f9f33c5853e6a15a958e2f6364e1f07dcc68235cd622dd654b22a32a0cN.exe
    3⤵
    PID:5532
  - - C:\Windows\SysWOW64\Hnoklk32.exe
      C:\Windows\system32\Hnoklk32.exe
      4⤵
      PID:4336
    - - C:\Windows\SysWOW64\Jnifigpa.exe
        
        C:\Windows\system32\Jnifigpa.exe
        5⤵
        
        PID:6424
      - C:\Windows\SysWOW64\Khbdikip.exe
        
        C:\Windows\system32\Khbdikip.exe
        6⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\Niipjj32.exe
        
        C:\Windows\system32\Niipjj32.exe
        7⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\Caghhk32.exe
        
        C:\Windows\system32\Caghhk32.exe
        8⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\Epcdqd32.exe
        
        C:\Windows\system32\Epcdqd32.exe
        9⤵
        
        PID:5780
- - C:\Users\Admin\Downloads\240919-q1ycss1ekf2dd311ecda7963c75bc22e39d055226a1fe44fa87ffb91e7dbf4633c11983ed2N.exe
    C:\Users\Admin\Downloads\240919-q1ycss1ekf2dd311ecda7963c75bc22e39d055226a1fe44fa87ffb91e7dbf4633c11983ed2N.exe
    3⤵
    PID:5540
- - C:\Users\Admin\Downloads\240919-remvlssgrqbf070d8477a9f45d653a07a16664722f591b8bfa607c0da406dc767dc9b5477cN.exe
    C:\Users\Admin\Downloads\240919-remvlssgrqbf070d8477a9f45d653a07a16664722f591b8bfa607c0da406dc767dc9b5477cN.exe
    3⤵
    PID:5548
  - - \??\c:\rlxfffx.exe
      c:\rlxfffx.exe
      4⤵
      PID:876
    - - \??\c:\jddvv.exe
        
        c:\jddvv.exe
        5⤵
        
        PID:6648
      - \??\c:\pjpjd.exe
        
        c:\pjpjd.exe
        6⤵
        
        PID:6028
        
        \??\c:\xxxrlll.exe
        
        c:\xxxrlll.exe
        7⤵
        
        PID:10120
        
        \??\c:\llrlfxr.exe
        
        c:\llrlfxr.exe
        8⤵
        
        PID:8520
        
        \??\c:\1rffrlx.exe
        
        c:\1rffrlx.exe
        9⤵
        
        PID:7636
        
        \??\c:\5jjpp.exe
        
        c:\5jjpp.exe
        10⤵
        
        PID:10744
        
        \??\c:\hbhbhh.exe
        
        c:\hbhbhh.exe
        11⤵
        
        PID:7976
        
        \??\c:\jpvjp.exe
        
        c:\jpvjp.exe
        12⤵
        
        PID:6484
        
        \??\c:\dvdvp.exe
        
        c:\dvdvp.exe
        13⤵
        
        PID:11004
        
        \??\c:\5hhhbb.exe
        
        c:\5hhhbb.exe
        14⤵
        
        PID:8532
        
        \??\c:\bhnhht.exe
        
        c:\bhnhht.exe
        15⤵
        
        PID:7468
        
        \??\c:\ntnhth.exe
        
        c:\ntnhth.exe
        16⤵
        
        PID:8968
        
        \??\c:\ffllfrr.exe
        
        c:\ffllfrr.exe
        17⤵
        
        PID:9540
        
        \??\c:\fxxrllf.exe
        
        c:\fxxrllf.exe
        18⤵
        
        PID:12084
        
        \??\c:\rrlllrr.exe
        
        c:\rrlllrr.exe
        19⤵
        
        PID:3124
- - C:\Users\Admin\Downloads\240919-rfntasscreeb7eb4d037c9faa3e40e1dc0bbd6ab00_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rfntasscreeb7eb4d037c9faa3e40e1dc0bbd6ab00_JaffaCakes118.exe
    3⤵
    PID:5580
  - - C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      4⤵
      PID:6880
- - C:\Users\Admin\Downloads\240919-q6ywhs1gndfile.exe
    C:\Users\Admin\Downloads\240919-q6ywhs1gndfile.exe
    3⤵
    PID:5600
- - C:\Users\Admin\Downloads\240919-raqqpssamc4a003f1551af9379bae5459281c31071e37fa2a9d11eb2c6a28ca60ae847e7d4N.exe
    C:\Users\Admin\Downloads\240919-raqqpssamc4a003f1551af9379bae5459281c31071e37fa2a9d11eb2c6a28ca60ae847e7d4N.exe
    3⤵
    PID:5620
  - - C:\Windows\SysWOW64\Ifgldfio.exe
      C:\Windows\system32\Ifgldfio.exe
      4⤵
      PID:5664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        5⤵
        Program crash
        
        PID:8308
- - C:\Users\Admin\Downloads\240919-qvg4ma1gmr75b34e363eef5a2841dd4d7799eeb38137379efc02ae5b1d03b1e9d3438410ceN.exe
    C:\Users\Admin\Downloads\240919-qvg4ma1gmr75b34e363eef5a2841dd4d7799eeb38137379efc02ae5b1d03b1e9d3438410ceN.exe
    3⤵
    PID:5648
- - C:\Users\Admin\Downloads\240919-rfzwkasdkceb7f125dc9310c075c83521bd025168d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rfzwkasdkceb7f125dc9310c075c83521bd025168d_JaffaCakes118.exe
    3⤵
    PID:5656
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\80360.dat s
      4⤵
      PID:6036
- - C:\Users\Admin\Downloads\240919-rgzbessdphb72caab50c28d45d10632f6c61a28f94a109d97a99889d54c2e8fd15b76acc27N.exe
    C:\Users\Admin\Downloads\240919-rgzbessdphb72caab50c28d45d10632f6c61a28f94a109d97a99889d54c2e8fd15b76acc27N.exe
    3⤵
    PID:5672
  - - C:\Windows\SysWOW64\Iiehpahb.exe
      C:\Windows\system32\Iiehpahb.exe
      4⤵
      PID:4220
    - - C:\Windows\SysWOW64\Lhfmdj32.exe
        
        C:\Windows\system32\Lhfmdj32.exe
        5⤵
        
        PID:7180
      - C:\Windows\SysWOW64\Mibijk32.exe
        
        C:\Windows\system32\Mibijk32.exe
        6⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Pleaoa32.exe
        
        C:\Windows\system32\Pleaoa32.exe
        7⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Bfqkddfd.exe
        
        C:\Windows\system32\Bfqkddfd.exe
        8⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\Cmklglpn.exe
        
        C:\Windows\system32\Cmklglpn.exe
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\Fkpool32.exe
        
        C:\Windows\system32\Fkpool32.exe
        10⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\Ikqqlgem.exe
        
        C:\Windows\system32\Ikqqlgem.exe
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\Jnmijq32.exe
        
        C:\Windows\system32\Jnmijq32.exe
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\Kgamnded.exe
        
        C:\Windows\system32\Kgamnded.exe
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\Micoed32.exe
        
        C:\Windows\system32\Micoed32.exe
        14⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\Nlfelogp.exe
        
        C:\Windows\system32\Nlfelogp.exe
        15⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\Nlkngo32.exe
        
        C:\Windows\system32\Nlkngo32.exe
        16⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\Nefped32.exe
        
        C:\Windows\system32\Nefped32.exe
        17⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\Oboijgbl.exe
        
        C:\Windows\system32\Oboijgbl.exe
        18⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\Pidabppl.exe
        
        C:\Windows\system32\Pidabppl.exe
        19⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 428
        20⤵
        Program crash
        
        PID:764
- - C:\Users\Admin\Downloads\240919-rfqynashmk08e3986089d4b99335589770192df203ae96279b436e72f859171f969d54b2fbN.exe
    C:\Users\Admin\Downloads\240919-rfqynashmk08e3986089d4b99335589770192df203ae96279b436e72f859171f969d54b2fbN.exe
    3⤵
    PID:5692
  - - C:\Windows\SysWOW64\Inpccihl.exe
      C:\Windows\system32\Inpccihl.exe
      4⤵
      PID:5180
    - - C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        5⤵
        
        PID:6600
      - C:\Windows\SysWOW64\Oenlqi32.exe
        
        C:\Windows\system32\Oenlqi32.exe
        6⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\Bjcmebie.exe
        
        C:\Windows\system32\Bjcmebie.exe
        7⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\Dhhfedil.exe
        
        C:\Windows\system32\Dhhfedil.exe
        8⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\Fkihnmhj.exe
        
        C:\Windows\system32\Fkihnmhj.exe
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\Giqkkf32.exe
        
        C:\Windows\system32\Giqkkf32.exe
        10⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\Jqiipljg.exe
        
        C:\Windows\system32\Jqiipljg.exe
        11⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\Meefofek.exe
        
        C:\Windows\system32\Meefofek.exe
        12⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\Nognnj32.exe
        
        C:\Windows\system32\Nognnj32.exe
        13⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\Nefped32.exe
        
        C:\Windows\system32\Nefped32.exe
        14⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\Oocmii32.exe
        
        C:\Windows\system32\Oocmii32.exe
        15⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Obcceg32.exe
        
        C:\Windows\system32\Obcceg32.exe
        16⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\Aojlaeei.exe
        
        C:\Windows\system32\Aojlaeei.exe
        17⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\Bmlilh32.exe
        
        C:\Windows\system32\Bmlilh32.exe
        18⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\Dcpmen32.exe
        
        C:\Windows\system32\Dcpmen32.exe
        19⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Ffobhg32.exe
        
        C:\Windows\system32\Ffobhg32.exe
        20⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\Mjdebfnd.exe
        
        C:\Windows\system32\Mjdebfnd.exe
        21⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\Phaahggp.exe
        
        C:\Windows\system32\Phaahggp.exe
        22⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\Aogiap32.exe
        
        C:\Windows\system32\Aogiap32.exe
        23⤵
        
        PID:14640
- - C:\Users\Admin\Downloads\240919-rgwwasshqn6cd5e764f6f41532643f92a74ceda9bf.exe
    C:\Users\Admin\Downloads\240919-rgwwasshqn6cd5e764f6f41532643f92a74ceda9bf.exe
    3⤵
    PID:5708
- - C:\Users\Admin\Downloads\240919-rgr74ssdnh7194d2df5a75ef003b7f51bc5e8c410e8ea54a909df1257fca413f1643ac3167N.exe
    C:\Users\Admin\Downloads\240919-rgr74ssdnh7194d2df5a75ef003b7f51bc5e8c410e8ea54a909df1257fca413f1643ac3167N.exe
    3⤵
    PID:5724
- - C:\Users\Admin\Downloads\240919-ra7dfssangab5f67149cdc045881e71f26ba348f238ea728c26e9057642924419243f5e8fbN.exe
    C:\Users\Admin\Downloads\240919-ra7dfssangab5f67149cdc045881e71f26ba348f238ea728c26e9057642924419243f5e8fbN.exe
    3⤵
    PID:5740
  - - C:\backup.exe
      \backup.exe \
      4⤵
      PID:856
    - - C:\PerfLogs\backup.exe
        
        C:\PerfLogs\backup.exe C:\PerfLogs\
        5⤵
        
        PID:8768
    - - C:\Program Files\backup.exe
        
        "C:\Program Files\backup.exe" C:\Program Files\
        5⤵
        
        PID:7288
      - C:\Program Files\7-Zip\backup.exe
        
        "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
        6⤵
        
        PID:10740
        
        C:\Program Files\7-Zip\Lang\backup.exe
        
        "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
        7⤵
        
        PID:10032
      - C:\Program Files\Common Files\backup.exe
        
        "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
        6⤵
        
        PID:2000
- - C:\Users\Admin\Downloads\240919-q17lga1elfeb74deb7da721056c52cfa8b4b03897b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q17lga1elfeb74deb7da721056c52cfa8b4b03897b_JaffaCakes118.exe
    3⤵
    PID:5756
- - C:\Users\Admin\Downloads\240919-rcdtxssbkg8562f3e0a13889ae636bcc9dc0a80383ab87d669704810dd1247e42a7fec1d7dN.exe
    C:\Users\Admin\Downloads\240919-rcdtxssbkg8562f3e0a13889ae636bcc9dc0a80383ab87d669704810dd1247e42a7fec1d7dN.exe
    3⤵
    PID:5772
  - - C:\Windows\System32\CbOnqfP.exe
      C:\Windows\System32\CbOnqfP.exe
      4⤵
      PID:6396
  - - C:\Windows\System32\iChSMOF.exe
      C:\Windows\System32\iChSMOF.exe
      4⤵
      PID:7200
  - - C:\Windows\System32\TgjKFWK.exe
      C:\Windows\System32\TgjKFWK.exe
      4⤵
      PID:7772
  - - C:\Windows\System32\LMiqLcp.exe
      C:\Windows\System32\LMiqLcp.exe
      4⤵
      PID:4676
  - - C:\Windows\System32\WNLuNAW.exe
      C:\Windows\System32\WNLuNAW.exe
      4⤵
      PID:7028
  - - C:\Windows\System32\SHlkSlj.exe
      C:\Windows\System32\SHlkSlj.exe
      4⤵
      PID:7708
  - - C:\Windows\System32\PNdxhnJ.exe
      C:\Windows\System32\PNdxhnJ.exe
      4⤵
      PID:10604
  - - C:\Windows\System32\biafPMk.exe
      C:\Windows\System32\biafPMk.exe
      4⤵
      PID:10648
  - - C:\Windows\System32\epxvDYy.exe
      C:\Windows\System32\epxvDYy.exe
      4⤵
      PID:11084
  - - C:\Windows\System32\EZxDbLG.exe
      C:\Windows\System32\EZxDbLG.exe
      4⤵
      PID:8816
  - - C:\Windows\System32\QsxjOEc.exe
      C:\Windows\System32\QsxjOEc.exe
      4⤵
      PID:8168
  - - C:\Windows\System32\zUNnYno.exe
      C:\Windows\System32\zUNnYno.exe
      4⤵
      PID:944
  - - C:\Windows\System32\PyctJjF.exe
      C:\Windows\System32\PyctJjF.exe
      4⤵
      PID:10656
  - - C:\Windows\System32\SrvzNki.exe
      C:\Windows\System32\SrvzNki.exe
      4⤵
      PID:9924
  - - C:\Windows\System32\NAygkfs.exe
      C:\Windows\System32\NAygkfs.exe
      4⤵
      PID:7852
  - - C:\Windows\System32\CHPiDdX.exe
      C:\Windows\System32\CHPiDdX.exe
      4⤵
      PID:8472
  - - C:\Windows\System32\TJvPnuC.exe
      C:\Windows\System32\TJvPnuC.exe
      4⤵
      PID:9580
  - - C:\Windows\System32\IHLhrVu.exe
      C:\Windows\System32\IHLhrVu.exe
      4⤵
      PID:9856
  - - C:\Windows\System32\OjayySN.exe
      C:\Windows\System32\OjayySN.exe
      4⤵
      PID:7844
  - - C:\Windows\System32\HkIefVy.exe
      C:\Windows\System32\HkIefVy.exe
      4⤵
      PID:10308
  - - C:\Windows\System32\FypsfrN.exe
      C:\Windows\System32\FypsfrN.exe
      4⤵
      PID:5848
  - - C:\Windows\System32\sCZMrTf.exe
      C:\Windows\System32\sCZMrTf.exe
      4⤵
      PID:6744
  - - C:\Windows\System32\mElBkoc.exe
      C:\Windows\System32\mElBkoc.exe
      4⤵
      PID:8628
  - - C:\Windows\System32\zoYXlNC.exe
      C:\Windows\System32\zoYXlNC.exe
      4⤵
      PID:3956
  - - C:\Windows\System32\yEYBxlo.exe
      C:\Windows\System32\yEYBxlo.exe
      4⤵
      PID:7988
  - - C:\Windows\System32\TghFoOB.exe
      C:\Windows\System32\TghFoOB.exe
      4⤵
      PID:6976
  - - C:\Windows\System32\giWUgPJ.exe
      C:\Windows\System32\giWUgPJ.exe
      4⤵
      PID:6504
  - - C:\Windows\System32\slPCBnX.exe
      C:\Windows\System32\slPCBnX.exe
      4⤵
      PID:1732
  - - C:\Windows\System32\rccPwKV.exe
      C:\Windows\System32\rccPwKV.exe
      4⤵
      PID:9548
  - - C:\Windows\System32\WjSeryd.exe
      C:\Windows\System32\WjSeryd.exe
      4⤵
      PID:8328
  - - C:\Windows\System32\CBMUaeh.exe
      C:\Windows\System32\CBMUaeh.exe
      4⤵
      PID:7244
  - - C:\Windows\System32\eEjsGNl.exe
      C:\Windows\System32\eEjsGNl.exe
      4⤵
      PID:10524
  - - C:\Windows\System32\LSNIPDR.exe
      C:\Windows\System32\LSNIPDR.exe
      4⤵
      PID:7896
  - - C:\Windows\System32\dGTlIjs.exe
      C:\Windows\System32\dGTlIjs.exe
      4⤵
      PID:9136
  - - C:\Windows\System32\IHRBAwK.exe
      C:\Windows\System32\IHRBAwK.exe
      4⤵
      PID:2336
  - - C:\Windows\System32\oLJrtPo.exe
      C:\Windows\System32\oLJrtPo.exe
      4⤵
      PID:5076
  - - C:\Windows\System32\DZuJmzW.exe
      C:\Windows\System32\DZuJmzW.exe
      4⤵
      PID:7920
  - - C:\Windows\System32\bZxoPBR.exe
      C:\Windows\System32\bZxoPBR.exe
      4⤵
      PID:12128
  - - C:\Windows\System32\SairrKy.exe
      C:\Windows\System32\SairrKy.exe
      4⤵
      PID:12268
  - - C:\Windows\System32\vYFPDcO.exe
      C:\Windows\System32\vYFPDcO.exe
      4⤵
      PID:12284
  - - C:\Windows\System32\PUiWowf.exe
      C:\Windows\System32\PUiWowf.exe
      4⤵
      PID:7144
  - - C:\Windows\System32\ONnSeiO.exe
      C:\Windows\System32\ONnSeiO.exe
      4⤵
      PID:12140
  - - C:\Windows\System32\LvmRfVp.exe
      C:\Windows\System32\LvmRfVp.exe
      4⤵
      PID:12576
  - - C:\Windows\System32\rvMtkqC.exe
      C:\Windows\System32\rvMtkqC.exe
      4⤵
      PID:12592
  - - C:\Windows\System32\rKgPeNg.exe
      C:\Windows\System32\rKgPeNg.exe
      4⤵
      PID:12616
  - - C:\Windows\System32\WvxgBum.exe
      C:\Windows\System32\WvxgBum.exe
      4⤵
      PID:12644
  - - C:\Windows\System32\KjAbbZx.exe
      C:\Windows\System32\KjAbbZx.exe
      4⤵
      PID:12668
  - - C:\Windows\System32\NKiaVJi.exe
      C:\Windows\System32\NKiaVJi.exe
      4⤵
      PID:12684
  - - C:\Windows\System32\aCIQcEW.exe
      C:\Windows\System32\aCIQcEW.exe
      4⤵
      PID:12700
  - - C:\Windows\System32\qNPsTVy.exe
      C:\Windows\System32\qNPsTVy.exe
      4⤵
      PID:12716
  - - C:\Windows\System32\EtCiHQD.exe
      C:\Windows\System32\EtCiHQD.exe
      4⤵
      PID:12732
  - - C:\Windows\System32\vKnimzz.exe
      C:\Windows\System32\vKnimzz.exe
      4⤵
      PID:12756
  - - C:\Windows\System32\FBZBsiU.exe
      C:\Windows\System32\FBZBsiU.exe
      4⤵
      PID:11932
  - - C:\Windows\System32\uODqwxb.exe
      C:\Windows\System32\uODqwxb.exe
      4⤵
      PID:13568
  - - C:\Windows\System32\rlRfGUH.exe
      C:\Windows\System32\rlRfGUH.exe
      4⤵
      PID:7688
  - - C:\Windows\System32\Wscohcs.exe
      C:\Windows\System32\Wscohcs.exe
      4⤵
      PID:14776
  - - C:\Windows\System32\vDauwLA.exe
      C:\Windows\System32\vDauwLA.exe
      4⤵
      PID:11960
  - - C:\Windows\System32\iPWQDAc.exe
      C:\Windows\System32\iPWQDAc.exe
      4⤵
      PID:11412
  - - C:\Windows\System32\UUbOkKJ.exe
      C:\Windows\System32\UUbOkKJ.exe
      4⤵
      PID:13616
  - - C:\Windows\System32\ZSfOSVt.exe
      C:\Windows\System32\ZSfOSVt.exe
      4⤵
      PID:6364
  - - C:\Windows\System32\vaqNaCQ.exe
      C:\Windows\System32\vaqNaCQ.exe
      4⤵
      PID:6932
  - - C:\Windows\System32\pHSLWpf.exe
      C:\Windows\System32\pHSLWpf.exe
      4⤵
      PID:10964
  - - C:\Windows\System32\ASBwxCc.exe
      C:\Windows\System32\ASBwxCc.exe
      4⤵
      PID:9072
  - - C:\Windows\System32\gvLVoFB.exe
      C:\Windows\System32\gvLVoFB.exe
      4⤵
      PID:12076
  - - C:\Windows\System32\BioIBzq.exe
      C:\Windows\System32\BioIBzq.exe
      4⤵
      PID:13352
  - - C:\Windows\System32\nvuEuqC.exe
      C:\Windows\System32\nvuEuqC.exe
      4⤵
      PID:13408
  - - C:\Windows\System32\RHjVJUM.exe
      C:\Windows\System32\RHjVJUM.exe
      4⤵
      PID:13532
  - - C:\Windows\System32\vzbknPT.exe
      C:\Windows\System32\vzbknPT.exe
      4⤵
      PID:13340
  - - C:\Windows\System32\WggkzzH.exe
      C:\Windows\System32\WggkzzH.exe
      4⤵
      PID:11188
  - - C:\Windows\System32\dsRNQmr.exe
      C:\Windows\System32\dsRNQmr.exe
      4⤵
      PID:1480
  - - C:\Windows\System32\UGAQJOp.exe
      C:\Windows\System32\UGAQJOp.exe
      4⤵
      PID:13608
  - - C:\Windows\System32\xRZXudx.exe
      C:\Windows\System32\xRZXudx.exe
      4⤵
      PID:12392
  - - C:\Windows\System32\VGWndWY.exe
      C:\Windows\System32\VGWndWY.exe
      4⤵
      PID:6792
  - - C:\Windows\System32\oEZTklM.exe
      C:\Windows\System32\oEZTklM.exe
      4⤵
      PID:10788
  - - C:\Windows\System32\QejNhif.exe
      C:\Windows\System32\QejNhif.exe
      4⤵
      PID:13812
  - - C:\Windows\System32\HhkaaaX.exe
      C:\Windows\System32\HhkaaaX.exe
      4⤵
      PID:3136
  - - C:\Windows\System32\PvhRpcp.exe
      C:\Windows\System32\PvhRpcp.exe
      4⤵
      PID:3000
  - - C:\Windows\System32\Aptjhff.exe
      C:\Windows\System32\Aptjhff.exe
      4⤵
      PID:6284
  - - C:\Windows\System32\dtJQkGc.exe
      C:\Windows\System32\dtJQkGc.exe
      4⤵
      PID:11672
  - - C:\Windows\System32\ILicXIO.exe
      C:\Windows\System32\ILicXIO.exe
      4⤵
      PID:9808
  - - C:\Windows\System32\MOjgLxf.exe
      C:\Windows\System32\MOjgLxf.exe
      4⤵
      PID:12588
  - - C:\Windows\System32\yTlJsgG.exe
      C:\Windows\System32\yTlJsgG.exe
      4⤵
      PID:13716
  - - C:\Windows\System32\LGUontd.exe
      C:\Windows\System32\LGUontd.exe
      4⤵
      PID:13824
  - - C:\Windows\System32\fyJXqUW.exe
      C:\Windows\System32\fyJXqUW.exe
      4⤵
      PID:12856
  - - C:\Windows\System32\VWFnvgv.exe
      C:\Windows\System32\VWFnvgv.exe
      4⤵
      PID:13540
  - - C:\Windows\System32\oNTqSaw.exe
      C:\Windows\System32\oNTqSaw.exe
      4⤵
      PID:1864
  - - C:\Windows\System32\qInuhPm.exe
      C:\Windows\System32\qInuhPm.exe
      4⤵
      PID:7552
  - - C:\Windows\System32\WmHRDNB.exe
      C:\Windows\System32\WmHRDNB.exe
      4⤵
      PID:12024
  - - C:\Windows\System32\cVwzYyD.exe
      C:\Windows\System32\cVwzYyD.exe
      4⤵
      PID:15224
  - - C:\Windows\System32\wOGPaLc.exe
      C:\Windows\System32\wOGPaLc.exe
      4⤵
      PID:2776
  - - C:\Windows\System32\JchRfhI.exe
      C:\Windows\System32\JchRfhI.exe
      4⤵
      PID:11560
  - - C:\Windows\System32\rteXMCI.exe
      C:\Windows\System32\rteXMCI.exe
      4⤵
      PID:15388
  - - C:\Windows\System32\AcyJkjk.exe
      C:\Windows\System32\AcyJkjk.exe
      4⤵
      PID:15408
  - - C:\Windows\System32\fAfcEkQ.exe
      C:\Windows\System32\fAfcEkQ.exe
      4⤵
      PID:15424
  - - C:\Windows\System32\wTSZPIy.exe
      C:\Windows\System32\wTSZPIy.exe
      4⤵
      PID:16340
  - - C:\Windows\System32\riSmrFG.exe
      C:\Windows\System32\riSmrFG.exe
      4⤵
      PID:16368
  - - C:\Windows\System32\vfFkqCQ.exe
      C:\Windows\System32\vfFkqCQ.exe
      4⤵
      PID:13256
  - - C:\Windows\System32\lGYoySp.exe
      C:\Windows\System32\lGYoySp.exe
      4⤵
      PID:4760
  - - C:\Windows\System32\iFNtVWZ.exe
      C:\Windows\System32\iFNtVWZ.exe
      4⤵
      PID:15904
  - - C:\Windows\System32\qTlRJNp.exe
      C:\Windows\System32\qTlRJNp.exe
      4⤵
      PID:7320
  - - C:\Windows\System32\AcYOGAZ.exe
      C:\Windows\System32\AcYOGAZ.exe
      4⤵
      PID:12004
  - - C:\Windows\System32\kMHOdxE.exe
      C:\Windows\System32\kMHOdxE.exe
      4⤵
      PID:7932
  - - C:\Windows\System32\KWtYgeL.exe
      C:\Windows\System32\KWtYgeL.exe
      4⤵
      PID:12388
- - C:\Users\Admin\Downloads\240919-qw2jna1hkneb71b7f99a3e7b2b3309099aa9ead35e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qw2jna1hkneb71b7f99a3e7b2b3309099aa9ead35e_JaffaCakes118.exe
    3⤵
    PID:5788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 740
      4⤵
      Program crash
      PID:6340
- - C:\Users\Admin\Downloads\240919-qwq3xs1hjneb715ded311ddbc8812475a729d6efac_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qwq3xs1hjneb715ded311ddbc8812475a729d6efac_JaffaCakes118.exe
    3⤵
    PID:5824
- - C:\Users\Admin\Downloads\240919-qzyl6ssankeb73c2f1756b0c3a628bcda98b1b875f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qzyl6ssankeb73c2f1756b0c3a628bcda98b1b875f_JaffaCakes118.exe
    3⤵
    PID:6796
  - - C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      4⤵
      PID:8600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 1488
        5⤵
        Program crash
        
        PID:10412
- - C:\Users\Admin\Downloads\240919-q2c39a1emb49891d8b62f680c125969679c1c65c8e9dac232567d1df08c0a99519bf0e6e23N.exe
    C:\Users\Admin\Downloads\240919-q2c39a1emb49891d8b62f680c125969679c1c65c8e9dac232567d1df08c0a99519bf0e6e23N.exe
    3⤵
    PID:7696
  - - C:\Windows\SysWOW64\Cpeohh32.exe
      C:\Windows\system32\Cpeohh32.exe
      4⤵
      PID:11216
    - - C:\Windows\SysWOW64\Dfamapjo.exe
        
        C:\Windows\system32\Dfamapjo.exe
        5⤵
        
        PID:8644
      - C:\Windows\SysWOW64\Ginnfgop.exe
        
        C:\Windows\system32\Ginnfgop.exe
        6⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\Iqklon32.exe
        
        C:\Windows\system32\Iqklon32.exe
        7⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\Jgcamf32.exe
        
        C:\Windows\system32\Jgcamf32.exe
        8⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\Miaboe32.exe
        
        C:\Windows\system32\Miaboe32.exe
        9⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\Nhdlao32.exe
        
        C:\Windows\system32\Nhdlao32.exe
        10⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\Oafcqcea.exe
        
        C:\Windows\system32\Oafcqcea.exe
        11⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\Ackbmcjl.exe
        
        C:\Windows\system32\Ackbmcjl.exe
        12⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\Bbiado32.exe
        
        C:\Windows\system32\Bbiado32.exe
        13⤵
        
        PID:12024
- - C:\Users\Admin\Downloads\240919-q6ykra1gncfile.exe
    C:\Users\Admin\Downloads\240919-q6ykra1gncfile.exe
    3⤵
    PID:10980
- - C:\Users\Admin\Downloads\240919-qxa34a1cmdeb71e8588a553d232341d75c8c31c05a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qxa34a1cmdeb71e8588a553d232341d75c8c31c05a_JaffaCakes118.exe
    3⤵
    PID:9008
- - C:\Users\Admin\Downloads\240919-qwkwxa1grq1e1ce38c88fe882c991963fce54aaf41d97df8871a2b621ae183e8198a2fa0efN.exe
    C:\Users\Admin\Downloads\240919-qwkwxa1grq1e1ce38c88fe882c991963fce54aaf41d97df8871a2b621ae183e8198a2fa0efN.exe
    3⤵
    PID:10068
  - - C:\Windows\SysWOW64\Jqiipljg.exe
      C:\Windows\system32\Jqiipljg.exe
      4⤵
      PID:11032
    - - C:\Windows\SysWOW64\Mnlnbl32.exe
        
        C:\Windows\system32\Mnlnbl32.exe
        5⤵
        
        PID:7108
      - C:\Windows\SysWOW64\Mhilfa32.exe
        
        C:\Windows\system32\Mhilfa32.exe
        6⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Nbcjnilj.exe
        
        C:\Windows\system32\Nbcjnilj.exe
        7⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\Oldamm32.exe
        
        C:\Windows\system32\Oldamm32.exe
        8⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\Oeaoab32.exe
        
        C:\Windows\system32\Oeaoab32.exe
        9⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\Pabblb32.exe
        
        C:\Windows\system32\Pabblb32.exe
        10⤵
        
        PID:10756
- - C:\Users\Admin\Downloads\240919-q14jtasbjr2024-09-19_309226af8ce4f3e48aec5ac309ceceb5_bkransomware_karagany_metamorfo.exe
    C:\Users\Admin\Downloads\240919-q14jtasbjr2024-09-19_309226af8ce4f3e48aec5ac309ceceb5_bkransomware_karagany_metamorfo.exe
    3⤵
    PID:8328
- - C:\Users\Admin\Downloads\240919-q9ddzssenkeb7a23cf22c88350c49b6f5500f2a347_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q9ddzssenkeb7a23cf22c88350c49b6f5500f2a347_JaffaCakes118.exe
    3⤵
    PID:8920
- - C:\Users\Admin\Downloads\240919-qz2c3a1dpeeb73d480559f2843b76ace83636e123c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qz2c3a1dpeeb73d480559f2843b76ace83636e123c_JaffaCakes118.exe
    3⤵
    PID:9192
  - - C:\Windows\SysWOW64\localsec\drtprov.exe
      "C:\Windows\SysWOW64\localsec\drtprov.exe"
      4⤵
      PID:10272
- - C:\Users\Admin\Downloads\240919-q1kfya1ejf7e0ad84abbd56be374524f85736bc49c2fc8e18a857480488f05807d9acc9d92N.exe
    C:\Users\Admin\Downloads\240919-q1kfya1ejf7e0ad84abbd56be374524f85736bc49c2fc8e18a857480488f05807d9acc9d92N.exe
    3⤵
    PID:6436
  - - C:\Windows\SysWOW64\Ohghgodi.exe
      C:\Windows\system32\Ohghgodi.exe
      4⤵
      PID:10520
    - - C:\Windows\SysWOW64\Ohpkmn32.exe
        
        C:\Windows\system32\Ohpkmn32.exe
        5⤵
        
        PID:3412
      - C:\Windows\SysWOW64\Qepkbpak.exe
        
        C:\Windows\system32\Qepkbpak.exe
        6⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\Acmobchj.exe
        
        C:\Windows\system32\Acmobchj.exe
        7⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\Bmlilh32.exe
        
        C:\Windows\system32\Bmlilh32.exe
        8⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\Cioilg32.exe
        
        C:\Windows\system32\Cioilg32.exe
        9⤵
        
        PID:10000
- - C:\Users\Admin\Downloads\240919-qy1eda1djde38103fb5e39aae19afe518fade8d8f1f59d622cabc0ba4b78ee614cb4ce3771N.exe
    C:\Users\Admin\Downloads\240919-qy1eda1djde38103fb5e39aae19afe518fade8d8f1f59d622cabc0ba4b78ee614cb4ce3771N.exe
    3⤵
    PID:10468
  - - C:\Windows\SysWOW64\Oampjeml.exe
      C:\Windows\system32\Oampjeml.exe
      4⤵
      PID:10344
    - - C:\Windows\SysWOW64\Pllgnl32.exe
        
        C:\Windows\system32\Pllgnl32.exe
        5⤵
        
        PID:5680
      - C:\Windows\SysWOW64\Qkjgegae.exe
        
        C:\Windows\system32\Qkjgegae.exe
        6⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\Ahcajk32.exe
        
        C:\Windows\system32\Ahcajk32.exe
        7⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\Dpdaepai.exe
        
        C:\Windows\system32\Dpdaepai.exe
        8⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\Nmlddqem.exe
        
        C:\Windows\system32\Nmlddqem.exe
        9⤵
        
        PID:14792
        
        C:\Windows\SysWOW64\Oeheqm32.exe
        
        C:\Windows\system32\Oeheqm32.exe
        10⤵
        
        PID:15120
        
        C:\Windows\SysWOW64\Omgcpokp.exe
        
        C:\Windows\system32\Omgcpokp.exe
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\Qklmpalf.exe
        
        C:\Windows\system32\Qklmpalf.exe
        12⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\Bebjdgmj.exe
        
        C:\Windows\system32\Bebjdgmj.exe
        13⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\Ckmonl32.exe
        
        C:\Windows\system32\Ckmonl32.exe
        14⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\Dnbakghm.exe
        
        C:\Windows\system32\Dnbakghm.exe
        15⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        16⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\Gpnfge32.exe
        
        C:\Windows\system32\Gpnfge32.exe
        17⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\Jghpbk32.exe
        
        C:\Windows\system32\Jghpbk32.exe
        18⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\Klhnfo32.exe
        
        C:\Windows\system32\Klhnfo32.exe
        19⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\Mcbpjg32.exe
        
        C:\Windows\system32\Mcbpjg32.exe
        20⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\Ngjkfd32.exe
        
        C:\Windows\system32\Ngjkfd32.exe
        21⤵
        
        PID:7432
- - C:\Users\Admin\Downloads\240919-q9hcya1hqbeb7a409cd64f2489fd3ccae3352dc47e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q9hcya1hqbeb7a409cd64f2489fd3ccae3352dc47e_JaffaCakes118.exe
    3⤵
    PID:10436
  - - C:\Users\Admin\Downloads\240919-q9hcya1hqbeb7a409cd64f2489fd3ccae3352dc47e_JaffaCakes118.exe
      C:\Users\Admin\Downloads\240919-q9hcya1hqbeb7a409cd64f2489fd3ccae3352dc47e_JaffaCakes118.exe
      4⤵
      PID:10128
- - C:\Users\Admin\Downloads\240919-q64f1asdmmeb7856b7aef5910a570127af7a95a2ff_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q64f1asdmmeb7856b7aef5910a570127af7a95a2ff_JaffaCakes118.exe
    3⤵
    PID:10744
- - C:\Users\Admin\Downloads\240919-q9csfssenj8183f171e3866f1cc615918d2205010b8475ecb923df47bd5582d7c22aa38190.exe
    C:\Users\Admin\Downloads\240919-q9csfssenj8183f171e3866f1cc615918d2205010b8475ecb923df47bd5582d7c22aa38190.exe
    3⤵
    PID:7416
- - C:\Users\Admin\Downloads\240919-rgstmssdpb3d26fcdacec75bf58959a378f449f91d.exe
    C:\Users\Admin\Downloads\240919-rgstmssdpb3d26fcdacec75bf58959a378f449f91d.exe
    3⤵
    PID:6184
- - C:\Users\Admin\Downloads\240919-ra9tkssfmqd1f761c8e3822ff7a80bfabb9e6f8f77842d18b6d7fe6c7527d3f8d922e998c4N.exe
    C:\Users\Admin\Downloads\240919-ra9tkssfmqd1f761c8e3822ff7a80bfabb9e6f8f77842d18b6d7fe6c7527d3f8d922e998c4N.exe
    3⤵
    PID:5944
- - C:\Users\Admin\Downloads\240919-qzc1gasalq1ba8b58662f11c41a087e8231c297557ad7cc5a9e21ea99f380dabcdfcc85947N.exe
    C:\Users\Admin\Downloads\240919-qzc1gasalq1ba8b58662f11c41a087e8231c297557ad7cc5a9e21ea99f380dabcdfcc85947N.exe
    3⤵
    PID:3212
- - C:\Users\Admin\Downloads\240919-qv486a1gpq76fa00760c8f08453e35e1b8a818d7e2a5c7af56d9c369844392979b30d0500bN.exe
    C:\Users\Admin\Downloads\240919-qv486a1gpq76fa00760c8f08453e35e1b8a818d7e2a5c7af56d9c369844392979b30d0500bN.exe
    3⤵
    PID:8084
  - - C:\Windows\SysWOW64\Dkdliame.exe
      C:\Windows\system32\Dkdliame.exe
      4⤵
      PID:10456
    - - C:\Windows\SysWOW64\Oeehkn32.exe
        
        C:\Windows\system32\Oeehkn32.exe
        5⤵
        
        PID:15024
      - C:\Windows\SysWOW64\Pecellgl.exe
        
        C:\Windows\system32\Pecellgl.exe
        6⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\Aefjii32.exe
        
        C:\Windows\system32\Aefjii32.exe
        7⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\Bddjpd32.exe
        
        C:\Windows\system32\Bddjpd32.exe
        8⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\Ckmonl32.exe
        
        C:\Windows\system32\Ckmonl32.exe
        9⤵
        
        PID:14992
        
        C:\Windows\SysWOW64\Dnmhpg32.exe
        
        C:\Windows\system32\Dnmhpg32.exe
        10⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\Efeihb32.exe
        
        C:\Windows\system32\Efeihb32.exe
        11⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        12⤵
        
        PID:14596
- - C:\Users\Admin\Downloads\240919-rbt5hssfqjHackTool.Win32.CobaltStrike.pz-b1e70780f9f5e45617282d9544cc55cc89f26c3b393a85a6e2c49128e6ef3ff0N
    C:\Users\Admin\Downloads\240919-rbt5hssfqjHackTool.Win32.CobaltStrike.pz-b1e70780f9f5e45617282d9544cc55cc89f26c3b393a85a6e2c49128e6ef3ff0N
    3⤵
    PID:10040
- - C:\Users\Admin\Downloads\240919-q3yfks1fmab0fd77ce6920ac7dd9d7d074ed65142643d87024c87e9ba1df362c71621bb9eeN.exe
    C:\Users\Admin\Downloads\240919-q3yfks1fmab0fd77ce6920ac7dd9d7d074ed65142643d87024c87e9ba1df362c71621bb9eeN.exe
    3⤵
    PID:8368
- - C:\Users\Admin\Downloads\240919-q1vlxa1ekdeb74875af2b16a7b8be0fc3272ea19fe_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q1vlxa1ekdeb74875af2b16a7b8be0fc3272ea19fe_JaffaCakes118.exe
    3⤵
    PID:6324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 480
      4⤵
      Program crash
      PID:13596
- - C:\Users\Admin\Downloads\240919-rglqbssdndeb7f7b684224f0ba32079232e8bbbe0d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rglqbssdndeb7f7b684224f0ba32079232e8bbbe0d_JaffaCakes118.exe
    3⤵
    PID:10320
- - C:\Users\Admin\Downloads\240919-q2a9na1elhc9e169c84ca7f25dca0e60b5fc95f7c9fd4e6f9592cccbf05b5411cf6e76f9c3N.exe
    C:\Users\Admin\Downloads\240919-q2a9na1elhc9e169c84ca7f25dca0e60b5fc95f7c9fd4e6f9592cccbf05b5411cf6e76f9c3N.exe
    3⤵
    PID:3260
  - - C:\Windows\SysWOW64\Dimenegi.exe
      C:\Windows\system32\Dimenegi.exe
      4⤵
      PID:12400
    - - C:\Windows\SysWOW64\Fjjnifbl.exe
        
        C:\Windows\system32\Fjjnifbl.exe
        5⤵
        
        PID:5236
      - C:\Windows\SysWOW64\Nndjndbh.exe
        
        C:\Windows\system32\Nndjndbh.exe
        6⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\Ohmhmh32.exe
        
        C:\Windows\system32\Ohmhmh32.exe
        7⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Pejkmk32.exe
        
        C:\Windows\system32\Pejkmk32.exe
        8⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Qdbdcg32.exe
        
        C:\Windows\system32\Qdbdcg32.exe
        9⤵
        
        PID:14484
        
        C:\Windows\SysWOW64\Akqfkp32.exe
        
        C:\Windows\system32\Akqfkp32.exe
        10⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\Bebjdgmj.exe
        
        C:\Windows\system32\Bebjdgmj.exe
        11⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\Ckmonl32.exe
        
        C:\Windows\system32\Ckmonl32.exe
        12⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\Dokgdkeh.exe
        
        C:\Windows\system32\Dokgdkeh.exe
        13⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\Ebimgcfi.exe
        
        C:\Windows\system32\Ebimgcfi.exe
        14⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\Fbpchb32.exe
        
        C:\Windows\system32\Fbpchb32.exe
        15⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\Fbjena32.exe
        
        C:\Windows\system32\Fbjena32.exe
        16⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\Koaagkcb.exe
        
        C:\Windows\system32\Koaagkcb.exe
        17⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\Nmbjcljl.exe
        
        C:\Windows\system32\Nmbjcljl.exe
        18⤵
        
        PID:11844
- - C:\Users\Admin\Downloads\240919-rb9vzasfrl1a83c97119f81053d25b3ac820a46925bccddd57e3ca0b2b53e61c569362f0ecN.exe
    C:\Users\Admin\Downloads\240919-rb9vzasfrl1a83c97119f81053d25b3ac820a46925bccddd57e3ca0b2b53e61c569362f0ecN.exe
    3⤵
    PID:5060
  - - C:\Windows\SysWOW64\Dmhand32.exe
      C:\Windows\system32\Dmhand32.exe
      4⤵
      PID:12448
    - - C:\Windows\SysWOW64\Fpggamqc.exe
        
        C:\Windows\system32\Fpggamqc.exe
        5⤵
        
        PID:11804
      - C:\Windows\SysWOW64\Qkipkani.exe
        
        C:\Windows\system32\Qkipkani.exe
        6⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\Baadiiif.exe
        
        C:\Windows\system32\Baadiiif.exe
        7⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\Cfbcke32.exe
        
        C:\Windows\system32\Cfbcke32.exe
        8⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\Dmohno32.exe
        
        C:\Windows\system32\Dmohno32.exe
        9⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\Ddnfmqng.exe
        
        C:\Windows\system32\Ddnfmqng.exe
        10⤵
        
        PID:15820
        
        C:\Windows\SysWOW64\Emanjldl.exe
        
        C:\Windows\system32\Emanjldl.exe
        11⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\Gncchb32.exe
        
        C:\Windows\system32\Gncchb32.exe
        12⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\Kgdpni32.exe
        
        C:\Windows\system32\Kgdpni32.exe
        13⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\Lcgpni32.exe
        
        C:\Windows\system32\Lcgpni32.exe
        14⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\Mcifkf32.exe
        
        C:\Windows\system32\Mcifkf32.exe
        15⤵
        
        PID:15452
- - C:\Users\Admin\Downloads\240919-q1p2essarneb746e722a087f048db60f6d98cba6a3_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q1p2essarneb746e722a087f048db60f6d98cba6a3_JaffaCakes118.exe
    3⤵
    PID:9648
- - C:\Users\Admin\Downloads\240919-q4a2nssckq58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N.exe
    C:\Users\Admin\Downloads\240919-q4a2nssckq58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N.exe
    3⤵
    PID:11256
- - C:\Users\Admin\Downloads\240919-rbz1rssarf996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    C:\Users\Admin\Downloads\240919-rbz1rssarf996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    3⤵
    PID:11068
- - C:\Users\Admin\Downloads\240919-rc975asgmke7375fe98bcdd7821e6cc794c43eae953287b522b1602da81ec2bebc99d3108c.exe
    C:\Users\Admin\Downloads\240919-rc975asgmke7375fe98bcdd7821e6cc794c43eae953287b522b1602da81ec2bebc99d3108c.exe
    3⤵
    PID:8468
- - C:\Users\Admin\Downloads\240919-q6m41s1gme2024-09-19_97aed6e6ea1d18c8e6e48750adb9a481_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q6m41s1gme2024-09-19_97aed6e6ea1d18c8e6e48750adb9a481_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:7868
- - C:\Users\Admin\Downloads\240919-ragg2asfjk2024-09-19_e2061bdfecbd32c8f5ce98dcedd78fb8_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-ragg2asfjk2024-09-19_e2061bdfecbd32c8f5ce98dcedd78fb8_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:6896
- - C:\Users\Admin\Downloads\240919-rbdsjasapc2024-09-19_e9aa96e58a174540602303a7b770856d_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-rbdsjasapc2024-09-19_e9aa96e58a174540602303a7b770856d_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:8980
- - C:\Users\Admin\Downloads\240919-rdfd5ssbpd01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39N.exe
    C:\Users\Admin\Downloads\240919-rdfd5ssbpd01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39N.exe
    3⤵
    PID:5804
- - C:\Users\Admin\Downloads\240919-q47ewa1frba21008100a194581c8aac49e84a87c5a11ed284a0e5cb424c0f3f67038f49031N.exe
    C:\Users\Admin\Downloads\240919-q47ewa1frba21008100a194581c8aac49e84a87c5a11ed284a0e5cb424c0f3f67038f49031N.exe
    3⤵
    PID:5276
- - C:\Users\Admin\Downloads\240919-qz7vvasapl178595c9d97a7fd6e655f476db52869dd30673e6a7b52a56752371435b910543N.exe
    C:\Users\Admin\Downloads\240919-qz7vvasapl178595c9d97a7fd6e655f476db52869dd30673e6a7b52a56752371435b910543N.exe
    3⤵
    PID:6536
  - - C:\Windows\SysWOW64\Dblgpl32.exe
      C:\Windows\system32\Dblgpl32.exe
      4⤵
      PID:9936
    - - C:\Windows\SysWOW64\Mnmdme32.exe
        
        C:\Windows\system32\Mnmdme32.exe
        5⤵
        
        PID:2152
      - C:\Windows\SysWOW64\Nabfjpak.exe
        
        C:\Windows\system32\Nabfjpak.exe
        6⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\Nlmdbh32.exe
        
        C:\Windows\system32\Nlmdbh32.exe
        7⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\Omcjep32.exe
        
        C:\Windows\system32\Omcjep32.exe
        8⤵
        
        PID:15288
        
        C:\Windows\SysWOW64\Ponfka32.exe
        
        C:\Windows\system32\Ponfka32.exe
        9⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\Qlimed32.exe
        
        C:\Windows\system32\Qlimed32.exe
        10⤵
        
        PID:14516
        
        C:\Windows\SysWOW64\Cndeii32.exe
        
        C:\Windows\system32\Cndeii32.exe
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\Chnbbqpn.exe
        
        C:\Windows\system32\Chnbbqpn.exe
        12⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\Dkceokii.exe
        
        C:\Windows\system32\Dkceokii.exe
        13⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\Dfnbgc32.exe
        
        C:\Windows\system32\Dfnbgc32.exe
        14⤵
        
        PID:16124
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        15⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\Fealin32.exe
        
        C:\Windows\system32\Fealin32.exe
        16⤵
        
        PID:5516
- - C:\Users\Admin\Downloads\240919-q4d4bs1fne2024-09-19_6ba4fa88a1e1f540ed721504857fba26_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q4d4bs1fne2024-09-19_6ba4fa88a1e1f540ed721504857fba26_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:9072
- - C:\Users\Admin\Downloads\240919-q5kmha1gjf2024-09-19_8c6ee039d92ed4292fdadc52d804fc92_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q5kmha1gjf2024-09-19_8c6ee039d92ed4292fdadc52d804fc92_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:9344
- - C:\Users\Admin\Downloads\240919-q6sphasdll8b3898aae0a6f20fc81372005ce4bc784b1289f95a664b719f8164c98a8dc0d6.exe
    C:\Users\Admin\Downloads\240919-q6sphasdll8b3898aae0a6f20fc81372005ce4bc784b1289f95a664b719f8164c98a8dc0d6.exe
    3⤵
    PID:9372
- - C:\Users\Admin\Downloads\240919-q44zra1fqgeb7709d03fa399e26080ec80b4b99097_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q44zra1fqgeb7709d03fa399e26080ec80b4b99097_JaffaCakes118.exe
    3⤵
    PID:9468
- - C:\Users\Admin\Downloads\240919-qy3vhasajq1924-3-0x0000000000C90000-0x0000000001169000-memory.dmp
    C:\Users\Admin\Downloads\240919-qy3vhasajq1924-3-0x0000000000C90000-0x0000000001169000-memory.dmp
    3⤵
    PID:10724
- - C:\Users\Admin\Downloads\240919-q3hp5asbrkeb75bd91e76e9669da93933a92421c4c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q3hp5asbrkeb75bd91e76e9669da93933a92421c4c_JaffaCakes118.exe
    3⤵
    PID:2612
- - C:\Users\Admin\Downloads\240919-q2y1qasbnjHotYVOv1.exe
    C:\Users\Admin\Downloads\240919-q2y1qasbnjHotYVOv1.exe
    3⤵
    PID:2932
- - C:\Users\Admin\Downloads\240919-qz1frssanl21ab386746b4bccc9d4706bb943ccf60f6019d54a8d408b2ccca77137193a74fN.exe
    C:\Users\Admin\Downloads\240919-qz1frssanl21ab386746b4bccc9d4706bb943ccf60f6019d54a8d408b2ccca77137193a74fN.exe
    3⤵
    PID:4980
- - C:\Users\Admin\Downloads\240919-q2njzs1eng4932ff7efde3983883068681d13704ee2caa3c2f83f46bf17c229e5181c890e0N.exe
    C:\Users\Admin\Downloads\240919-q2njzs1eng4932ff7efde3983883068681d13704ee2caa3c2f83f46bf17c229e5181c890e0N.exe
    3⤵
    PID:2600
- - C:\Users\Admin\Downloads\240919-q6ywhs1gnefile.exe
    C:\Users\Admin\Downloads\240919-q6ywhs1gnefile.exe
    3⤵
    PID:11272
- - C:\Users\Admin\Downloads\240919-q63jps1gpceb78559a07f077590c4f8c968fb84436_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q63jps1gpceb78559a07f077590c4f8c968fb84436_JaffaCakes118.exe
    3⤵
    PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
      "C:\Users\Admin\AppData\Local\Temp\Minecraft.exe"
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\server.exe
      "C:\Users\Admin\AppData\Local\Temp\server.exe"
      4⤵
      PID:14084
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer.exe
        5⤵
        
        PID:15928
- - C:\Users\Admin\Downloads\240919-qx8dla1hpmeb728cbc66d82da2a837539a50d4d0d8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qx8dla1hpmeb728cbc66d82da2a837539a50d4d0d8_JaffaCakes118.exe
    3⤵
    PID:11288
- - C:\Users\Admin\Downloads\240919-qz69ba1dqa546d2413f05d8ec674442d58cf866c7242efee52dcc93c13ddc5de48285e23d2.exe
    C:\Users\Admin\Downloads\240919-qz69ba1dqa546d2413f05d8ec674442d58cf866c7242efee52dcc93c13ddc5de48285e23d2.exe
    3⤵
    PID:11296
- - C:\Users\Admin\Downloads\240919-rfsr9asdjd8d025621f56b996dab48fe4e09753ce24c5d12725deedf0bccb0edda67b7ffbdN.exe
    C:\Users\Admin\Downloads\240919-rfsr9asdjd8d025621f56b996dab48fe4e09753ce24c5d12725deedf0bccb0edda67b7ffbdN.exe
    3⤵
    PID:11304
  - - C:\Users\Admin\Downloads\240919-rfsr9asdjd8d025621f56b996dab48fe4e09753ce24c5d12725deedf0bccb0edda67b7ffbdNmgr.exe
      C:\Users\Admin\Downloads\240919-rfsr9asdjd8d025621f56b996dab48fe4e09753ce24c5d12725deedf0bccb0edda67b7ffbdNmgr.exe
      4⤵
      PID:3552
- - C:\Users\Admin\Downloads\240919-q49j8s1frceb772204f684128a265c9d5baeaad9ea_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q49j8s1frceb772204f684128a265c9d5baeaad9ea_JaffaCakes118.exe
    3⤵
    PID:11312
- - C:\Users\Admin\Downloads\240919-qwysrs1clb830c0a8bac7b26254ad7f3e74a4ee6929871274b0fe4f4067943a960d6505b3cN.exe
    C:\Users\Admin\Downloads\240919-qwysrs1clb830c0a8bac7b26254ad7f3e74a4ee6929871274b0fe4f4067943a960d6505b3cN.exe
    3⤵
    PID:11320
- - C:\Users\Admin\Downloads\240919-q7da7s1gqg33d9453f89a896e75ea0d83d21a6e20071c9a14a8a094995d8112e458349a78eN.exe
    C:\Users\Admin\Downloads\240919-q7da7s1gqg33d9453f89a896e75ea0d83d21a6e20071c9a14a8a094995d8112e458349a78eN.exe
    3⤵
    PID:11328
  - - C:\Windows\SysWOW64\Dmoohe32.exe
      C:\Windows\system32\Dmoohe32.exe
      4⤵
      PID:3428
- - C:\Users\Admin\Downloads\240919-q2zbgs1eqd7df29f75db6b548565b42848ea58ccac0397523a023e8cc3c913155ed7d6c546N.exe
    C:\Users\Admin\Downloads\240919-q2zbgs1eqd7df29f75db6b548565b42848ea58ccac0397523a023e8cc3c913155ed7d6c546N.exe
    3⤵
    PID:11336
- - C:\Users\Admin\Downloads\240919-qyf1qs1crb1d57cbae559415ce61457421c05d8c4f685f24c2f4bc53f3a2cda36962e9c0ffN.exe
    C:\Users\Admin\Downloads\240919-qyf1qs1crb1d57cbae559415ce61457421c05d8c4f685f24c2f4bc53f3a2cda36962e9c0ffN.exe
    3⤵
    PID:11344
  - - C:\Windows\SysWOW64\Diccgfpd.exe
      C:\Windows\system32\Diccgfpd.exe
      4⤵
      PID:2516
- - C:\Users\Admin\Downloads\240919-qx6j1a1cqbeb728ae6967c107bece2c2490191b5f9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qx6j1a1cqbeb728ae6967c107bece2c2490191b5f9_JaffaCakes118.exe
    3⤵
    PID:11352
- - C:\Users\Admin\Downloads\240919-q6q6nssdljeb78166ae42e46958c9afc33c5517e69_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q6q6nssdljeb78166ae42e46958c9afc33c5517e69_JaffaCakes118.exe
    3⤵
    PID:11360
- - C:\Users\Admin\Downloads\240919-q7z5za1hkbdccde3842aabf635fab9fb0bb329f52edf43e2b6a26617a4e290192261323ccfN.exe
    C:\Users\Admin\Downloads\240919-q7z5za1hkbdccde3842aabf635fab9fb0bb329f52edf43e2b6a26617a4e290192261323ccfN.exe
    3⤵
    PID:11372
- - C:\Users\Admin\Downloads\240919-q23nxa1ere2ce0f8835b47a079dc109ae80546111407caefb17125052724b6708e6d45a646N.exe
    C:\Users\Admin\Downloads\240919-q23nxa1ere2ce0f8835b47a079dc109ae80546111407caefb17125052724b6708e6d45a646N.exe
    3⤵
    PID:11380
  - - C:\Windows\SysWOW64\Dbjkkl32.exe
      C:\Windows\system32\Dbjkkl32.exe
      4⤵
      PID:3884
- - C:\Users\Admin\Downloads\240919-qxm3na1cnf2463ec8921dd73c90729939fd27e3f9397ab6153d2652581cf936eeb41b1345bN.exe
    C:\Users\Admin\Downloads\240919-qxm3na1cnf2463ec8921dd73c90729939fd27e3f9397ab6153d2652581cf936eeb41b1345bN.exe
    3⤵
    PID:11388
- - C:\Users\Admin\Downloads\240919-qxpw9a1cnheb720aa5eaa7767886344dcee7c15c3c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qxpw9a1cnheb720aa5eaa7767886344dcee7c15c3c_JaffaCakes118.exe
    3⤵
    PID:11400
- - C:\Users\Admin\Downloads\240919-q1qmys1ejh2024-09-19_3086613240997924f9e1e2dc545040e3_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q1qmys1ejh2024-09-19_3086613240997924f9e1e2dc545040e3_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11408
- - C:\Users\Admin\Downloads\240919-q9mmna1hqh2024-09-19_d941baa84533f1a7f036b8356de6dc20_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q9mmna1hqh2024-09-19_d941baa84533f1a7f036b8356de6dc20_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11428
- - C:\Users\Admin\Downloads\240919-q8pqma1hmff97cbd3b31749132d7c12b2d803f5fd5eec7bc210cd7df39794877d27a67f26bN.exe
    C:\Users\Admin\Downloads\240919-q8pqma1hmff97cbd3b31749132d7c12b2d803f5fd5eec7bc210cd7df39794877d27a67f26bN.exe
    3⤵
    PID:11436
- - C:\Users\Admin\Downloads\240919-rfwtxasdjh2024-09-19_d49b0133ff32c839046eb68e3964b9c4_wannacry.exe
    C:\Users\Admin\Downloads\240919-rfwtxasdjh2024-09-19_d49b0133ff32c839046eb68e3964b9c4_wannacry.exe
    3⤵
    PID:11444
- - C:\Users\Admin\Downloads\240919-q6atpa1glgHydra.exe
    C:\Users\Admin\Downloads\240919-q6atpa1glgHydra.exe
    3⤵
    PID:11452
- - C:\Users\Admin\Downloads\240919-q51nqascrl2024-09-19_8d0d47bc725b667b843ad26f0933608e_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q51nqascrl2024-09-19_8d0d47bc725b667b843ad26f0933608e_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11464
- - C:\Users\Admin\Downloads\240919-q4xwfascnm2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q4xwfascnm2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11472
- - C:\Users\Admin\Downloads\240919-q9pr1ssepqc86daf22f7545b0ab09cf8495d0e83ef33a8ec6e0650b3c3acc6fbda39592e22N.exe
    C:\Users\Admin\Downloads\240919-q9pr1ssepqc86daf22f7545b0ab09cf8495d0e83ef33a8ec6e0650b3c3acc6fbda39592e22N.exe
    3⤵
    PID:11480
- - C:\Users\Admin\Downloads\240919-q2dpsa1emcfile.exe
    C:\Users\Admin\Downloads\240919-q2dpsa1emcfile.exe
    3⤵
    PID:11492
- - C:\Users\Admin\Downloads\240919-q8k3fa1hma2aadc9410c07e0ff0b7345fdb218f99d74ae997c391362ed910e86b211c201e0N.exe
    C:\Users\Admin\Downloads\240919-q8k3fa1hma2aadc9410c07e0ff0b7345fdb218f99d74ae997c391362ed910e86b211c201e0N.exe
    3⤵
    PID:11512
  - - C:\Windows\SysWOW64\Dfjpfj32.exe
      C:\Windows\system32\Dfjpfj32.exe
      4⤵
      PID:6808
    - - C:\Windows\SysWOW64\Gkmdecbg.exe
        
        C:\Windows\system32\Gkmdecbg.exe
        5⤵
        
        PID:13624
      - C:\Windows\SysWOW64\Pdfehh32.exe
        
        C:\Windows\system32\Pdfehh32.exe
        6⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\Qoelkp32.exe
        
        C:\Windows\system32\Qoelkp32.exe
        7⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\Baadiiif.exe
        
        C:\Windows\system32\Baadiiif.exe
        8⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\Ckclhn32.exe
        
        C:\Windows\system32\Ckclhn32.exe
        9⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\Cdpjlb32.exe
        
        C:\Windows\system32\Cdpjlb32.exe
        10⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Domdjj32.exe
        
        C:\Windows\system32\Domdjj32.exe
        11⤵
        
        PID:14932
        
        C:\Windows\SysWOW64\Eoideh32.exe
        
        C:\Windows\system32\Eoideh32.exe
        12⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\Ekdnei32.exe
        
        C:\Windows\system32\Ekdnei32.exe
        13⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\Gbnoiqdq.exe
        
        C:\Windows\system32\Gbnoiqdq.exe
        14⤵
        
        PID:15340
        
        C:\Windows\SysWOW64\Jiglnf32.exe
        
        C:\Windows\system32\Jiglnf32.exe
        15⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\Kcidmkpq.exe
        
        C:\Windows\system32\Kcidmkpq.exe
        16⤵
        
        PID:772
        
        C:\Windows\SysWOW64\Mjodla32.exe
        
        C:\Windows\system32\Mjodla32.exe
        17⤵
        
        PID:12248
- - C:\Users\Admin\Downloads\240919-q2tq1a1epdbd082343658d29c70ab314474e68d13a721b7489c49b6750d28ad0f579c240dbN.exe
    C:\Users\Admin\Downloads\240919-q2tq1a1epdbd082343658d29c70ab314474e68d13a721b7489c49b6750d28ad0f579c240dbN.exe
    3⤵
    PID:11520
- - C:\Users\Admin\Downloads\240919-rfjjksscqfeb7e980b7fb0982f1ddc2fb9ffb99c17_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rfjjksscqfeb7e980b7fb0982f1ddc2fb9ffb99c17_JaffaCakes118.exe
    3⤵
    PID:11528
- - C:\Users\Admin\Downloads\240919-q95s8sserkeb7a9bbce96851a1c5af0c3c12027c76_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q95s8sserkeb7a9bbce96851a1c5af0c3c12027c76_JaffaCakes118.exe
    3⤵
    PID:11536
- - C:\Users\Admin\Downloads\240919-qv9tms1gqmRatAlerts.exe
    C:\Users\Admin\Downloads\240919-qv9tms1gqmRatAlerts.exe
    3⤵
    PID:11544
- - C:\Users\Admin\Downloads\240919-raey7ssalcf2289e25be0eb811bb3fb9f3d846a15fde71c4647f0c896c852bc3326dc2106eN.exe
    C:\Users\Admin\Downloads\240919-raey7ssalcf2289e25be0eb811bb3fb9f3d846a15fde71c4647f0c896c852bc3326dc2106eN.exe
    3⤵
    PID:11552
  - - C:\Windows\SysWOW64\Dpbdopck.exe
      C:\Windows\system32\Dpbdopck.exe
      4⤵
      PID:928
    - - C:\Windows\SysWOW64\Hbhijepa.exe
        
        C:\Windows\system32\Hbhijepa.exe
        5⤵
        
        PID:13692
      - C:\Windows\SysWOW64\Oeehkn32.exe
        
        C:\Windows\system32\Oeehkn32.exe
        6⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\Pajeam32.exe
        
        C:\Windows\system32\Pajeam32.exe
        7⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\Anobgl32.exe
        
        C:\Windows\system32\Anobgl32.exe
        8⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\Bafndi32.exe
        
        C:\Windows\system32\Bafndi32.exe
        9⤵
        
        PID:14472
        
        C:\Windows\SysWOW64\Cljobphg.exe
        
        C:\Windows\system32\Cljobphg.exe
        10⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\Dokgdkeh.exe
        
        C:\Windows\system32\Dokgdkeh.exe
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        12⤵
        
        PID:16172
        
        C:\Windows\SysWOW64\Gfhndpol.exe
        
        C:\Windows\system32\Gfhndpol.exe
        13⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\Kjblje32.exe
        
        C:\Windows\system32\Kjblje32.exe
        14⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\Lfeljd32.exe
        
        C:\Windows\system32\Lfeljd32.exe
        15⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\Ljeafb32.exe
        
        C:\Windows\system32\Ljeafb32.exe
        16⤵
        
        PID:14896
- - C:\Users\Admin\Downloads\240919-rd1p3ssbrg2824-0-0x00000000006F0000-0x0000000000BC9000-memory.dmp
    C:\Users\Admin\Downloads\240919-rd1p3ssbrg2824-0-0x00000000006F0000-0x0000000000BC9000-memory.dmp
    3⤵
    PID:11560
- - C:\Users\Admin\Downloads\240919-q4ls6ssclrbda2ce5038bb01c88eeb3b4c56e65f8867894cbfcc918bb55ba18d5634cfe553N.exe
    C:\Users\Admin\Downloads\240919-q4ls6ssclrbda2ce5038bb01c88eeb3b4c56e65f8867894cbfcc918bb55ba18d5634cfe553N.exe
    3⤵
    PID:11568
- - C:\Users\Admin\Downloads\240919-q56vqsscrqe736749f8d3d617b093150b6c01dca9513f286ba2ed362c4d4ad72129d5b4198N.exe
    C:\Users\Admin\Downloads\240919-q56vqsscrqe736749f8d3d617b093150b6c01dca9513f286ba2ed362c4d4ad72129d5b4198N.exe
    3⤵
    PID:11576
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:11052
  - - C:\Windows\System\zfarBns.exe
      C:\Windows\System\zfarBns.exe
      4⤵
      PID:5300
  - - C:\Windows\System\PMOpwcK.exe
      C:\Windows\System\PMOpwcK.exe
      4⤵
      PID:9060
  - - C:\Windows\System\oCaGsRT.exe
      C:\Windows\System\oCaGsRT.exe
      4⤵
      PID:9140
  - - C:\Windows\System\kHRxQyY.exe
      C:\Windows\System\kHRxQyY.exe
      4⤵
      PID:5152
  - - C:\Windows\System\dbEbaYk.exe
      C:\Windows\System\dbEbaYk.exe
      4⤵
      PID:7332
  - - C:\Windows\System\LKxlndu.exe
      C:\Windows\System\LKxlndu.exe
      4⤵
      PID:4632
  - - C:\Windows\System\dHdjLGv.exe
      C:\Windows\System\dHdjLGv.exe
      4⤵
      PID:9356
  - - C:\Windows\System\SWBFgaN.exe
      C:\Windows\System\SWBFgaN.exe
      4⤵
      PID:9464
  - - C:\Windows\System\JJMJXIe.exe
      C:\Windows\System\JJMJXIe.exe
      4⤵
      PID:9588
  - - C:\Windows\System\JeIpugo.exe
      C:\Windows\System\JeIpugo.exe
      4⤵
      PID:12300
  - - C:\Windows\System\QblDlTS.exe
      C:\Windows\System\QblDlTS.exe
      4⤵
      PID:14924
  - - C:\Windows\System\onxWSAV.exe
      C:\Windows\System\onxWSAV.exe
      4⤵
      PID:15284
  - - C:\Windows\System\EBHWEXj.exe
      C:\Windows\System\EBHWEXj.exe
      4⤵
      PID:14672
  - - C:\Windows\System\zvGjpbJ.exe
      C:\Windows\System\zvGjpbJ.exe
      4⤵
      PID:14752
  - - C:\Windows\System\rTHmInS.exe
      C:\Windows\System\rTHmInS.exe
      4⤵
      PID:14732
  - - C:\Windows\System\GTTBKHi.exe
      C:\Windows\System\GTTBKHi.exe
      4⤵
      PID:12708
  - - C:\Windows\System\MJqqFlb.exe
      C:\Windows\System\MJqqFlb.exe
      4⤵
      PID:10872
  - - C:\Windows\System\pRzMBbG.exe
      C:\Windows\System\pRzMBbG.exe
      4⤵
      PID:15096
  - - C:\Windows\System\ZieAobG.exe
      C:\Windows\System\ZieAobG.exe
      4⤵
      PID:12956
  - - C:\Windows\System\xTqjAND.exe
      C:\Windows\System\xTqjAND.exe
      4⤵
      PID:8900
  - - C:\Windows\System\zXBACHa.exe
      C:\Windows\System\zXBACHa.exe
      4⤵
      PID:12080
  - - C:\Windows\System\ZTVXhLH.exe
      C:\Windows\System\ZTVXhLH.exe
      4⤵
      PID:5268
  - - C:\Windows\System\FqGTwaC.exe
      C:\Windows\System\FqGTwaC.exe
      4⤵
      PID:11796
  - - C:\Windows\System\UiCQvGJ.exe
      C:\Windows\System\UiCQvGJ.exe
      4⤵
      PID:13592
  - - C:\Windows\System\IXfYmTl.exe
      C:\Windows\System\IXfYmTl.exe
      4⤵
      PID:11772
  - - C:\Windows\System\jddNQwC.exe
      C:\Windows\System\jddNQwC.exe
      4⤵
      PID:11816
  - - C:\Windows\System\rCMguZA.exe
      C:\Windows\System\rCMguZA.exe
      4⤵
      PID:12896
  - - C:\Windows\System\PiRpAeD.exe
      C:\Windows\System\PiRpAeD.exe
      4⤵
      PID:13264
  - - C:\Windows\System\SMEDHDy.exe
      C:\Windows\System\SMEDHDy.exe
      4⤵
      PID:15148
  - - C:\Windows\System\YLvHnOL.exe
      C:\Windows\System\YLvHnOL.exe
      4⤵
      PID:3552
  - - C:\Windows\System\sYPfSok.exe
      C:\Windows\System\sYPfSok.exe
      4⤵
      PID:13336
  - - C:\Windows\System\KyLQeQZ.exe
      C:\Windows\System\KyLQeQZ.exe
      4⤵
      PID:15480
  - - C:\Windows\System\KrGYSGg.exe
      C:\Windows\System\KrGYSGg.exe
      4⤵
      PID:15500
  - - C:\Windows\System\RRbXRyI.exe
      C:\Windows\System\RRbXRyI.exe
      4⤵
      PID:15876
  - - C:\Windows\System\HgoXxsI.exe
      C:\Windows\System\HgoXxsI.exe
      4⤵
      PID:15956
  - - C:\Windows\System\GfwVdWT.exe
      C:\Windows\System\GfwVdWT.exe
      4⤵
      PID:15988
  - - C:\Windows\System\EJMIvJx.exe
      C:\Windows\System\EJMIvJx.exe
      4⤵
      PID:16048
  - - C:\Windows\System\IrWMXAN.exe
      C:\Windows\System\IrWMXAN.exe
      4⤵
      PID:16076
  - - C:\Windows\System\kDYDwHz.exe
      C:\Windows\System\kDYDwHz.exe
      4⤵
      PID:14476
  - - C:\Windows\System\oiungkq.exe
      C:\Windows\System\oiungkq.exe
      4⤵
      PID:11236
  - - C:\Windows\System\ZxVeBDS.exe
      C:\Windows\System\ZxVeBDS.exe
      4⤵
      PID:15260
  - - C:\Windows\System\FkNMDNu.exe
      C:\Windows\System\FkNMDNu.exe
      4⤵
      PID:7968
  - - C:\Windows\System\qYOGBDX.exe
      C:\Windows\System\qYOGBDX.exe
      4⤵
      PID:7344
  - - C:\Windows\System\LNhamWY.exe
      C:\Windows\System\LNhamWY.exe
      4⤵
      PID:15552
  - - C:\Windows\System\SoSjXQA.exe
      C:\Windows\System\SoSjXQA.exe
      4⤵
      PID:7660
  - - C:\Windows\System\qsulQep.exe
      C:\Windows\System\qsulQep.exe
      4⤵
      PID:12656
  - - C:\Windows\System\oImzIXX.exe
      C:\Windows\System\oImzIXX.exe
      4⤵
      PID:9100
  - - C:\Windows\System\sTUiNzP.exe
      C:\Windows\System\sTUiNzP.exe
      4⤵
      PID:13652
  - - C:\Windows\System\uramwfT.exe
      C:\Windows\System\uramwfT.exe
      4⤵
      PID:16108
  - - C:\Windows\System\GBIBlRB.exe
      C:\Windows\System\GBIBlRB.exe
      4⤵
      PID:15400
  - - C:\Windows\System\zgZVWfJ.exe
      C:\Windows\System\zgZVWfJ.exe
      4⤵
      PID:12444
  - - C:\Windows\System\zidwHMn.exe
      C:\Windows\System\zidwHMn.exe
      4⤵
      PID:10880
  - - C:\Windows\System\RfKDVPp.exe
      C:\Windows\System\RfKDVPp.exe
      4⤵
      PID:15676
  - - C:\Windows\System\xFqGjda.exe
      C:\Windows\System\xFqGjda.exe
      4⤵
      PID:15684
  - - C:\Windows\System\aUUfOCF.exe
      C:\Windows\System\aUUfOCF.exe
      4⤵
      PID:15708
  - - C:\Windows\System\gsvUTwC.exe
      C:\Windows\System\gsvUTwC.exe
      4⤵
      PID:15756
  - - C:\Windows\System\kKROjjx.exe
      C:\Windows\System\kKROjjx.exe
      4⤵
      PID:10864
  - - C:\Windows\System\VPvqqQB.exe
      C:\Windows\System\VPvqqQB.exe
      4⤵
      PID:15800
  - - C:\Windows\System\cwiwXEG.exe
      C:\Windows\System\cwiwXEG.exe
      4⤵
      PID:15808
  - - C:\Windows\System\XESDOqC.exe
      C:\Windows\System\XESDOqC.exe
      4⤵
      PID:5656
  - - C:\Windows\System\OiFTzvk.exe
      C:\Windows\System\OiFTzvk.exe
      4⤵
      PID:7128
  - - C:\Windows\System\NBlVywO.exe
      C:\Windows\System\NBlVywO.exe
      4⤵
      PID:11228
  - - C:\Windows\System\cuakgmO.exe
      C:\Windows\System\cuakgmO.exe
      4⤵
      PID:9820
  - - C:\Windows\System\svCOLTI.exe
      C:\Windows\System\svCOLTI.exe
      4⤵
      PID:15092
  - - C:\Windows\System\efjgALW.exe
      C:\Windows\System\efjgALW.exe
      4⤵
      PID:908
  - - C:\Windows\System\okijKRc.exe
      C:\Windows\System\okijKRc.exe
      4⤵
      PID:3280
  - - C:\Windows\System\XAwjcUI.exe
      C:\Windows\System\XAwjcUI.exe
      4⤵
      PID:9704
  - - C:\Windows\System\AXEIuQU.exe
      C:\Windows\System\AXEIuQU.exe
      4⤵
      PID:8696
  - - C:\Windows\System\HsZmAYP.exe
      C:\Windows\System\HsZmAYP.exe
      4⤵
      PID:6596
  - - C:\Windows\System\VEEgwZa.exe
      C:\Windows\System\VEEgwZa.exe
      4⤵
      PID:15364
  - - C:\Windows\System\uCMetNw.exe
      C:\Windows\System\uCMetNw.exe
      4⤵
      PID:3948
  - - C:\Windows\System\BlexPhf.exe
      C:\Windows\System\BlexPhf.exe
      4⤵
      PID:5712
  - - C:\Windows\System\JmlXNBN.exe
      C:\Windows\System\JmlXNBN.exe
      4⤵
      PID:4300
  - - C:\Windows\System\mINbmMj.exe
      C:\Windows\System\mINbmMj.exe
      4⤵
      PID:4848
  - - C:\Windows\System\ZysPtsh.exe
      C:\Windows\System\ZysPtsh.exe
      4⤵
      PID:12220
  - - C:\Windows\System\qWNlFOD.exe
      C:\Windows\System\qWNlFOD.exe
      4⤵
      PID:16192
  - - C:\Windows\System\lBknDQP.exe
      C:\Windows\System\lBknDQP.exe
      4⤵
      PID:2016
  - - C:\Windows\System\NlIdtUY.exe
      C:\Windows\System\NlIdtUY.exe
      4⤵
      PID:6756
  - - C:\Windows\System\vztvfmI.exe
      C:\Windows\System\vztvfmI.exe
      4⤵
      PID:12208
  - - C:\Windows\System\gdAuytU.exe
      C:\Windows\System\gdAuytU.exe
      4⤵
      PID:8552
  - - C:\Windows\System\zSeAZUk.exe
      C:\Windows\System\zSeAZUk.exe
      4⤵
      PID:11064
  - - C:\Windows\System\QpmaVCg.exe
      C:\Windows\System\QpmaVCg.exe
      4⤵
      PID:11192
  - - C:\Windows\System\wxEqkhh.exe
      C:\Windows\System\wxEqkhh.exe
      4⤵
      PID:10388
  - - C:\Windows\System\catSCwX.exe
      C:\Windows\System\catSCwX.exe
      4⤵
      PID:4740
  - - C:\Windows\System\tGDtRQn.exe
      C:\Windows\System\tGDtRQn.exe
      4⤵
      PID:5028
  - - C:\Windows\System\sxCrkLR.exe
      C:\Windows\System\sxCrkLR.exe
      4⤵
      PID:6120
  - - C:\Windows\System\IOYsJBj.exe
      C:\Windows\System\IOYsJBj.exe
      4⤵
      PID:6124
  - - C:\Windows\System\JEGHIbS.exe
      C:\Windows\System\JEGHIbS.exe
      4⤵
      PID:6840
  - - C:\Windows\System\rZcrvID.exe
      C:\Windows\System\rZcrvID.exe
      4⤵
      PID:8316
  - - C:\Windows\System\rCKgLGN.exe
      C:\Windows\System\rCKgLGN.exe
      4⤵
      PID:7008
  - - C:\Windows\System\GdzAhRz.exe
      C:\Windows\System\GdzAhRz.exe
      4⤵
      PID:10800
  - - C:\Windows\System\AnhyNoM.exe
      C:\Windows\System\AnhyNoM.exe
      4⤵
      PID:11080
  - - C:\Windows\System\VoFLlGV.exe
      C:\Windows\System\VoFLlGV.exe
      4⤵
      PID:5560
  - - C:\Windows\System\YxMuNPK.exe
      C:\Windows\System\YxMuNPK.exe
      4⤵
      PID:6268
  - - C:\Windows\System\FJqlTJS.exe
      C:\Windows\System\FJqlTJS.exe
      4⤵
      PID:9444
  - - C:\Windows\System\lNKWfbt.exe
      C:\Windows\System\lNKWfbt.exe
      4⤵
      PID:8124
  - - C:\Windows\System\FnyciOe.exe
      C:\Windows\System\FnyciOe.exe
      4⤵
      PID:16380
  - - C:\Windows\System\gazitIP.exe
      C:\Windows\System\gazitIP.exe
      4⤵
      PID:9128
  - - C:\Windows\System\wWBVksD.exe
      C:\Windows\System\wWBVksD.exe
      4⤵
      PID:6288
  - - C:\Windows\System\PaVskkD.exe
      C:\Windows\System\PaVskkD.exe
      4⤵
      PID:11884
  - - C:\Windows\System\VAiOdwC.exe
      C:\Windows\System\VAiOdwC.exe
      4⤵
      PID:8740
  - - C:\Windows\System\CEgbqFJ.exe
      C:\Windows\System\CEgbqFJ.exe
      4⤵
      PID:13928
  - - C:\Windows\System\nrkfBkq.exe
      C:\Windows\System\nrkfBkq.exe
      4⤵
      PID:5140
  - - C:\Windows\System\wQrHVsA.exe
      C:\Windows\System\wQrHVsA.exe
      4⤵
      PID:5168
  - - C:\Windows\System\HPPhbeO.exe
      C:\Windows\System\HPPhbeO.exe
      4⤵
      PID:13448
  - - C:\Windows\System\xfEBQUj.exe
      C:\Windows\System\xfEBQUj.exe
      4⤵
      PID:14180
  - - C:\Windows\System\yQjQJUR.exe
      C:\Windows\System\yQjQJUR.exe
      4⤵
      PID:14416
  - - C:\Windows\System\JduXATH.exe
      C:\Windows\System\JduXATH.exe
      4⤵
      PID:7580
  - - C:\Windows\System\dADZNyI.exe
      C:\Windows\System\dADZNyI.exe
      4⤵
      PID:7676
  - - C:\Windows\System\KmFpDFK.exe
      C:\Windows\System\KmFpDFK.exe
      4⤵
      PID:9340
  - - C:\Windows\System\FQukBVC.exe
      C:\Windows\System\FQukBVC.exe
      4⤵
      PID:12020
  - - C:\Windows\System\aGDZKxs.exe
      C:\Windows\System\aGDZKxs.exe
      4⤵
      PID:2024
  - - C:\Windows\System\vzFLVuo.exe
      C:\Windows\System\vzFLVuo.exe
      4⤵
      PID:14328
  - - C:\Windows\System\aEPjslL.exe
      C:\Windows\System\aEPjslL.exe
      4⤵
      PID:14376
  - - C:\Windows\System\MXXLZKt.exe
      C:\Windows\System\MXXLZKt.exe
      4⤵
      PID:15972
  - - C:\Windows\System\nPLqqLI.exe
      C:\Windows\System\nPLqqLI.exe
      4⤵
      PID:16284
  - - C:\Windows\System\vwDfMaI.exe
      C:\Windows\System\vwDfMaI.exe
      4⤵
      PID:15232
  - - C:\Windows\System\wLCBHNx.exe
      C:\Windows\System\wLCBHNx.exe
      4⤵
      PID:15416
  - - C:\Windows\System\LVvWukz.exe
      C:\Windows\System\LVvWukz.exe
      4⤵
      PID:16144
  - - C:\Windows\System\KhjLrFo.exe
      C:\Windows\System\KhjLrFo.exe
      4⤵
      PID:16204
  - - C:\Windows\System\QpOvbjN.exe
      C:\Windows\System\QpOvbjN.exe
      4⤵
      PID:13952
  - - C:\Windows\System\sfxbZtT.exe
      C:\Windows\System\sfxbZtT.exe
      4⤵
      PID:10212
  - - C:\Windows\System\OErrSrB.exe
      C:\Windows\System\OErrSrB.exe
      4⤵
      PID:16156
  - - C:\Windows\System\WaeeXyd.exe
      C:\Windows\System\WaeeXyd.exe
      4⤵
      PID:6372
  - - C:\Windows\System\yZUXbfz.exe
      C:\Windows\System\yZUXbfz.exe
      4⤵
      PID:4984
  - - C:\Windows\System\vhDCwnf.exe
      C:\Windows\System\vhDCwnf.exe
      4⤵
      PID:16088
  - - C:\Windows\System\GGwxLzr.exe
      C:\Windows\System\GGwxLzr.exe
      4⤵
      PID:9528
  - - C:\Windows\System\mRKQkeD.exe
      C:\Windows\System\mRKQkeD.exe
      4⤵
      PID:15132
  - - C:\Windows\System\hOStNAo.exe
      C:\Windows\System\hOStNAo.exe
      4⤵
      PID:9172
  - - C:\Windows\System\AhSztMQ.exe
      C:\Windows\System\AhSztMQ.exe
      4⤵
      PID:14108
  - - C:\Windows\System\yKlVJdM.exe
      C:\Windows\System\yKlVJdM.exe
      4⤵
      PID:8148
  - - C:\Windows\System\dAcfeOz.exe
      C:\Windows\System\dAcfeOz.exe
      4⤵
      PID:10736
  - - C:\Windows\System\bUpCayH.exe
      C:\Windows\System\bUpCayH.exe
      4⤵
      PID:8108
  - - C:\Windows\System\rAxisOt.exe
      C:\Windows\System\rAxisOt.exe
      4⤵
      PID:7276
  - - C:\Windows\System\zqZwdhU.exe
      C:\Windows\System\zqZwdhU.exe
      4⤵
      PID:8224
  - - C:\Windows\System\SknhTFK.exe
      C:\Windows\System\SknhTFK.exe
      4⤵
      PID:9860
  - - C:\Windows\System\ipIryOe.exe
      C:\Windows\System\ipIryOe.exe
      4⤵
      PID:16060
  - - C:\Windows\System\tWZazmT.exe
      C:\Windows\System\tWZazmT.exe
      4⤵
      PID:7532
  - - C:\Windows\System\YsHLVjj.exe
      C:\Windows\System\YsHLVjj.exe
      4⤵
      PID:14580
  - - C:\Windows\System\OzfkDtE.exe
      C:\Windows\System\OzfkDtE.exe
      4⤵
      PID:13552
  - - C:\Windows\System\dCBBYTk.exe
      C:\Windows\System\dCBBYTk.exe
      4⤵
      PID:14012
  - - C:\Windows\System\gAQSLZT.exe
      C:\Windows\System\gAQSLZT.exe
      4⤵
      PID:9368
  - - C:\Windows\System\cCXnZdX.exe
      C:\Windows\System\cCXnZdX.exe
      4⤵
      PID:7964
  - - C:\Windows\System\Zycnfab.exe
      C:\Windows\System\Zycnfab.exe
      4⤵
      PID:7828
  - - C:\Windows\System\AdrJgEM.exe
      C:\Windows\System\AdrJgEM.exe
      4⤵
      PID:13320
  - - C:\Windows\System\CsBhqCP.exe
      C:\Windows\System\CsBhqCP.exe
      4⤵
      PID:1896
  - - C:\Windows\System\WMKlGuB.exe
      C:\Windows\System\WMKlGuB.exe
      4⤵
      PID:5548
  - - C:\Windows\System\LSxYGvM.exe
      C:\Windows\System\LSxYGvM.exe
      4⤵
      PID:6024
  - - C:\Windows\System\yFlzIep.exe
      C:\Windows\System\yFlzIep.exe
      4⤵
      PID:8540
  - - C:\Windows\System\HexOxLs.exe
      C:\Windows\System\HexOxLs.exe
      4⤵
      PID:14260
  - - C:\Windows\System\jMcooJP.exe
      C:\Windows\System\jMcooJP.exe
      4⤵
      PID:11224
  - - C:\Windows\System\oRaHqhp.exe
      C:\Windows\System\oRaHqhp.exe
      4⤵
      PID:13940
  - - C:\Windows\System\NRaGbiU.exe
      C:\Windows\System\NRaGbiU.exe
      4⤵
      PID:5556
  - - C:\Windows\System\sAubPvm.exe
      C:\Windows\System\sAubPvm.exe
      4⤵
      PID:8852
  - - C:\Windows\System\IbNFxDd.exe
      C:\Windows\System\IbNFxDd.exe
      4⤵
      PID:6460
  - - C:\Windows\System\JKeHiXh.exe
      C:\Windows\System\JKeHiXh.exe
      4⤵
      PID:2200
  - - C:\Windows\System\nfgIsWW.exe
      C:\Windows\System\nfgIsWW.exe
      4⤵
      PID:8468
  - - C:\Windows\System\ZGnJKst.exe
      C:\Windows\System\ZGnJKst.exe
      4⤵
      PID:6700
  - - C:\Windows\System\fsrePPP.exe
      C:\Windows\System\fsrePPP.exe
      4⤵
      PID:5764
  - - C:\Windows\System\ShIKtYG.exe
      C:\Windows\System\ShIKtYG.exe
      4⤵
      PID:14240
  - - C:\Windows\System\tcPgtDH.exe
      C:\Windows\System\tcPgtDH.exe
      4⤵
      PID:4960
  - - C:\Windows\System\JeXOKUj.exe
      C:\Windows\System\JeXOKUj.exe
      4⤵
      PID:9916
  - - C:\Windows\System\gMKPsaz.exe
      C:\Windows\System\gMKPsaz.exe
      4⤵
      PID:15860
  - - C:\Windows\System\jzsXGSa.exe
      C:\Windows\System\jzsXGSa.exe
      4⤵
      PID:15816
  - - C:\Windows\System\MKIMzph.exe
      C:\Windows\System\MKIMzph.exe
      4⤵
      PID:13964
  - - C:\Windows\System\BwHAXRI.exe
      C:\Windows\System\BwHAXRI.exe
      4⤵
      PID:16136
  - - C:\Windows\System\rMGnhuj.exe
      C:\Windows\System\rMGnhuj.exe
      4⤵
      PID:9524
  - - C:\Windows\System\DTLwLdc.exe
      C:\Windows\System\DTLwLdc.exe
      4⤵
      PID:1612
  - - C:\Windows\System\iXzrneO.exe
      C:\Windows\System\iXzrneO.exe
      4⤵
      PID:12804
  - - C:\Windows\System\nniiZRW.exe
      C:\Windows\System\nniiZRW.exe
      4⤵
      PID:6020
  - - C:\Windows\System\pRILeGp.exe
      C:\Windows\System\pRILeGp.exe
      4⤵
      PID:5624
  - - C:\Windows\System\aksPVEW.exe
      C:\Windows\System\aksPVEW.exe
      4⤵
      PID:3352
  - - C:\Windows\System\qxErEWi.exe
      C:\Windows\System\qxErEWi.exe
      4⤵
      PID:15980
  - - C:\Windows\System\juRbJMq.exe
      C:\Windows\System\juRbJMq.exe
      4⤵
      PID:2264
  - - C:\Windows\System\uJowUAM.exe
      C:\Windows\System\uJowUAM.exe
      4⤵
      PID:9732
  - - C:\Windows\System\eSRlTtp.exe
      C:\Windows\System\eSRlTtp.exe
      4⤵
      PID:3080
  - - C:\Windows\System\nFdQiVg.exe
      C:\Windows\System\nFdQiVg.exe
      4⤵
      PID:14292
  - - C:\Windows\System\AgCfjCn.exe
      C:\Windows\System\AgCfjCn.exe
      4⤵
      PID:9628
  - - C:\Windows\System\fmNbxAq.exe
      C:\Windows\System\fmNbxAq.exe
      4⤵
      PID:6136
  - - C:\Windows\System\TqjbQew.exe
      C:\Windows\System\TqjbQew.exe
      4⤵
      PID:6168
  - - C:\Windows\System\WYHYPkm.exe
      C:\Windows\System\WYHYPkm.exe
      4⤵
      PID:9800
  - - C:\Windows\System\QvbgdFH.exe
      C:\Windows\System\QvbgdFH.exe
      4⤵
      PID:2364
  - - C:\Windows\System\tcQfAtF.exe
      C:\Windows\System\tcQfAtF.exe
      4⤵
      PID:9592
  - - C:\Windows\System\zLnsfVr.exe
      C:\Windows\System\zLnsfVr.exe
      4⤵
      PID:10020
  - - C:\Windows\System\KXRjmGR.exe
      C:\Windows\System\KXRjmGR.exe
      4⤵
      PID:6404
  - - C:\Windows\System\xjToJUe.exe
      C:\Windows\System\xjToJUe.exe
      4⤵
      PID:9720
  - - C:\Windows\System\QdPieIR.exe
      C:\Windows\System\QdPieIR.exe
      4⤵
      PID:14264
  - - C:\Windows\System\OGcYWfw.exe
      C:\Windows\System\OGcYWfw.exe
      4⤵
      PID:14644
  - - C:\Windows\System\ltwJIAN.exe
      C:\Windows\System\ltwJIAN.exe
      4⤵
      PID:4568
  - - C:\Windows\System\SjLfMmr.exe
      C:\Windows\System\SjLfMmr.exe
      4⤵
      PID:6348
  - - C:\Windows\System\gpoSgtY.exe
      C:\Windows\System\gpoSgtY.exe
      4⤵
      PID:6072
  - - C:\Windows\System\DKrSfqP.exe
      C:\Windows\System\DKrSfqP.exe
      4⤵
      PID:8576
  - - C:\Windows\System\NnGkBEB.exe
      C:\Windows\System\NnGkBEB.exe
      4⤵
      PID:12060
  - - C:\Windows\System\eaFkgRx.exe
      C:\Windows\System\eaFkgRx.exe
      4⤵
      PID:5464
  - - C:\Windows\System\akBYXsc.exe
      C:\Windows\System\akBYXsc.exe
      4⤵
      PID:11024
  - - C:\Windows\System\qQGiNge.exe
      C:\Windows\System\qQGiNge.exe
      4⤵
      PID:10820
  - - C:\Windows\System\ZFpYxLA.exe
      C:\Windows\System\ZFpYxLA.exe
      4⤵
      PID:11964
  - - C:\Windows\System\urPbqHc.exe
      C:\Windows\System\urPbqHc.exe
      4⤵
      PID:6704
  - - C:\Windows\System\dZrpIAA.exe
      C:\Windows\System\dZrpIAA.exe
      4⤵
      PID:11104
  - - C:\Windows\System\ejYvvAr.exe
      C:\Windows\System\ejYvvAr.exe
      4⤵
      PID:9000
  - - C:\Windows\System\vhUrSkU.exe
      C:\Windows\System\vhUrSkU.exe
      4⤵
      PID:11760
  - - C:\Windows\System\DYxmwhd.exe
      C:\Windows\System\DYxmwhd.exe
      4⤵
      PID:16328
  - - C:\Windows\System\CbBtyoF.exe
      C:\Windows\System\CbBtyoF.exe
      4⤵
      PID:6712
  - - C:\Windows\System\efCqLcs.exe
      C:\Windows\System\efCqLcs.exe
      4⤵
      PID:15116
  - - C:\Windows\System\keJgtNT.exe
      C:\Windows\System\keJgtNT.exe
      4⤵
      PID:9664
  - - C:\Windows\System\LdVesKZ.exe
      C:\Windows\System\LdVesKZ.exe
      4⤵
      PID:7996
  - - C:\Windows\System\JXEelAh.exe
      C:\Windows\System\JXEelAh.exe
      4⤵
      PID:13060
  - - C:\Windows\System\wIFatFg.exe
      C:\Windows\System\wIFatFg.exe
      4⤵
      PID:5908
  - - C:\Windows\System\leilGbA.exe
      C:\Windows\System\leilGbA.exe
      4⤵
      PID:7216
  - - C:\Windows\System\lAzNghI.exe
      C:\Windows\System\lAzNghI.exe
      4⤵
      PID:12496
  - - C:\Windows\System\XLklHtn.exe
      C:\Windows\System\XLklHtn.exe
      4⤵
      PID:6740
  - - C:\Windows\System\EArFUSn.exe
      C:\Windows\System\EArFUSn.exe
      4⤵
      PID:9376
  - - C:\Windows\System\dPvncfq.exe
      C:\Windows\System\dPvncfq.exe
      4⤵
      PID:13888
  - - C:\Windows\System\LZlgdnm.exe
      C:\Windows\System\LZlgdnm.exe
      4⤵
      PID:10408
  - - C:\Windows\System\Xsazddf.exe
      C:\Windows\System\Xsazddf.exe
      4⤵
      PID:5720
  - - C:\Windows\System\CXKMohZ.exe
      C:\Windows\System\CXKMohZ.exe
      4⤵
      PID:13020
  - - C:\Windows\System\JfBDNEC.exe
      C:\Windows\System\JfBDNEC.exe
      4⤵
      PID:1868
  - - C:\Windows\System\lOJTUpI.exe
      C:\Windows\System\lOJTUpI.exe
      4⤵
      PID:12912
  - - C:\Windows\System\JGsXVuo.exe
      C:\Windows\System\JGsXVuo.exe
      4⤵
      PID:15968
  - - C:\Windows\System\sCwiYaR.exe
      C:\Windows\System\sCwiYaR.exe
      4⤵
      PID:10808
  - - C:\Windows\System\LrATPVU.exe
      C:\Windows\System\LrATPVU.exe
      4⤵
      PID:9764
  - - C:\Windows\System\XJfjBRX.exe
      C:\Windows\System\XJfjBRX.exe
      4⤵
      PID:11732
  - - C:\Windows\System\FRKiJNs.exe
      C:\Windows\System\FRKiJNs.exe
      4⤵
      PID:10232
  - - C:\Windows\System\uZqrMwS.exe
      C:\Windows\System\uZqrMwS.exe
      4⤵
      PID:10412
  - - C:\Windows\System\dYOfuvE.exe
      C:\Windows\System\dYOfuvE.exe
      4⤵
      PID:16208
  - - C:\Windows\System\kHGvsLJ.exe
      C:\Windows\System\kHGvsLJ.exe
      4⤵
      PID:7880
  - - C:\Windows\System\uueDEqQ.exe
      C:\Windows\System\uueDEqQ.exe
      4⤵
      PID:13160
  - - C:\Windows\System\xSZYmYR.exe
      C:\Windows\System\xSZYmYR.exe
      4⤵
      PID:8988
  - - C:\Windows\System\upeUusZ.exe
      C:\Windows\System\upeUusZ.exe
      4⤵
      PID:984
  - - C:\Windows\System\AlcZOWX.exe
      C:\Windows\System\AlcZOWX.exe
      4⤵
      PID:15112
  - - C:\Windows\System\bUpmzIF.exe
      C:\Windows\System\bUpmzIF.exe
      4⤵
      PID:12996
  - - C:\Windows\System\JyICyBO.exe
      C:\Windows\System\JyICyBO.exe
      4⤵
      PID:14332
  - - C:\Windows\System\lQwAGSN.exe
      C:\Windows\System\lQwAGSN.exe
      4⤵
      PID:14300
  - - C:\Windows\System\lTndSkf.exe
      C:\Windows\System\lTndSkf.exe
      4⤵
      PID:8836
  - - C:\Windows\System\CKcAneb.exe
      C:\Windows\System\CKcAneb.exe
      4⤵
      PID:9696
  - - C:\Windows\System\xMUjEtk.exe
      C:\Windows\System\xMUjEtk.exe
      4⤵
      PID:9608
  - - C:\Windows\System\aeYrbEC.exe
      C:\Windows\System\aeYrbEC.exe
      4⤵
      PID:5188
  - - C:\Windows\System\BlPRRDi.exe
      C:\Windows\System\BlPRRDi.exe
      4⤵
      PID:7632
  - - C:\Windows\System\zdHKyvq.exe
      C:\Windows\System\zdHKyvq.exe
      4⤵
      PID:1568
  - - C:\Windows\System\QKrSJjt.exe
      C:\Windows\System\QKrSJjt.exe
      4⤵
      PID:5704
  - - C:\Windows\System\VxqsRVk.exe
      C:\Windows\System\VxqsRVk.exe
      4⤵
      PID:16396
  - - C:\Windows\System\ZYAnPOl.exe
      C:\Windows\System\ZYAnPOl.exe
      4⤵
      PID:16420
  - - C:\Windows\System\tdywVwl.exe
      C:\Windows\System\tdywVwl.exe
      4⤵
      PID:16436
  - - C:\Windows\System\TsEUUqv.exe
      C:\Windows\System\TsEUUqv.exe
      4⤵
      PID:16460
  - - C:\Windows\System\pyeSTgp.exe
      C:\Windows\System\pyeSTgp.exe
      4⤵
      PID:16488
  - - C:\Windows\System\RNzxncA.exe
      C:\Windows\System\RNzxncA.exe
      4⤵
      PID:16508
- - C:\Users\Admin\Downloads\240919-q93c4ssajc2024-09-19_dd293b2708ea0884019b26c48c47706a_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q93c4ssajc2024-09-19_dd293b2708ea0884019b26c48c47706a_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11584
- - C:\Users\Admin\Downloads\240919-qt1vca1bnf35dd6288f91ec2e25d4597d3c76c2d386f12c87240997cc800830ca87d8cdc35.exe
    C:\Users\Admin\Downloads\240919-qt1vca1bnf35dd6288f91ec2e25d4597d3c76c2d386f12c87240997cc800830ca87d8cdc35.exe
    3⤵
    PID:11592
- - C:\Users\Admin\Downloads\240919-q6y7aasdmkfile.exe
    C:\Users\Admin\Downloads\240919-q6y7aasdmkfile.exe
    3⤵
    PID:11600
- - C:\Users\Admin\Downloads\240919-q4nb1a1fpd67100363a19cc0b4157b9fa0a94185cd922075cb5cecbb88ccd152fa2d2240da.exe
    C:\Users\Admin\Downloads\240919-q4nb1a1fpd67100363a19cc0b4157b9fa0a94185cd922075cb5cecbb88ccd152fa2d2240da.exe
    3⤵
    PID:11608
- - C:\Users\Admin\Downloads\240919-qvtses1gnpeb70b079bb466c5f7f78229b20d44849_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-qvtses1gnpeb70b079bb466c5f7f78229b20d44849_JaffaCakes118.exe
    3⤵
    PID:11620
- - C:\Users\Admin\Downloads\240919-q5pw8a1gkc1056-3-0x0000000000C70000-0x0000000001149000-memory.dmp
    C:\Users\Admin\Downloads\240919-q5pw8a1gkc1056-3-0x0000000000C70000-0x0000000001149000-memory.dmp
    3⤵
    PID:11636
- - C:\Users\Admin\Downloads\240919-qy9m2s1dkhdfc10ebfd43d002af91478772c81c56a621752002b10557c359ea66ac02ee5a2.exe
    C:\Users\Admin\Downloads\240919-qy9m2s1dkhdfc10ebfd43d002af91478772c81c56a621752002b10557c359ea66ac02ee5a2.exe
    3⤵
    PID:11652
- - C:\Users\Admin\Downloads\240919-q24wzasbpn2024-09-19_4caa7071f4d503b3350b0136eb88ca14_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q24wzasbpn2024-09-19_4caa7071f4d503b3350b0136eb88ca14_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11660
- - C:\Users\Admin\Downloads\240919-q8lnza1hmc2024-09-19_c07d7590a4a2e8adcce58b98041f414d_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\240919-q8lnza1hmc2024-09-19_c07d7590a4a2e8adcce58b98041f414d_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:11684
- - C:\Users\Admin\Downloads\240919-q7rtlasdprada51e866277b115082c097a37abc90fe2dc00f8b89ff74ba9b2c3138d4f175f.exe
    C:\Users\Admin\Downloads\240919-q7rtlasdprada51e866277b115082c097a37abc90fe2dc00f8b89ff74ba9b2c3138d4f175f.exe
    3⤵
    PID:11704
- - C:\Users\Admin\Downloads\240919-qv9hwa1gqlc102e5bead0ae2cf792256d7c2a2827a95e32f8fb7abb4a80ab86d1d2b46464dN.exe
    C:\Users\Admin\Downloads\240919-qv9hwa1gqlc102e5bead0ae2cf792256d7c2a2827a95e32f8fb7abb4a80ab86d1d2b46464dN.exe
    3⤵
    PID:9088
- - C:\Users\Admin\Downloads\240919-rgvm8ssdpe14a8dd1acfc022c41c56acafa7e5de1cca438aa901569d7670553d2d48a62cdcN.exe
    C:\Users\Admin\Downloads\240919-rgvm8ssdpe14a8dd1acfc022c41c56acafa7e5de1cca438aa901569d7670553d2d48a62cdcN.exe
    3⤵
    PID:11424
- - C:\Users\Admin\Downloads\240919-q74s6asdrj386a52559734d307658d5dbeed4729ad162b6b488449cc796bda9b9169585854N.exe
    C:\Users\Admin\Downloads\240919-q74s6asdrj386a52559734d307658d5dbeed4729ad162b6b488449cc796bda9b9169585854N.exe
    3⤵
    PID:11852
- - C:\Users\Admin\Downloads\240919-q324rs1fmceb761a1a91bbfaf0591793ad3b0f7078_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-q324rs1fmceb761a1a91bbfaf0591793ad3b0f7078_JaffaCakes118.exe
    3⤵
    PID:13636
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe Holotype,Bibliopegy
      4⤵
      PID:8856
- - C:\Users\Admin\Downloads\240919-rb57sasfrjeb7c1dedaf73798d1b3e30a412c386c9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rb57sasfrjeb7c1dedaf73798d1b3e30a412c386c9_JaffaCakes118.exe
    3⤵
    PID:13088
- - C:\Users\Admin\Downloads\240919-qvvpqa1gnq2291bd5f7736cf00dac3c4f552a5c742bd755adc5319adb232b829b00b86afa6N.exe
    C:\Users\Admin\Downloads\240919-qvvpqa1gnq2291bd5f7736cf00dac3c4f552a5c742bd755adc5319adb232b829b00b86afa6N.exe
    3⤵
    PID:3324
- - C:\Users\Admin\Downloads\240919-rb8mxasbjheb7c2c711401fd4429cdac02fadfc0ef_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-rb8mxasbjheb7c2c711401fd4429cdac02fadfc0ef_JaffaCakes118.exe
    3⤵
    PID:13712
  - - C:\Users\Admin\AppData\Roaming\F145.tmp
      C:\Users\Admin\AppData\Roaming\F145.tmp
      4⤵
      PID:12112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:12928

C:\Windows\SysWOW64\scalarsquare.exe
"C:\Windows\SysWOW64\scalarsquare.exe"
1⤵
PID:8464
- C:\Windows\SysWOW64\scalarsquare.exe
  "C:\Windows\SysWOW64\scalarsquare.exe"
  2⤵
  PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5788 -ip 5788
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6920 -ip 6920
1⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6312 -ip 6312
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5664 -ip 5664
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 8600 -ip 8600
1⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5780 -ip 5780
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 10892 -ip 10892
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10724 -ip 10724
1⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 11636 -ip 11636
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 9088 -ip 9088
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 11704 -ip 11704
1⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 11652 -ip 11652
1⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 11560 -ip 11560
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6184 -ip 6184
1⤵
PID:15128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6324 -ip 6324
1⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 9648 -ip 9648
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 11444 -ip 11444
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 11528 -ip 11528
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3552 -ip 3552
1⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 12024 -ip 12024
1⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3864 -ip 3864
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 11068 -ip 11068
1⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 11492 -ip 11492
1⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 11452 -ip 11452
1⤵
PID:14384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1316 -ip 1316
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 10000 -ip 10000
1⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8468 -ip 8468
1⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 9372 -ip 9372
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7416 -ip 7416
1⤵
PID:16184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3124 -ip 3124
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3884 -ip 3884
1⤵
PID:14352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 11272 -ip 11272
1⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 10320 -ip 10320
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2932 -ip 2932
1⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2000 -ip 2000
1⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3164 -ip 3164
1⤵
PID:15280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5804 -ip 5804
1⤵
PID:14920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 11592 -ip 11592
1⤵
PID:15156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 10128 -ip 10128
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5740 -ip 5740
1⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\12584a06d7\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\12584a06d7\Hkbsse.exe
1⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 10980 -ip 10980
1⤵
PID:15660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5976 -ip 5976
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 11400 -ip 11400
1⤵
PID:15496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 856 -ip 856
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3428 -ip 3428
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2516 -ip 2516
1⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 13088 -ip 13088
1⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8264 -ip 8264
1⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 11852 -ip 11852
1⤵
PID:15196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\backup.exe

Filesize
296KB

MD5
f1dc5b0b09b92a929327be1fc0c39722

SHA1
7cf533e345d183161075a478c8c980d6fcf3a674

SHA256
0fd143459b49414446d88caaa2f3408673655c05f76a45cb78073ee760bbe1b1

SHA512
42f692eb22503ab64bef1ecc337b1247b63ba913f07681d0ba2eebaff224ea2a490f44c37084fdfe218caca224ece4e0b78c7572b7bc5e589afdcc02caf9840e

Download Submit
C:\Program Files (x86)\Microsoft SQL Server\SQLSerasi.exe

Filesize
30.4MB

MD5
e489c61b85bb2433d5eb93beab0b30a1

SHA1
a67b84615e8cdb188a3c1f301ab72ad5b60df443

SHA256
4d739487a35d89349ff8c373ef55aec40decff9c6c1dfebd41a326d3350e0558

SHA512
40f1219107e7b2fd5976a47f0906d01805efa5bb46c10ada1871d1c984eb248469b02dbcebd423ee1ab19134dd76a91a529a0522814550f986c43a8891e54a07

Download Submit
C:\Program Files (x86)\c3341d60\jusched.exe

Filesize
236KB

MD5
7f87c09777eb00ed252fe5602fab1f6d

SHA1
e315e023da4cc246c4fa6594527c8ebc5c7773a8

SHA256
51ad26fc1c18481d663b2ac0fbfb3641f608169ce7c4026a567c490e881a7d6c

SHA512
e3c45736946a49233327c6678d5ac3a25583ba8c3bc17ec1084f287ce90e5feaf043bbc019a61f0f7742e874507000657f19d60a69c8ee2d785ce644461f96d2

Download Submit
C:\Users\Admin\Admin.exe

Filesize
31KB

MD5
a9b8bbdd2d94f76e177c94ceff60135b

SHA1
00ef543d67570252ba74a729959e4faeb0b5db57

SHA256
d14bb9ba39e870311dbf1edb782cf8c17f89e7b52ab085a2cecf901931bebadf

SHA512
3158aa898edf6edbb6b559cfc90cad598e4744c864d0d74d4572f1f00f8c350efaf2a249c31bec7e34e88ada5adce806a099ec39f45f72582d166e285687beb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\12584a06d7\Hkbsse.exe

Filesize
443KB

MD5
a95213099aa86409fdc50cd1fcfb31bd

SHA1
6a55cf1f23b3de0b1be003dc06ca753b2698531b

SHA256
e3d96f45882007ad667aa5c105e9f017b0750fce3433fa57fe031960669a8b7c

SHA512
aa7cfdc8076af6583225aebaf4131aef6e2a8aa01acac0554a2e7a48514879fd6e171f969a74777960fc7312e79b453c65397f004704b74d8ed4dc46bc4885a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\240919-q6q6nssdljeb78166ae42e46958c9afc33c5517e69_JaffaCakes118.exe

Filesize
993KB

MD5
5586cb066dd83c6d71202891caf91adf

SHA1
86ee3268bcfa8f0a7b553e8b724710464849aacd

SHA256
e4c42d038418fedab10a799f497c7ddf9693c6ce35fd080ed180464b36c56ff8

SHA512
06da2b54eafc2cd8045e4e18c763dcabd8b13a8ebee4e24da4ecef3483b69c3f695cd6ae32919b3bd8f81e10d2b9a1b44579a8a8131cf07e7adba9123ee7db5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
679KB

MD5
605a171c61a0607bdcf6be80ed07cf95

SHA1
477d4391b0d84406127e43ead289a3596ac1e5e5

SHA256
09b78dc85713ca0f27f17d94c939cc606a59847c1f2b5cdd281b52a48cdaeab9

SHA512
3b32197d76951d0e1cd7043758af9b33be12b30c03df00a3ef36078205fa95b1582f65bdf4437a1b879a922d2950868e905bcd2227ce3816d5437556b103d338

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-console-l1-1-0.dll

Filesize
22KB

MD5
a58f3fbbbbb1ecb4260d626b07be2cda

SHA1
aed4398a71905952064fc5da1191f57846bbd2d6

SHA256
89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a

SHA512
7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-datetime-l1-1-0.dll

Filesize
22KB

MD5
adf9263b966cea234762c0782aba6e78

SHA1
e97047edecf92a0b654f7a25efd5484f13ded88f

SHA256
10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529

SHA512
56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-debug-l1-1-0.dll

Filesize
22KB

MD5
28840d7d1ea0a873fb8f91c3e93d6108

SHA1
0856b3ceb5e300510b9791b031fffceaa78ee929

SHA256
d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce

SHA512
93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
22KB

MD5
586d46d392348ad2ee25404b9d005a4e

SHA1
4bece51a5daacf3c7dcff0edf34bcb813512027f

SHA256
2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d

SHA512
daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-fibers-l1-1-0.dll

Filesize
22KB

MD5
221f63ee94e3ffb567d2342df588bebc

SHA1
4831d769ebe1f44bf4c1245ee319f1452d45f3cd

SHA256
fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143

SHA512
3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-file-l1-1-0.dll

Filesize
26KB

MD5
6ee268f365dc48d407c337d1c7924b0c

SHA1
3eb808e972ae127c5cfcd787c473526a0caee699

SHA256
eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10

SHA512
914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-handle-l1-1-0.dll

Filesize
22KB

MD5
c79ccd7c5b752b1289980b0be29804c4

SHA1
2054a8f9ebf739adfcfc23534759ae52901c189f

SHA256
8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0

SHA512
92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-heap-l1-1-0.dll

Filesize
22KB

MD5
aa20afdb5cbf1041d355a4234c2c1d45

SHA1
811f508bd33e89bbd13e37623b6e2e9e88fdcd7c

SHA256
ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09

SHA512
06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
22KB

MD5
f8203547595aa86bfe2cf85e579de087

SHA1
ca31fc30201196931595ac90f87c53e736f64acf

SHA256
e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1

SHA512
d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
22KB

MD5
0ccdef1404dbe551cd48604ff4252055

SHA1
38a8d492356dc2b1f1376bdeacab82d266a9d658

SHA256
4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549

SHA512
0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-memory-l1-1-0.dll

Filesize
22KB

MD5
3abf2eb0c597131b05ee5b8550a13079

SHA1
5197da49b5e975675d1b954febb3738d6141f0c8

SHA256
ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8

SHA512
656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
22KB

MD5
83a0b483d37ed23c6e67896d91cea3f0

SHA1
6b5045ed8717c5b9f50e6a23643357c8c024abdb

SHA256
d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25

SHA512
dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
22KB

MD5
8b0fe1a0ea86820020d2662873425bc4

SHA1
3c2292c34a2b53b29f62cc57838e087e98498012

SHA256
070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82

SHA512
0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
22KB

MD5
eaa2228507c1fbde1698256c01cd97b7

SHA1
c98936c79b769cf03e2163624b195c152324c88a

SHA256
4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5

SHA512
8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-profile-l1-1-0.dll

Filesize
22KB

MD5
82e58246846b6daf6ad4e4b208d322d4

SHA1
80f3b8460ab80d9abe54886417a6bc53fd9289fa

SHA256
f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785

SHA512
e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
22KB

MD5
650c005113599fb8b0b2e0d357756ac7

SHA1
56791db00766dc400df477dcb4bd59c6fa509de6

SHA256
5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda

SHA512
4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-string-l1-1-0.dll

Filesize
22KB

MD5
f6afbc523b86f27b93074bc04668d3f2

SHA1
6311708ab0f04cb82accc6c06ae6735a2c691c1d

SHA256
71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0

SHA512
9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-synch-l1-1-0.dll

Filesize
22KB

MD5
445571331c2fc8a153952a6980c1950a

SHA1
bea310d6243f2b25f2de8d8d69abaeb117cf2b82

SHA256
1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915

SHA512
853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-synch-l1-2-0.dll

Filesize
22KB

MD5
5da5938e0d3a9024f42d55e1fd4c0cd7

SHA1
7e83fec64b4c4a96cfcae26ced9a48d4447f12b7

SHA256
0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00

SHA512
9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
22KB

MD5
c1919eacf044d5c47cc2c83d3d9c9cd9

SHA1
0a80158c5999ea9f1c4ca11988456634d7491fcc

SHA256
9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8

SHA512
ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-core-util-l1-1-0.dll

Filesize
22KB

MD5
0793ca01735f1d6a40dd6767e06dbb67

SHA1
6abea799a4a6e94d5a68fab51e79734751e940c5

SHA256
cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b

SHA512
33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-conio-l1-1-0.dll

Filesize
22KB

MD5
eeafb70f56cc0052435c2268021588e9

SHA1
89c89278c2ac4846ac7b8bd4177965e6f8f3a750

SHA256
b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030

SHA512
ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-convert-l1-1-0.dll

Filesize
26KB

MD5
17680cd553168e9126ca9d7437caecc7

SHA1
8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841

SHA256
6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca

SHA512
146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-environment-l1-1-0.dll

Filesize
22KB

MD5
e9d4a1374a200a6e195e3c5ab42e6bbd

SHA1
c0c79309a6ab14592b91087bec0cc519979e5ebf

SHA256
612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50

SHA512
1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
22KB

MD5
10a42548fcf16732d354a6ed24f53ec5

SHA1
b6b28307c0cc79e0abef15ed25758947c1ccab85

SHA256
ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb

SHA512
ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-heap-l1-1-0.dll

Filesize
22KB

MD5
5d3da2f634470ab215345829c1518456

SHA1
fec712a88415e68925f63257d3a20ab496c2aac0

SHA256
d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240

SHA512
16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-locale-l1-1-0.dll

Filesize
22KB

MD5
c74e10b82c8e652efdec8e4d6ad6deaa

SHA1
bad903bb9f9ecfda83f0db58d4b281ea458a06bd

SHA256
d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6

SHA512
5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-math-l1-1-0.dll

Filesize
30KB

MD5
e07a207d5d3cc852aa6d60325b68ed03

SHA1
64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51

SHA256
b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322

SHA512
0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-process-l1-1-0.dll

Filesize
22KB

MD5
98bf2202e52b98a742f24724bb534166

SHA1
60a24df76b24aa6946bb16ead9575c7828d264b0

SHA256
fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a

SHA512
d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
26KB

MD5
6edcd747d5beb5d5b0550b9e8c84e3a3

SHA1
8b8baf8f112ac0a64ee79091b02a412d19497e69

SHA256
d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760

SHA512
1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
374349666a3b260411281ab95c5405a2

SHA1
42a9a8f5d1933ec140bd89aa6c42c894285f14d1

SHA256
2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a

SHA512
5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-string-l1-1-0.dll

Filesize
26KB

MD5
06f29e2e2ebc8e3d8d0110a48aa7b289

SHA1
b9047a9aa94d25f331e85aa343729a7f3ff23773

SHA256
6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4

SHA512
9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-time-l1-1-0.dll

Filesize
22KB

MD5
a1002f4a501f4a8de33d63f561a9fbc6

SHA1
e1217b42c831ce595609cfde857cd1b6727c966d

SHA256
fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b

SHA512
123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\api-ms-win-crt-utility-l1-1-0.dll

Filesize
22KB

MD5
9f15a5d2f28cca5f4c2b51451fa2db7c

SHA1
cef982e7cb6b31787c462d21578c3c750d1f3edb

SHA256
33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63

SHA512
7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\python3.DLL

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8522\unicodedata.pyd

Filesize
1.1MB

MD5
b848e259fabaf32b4b3c980a0a12488d

SHA1
da2e864e18521c86c7d8968db74bb2b28e4c23e2

SHA256
c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c

SHA512
4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nktypjfc.qxc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\build\Release\node_sqlite3.node

Filesize
1.8MB

MD5
66a65322c9d362a23cf3d3f7735d5430

SHA1
ed59f3e4b0b16b759b866ef7293d26a1512b952e

SHA256
f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c

SHA512
0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.exe

Filesize
261KB

MD5
cfe5a05cdc672693c6d24007e7da2339

SHA1
c48cb505940696f06f9152f2cc31531742835906

SHA256
6496063fd2403d3debc2cbd7d0450180f5e7af7addad4f7c630aa7ddec849ee9

SHA512
e30a62cfc532f36a05cb44d3ffe092391ff866306f5d6d6b3aa386b47d7a3f4ae82361e045533d56c3b86943d6d82e0a52209f079fe26d58223fee18b9e6d1f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\winxafpd.exe

Filesize
97KB

MD5
7898f27cf802af0c209c0c2d2aa16fc8

SHA1
03f1e5983817fefc3583d6f97c8702854b54e2a7

SHA256
a084759598990b018c94c6b5d2d35f71c6794a523d78e8bfedc523e0154ae89c

SHA512
8c0ce20cb9e5e7903142afe3056dd4a8f97ba7cec7512c55f1848ae07afeef31853533460441ccf340f797024a155a5ffb48d8745b3bdea790b7417a8af23f9f

Download Submit
C:\Users\Admin\AppData\Roaming\240919-qly1sa1djrWizClient.exe

Filesize
39KB

MD5
cf3f6719e673f32e22732db1351a683f

SHA1
82b638957632ea6e332071c34036fa574360dec2

SHA256
cc2e4bbcc2136e04f76253efbbf3a8b9f62358c339d2c4826a3ae2e115308c8d

SHA512
2bf1783f3877c0aa2bb31249e94147d52b4e4cd291ec60ab6f74f011bac100988e4588d9c2d0107a810b20738634977ca09e573f6e090ed512106e35a7087889

Download Submit
C:\Users\Admin\AppData\Roaming\iexplorer.exe

Filesize
37KB

MD5
eb78b7662b57c4f9cab3ae28336f4995

SHA1
f2e25f3d8ff2300b008b23ff5a9beb3727d094c5

SHA256
15256e4e4e782475e1c853bd5b029112d4febdecd40bdbd257d3d3a9e29b0f43

SHA512
d5e217012b4ec25c11468e7ec767b373a978fd447ef672d85bdcfe586b21b01d0b03b1d5312a58c14df224d03a28deaf3c1e5bcc3ac9bfd036745b8a9d2b99df

Download Submit
C:\Users\Admin\Downloads\240919-q8lnza1hmc2024-09-19_c07d7590a4a2e8adcce58b98041f414d_cobalt-strike_cobaltstrike_poet-rat.exe

Filesize
6.0MB

MD5
c07d7590a4a2e8adcce58b98041f414d

SHA1
f901e621ac3a7a578dd30f3198e805a0bd6febab

SHA256
7b530727a9b71412e990ec7653e3b869d2f8e52897801eb4e0a64b3f18bd1eab

SHA512
19a0fdc98572993e70a146365ece50cc08e5584795c232bdfe632e2596beccb7763096a1e56fc5f01bc079930cc63b91124e8b27bd2bdc10ffafee1967ea0ff3

Download Submit
C:\Users\Admin\Downloads\240919-q9csfssenj8183f171e3866f1cc615918d2205010b8475ecb923df47bd5582d7c22aa38190.exe

Filesize
2.7MB

MD5
30d50961baa2a27e3c0504f905c4e6cc

SHA1
234c7e2ff3036cb094d5d1dd41a84c80b6a96ffd

SHA256
8183f171e3866f1cc615918d2205010b8475ecb923df47bd5582d7c22aa38190

SHA512
a2a7dd85f3582fd5f7440da46eee7cd65c5bda1c9d96ef48025adf4c815e008e92b137775bb04e0cdbd74db3fe2d257a1504d13cfa76a336f8c539371907debd

Download Submit
C:\Users\Admin\Downloads\240919-ra7dfssangab5f67149cdc045881e71f26ba348f238ea728c26e9057642924419243f5e8fbN.zip

Filesize
1001B

MD5
f9575614387b2862d4e678197b9a7226

SHA1
fc892009f6cd21dab879a2d8856fcb4e835f1534

SHA256
d50d12d8bc3d004db64660548b9562d0eafa8ef37892d8ffb5c042c5ab9ed98f

SHA512
7ce759088c4f939de6ac4b8b526d96fd928c98f08d8c23254d9ed9e3f2ef2b39a2b46b89d0b32efebc19485c09b543ad0a7e7529fa6e75ef5a98d7b05be14b10

Download Submit
C:\Users\Admin\Downloads\240919-ra9tkssfmqd1f761c8e3822ff7a80bfabb9e6f8f77842d18b6d7fe6c7527d3f8d922e998c4N.exe

Filesize
1.9MB

MD5
8e83c8d2320dfc1914b3fc380a161cf0

SHA1
e5b5b1d0d9cae18f539dbd42598c16a26f9a8328

SHA256
d1f761c8e3822ff7a80bfabb9e6f8f77842d18b6d7fe6c7527d3f8d922e998c4

SHA512
ca87c2987bcf5e16e543ce404726432f474990290d9fcacb7473663e925b803632fee8c93b1c1c725e29b82f0e7541093c2aaaa29fbb580811f9f2195bc92e7c

Download Submit
C:\Users\Admin\Downloads\240919-rccxmasfrr01822d2b3907477a54c7e11d5c4c6139505220025736949bc2d13406284fb7e4N.exe

Filesize
76KB

MD5
868e4b44d4ced16599a4ad0ece11bb30

SHA1
e0b634be7d14947f935120ab291af98d3ca45811

SHA256
01822d2b3907477a54c7e11d5c4c6139505220025736949bc2d13406284fb7e4

SHA512
c0fd85d0a3aabdaa5fd32bfc9eebd542b932ac7c2ef7de34525958212a4ac209335c3c66605ef7fb73a051b62464e8658aef966dbc6e8b2e05eca2abe86e232d

Download Submit
C:\Users\Admin\Downloads\backup.exe

Filesize
122KB

MD5
6846a89ae4a0e442281312c3c6216dad

SHA1
e18acbc8e1de4dead649ea571c3d3ae257a0ca31

SHA256
9464d177e634c9f90e441d012771fcf8076bd4dace64a5aefdb94331140917e3

SHA512
c0aea54952f95ec1e0d8a74089e0630c9cc5183cbc00d1f53309f681bfa50d2b799382d08b32c522f71308394af574f46eba78a9ab49c25de0557f1dfee12015

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
41KB

MD5
3810d61dee4bf22624c655a72713fb7a

SHA1
b5d13920806dcb0b117c749a5da77b5f599fee1a

SHA256
7d41a842b1352c4dc14fcb73e60da65d627c8fc695b701070ccb6c5da3cbbd00

SHA512
0f7eb03a71a23270b4bcbf07f43b53016d889c13cc0b5006f610025a3ca2d01e6232be8774e6b9f41f2f8ce3382c0050086cfae6b0388726057d8b9b31329046

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
40KB

MD5
870a88b6a8f53092c07c9781f35bf6fe

SHA1
afb0a46ee44fd8add48a7942306faf410eeb22c9

SHA256
8f092eb66876de7dd2c9310bff2b4710288a0346ebfb1487d2fe6f36b3666e47

SHA512
e9f52d70cfdb786298e56a7fb21ed1f6b22a3500de3a0a9718e6f137592994df1887b62b62a78ec28fd596ff0ef416bc4424b43d54f58b27555807d09c70e0dc

Download Submit
C:\Users\Admin\nuuirap.exe

Filesize
124KB

MD5
cb4f939b1ed8e0537d233c78b6c8a603

SHA1
bbbb9da9a70991fc11a677d437505796365fe1ae

SHA256
9e23b8bc3d3c2112b9493e454b95cece929d1e48a156aa2f043568a998e4eb10

SHA512
65d59f38144e7e31bd1182cfb2a0653320e2f96d3c5c396d4ac697913e427058905c402990e3152965b4b26a37972b8899e2c308d3c83767a91cc5d3d5b5a703

Download Submit
C:\Users\Admin\nuuirap.exe

Filesize
152KB

MD5
442ee9fc410a383159305854e1cc8baf

SHA1
6f93b59e9169c6063b7edcc69e75d03929b99370

SHA256
855c9f95b9c1eb3c79f207223b56fdec9869f6bfb7466a19dcd6edf59ff5d947

SHA512
fef0fc031c262bdc92a4bc84e7b6612cd20740d8e14548042c1093da5c641484bfef3bf464169477d2ad9cd55cca4a35c50e23077bd833b6bd4115c7b72b0933

Download Submit
C:\Users\Admin\srkeoj.exe

Filesize
168KB

MD5
9124f9e10fcfd07787d64ff9141e63c8

SHA1
9320f2821fcc1345089c177dde4bf90dcbd7e8e9

SHA256
501cc7c10fb5f023c9e719250e4d655e12d3888c8b5ff0ad5e4d0184e39558e4

SHA512
f8e36c78b6b45a0c9dfb553f5da028035c1359c10eeac002db50a738d0c091df05134040cca18e2a346b4b17509bb602cd84cee81c0b6f857c29fef21aa6b07e

Download Submit
C:\Windows\BJ.exe

Filesize
412KB

MD5
8dbb9dbdf824b7f2406685a9e865bbb2

SHA1
894524e476417a5ed1445ad6c147a7e6083c9216

SHA256
018458b82727cf70b6d73fcb7e7e568f153fadeb38892ecbea9c4711775bcd71

SHA512
e1ed2a1fc8029d349285f0f717a7275d2d2f5e071383edd2f180e718906384bebac36ab39c17eb9dfca5b314a14cf9d312abe71c44e2261b57eee82a4b3f9320

Download Submit
C:\Windows\SysWOW64\Ahenokjf.exe

Filesize
180KB

MD5
0df346c67d1873df952d70cac51f12c0

SHA1
ebe874695166b414f8073387a51cbaed5024d330

SHA256
30810414ac25ab1f43995fbd4766814694c34b90c1ce1210e5d431bbe2c8d4b0

SHA512
32720293ee371de2bc2c4b10b2ca96239ec974e64def5e308685bac4c24c5d4cca9a31b9ced8e048139819546cbe623bce20f4ef8908264bea956ee5ef59002b

Download Submit
C:\Windows\SysWOW64\Alqjpi32.exe

Filesize
180KB

MD5
0ee24a8501bc6e38a9c4c973b05014ce

SHA1
5a32ebb33e8a71bc597f10dd443425561eeeaf91

SHA256
9b9eb82c533baa73e26a410f959423ddd98e956967e81c5a41808229c2a11bf6

SHA512
ec9aa623bd5d8476f2a25a5824fccb20a8c8eb6bb7b714b7a1f29b05e5ebf391c2a2596c98e0a62022c121743c68d7e481db7a1ecfd9158fe1856b60961d6a22

Download Submit
C:\Windows\SysWOW64\Bafndi32.exe

Filesize
136KB

MD5
728d5ba5020bc32416294f0d3b728954

SHA1
ca76e641b6a2d87e7da922e9e2c2c68c4feaf6ba

SHA256
8c8acd036d962da4d8d934624d6c07cfb598f4d073bfb0424246c12afb07a91d

SHA512
03378541f2260bea62b6a1f5a3eb8582711e53e03f3e7960ec8a4ccf5bd6005fd2eada631e2dd6d56e688558c9a292c5bd9eaeafe16c8aecbfc4cec4e9befb88

Download Submit
C:\Windows\SysWOW64\Bifmqo32.exe

Filesize
256KB

MD5
e4a219225b945e15d5fc859c0c0dcc5a

SHA1
0410af61a1c82e1693cd039bddc018d788a27acf

SHA256
601d9a4fc48ce2ede49aa937a3b437d97246eeeeec27017e4bda66ad3d668111

SHA512
f35e301bd60d653c43cd17eafddfb6c09488604cb2c21a4613011d9dd4c98df4dd34cc9539e42a0179598c538c5646ef2254dcbf5b52309e8a2580708c23a43d

Download Submit
C:\Windows\SysWOW64\Cgndoeag.exe

Filesize
180KB

MD5
6588bf7c0b9dde4750eba8f374adda22

SHA1
caab452a09da7bb3fba32d7977268c77f73d2890

SHA256
f9d46be4ff218886f6599af5176fda985273bc26f3eea7bcf577222542bf8bba

SHA512
32ca52d6e57bd2ab0ce2e5ba10d2066d734083d7b7b1ed87fbdd636106fcc3e90b066caec52766847756b48ec77be510552c56bcbc476c13e42580338f60d732

Download Submit
C:\Windows\SysWOW64\Ejfeng32.exe

Filesize
94KB

MD5
ef82131f75c56594a9a3069e6d6a71e1

SHA1
e6ec1f94d707830e8bfc9795bfd3d675206d8ee1

SHA256
f2a9d8b87bf173e5e5884d2db27a7289b7c565838adf42569973ed50854d209d

SHA512
166a5456c1096d8d70a81a92185c06ec3f0bd73e1bc97ffd45a90aae2af8cad94151b9db0ef5ad573e7682e4d756e71b471ac716bf1d4224a4fdff836211665c

Download Submit
C:\Windows\SysWOW64\Ekodjiol.exe

Filesize
64KB

MD5
0952c8b29962ecd07449a50006ef0093

SHA1
2fee49ca3c68aa39547aa56cf16dca6325650674

SHA256
3108d0187e701dca31d16ceef3b815ab7ae4ee297df59d2096e3d7df796ff40e

SHA512
19a1d2f10217eb5d9539f08dd61b9200db639d37b5f26298dac26d940db93b9fb7604bc20d9f40a1b34d0d8316ea8310a763d6870d30369458d64f01a7c7878a

Download Submit
C:\Windows\SysWOW64\Ffobhg32.exe

Filesize
448KB

MD5
620e2ca1c59716ebd327e39b0b3d0d2c

SHA1
39e69e06871380f041a0a6bd627ce829f01422b2

SHA256
de039a0846fda2ed506ec089a0e4115da903d71f17d4d6c634321b39dac4e3ed

SHA512
9844b819fabcd2ff754e589e1f0a7550a166ca462840ed48d6bfa802dd0a99bcecfffa7cdccca744f83377b686b4dd788a1f81f6cec6540496b28814f6f760ba

Download Submit
C:\Windows\SysWOW64\Ifgldfio.exe

Filesize
64KB

MD5
5ebe699f0ea3eb3cfdbcca347241fa43

SHA1
333068d05d22a064004b8f64c665b19c7ae063a6

SHA256
31f9b5a0265d8649c43846610872256828e30b7bcbbf109c8bc306f8e038c03b

SHA512
ebc4442f25b8b0b47a33858c27a1a336b7753d5e6c9f7b0428af6589e97ab65d05968ecad38a989e5e4826da8b69c7a47e2f04b9f3fbcb7cddf25592ce8c166c

Download Submit
C:\Windows\SysWOW64\Inpccihl.exe

Filesize
435KB

MD5
693ecc8db1d4d83a7e8588c3737e5b86

SHA1
4214459cd6fec25655b7121cdf64e04949f1a6fd

SHA256
3f1d5188e58f3d4c6d2bf99b930310cc4660b8d636359c623421b6b1d01b6024

SHA512
9e630f6a11bbed0b9892f4267dd7ed608d55f9f92f5afdeed4c47aade64b6a69b5b87e3cb3241a275eafc5529ed1ee5397fa48502327f1d6a9d1e6193f85550d

Download Submit
C:\Windows\SysWOW64\Jdobpkmb.dll

Filesize
7KB

MD5
510614276c70139243423d266b68d828

SHA1
c4349ca936b502e29163e682ecacedf2887c407c

SHA256
6993d2480596a05231052cde234f9bd8d0ed054360eeb812ce87cae48d592df9

SHA512
b8857953bc77f1fcff6eacc631e107c2d411c1eaf736f154f79933e9f122e0575530b19b71445db12734c2ce43def8365c80adb1375b978662c01999652a43c2

Download Submit
C:\Windows\SysWOW64\Meefofek.exe

Filesize
180KB

MD5
6ad157df8aa05101ee2069f2f84a7d0d

SHA1
ca0b52e36bf918b67b1d774d7bf1506d10a68f5d

SHA256
962a54752bce070378293f977b622576f48eb1da7722f60ba318942540549918

SHA512
5f152ef23bef9c212ea5fe0a511153072ea8a0d96e21c77d481ec31932dc92fe313d05bd505cb6d6740d759f6893649578dd0a83acd0b44c7e44cecb7086ac71

Download Submit
C:\Windows\SysWOW64\Mnlnbl32.exe

Filesize
448KB

MD5
2677a8193a27a2b9b73f2e4900571a10

SHA1
7d152e5344692c02a650662ee8fc6620d1f1b5e6

SHA256
887449af6e210b2fd222ec0e788041067852c3f2ce9333f90646367f6bb183d0

SHA512
8ea0587c105690024a0f454200a7b92fe56e8925203e71f68b1e64a7a9fb3ca730caa6be90fb45ff237444e6971732c99f994276caf1b5182a9f058dc81b886e

Download Submit
C:\Windows\SysWOW64\Nhahaiec.exe

Filesize
323KB

MD5
4478e76dd606d83200dbde86ab7fd574

SHA1
4800702bad8ac450531f63e5cca612192c5329cf

SHA256
05fa379b9a2256a414494de4650eaaa0022b23d38b2d1cf7f1b2700709fb660b

SHA512
0863989137d9fa8d5cd8f3f55a950b14e9ceb09f765275faa3b58343bbbbb09efc632076f47ff0e595e6d2ba3be75e74fb6e3ea49ffdd0cb996c4895db3527e1

Download Submit
C:\Windows\SysWOW64\Niniei32.exe

Filesize
320KB

MD5
e9a12eb96361330e9195723f292c031f

SHA1
1a52cf51e81da1a9b72a54679d15df64c226f816

SHA256
b817766dd1c43b9d1653c90fd539f875c01fa9020758f4e4049d25d066591596

SHA512
9d88b84f2225324a100a49684b3fbe4e4ca39ebda28a6df4348a931d9f05562eb79228fec0d1dca811bdb2a30648ccb70f29584b72a011aa01b9342d483ff7f4

Download Submit
C:\Windows\SysWOW64\Nlcalieg.exe

Filesize
192KB

MD5
17bdfd20315dd17298bf3c8c393e9d83

SHA1
d0d5aea82e21fe9f8bf2a4ecc5dc9102567a372f

SHA256
c7742abc38d38ad0a43bfe99cfb7f5c3f516962ec29f7e5c1903443de21046cc

SHA512
37fa0a10abae526d0667b788da8cf1ab2aacb4ec9ad5e01c0a5bedd3e0bf8d1bd634ffb6b577cc1bc301a34e06a08ab17d568c416decbd8296c1f67ea42a8303

Download Submit
C:\Windows\SysWOW64\Nlkgmh32.exe

Filesize
80KB

MD5
4f29895e44376241fb8372fc4ee53083

SHA1
d7d4aaf3a4616eb9d4beab91faa3869fef81b83f

SHA256
e3727458192132a509974eee7935f5eecb47ff586bff58b55c55fb0f1acbf1fd

SHA512
658c8c94a70e9fe232f64c0e391f2823159ee78d6f5f19c6d22a20e2325f3a4f203a3d8a854ec955f706c05a44d3dc55b87d6fa1e1c29b8ef3d3a5412491ca3a

Download Submit
C:\Windows\SysWOW64\Nndjndbh.exe

Filesize
96KB

MD5
628f0f2c3e1f1f95a44f1ad6d1ca8d51

SHA1
3b354f3961499bf199468e4d26f34a028e77157d

SHA256
25fcb5bfaac26acb4dab4297207891e84126f28aadc93d24cd390b3e234d81af

SHA512
0c757efc64bb19b1ce6f3f23b8ea22254c0728193811d798c367533ad897bf2cd0a809080fc6a56e82c0b9bb3a9c7f02a5f540095f0800efdab8bbc595a937a6

Download Submit
C:\Windows\SysWOW64\Nnicid32.exe

Filesize
123KB

MD5
c64b597a3c5be6eef624f953b3756648

SHA1
75a73258347d8b3737e4449603b4c81e2d60a75d

SHA256
db35593bdedf9480148594e0867ca226685ef91c7ed24a4af3f9df3135f4a262

SHA512
8cb8166a7bdf9ac024b9e9384ef271cac6dd980462fe26b2f4b8db553c380997385eb2d1651599efb38220f2cd2289f93d8d6b266ff127d9b4ab88988b086e83

Download Submit
C:\Windows\SysWOW64\Obcceg32.exe

Filesize
448KB

MD5
9910d073d216462a39d3e2d3e0485d93

SHA1
55460dbf057ef45c1fe2ab1096ccb5f697e9e65b

SHA256
48d28882b19a00aba3336963ad1276b238a3bfb69d3ce28d57d9623a629832a3

SHA512
cd52e8a1ad90fd6733963e088dab5ebc6f6a78c8266b29e3517cf152fa91621ad56fa8a04f2ca1ad12adcce849b49f60825ea15b8727a0fee32b55d31509ed9b

Download Submit
C:\Windows\SysWOW64\Ohjlgefb.exe

Filesize
427KB

MD5
511519dee70f8998cc45c86c62428459

SHA1
9b6f6619387f32cd699fca84f5b0facbb736a4dd

SHA256
1a13063842c6a4e29bdf15a5a6d9dd237c320740244a8d0b8545c825425fa0ba

SHA512
1d307b3c096b82b47e31733ac1afd2460bbc8f90e7a86f04be2bf96b33ee0b7eb582e12ee6894f7311d6e81435b83dd1ab12abf4787d8b950cc8cb43ab9a383b

Download Submit
C:\Windows\SysWOW64\Ojdnid32.exe

Filesize
180KB

MD5
d0e5668c4c7cf91f4705b6fda256d413

SHA1
da597150e42acb71d9a2369d7374d631d8929e15

SHA256
11c04ac17823a98591581f6d63c73991dbe486f9a76af79282845e53f1062b3b

SHA512
57d7a43edc9e3af28f6009d4ff97402e9f82b2020f46a192c7a7f1d8087f1e42e52fbbeb7060bfb7540803b6b506bf502e2958cde997944b9a731f81699fa405

Download Submit
C:\Windows\SysWOW64\Okgoadbf.dll

Filesize
7KB

MD5
2245cccce0de1dde990ea195af568781

SHA1
a6e593386ba2781a42ac53a2a64fe89c1c2fe309

SHA256
a07df407bf44fb7d6cf43af27142ce243b1729b26971a537dca8a10fc78f4379

SHA512
d63b506025ae828533b6c32a1c2f4e4f8d8fde755413251321e52ec01856806d96fa673d4689b06d8c4ad9592c518683dbad0a12cc467bdcb30d2d52e33d8cf3

Download Submit
C:\Windows\SysWOW64\Pgkelj32.exe

Filesize
256KB

MD5
4e876a3d198af4e7d6e8bfcc97f495e4

SHA1
fd74bd3f30aa3275a3c59144adc713542fb81764

SHA256
bfe69a686dbdd71a6359f8cc5137fae00e0e4de3495639ac8023c24bff321842

SHA512
3f67f846e867240e90f10bd6e31122cbf01f97cbb6a4a85db90a762bc5932e7632439f77544e16eb1267be8470131ef13f31a0ec77b5b92d290aadb1f98d42cf

Download Submit
C:\Windows\SysWOW64\Pjjahe32.exe

Filesize
320KB

MD5
89b0dc84ded6a6ebe890f82200262225

SHA1
5b6c4a35615b6b225a2efde036c47a1ec1e958a7

SHA256
5a109c4db00b97fc985195a06151b6c382a69f9f3102cb8851971f5a129b20cb

SHA512
7a7f03e1ecc911bbd88c1f6a9006c4f4c297a0701cbd9399e4aaa99298ab0c3c575336240b5a89f9b52af7bc80dab7b4d211dc91f5337442c99f36d32d065cf4

Download Submit
C:\Windows\SysWOW64\dilth.dll

Filesize
478KB

MD5
e99416267b61f52fa5ab994019efd359

SHA1
86d31eae707db7fe51d2556394fcf0e8e9f6b0fd

SHA256
768c286674371564b5e6095edb56e0a4231f341be895da69cfccca5160029774

SHA512
0a1c7579a9c787c2c1bef35f0660e72e74b42824e14ebea63b87ed25ddaf107e3746567bb431cab41a2f6719fad2c22d96e0715a1fe085d75805d7d66f7f05ae

Download Submit
C:\Windows\SysWOW64\igfxcb86.exe

Filesize
304KB

MD5
1d0a11db2e3b06c51326d6519fa68ee3

SHA1
25642a3d45e7f13068c19184c51ad32d1c350212

SHA256
bbb9fa7b4b78e379db202cfb21ff5a39b712b2b273dc73a997e1705315f06d55

SHA512
6cee08a935c8d06886e11eeb944ff17d026ae6b2d515c51bb81614b4d47f636c6b6193096b5704b344cbc02c08943c34ed7d5f4fdaef138203ade11f414cc3d8

Download Submit
C:\Windows\SysWOW64\ntos.exe

Filesize
181KB

MD5
6b7a30033eaf43fa5ff7ffead074041c

SHA1
2279a0e2d20184c1ab126a70ca5bd96b21d61096

SHA256
08a6ca1797fb4f0e9a02dccf866cd8447b47d52ae9b807fa784d6203e2d6ef56

SHA512
0e14114d1ff9d428210c267a0c1f0a1800d33752c79368dac3cba112edcc4371307bb75cfbc9002577e9606df54038fda34e43de17395448da6bd1fc7a23a406

Download Submit
C:\Windows\SysWOW64\shell.exe

Filesize
57KB

MD5
7ad93c8dfffd581af96fc2a7e545fb40

SHA1
6346b7beabecc984ac31fce6911e22037cdddd86

SHA256
b0fd77ce6920ac7dd9d7d074ed65142643d87024c87e9ba1df362c71621bb9ee

SHA512
44fe6813c5a618ee5ea9e323b7b1f0b86d5f561a0b08998d032b982fb5cee366c3b4b206b8552544d9d45c3fd2f77e0a6a4e9fc9d7965af75ff02abaee44feb8

Download Submit
C:\Windows\System32\CbOnqfP.exe

Filesize
1.2MB

MD5
d309037e3ab10e09cecce8310a2bdc16

SHA1
66392fe07a7e66f49f1c5257cf37ddc6e6eb6d0b

SHA256
10c7207242b938888b5e44b8ed258096f1db8075fe2e5f035d71e5940f926d13

SHA512
7f66929812955113b43ae6eb724898f851762f467d91dd4bf09e23e8c3c00f8b929015945f163b25a78ed26643a028b2d60e7edec81c0819703dab258103d568

Download Submit
C:\Windows\System\jKxjaMr.exe

Filesize
8B

MD5
e1c0dcd3ccc7caba500dc7b5ec5c30ab

SHA1
9be0ea654569cf464b3e03471ea8e30f3dbe6d7c

SHA256
fd739ab62b39ab9475aca0f420f49c92b2489a700118e0ba4342e00823e753df

SHA512
49fed546b80fe0b4fdf75cd9b5f3a04de144667708ce473227c77aac085e673cf2fe9740bb7e8eebcd1ed2cd224a0b69dc4e3f6614ac9cf7079194e1c08239e5

Download Submit
C:\autorun.inf

Filesize
126B

MD5
163e20cbccefcdd42f46e43a94173c46

SHA1
4c7b5048e8608e2a75799e00ecf1bbb4773279ae

SHA256
7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

SHA512
e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

Download Submit
C:\jddvv.exe

Filesize
49KB

MD5
277cbd31662bdefd3692f16eb64dceb2

SHA1
a0f53fcf6d9efc4dc6d2fce0ea54f49659c9615c

SHA256
e2ce699bc0746b079bed576134009c75dc5382afb0434f9675fbe721a0bf9d1f

SHA512
7b51b523c466abaeaa41bd413238b31a35e820bcbd6ee14de6f9371f0841186ec1f16b9ab237a13e415d822c510d3090b0e75cf588cd911c73a5b0b650e68b88

Download Submit
C:\ntldr~8

Filesize
524KB

MD5
eb7b27e8b4d58dda90915cb285ff1c94

SHA1
dd02558caa73cb723263ab30fb8013a72eca9144

SHA256
292e1dca332b2f4d478af2e792f2fb2db0ea9dbfb6e544891e8eb1ab6fb9115b

SHA512
828b6a167a7dda665f37892386fa4d4b103d99c6a3f12708597a98527095cfa0294c64b553196d6a8c0799b985dc17af0dc0e0d8fe3d13b6df4e5b45d222c927

Download Submit
C:\zPharaoh.exe

Filesize
151KB

MD5
76b806a25c672ca049af8a8ff7b6fda2

SHA1
46310dc98a2c34575a5dd1ceb59a57f747560935

SHA256
9d6fbecf863bfdb029b18d461d658c48c703161f4b3d1bf0e6412a85140ee5cc

SHA512
d15960c93841695fc982ba06e741530b62b5e160464d97b6d914bd548b329f4b361892cef76708f409bf017462fb3634cae178e2f71b7f2a3d0219f23465a10c

Download Submit
F:\zPharaoh.exe

Filesize
151KB

MD5
0bcf332ed1194ec3e85b054ece175b47

SHA1
04056ee092f6cadcd07440f6e8ca8c9e03dd208a

SHA256
8dc70d4c718726fca789d45f4f00c2948d01891daeb157c6a645674466b7155f

SHA512
71fcf8268b2e251a6c88b20d385f6f355acb34637f68ee8e03a27cc1a8a14371ad7168b09ce1f80ffa20f1b115c801c01adb541ec47cc13500254af477f7896a

Download Submit
memory/316-330-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/336-717-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/616-867-0x000000000A620000-0x000000000A645000-memory.dmp

Filesize
148KB

Download
memory/616-723-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1208-519-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1472-215-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1536-266-0x00000000006C0000-0x00000000006CD000-memory.dmp

Filesize
52KB

Download
memory/1536-270-0x00000000006C0000-0x00000000006CD000-memory.dmp

Filesize
52KB

Download
memory/1588-264-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1588-162-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1836-514-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1924-196-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-374-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/1944-764-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2100-333-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2308-372-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2340-335-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2696-161-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/2696-159-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2724-712-0x000000001BDD0000-0x000000001C29E000-memory.dmp

Filesize
4.8MB

Download
memory/2724-715-0x000000001C350000-0x000000001C3F6000-memory.dmp

Filesize
664KB

Download
memory/2808-595-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2996-334-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3112-515-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3144-366-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3312-332-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-780-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3508-167-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3508-338-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3520-160-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3548-142-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3616-212-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3636-518-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3736-221-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3736-139-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3920-339-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3920-195-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4056-214-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4128-516-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4148-661-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4148-244-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4216-755-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4220-782-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4252-331-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4276-265-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4292-223-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4296-367-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4336-719-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4500-222-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4500-263-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4632-718-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4640-337-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4812-517-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4924-512-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4924-216-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4952-520-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4964-459-0x0000000000EC0000-0x0000000000EC8000-memory.dmp

Filesize
32KB

Download
memory/4964-342-0x00000000005E0000-0x0000000000614000-memory.dmp

Filesize
208KB

Download
memory/4972-165-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5000-336-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5016-353-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5032-720-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5096-190-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5160-521-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5232-522-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5252-752-0x0000000000810000-0x000000000189E000-memory.dmp

Filesize
16.6MB

Download
memory/5252-523-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5260-524-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5272-453-0x00000000005C0000-0x00000000005CD000-memory.dmp

Filesize
52KB

Download
memory/5272-449-0x00000000005C0000-0x00000000005CD000-memory.dmp

Filesize
52KB

Download
memory/5300-683-0x0000000002E00000-0x0000000002E16000-memory.dmp

Filesize
88KB

Download
memory/5300-525-0x00000000008F0000-0x0000000000922000-memory.dmp

Filesize
200KB

Download
memory/5332-526-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5340-508-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5340-527-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5372-528-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5384-844-0x0000000000A70000-0x0000000000AA5000-memory.dmp

Filesize
212KB

Download
memory/5396-529-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5408-530-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5424-531-0x0000000000350000-0x0000000000382000-memory.dmp

Filesize
200KB

Download
memory/5424-667-0x00000000011F0000-0x0000000001206000-memory.dmp

Filesize
88KB

Download
memory/5440-532-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5456-533-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/5476-534-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5484-535-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5492-536-0x0000000001000000-0x0000000001021000-memory.dmp

Filesize
132KB

Download
memory/5500-537-0x0000000140000000-0x0000000140004278-memory.dmp

Filesize
16KB

Download
memory/5532-538-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5540-539-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5540-762-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5548-540-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5580-563-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/5580-890-0x00000000021B0000-0x00000000021E5000-memory.dmp

Filesize
212KB

Download
memory/5600-749-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/5600-743-0x00000000002E0000-0x00000000003A6000-memory.dmp

Filesize
792KB

Download
memory/5620-564-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/5648-760-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5648-565-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5656-566-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5656-621-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5672-567-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5692-568-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5708-569-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/5708-734-0x0000000010000000-0x0000000010362000-memory.dmp

Filesize
3.4MB

Download
memory/5708-733-0x0000000010000000-0x0000000010362000-memory.dmp

Filesize
3.4MB

Download
memory/5708-730-0x0000000010000000-0x0000000010362000-memory.dmp

Filesize
3.4MB

Download
memory/5724-570-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5740-571-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/5772-698-0x00000211D1820000-0x00000211D1830000-memory.dmp

Filesize
64KB

Download
memory/5772-572-0x00007FF6E4460000-0x00007FF6E4851000-memory.dmp

Filesize
3.9MB

Download
memory/5788-580-0x0000000000480000-0x0000000000492000-memory.dmp

Filesize
72KB

Download
memory/5788-584-0x00000000004A0000-0x00000000004B0000-memory.dmp

Filesize
64KB

Download
memory/5832-841-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5896-915-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5916-781-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5924-588-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5960-589-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5988-590-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6016-591-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6036-778-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6036-763-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6044-592-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/6076-593-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6128-594-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6396-779-0x00007FF7BFBD0000-0x00007FF7BFFC1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads